Ahoj,
zdravím všechny.
Mám na PC problém s WIN32/Agent.SDG.Gen trojským koněm v sektoru MBR 0. fyzického disku.
Můžete mi prosím pomoci s jeho odstraněním.
Combofix jsem stahnul, a log zde přikládám:
ComboFix 12-06-26.01 - František Eliáš 26.06.2012 19:51:43.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.190 [GMT 2:00]
Spuštìný z: c:\documents and settings\František Eliáš\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
VAROVÁNÍ - NA TOMTO POÈÍTAÈI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\SET3861.tmp
c:\windows\system32\SET3865.tmp
c:\windows\system32\SET386D.tmp
.
.
((((((((((((((((((((((((( Soubory vytvoøené od 2012-05-26 do 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-13 07:18 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-08-06 17:24 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-06-27 11:53 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-06-27 11:53 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-06-27 11:53 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-06-27 11:53 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-06-27 11:53 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 17:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-06-27 11:53 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-06-27 11:53 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-06-27 13:56 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-06-27 13:56 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-06-27 13:56 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2008-04-14 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2008-04-14 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-04-14 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 08:06 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-06-27 11:51 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-09-07 21:26 . 2011-07-04 19:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštìcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BS_Player\prxtbBS_2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 55296]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\František Eliáš\Nabídka Start\Programy\Po spuštìní\
Výøezy obrazovky a spuštìní aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštìní\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\SATELIT\\DreamSet228\\Dreamset.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.6.2010 15:25 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 21:07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7.4.2010 21:08 95872]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 12:28 73728]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.4.2010 21:07 810120]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [10.8.2009 12:07 89600]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27.7.2010 19:24 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [27.7.2010 19:24 8320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáøe 'Naplánované úlohy'
.
.
------- Doplòkový sken -------
.
uStart Page = https://adisepo.mfcr.cz/adistc/adis/idp ... pert.faces
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} - hxxp://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx.cab
FF - ProfilePath - c:\documents and settings\František Eliáš\Data aplikací\Mozilla\Firefox\Profiles\zsvjj5zw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://puvodni.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANÌNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-IT9130 DriverInstaller_10.2.3.2 - c:\docume~1\FRANTI~1\LOCALS~1\Temp\DriverInstall32.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-26 20:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesù ...
.
skenování skrytých položek 'Po spuštìní' ...
.
skenování skrytých souborù ...
.
sken byl úspešnì dokonèen
skryté soubory: 0
.
**************************************************************************
.
Celkový èas: 2012-06-26 20:09:41
ComboFix-quarantined-files.txt 2012-06-26 18:09
.
Pøed spuštìním: Volných bajtù: 51 326 812 160
Po spuštìní: Volných bajtù: 53 157 916 672
.
- - End Of File - - A0F9088FD2A70985204D3F4A2B01E807
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun
.....áááá promiň.
Já jak jsem pročítal forum, tak jsem všude četl o CF. Proto jsem chtěl usnadnit práci a rovnou jsem dal Log.
Omlouvám se!
Bohužel ten PC který potřebuji dát dohromady není ON na Netu. Je to problém? Nebudu moci otestovat na VT
Máš pleas řešení?
Já jak jsem pročítal forum, tak jsem všude četl o CF. Proto jsem chtěl usnadnit práci a rovnou jsem dal Log.
Omlouvám se!
Bohužel ten PC který potřebuji dát dohromady není ON na Netu. Je to problém? Nebudu moci otestovat na VT
Máš pleas řešení?
Re: Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun
zde je log z MBR screenu
Kód: Vybrat vše
MBRScan v1.1.1
OS : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR : x86 Family 6 Model 10 Stepping 0, AuthenticAMD
BOOT : Normal Boot
DATE : 2012/06/26 (ISO 8601) at 21:04:27
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __Maxtor 6Y080L0 (YAR41BW0)
BUS_TYPE : (0x03) P-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
DISK : Device\Harddisk1\DR12 __Kingston DataTraveler 2.0 (1.00)
BUS_TYPE : (0x07) USB
USE_PIO : NO
MAX_TRANSFER : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________
Device\Harddisk0\DR0 76.34 Go [Fixed] ==> Whistler.E MBR Code
MBR_MD5 : 842E2E19CCBFEA3056C9A8C62D4BB1DF
MBR_SHA1 : E9546B4D5A9AD6679BC9079B0325EA2A5C2127DC
Device\Harddisk0\Partition1 76.32 Go 0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________
Device\Harddisk1\DR12 7.47 Go [Removable] ==> Unknown MBR Code
MBR_MD5 : 7B2E83F2C61BAE15988839BFF0F7D4AA
MBR_SHA1 : 748FC084BB14DFAF07E850A85E6B00F7C61F8EED
Device\Harddisk1\Partition1 7.47 Go
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xF6437000
SIZE : 96.0 Ko
DRIVER : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xF8AC8000
SIZE : 8.0 Ko
DRIVER : C:\WINDOWS\system32\Drivers\PROCEXP113.SYS => Invisible on the disk
ADDRESS : 0xF8A82000
SIZE : 8.0 Ko
DRIVER : C:\DOCUME~1\FRANTI~1\LOCALS~1\Temp\catchme.sys => Invisible on the disk
ADDRESS : 0xF8886000
SIZE : 32.0 Ko
SystemStartOptions : NOEXECUTE=OPTIN FASTDETECT
________________________________________________________________________________
_______MBR \Device\Harddisk0\DR0
0x00000000 90 31 C0 90 8E D8 8E C0 90 8E D0 BC 00 7C BE 00 .1À..Ø.À..м.|¾.
0x00000010 7C 90 BF 00 06 90 B9 80 00 90 FC F3 66 A5 90 EA |.¿...¹...üóf¥.ê
0x00000020 26 06 00 00 90 90 66 31 C0 90 BE BE 07 B1 04 66 &.....f1À.¾¾.±.f
0x00000030 39 44 08 90 72 08 66 8B 44 08 66 03 44 0C 83 C6 9D..r.f.D.f.D..Æ
0x00000040 10 90 83 2E 8B 06 04 E2 E6 66 09 C0 74 40 66 83 .......âæf.Àt@f.
0x00000050 C0 02 90 B9 40 00 BB 00 7C BF 12 07 90 83 2E 8B À..¹@.».|¿......
0x00000060 06 04 E8 71 00 72 27 66 68 83 C4 14 90 90 66 68 ..èq.r'fh.Ä...fh
0x00000070 04 46 E2 F9 90 66 68 80 FF D7 30 90 66 68 89 C3 .Fâù.fh..×0.fh.Ã
0x00000080 B9 00 90 66 68 BE 00 7C 66 0F 83 73 75 E8 BE BE ¹..fh¾.|f..suè¾¾
0x00000090 07 B1 04 80 3C 80 74 0F 38 2C 0F 85 96 00 83 C6 .±..<.t.8,.....Æ
0x000000A0 10 E2 F0 90 CD 18 90 66 8B 44 08 89 E3 B9 01 00 .âð.Í..f.D..ã¹..
0x000000B0 90 E8 22 00 73 0E 8B 4C 02 B8 01 02 90 CD 13 0F .è".s..L.¸...Í..
0x000000C0 82 8B 00 90 81 3E FE 7D 55 AA 90 0F 85 A0 00 90 .....>þ}Uª......
0x000000D0 EA 00 7C 00 00 90 66 60 90 BB AA 55 B4 41 CD 13 ê.|...f`.»ªU´AÍ.
0x000000E0 90 73 04 F9 66 61 C3 81 FB 55 AA 75 F6 90 F6 C1 .s.ùfaÃ.ûUªuö.öÁ
0x000000F0 01 74 F0 66 61 90 66 60 6A 00 90 6A 00 66 50 06 .tðfa.f`j..j.fP.
0x00000100 90 53 51 90 6A 10 B4 42 90 89 E6 CD 13 61 90 66 .SQ.j.´B..æÍ.a.f
0x00000110 61 C3 66 69 DB FD 43 03 00 90 66 81 C3 C3 9E 26 aÃfiÛýC...f.ÃÃ.&
0x00000120 00 90 66 89 D8 90 66 C1 E8 10 90 66 25 FF 00 00 ..f.Ø.fÁè..f%...
0x00000130 00 90 C3 90 49 6E 76 61 6C 69 64 20 70 61 72 74 ..Ã.Invalid part
0x00000140 69 74 69 6F 6E 20 74 61 62 6C 65 00 90 90 45 72 ition table...Er
0x00000150 72 6F 72 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 ror loading oper
0x00000160 61 74 69 6E 67 20 73 79 73 74 65 6D 00 90 90 4D ating system...M
0x00000170 69 73 73 69 6E 67 20 6F 70 65 72 61 74 69 6E 67 issing operating
0x00000180 20 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 system.........
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 00 00 00 3C 45 3D 45 00 00 80 01 ........<E=E....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 EC 40 8A 09 00 00 ...þ..?...ì@....
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
__________________________16_BIT_ASM_CODE
0x0000 90 NOP
0x0001 31c0 XOR AX, AX
0x0003 90 NOP
0x0004 8ed8 MOV DS, AX
0x0006 8ec0 MOV ES, AX
0x0008 90 NOP
0x0009 8ed0 MOV SS, AX
0x000B bc 007c MOV SP, 0x7c00
0x000E be 007c MOV SI, 0x7c00
0x0011 90 NOP
0x0012 bf 0006 MOV DI, 0x600
0x0015 90 NOP
0x0016 b9 8000 MOV CX, 0x80
0x0019 90 NOP
0x001A fc CLD
0x001B f3 66 a5 REP MOVSD
0x001E 90 NOP
0x001F ea 2606 0000 JMP FAR 0x0:0x626
0x0024 90 NOP
0x0025 90 NOP
0x0026 66 31c0 XOR EAX, EAX
0x0029 90 NOP
0x002A be be07 MOV SI, 0x7be
0x002D b1 04 MOV CL, 0x4
0x002F 66 3944 08 CMP [SI+0x8], EAX
0x0033 90 NOP
0x0034 72 08 JB 0x3e
0x0036 66 8b44 08 MOV EAX, [SI+0x8]
0x003A 66 0344 0c ADD EAX, [SI+0xc]
0x003E 83c6 10 ADD SI, 0x10
0x0041 90 NOP
0x0042 832e 8b06 04 SUB WORD [0x68b], 0x4
0x0047 e2 e6 LOOP 0x2f
0x0049 66 09c0 OR EAX, EAX
0x004C 74 40 JZ 0x8e
0x004E 66 83c0 02 ADD EAX, 0x2
0x0052 90 NOP
0x0053 b9 4000 MOV CX, 0x40
0x0056 bb 007c MOV BX, 0x7c00
0x0059 bf 1207 MOV DI, 0x712
0x005C 90 NOP
0x005D 832e 8b06 04 SUB WORD [0x68b], 0x4
0x0062 e8 7100 CALL 0xd6
0x0065 72 27 JB 0x8e
0x0067 66 68 83c41490 PUSH 0x9014c483
0x006D 90 NOP
0x006E 66 68 0446e2f9 PUSH 0xf9e24604
0x0074 90 NOP
0x0075 66 68 80ffd730 PUSH 0x30d7ff80
0x007B 90 NOP
0x007C 66 68 89c3b900 PUSH 0xb9c389
0x0082 90 NOP
0x0083 66 68 be007c66 PUSH 0x667c00be
0x0089 0f83 7375 JAE 0x7600
0x008D e8 bebe CALL 0xbf4e
0x0090 07 POP ES
0x0091 b1 04 MOV CL, 0x4
0x0093 803c 80 CMP BYTE [SI], 0x80
0x0096 74 0f JZ 0xa7
0x0098 382c CMP [SI], CH
0x009A 0f85 9600 JNZ 0x134
0x009E 83c6 10 ADD SI, 0x10
0x00A1 e2 f0 LOOP 0x93
0x00A3 90 NOP
0x00A4 cd 18 INT 0x18
0x00A6 90 NOP
0x00A7 66 8b44 08 MOV EAX, [SI+0x8]
0x00AB 89e3 MOV BX, SP
0x00AD b9 0100 MOV CX, 0x1
0x00B0 90 NOP
0x00B1 e8 2200 CALL 0xd6
0x00B4 73 0e JAE 0xc4
0x00B6 8b4c 02 MOV CX, [SI+0x2]
0x00B9 b8 0102 MOV AX, 0x201
0x00BC 90 NOP
0x00BD cd 13 INT 0x13
0x00BF 0f82 8b00 JB 0x14e
0x00C3 90 NOP
0x00C4 813e fe7d 55aa CMP WORD [0x7dfe], 0xaa55
0x00CA 90 NOP
0x00CB 0f85 a000 JNZ 0x16f
0x00CF 90 NOP
0x00D0 ea 007c 0000 JMP FAR 0x0:0x7c00
0x00D5 90 NOP
0x00D6 66 60 PUSHAD
0x00D8 90 NOP
0x00D9 bb aa55 MOV BX, 0x55aa
0x00DC b4 41 MOV AH, 0x41
0x00DE cd 13 INT 0x13
0x00E0 90 NOP
0x00E1 73 04 JAE 0xe7
0x00E3 f9 STC
0x00E4 66 61 POPAD
0x00E6 c3 RET
0x00E7 81fb 55aa CMP BX, 0xaa55
0x00EB 75 f6 JNZ 0xe3
0x00ED 90 NOP
0x00EE f6c1 01 TEST CL, 0x1
0x00F1 74 f0 JZ 0xe3
0x00F3 66 61 POPAD
0x00F5 90 NOP
0x00F6 66 60 PUSHAD
0x00F8 6a 00 PUSH 0x0
0x00FA 90 NOP
0x00FB 6a 00 PUSH 0x0
0x00FD 66 50 PUSH EAX
0x00FF 06 PUSH ES
0x0100 90 NOP
0x0101 53 PUSH BX
0x0102 51 PUSH CX
0x0103 90 NOP
0x0104 6a 10 PUSH 0x10
0x0106 b4 42 MOV AH, 0x42
0x0108 90 NOP
0x0109 89e6 MOV SI, SP
0x010B cd 13 INT 0x13
0x010D 61 POPA
0x010E 90 NOP
0x010F 66 61 POPAD
0x0111 c3 RET
0x0112 66 69db fd430300IMUL EBX, EBX, 0x343fd
0x0119 90 NOP
0x011A 66 81c3 c39e2600ADD EBX, 0x269ec3
0x0121 90 NOP
0x0122 66 89d8 MOV EAX, EBX
0x0125 90 NOP
0x0126 66 c1e8 10 SHR EAX, 0x10
0x012A 90 NOP
0x012B 66 25 ff000000 AND EAX, 0xff
0x0131 90 NOP
0x0132 c3 RET
0x0133 90 NOP
0x0134 49 DEC CX
0x0135 6e OUTSB
0x0136 76 61 JBE 0x199
0x0138 6c INSB
0x0139 6964 20 7061 IMUL SP, [SI+0x20], 0x6170
0x013E 72 74 JB 0x1b4
0x0140 6974 69 6f6e IMUL SI, [SI+0x69], 0x6e6f
0x0145 2074 61 AND [SI+0x61], DH
0x0148 626c 65 BOUND BP, [SI+0x65]
0x014B 0090 9045 ADD [BX+SI+0x4590], DL
0x014F 72 72 JB 0x1c3
0x0151 6f OUTSW
0x0152 72 20 JB 0x174
0x0154 6c INSB
0x0155 6f OUTSW
0x0156 61 POPA
0x0157 64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20
0x015D 70 65 JO 0x1c4
0x015F 72 61 JB 0x1c2
0x0161 74 69 JZ 0x1cc
0x0163 6e OUTSB
0x0164 67 2073 79 AND [EBX+0x79], DH
0x0168 73 74 JAE 0x1de
0x016A 65 6d INS WORD GS:[DI], DX
0x016C 0090 904d ADD [BX+SI+0x4d90], DL
0x0170 6973 73 696e IMUL SI, [BP+DI+0x73], 0x6e69
0x0175 67 206f 70 AND [EDI+0x70], CH
0x0179 65 DB 0x65
0x0179 65 72 61 JB 0x1dd
0x017C 74 69 JZ 0x1e7
0x017E 6e OUTSB
0x017F 67 2073 79 AND [EBX+0x79], DH
0x0183 73 74 JAE 0x1f9
0x0185 65 6d INS WORD GS:[DI], DX
0x0187 0000 ADD [BX+SI], AL
0x0189 0000 ADD [BX+SI], AL
0x018B 0000 ADD [BX+SI], AL
0x018D 0000 ADD [BX+SI], AL
0x018F 0000 ADD [BX+SI], AL
0x0191 0000 ADD [BX+SI], AL
0x0193 0000 ADD [BX+SI], AL
0x0195 0000 ADD [BX+SI], AL
0x0197 0000 ADD [BX+SI], AL
0x0199 0000 ADD [BX+SI], AL
0x019B 0000 ADD [BX+SI], AL
0x019D 0000 ADD [BX+SI], AL
0x019F 0000 ADD [BX+SI], AL
0x01A1 0000 ADD [BX+SI], AL
0x01A3 0000 ADD [BX+SI], AL
0x01A5 0000 ADD [BX+SI], AL
0x01A7 0000 ADD [BX+SI], AL
0x01A9 0000 ADD [BX+SI], AL
0x01AB 0000 ADD [BX+SI], AL
0x01AD 0000 ADD [BX+SI], AL
0x01AF 0000 ADD [BX+SI], AL
0x01B1 0000 ADD [BX+SI], AL
0x01B3 0000 ADD [BX+SI], AL
0x01B5 0000 ADD [BX+SI], AL
0x01B7 003c ADD [SI], BH
0x01B9 45 INC BP
0x01BA 3d 4500 CMP AX, 0x45
0x01BD 0080 0101 ADD [BX+SI+0x101], AL
0x01C1 0007 ADD [BX], AL
0x01C3 fe DB 0xfe
0x01C4 ff DB 0xff
0x01C5 ff DB 0xff
0x01C6 3f AAS
0x01C7 0000 ADD [BX+SI], AL
0x01C9 00ec ADD AH, CH
0x01CB 40 INC AX
0x01CC 8a09 MOV CL, [BX+DI]
0x01CE 0000 ADD [BX+SI], AL
0x01D0 0000 ADD [BX+SI], AL
0x01D2 0000 ADD [BX+SI], AL
0x01D4 0000 ADD [BX+SI], AL
0x01D6 0000 ADD [BX+SI], AL
0x01D8 0000 ADD [BX+SI], AL
0x01DA 0000 ADD [BX+SI], AL
0x01DC 0000 ADD [BX+SI], AL
0x01DE 0000 ADD [BX+SI], AL
0x01E0 0000 ADD [BX+SI], AL
0x01E2 0000 ADD [BX+SI], AL
0x01E4 0000 ADD [BX+SI], AL
0x01E6 0000 ADD [BX+SI], AL
0x01E8 0000 ADD [BX+SI], AL
0x01EA 0000 ADD [BX+SI], AL
0x01EC 0000 ADD [BX+SI], AL
0x01EE 0000 ADD [BX+SI], AL
0x01F0 0000 ADD [BX+SI], AL
0x01F2 0000 ADD [BX+SI], AL
0x01F4 0000 ADD [BX+SI], AL
0x01F6 0000 ADD [BX+SI], AL
0x01F8 0000 ADD [BX+SI], AL
0x01FA 0000 ADD [BX+SI], AL
0x01FC 0000 ADD [BX+SI], AL
0x01FE 55 PUSH BP
0x01FF aa STOSB
_______MBR \Device\Harddisk1\DR12
0x00000000 FA 33 C0 8E D0 BC 00 7C 8B F4 50 07 50 1F FB FC ú3À.м.|.ôP.P.ûü
0x00000010 BF 00 06 B9 00 01 F2 A5 EA 1D 06 00 00 BE B8 06 ¿..¹..ò¥ê....¾¸.
0x00000020 AC 3C 00 74 0E 56 BB 07 00 B4 0E CD 10 5E EA 20 ¬<.t.V»..´.Í.^ê
0x00000030 06 00 00 CD 18 00 00 00 00 00 00 00 00 00 00 00 ...Í............
0x00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000000B0 00 00 00 00 00 00 00 00 50 65 6E 20 44 72 69 76 ........Pen Driv
0x000000C0 65 20 57 69 74 68 6F 75 74 20 4F 70 65 72 61 74 e Without Operat
0x000000D0 69 6E 67 20 53 79 73 74 65 6D 2E 52 65 6D 6F 76 ing System.Remov
0x000000E0 65 20 50 65 6E 20 44 72 69 76 65 20 41 6E 64 20 e Pen Drive And
0x000000F0 52 65 62 6F 6F 74 2E 20 00 00 00 00 00 00 00 00 Reboot. ........
0x00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 00 00 00 01 02 03 04 00 00 00 22 ..............."
0x000001C0 33 00 0C 65 26 F2 90 08 00 00 70 F7 EE 00 00 00 3..e&ò....p÷î...
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
__________________________16_BIT_ASM_CODE
0x0000 fa CLI
0x0001 33c0 XOR AX, AX
0x0003 8ed0 MOV SS, AX
0x0005 bc 007c MOV SP, 0x7c00
0x0008 8bf4 MOV SI, SP
0x000A 50 PUSH AX
0x000B 07 POP ES
0x000C 50 PUSH AX
0x000D 1f POP DS
0x000E fb STI
0x000F fc CLD
0x0010 bf 0006 MOV DI, 0x600
0x0013 b9 0001 MOV CX, 0x100
0x0016 f2 a5 REPNZ MOVSW
0x0018 ea 1d06 0000 JMP FAR 0x0:0x61d
0x001D be b806 MOV SI, 0x6b8
0x0020 ac LODSB
0x0021 3c 00 CMP AL, 0x0
0x0023 74 0e JZ 0x33
0x0025 56 PUSH SI
0x0026 bb 0700 MOV BX, 0x7
0x0029 b4 0e MOV AH, 0xe
0x002B cd 10 INT 0x10
0x002D 5e POP SI
0x002E ea 2006 0000 JMP FAR 0x0:0x620
0x0033 cd 18 INT 0x18
0x0035 0000 ADD [BX+SI], AL
0x0037 0000 ADD [BX+SI], AL
0x0039 0000 ADD [BX+SI], AL
0x003B 0000 ADD [BX+SI], AL
0x003D 0000 ADD [BX+SI], AL
0x003F 0000 ADD [BX+SI], AL
0x0041 0000 ADD [BX+SI], AL
0x0043 0000 ADD [BX+SI], AL
0x0045 0000 ADD [BX+SI], AL
0x0047 0000 ADD [BX+SI], AL
0x0049 0000 ADD [BX+SI], AL
0x004B 0000 ADD [BX+SI], AL
0x004D 0000 ADD [BX+SI], AL
0x004F 0000 ADD [BX+SI], AL
0x0051 0000 ADD [BX+SI], AL
0x0053 0000 ADD [BX+SI], AL
0x0055 0000 ADD [BX+SI], AL
0x0057 0000 ADD [BX+SI], AL
0x0059 0000 ADD [BX+SI], AL
0x005B 0000 ADD [BX+SI], AL
0x005D 0000 ADD [BX+SI], AL
0x005F 0000 ADD [BX+SI], AL
0x0061 0000 ADD [BX+SI], AL
0x0063 0000 ADD [BX+SI], AL
0x0065 0000 ADD [BX+SI], AL
0x0067 0000 ADD [BX+SI], AL
0x0069 0000 ADD [BX+SI], AL
0x006B 0000 ADD [BX+SI], AL
0x006D 0000 ADD [BX+SI], AL
0x006F 0000 ADD [BX+SI], AL
0x0071 0000 ADD [BX+SI], AL
0x0073 0000 ADD [BX+SI], AL
0x0075 0000 ADD [BX+SI], AL
0x0077 0000 ADD [BX+SI], AL
0x0079 0000 ADD [BX+SI], AL
0x007B 0000 ADD [BX+SI], AL
0x007D 0000 ADD [BX+SI], AL
0x007F 0000 ADD [BX+SI], AL
0x0081 0000 ADD [BX+SI], AL
0x0083 0000 ADD [BX+SI], AL
0x0085 0000 ADD [BX+SI], AL
0x0087 0000 ADD [BX+SI], AL
0x0089 0000 ADD [BX+SI], AL
0x008B 0000 ADD [BX+SI], AL
0x008D 0000 ADD [BX+SI], AL
0x008F 0000 ADD [BX+SI], AL
0x0091 0000 ADD [BX+SI], AL
0x0093 0000 ADD [BX+SI], AL
0x0095 0000 ADD [BX+SI], AL
0x0097 0000 ADD [BX+SI], AL
0x0099 0000 ADD [BX+SI], AL
0x009B 0000 ADD [BX+SI], AL
0x009D 0000 ADD [BX+SI], AL
0x009F 0000 ADD [BX+SI], AL
0x00A1 0000 ADD [BX+SI], AL
0x00A3 0000 ADD [BX+SI], AL
0x00A5 0000 ADD [BX+SI], AL
0x00A7 0000 ADD [BX+SI], AL
0x00A9 0000 ADD [BX+SI], AL
0x00AB 0000 ADD [BX+SI], AL
0x00AD 0000 ADD [BX+SI], AL
0x00AF 0000 ADD [BX+SI], AL
0x00B1 0000 ADD [BX+SI], AL
0x00B3 0000 ADD [BX+SI], AL
0x00B5 0000 ADD [BX+SI], AL
0x00B7 0050 65 ADD [BX+SI+0x65], DL
0x00BA 6e OUTSB
0x00BB 2044 72 AND [SI+0x72], AL
0x00BE 6976 65 2057 IMUL SI, [BP+0x65], 0x5720
0x00C3 6974 68 6f75 IMUL SI, [SI+0x68], 0x756f
0x00C8 74 20 JZ 0xea
0x00CA 4f DEC DI
0x00CB 70 65 JO 0x132
0x00CD 72 61 JB 0x130
0x00CF 74 69 JZ 0x13a
0x00D1 6e OUTSB
0x00D2 67 2053 79 AND [EBX+0x79], DL
0x00D6 73 74 JAE 0x14c
0x00D8 65 6d INS WORD GS:[DI], DX
0x00DA 2e DB 0x2e
0x00DA 2e 52 PUSH DX
0x00DC 65 6d INS WORD GS:[DI], DX
0x00DE 6f OUTSW
0x00DF 76 65 JBE 0x146
0x00E1 2050 65 AND [BX+SI+0x65], DL
0x00E4 6e OUTSB
0x00E5 2044 72 AND [SI+0x72], AL
0x00E8 6976 65 2041 IMUL SI, [BP+0x65], 0x4120
0x00ED 6e OUTSB
0x00EE 64 2052 65 AND FS:[BP+SI+0x65], DL
0x00F2 626f 6f BOUND BP, [BX+0x6f]
0x00F5 74 2e JZ 0x125
0x00F7 2000 AND [BX+SI], AL
0x00F9 0000 ADD [BX+SI], AL
0x00FB 0000 ADD [BX+SI], AL
0x00FD 0000 ADD [BX+SI], AL
0x00FF 0000 ADD [BX+SI], AL
0x0101 0000 ADD [BX+SI], AL
0x0103 0000 ADD [BX+SI], AL
0x0105 0000 ADD [BX+SI], AL
0x0107 0000 ADD [BX+SI], AL
0x0109 0000 ADD [BX+SI], AL
0x010B 0000 ADD [BX+SI], AL
0x010D 0000 ADD [BX+SI], AL
0x010F 0000 ADD [BX+SI], AL
0x0111 0000 ADD [BX+SI], AL
0x0113 0000 ADD [BX+SI], AL
0x0115 0000 ADD [BX+SI], AL
0x0117 0000 ADD [BX+SI], AL
0x0119 0000 ADD [BX+SI], AL
0x011B 0000 ADD [BX+SI], AL
0x011D 0000 ADD [BX+SI], AL
0x011F 0000 ADD [BX+SI], AL
0x0121 0000 ADD [BX+SI], AL
0x0123 0000 ADD [BX+SI], AL
0x0125 0000 ADD [BX+SI], AL
0x0127 0000 ADD [BX+SI], AL
0x0129 0000 ADD [BX+SI], AL
0x012B 0000 ADD [BX+SI], AL
0x012D 0000 ADD [BX+SI], AL
0x012F 0000 ADD [BX+SI], AL
0x0131 0000 ADD [BX+SI], AL
0x0133 0000 ADD [BX+SI], AL
0x0135 0000 ADD [BX+SI], AL
0x0137 0000 ADD [BX+SI], AL
0x0139 0000 ADD [BX+SI], AL
0x013B 0000 ADD [BX+SI], AL
0x013D 0000 ADD [BX+SI], AL
0x013F 0000 ADD [BX+SI], AL
0x0141 0000 ADD [BX+SI], AL
0x0143 0000 ADD [BX+SI], AL
0x0145 0000 ADD [BX+SI], AL
0x0147 0000 ADD [BX+SI], AL
0x0149 0000 ADD [BX+SI], AL
0x014B 0000 ADD [BX+SI], AL
0x014D 0000 ADD [BX+SI], AL
0x014F 0000 ADD [BX+SI], AL
0x0151 0000 ADD [BX+SI], AL
0x0153 0000 ADD [BX+SI], AL
0x0155 0000 ADD [BX+SI], AL
0x0157 0000 ADD [BX+SI], AL
0x0159 0000 ADD [BX+SI], AL
0x015B 0000 ADD [BX+SI], AL
0x015D 0000 ADD [BX+SI], AL
0x015F 0000 ADD [BX+SI], AL
0x0161 0000 ADD [BX+SI], AL
0x0163 0000 ADD [BX+SI], AL
0x0165 0000 ADD [BX+SI], AL
0x0167 0000 ADD [BX+SI], AL
0x0169 0000 ADD [BX+SI], AL
0x016B 0000 ADD [BX+SI], AL
0x016D 0000 ADD [BX+SI], AL
0x016F 0000 ADD [BX+SI], AL
0x0171 0000 ADD [BX+SI], AL
0x0173 0000 ADD [BX+SI], AL
0x0175 0000 ADD [BX+SI], AL
0x0177 0000 ADD [BX+SI], AL
0x0179 0000 ADD [BX+SI], AL
0x017B 0000 ADD [BX+SI], AL
0x017D 0000 ADD [BX+SI], AL
0x017F 0000 ADD [BX+SI], AL
0x0181 0000 ADD [BX+SI], AL
0x0183 0000 ADD [BX+SI], AL
0x0185 0000 ADD [BX+SI], AL
0x0187 0000 ADD [BX+SI], AL
0x0189 0000 ADD [BX+SI], AL
0x018B 0000 ADD [BX+SI], AL
0x018D 0000 ADD [BX+SI], AL
0x018F 0000 ADD [BX+SI], AL
0x0191 0000 ADD [BX+SI], AL
0x0193 0000 ADD [BX+SI], AL
0x0195 0000 ADD [BX+SI], AL
0x0197 0000 ADD [BX+SI], AL
0x0199 0000 ADD [BX+SI], AL
0x019B 0000 ADD [BX+SI], AL
0x019D 0000 ADD [BX+SI], AL
0x019F 0000 ADD [BX+SI], AL
0x01A1 0000 ADD [BX+SI], AL
0x01A3 0000 ADD [BX+SI], AL
0x01A5 0000 ADD [BX+SI], AL
0x01A7 0000 ADD [BX+SI], AL
0x01A9 0000 ADD [BX+SI], AL
0x01AB 0000 ADD [BX+SI], AL
0x01AD 0000 ADD [BX+SI], AL
0x01AF 0000 ADD [BX+SI], AL
0x01B1 0000 ADD [BX+SI], AL
0x01B3 0000 ADD [BX+SI], AL
0x01B5 0000 ADD [BX+SI], AL
0x01B7 0001 ADD [BX+DI], AL
0x01B9 0203 ADD AL, [BP+DI]
0x01BB 04 00 ADD AL, 0x0
0x01BD 0000 ADD [BX+SI], AL
0x01BF 2233 AND DH, [BP+DI]
0x01C1 000c ADD [SI], CL
0x01C3 65 DB 0x65
0x01C4 26 DB 0x26
0x01C4 f2 DB 0xf2
0x01C4 26 f2 90 NOP
0x01C7 0800 OR [BX+SI], AL
0x01C9 0070 f7 ADD [BX+SI-0x9], DH
0x01CC ee OUT DX, AL
0x01CD 0000 ADD [BX+SI], AL
0x01CF 0000 ADD [BX+SI], AL
0x01D1 0000 ADD [BX+SI], AL
0x01D3 0000 ADD [BX+SI], AL
0x01D5 0000 ADD [BX+SI], AL
0x01D7 0000 ADD [BX+SI], AL
0x01D9 0000 ADD [BX+SI], AL
0x01DB 0000 ADD [BX+SI], AL
0x01DD 0000 ADD [BX+SI], AL
0x01DF 0000 ADD [BX+SI], AL
0x01E1 0000 ADD [BX+SI], AL
0x01E3 0000 ADD [BX+SI], AL
0x01E5 0000 ADD [BX+SI], AL
0x01E7 0000 ADD [BX+SI], AL
0x01E9 0000 ADD [BX+SI], AL
0x01EB 0000 ADD [BX+SI], AL
0x01ED 0000 ADD [BX+SI], AL
0x01EF 0000 ADD [BX+SI], AL
0x01F1 0000 ADD [BX+SI], AL
0x01F3 0000 ADD [BX+SI], AL
0x01F5 0000 ADD [BX+SI], AL
0x01F7 0000 ADD [BX+SI], AL
0x01F9 0000 ADD [BX+SI], AL
0x01FB 0000 ADD [BX+SI], AL
0x01FD 0055 aa ADD [DI-0x56], DL
Re: Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun
Zde přikládám log z TDSSKiller:
21:16:04.0984 2068 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
21:16:05.0593 2068 ============================================================
21:16:05.0593 2068 Current date / time: 2012/06/26 21:16:05.0593
21:16:05.0593 2068 SystemInfo:
21:16:05.0593 2068
21:16:05.0593 2068 OS Version: 5.1.2600 ServicePack: 3.0
21:16:05.0593 2068 Product type: Workstation
21:16:05.0593 2068 ComputerName: PEVNA
21:16:05.0593 2068 UserName: František Eliáš
21:16:05.0593 2068 Windows directory: C:\WINDOWS
21:16:05.0593 2068 System windows directory: C:\WINDOWS
21:16:05.0593 2068 Processor architecture: Intel x86
21:16:05.0593 2068 Number of processors: 1
21:16:05.0625 2068 Page size: 0x1000
21:16:05.0625 2068 Boot type: Normal boot
21:16:05.0625 2068 ============================================================
21:16:10.0406 2068 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:16:10.0406 2068 Drive \Device\Harddisk1\DR14 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:16:10.0406 2068 ============================================================
21:16:10.0406 2068 \Device\Harddisk0\DR0:
21:16:10.0406 2068 MBR partitions:
21:16:10.0406 2068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A40EC
21:16:10.0406 2068 \Device\Harddisk1\DR14:
21:16:10.0406 2068 MBR partitions:
21:16:10.0406 2068 \Device\Harddisk1\DR14\Partition0: MBR, Type 0xC, StartLBA 0x890, BlocksNum 0xEEF770
21:16:10.0406 2068 ============================================================
21:16:10.0437 2068 C: <-> \Device\Harddisk0\DR0\Partition0
21:16:10.0437 2068 ============================================================
21:16:10.0437 2068 Initialize success
21:16:10.0437 2068 ============================================================
21:16:27.0562 2124 ============================================================
21:16:27.0562 2124 Scan started
21:16:27.0562 2124 Mode: Manual; SigCheck; TDLFS;
21:16:27.0562 2124 ============================================================
21:16:28.0093 2124 602XML Updater (ebd7bd25c1d33b10d2251194c300ee85) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
21:16:28.0375 2124 602XML Updater ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0375 2124 602XML Updater - detected UnsignedFile.Multi.Generic (1)
21:16:28.0515 2124 Abiosdsk - ok
21:16:28.0546 2124 abp480n5 - ok
21:16:28.0609 2124 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:16:29.0000 2124 ACPI - ok
21:16:29.0031 2124 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:16:29.0250 2124 ACPIEC - ok
21:16:29.0281 2124 adpu160m - ok
21:16:29.0343 2124 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:16:29.0593 2124 aec - ok
21:16:29.0640 2124 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:16:29.0703 2124 AFD - ok
21:16:29.0718 2124 Aha154x - ok
21:16:29.0750 2124 aic78u2 - ok
21:16:29.0781 2124 aic78xx - ok
21:16:29.0890 2124 ALCXWDM (02d94d2d336d3de8c5e8fe04a62d552d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:16:30.0046 2124 ALCXWDM - ok
21:16:30.0109 2124 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
21:16:30.0296 2124 Alerter - ok
21:16:30.0328 2124 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
21:16:30.0453 2124 ALG - ok
21:16:30.0468 2124 AliIde - ok
21:16:30.0531 2124 AmdK7 (3980814f8027d27ea003e2e3d9d4f604) C:\WINDOWS\system32\DRIVERS\amdk7.sys
21:16:30.0750 2124 AmdK7 - ok
21:16:30.0765 2124 amsint - ok
21:16:30.0781 2124 AppMgmt - ok
21:16:30.0812 2124 asc - ok
21:16:30.0843 2124 asc3350p - ok
21:16:30.0859 2124 asc3550 - ok
21:16:30.0984 2124 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:16:31.0046 2124 aspnet_state - ok
21:16:31.0093 2124 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:16:31.0312 2124 AsyncMac - ok
21:16:31.0359 2124 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:16:31.0562 2124 atapi - ok
21:16:31.0578 2124 Atdisk - ok
21:16:31.0640 2124 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:16:31.0906 2124 Atmarpc - ok
21:16:31.0937 2124 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
21:16:32.0203 2124 AudioSrv - ok
21:16:32.0250 2124 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:16:32.0468 2124 audstub - ok
21:16:32.0531 2124 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:16:32.0750 2124 Beep - ok
21:16:32.0828 2124 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
21:16:33.0156 2124 BITS - ok
21:16:33.0203 2124 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
21:16:33.0421 2124 Browser - ok
21:16:33.0546 2124 catchme - ok
21:16:33.0609 2124 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:16:33.0859 2124 cbidf2k - ok
21:16:33.0875 2124 cd20xrnt - ok
21:16:33.0937 2124 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:16:34.0218 2124 Cdaudio - ok
21:16:34.0281 2124 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:16:34.0515 2124 Cdfs - ok
21:16:34.0562 2124 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:16:34.0812 2124 Cdrom - ok
21:16:34.0843 2124 Changer - ok
21:16:34.0906 2124 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
21:16:35.0140 2124 CiSvc - ok
21:16:35.0171 2124 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
21:16:35.0437 2124 ClipSrv - ok
21:16:35.0515 2124 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:16:35.0562 2124 clr_optimization_v2.0.50727_32 - ok
21:16:35.0640 2124 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:16:35.0703 2124 clr_optimization_v4.0.30319_32 - ok
21:16:35.0718 2124 CmdIde - ok
21:16:35.0734 2124 COMSysApp - ok
21:16:35.0781 2124 Cpqarray - ok
21:16:35.0828 2124 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
21:16:36.0078 2124 CryptSvc - ok
21:16:36.0109 2124 dac2w2k - ok
21:16:36.0125 2124 dac960nt - ok
21:16:36.0203 2124 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
21:16:36.0343 2124 DcomLaunch - ok
21:16:36.0421 2124 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
21:16:36.0750 2124 Dhcp - ok
21:16:36.0796 2124 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:16:37.0031 2124 Disk - ok
21:16:37.0062 2124 dmadmin - ok
21:16:37.0156 2124 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
21:16:37.0578 2124 dmboot - ok
21:16:37.0609 2124 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
21:16:37.0875 2124 dmio - ok
21:16:37.0921 2124 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:16:38.0203 2124 dmload - ok
21:16:38.0250 2124 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
21:16:38.0515 2124 dmserver - ok
21:16:38.0578 2124 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:16:38.0843 2124 DMusic - ok
21:16:38.0890 2124 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
21:16:38.0984 2124 Dnscache - ok
21:16:39.0062 2124 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
21:16:39.0312 2124 Dot3svc - ok
21:16:39.0328 2124 dpti2o - ok
21:16:39.0375 2124 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:16:39.0625 2124 drmkaud - ok
21:16:39.0687 2124 eamon (ba3bb79c859292c3ff2a21b05e64696f) C:\WINDOWS\system32\DRIVERS\eamon.sys
21:16:39.0796 2124 eamon - ok
21:16:39.0859 2124 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
21:16:40.0140 2124 EapHost - ok
21:16:40.0187 2124 ehdrv (3c747a0d8ce29720302972ac6ed09733) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
21:16:40.0218 2124 ehdrv - ok
21:16:40.0296 2124 EhttpSrv (679ad4afcaf9520cc5607d204ae27cce) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
21:16:40.0328 2124 EhttpSrv - ok
21:16:40.0406 2124 ekrn (82a0ee1f5ccc82cc5453d24ff186e9b0) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
21:16:40.0562 2124 ekrn - ok
21:16:40.0640 2124 epfwtdir (c24fae2e95936bb8f0d4941c329cc663) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
21:16:40.0656 2124 epfwtdir - ok
21:16:40.0687 2124 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
21:16:40.0953 2124 ERSvc - ok
21:16:41.0015 2124 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
21:16:41.0265 2124 es1371 - ok
21:16:41.0312 2124 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:16:41.0437 2124 Eventlog - ok
21:16:41.0500 2124 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
21:16:41.0578 2124 EventSystem - ok
21:16:41.0625 2124 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:16:41.0875 2124 Fastfat - ok
21:16:41.0937 2124 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:16:42.0031 2124 FastUserSwitchingCompatibility - ok
21:16:42.0093 2124 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:16:42.0343 2124 Fdc - ok
21:16:42.0375 2124 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
21:16:42.0625 2124 FETNDIS - ok
21:16:42.0671 2124 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
21:16:42.0921 2124 Fips - ok
21:16:43.0000 2124 FirebirdGuardianDefaultInstance - ok
21:16:43.0031 2124 FirebirdServerDefaultInstance - ok
21:16:43.0093 2124 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:16:43.0296 2124 Flpydisk - ok
21:16:43.0359 2124 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:16:43.0578 2124 FltMgr - ok
21:16:43.0890 2124 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:16:43.0968 2124 FontCache3.0.0.0 - ok
21:16:44.0062 2124 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:16:44.0296 2124 Fs_Rec - ok
21:16:44.0546 2124 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:16:44.0781 2124 Ftdisk - ok
21:16:44.0875 2124 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:16:45.0109 2124 gameenum - ok
21:16:45.0265 2124 GemCCID (86d3d834d35ebe920d85ffedcef79faf) C:\WINDOWS\system32\Drivers\GemCCID.sys
21:16:45.0453 2124 GemCCID - ok
21:16:45.0453 2124 GMSIPCI - ok
21:16:45.0484 2124 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:16:45.0734 2124 Gpc - ok
21:16:45.0875 2124 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:16:46.0156 2124 helpsvc - ok
21:16:46.0218 2124 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
21:16:46.0468 2124 HidServ - ok
21:16:46.0515 2124 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:16:46.0734 2124 hidusb - ok
21:16:46.0796 2124 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
21:16:47.0046 2124 hkmsvc - ok
21:16:47.0062 2124 hpn - ok
21:16:47.0140 2124 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:16:47.0203 2124 HTTP - ok
21:16:47.0265 2124 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
21:16:47.0531 2124 HTTPFilter - ok
21:16:47.0546 2124 i2omgmt - ok
21:16:47.0578 2124 i2omp - ok
21:16:47.0640 2124 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:16:47.0859 2124 i8042prt - ok
21:16:48.0000 2124 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:16:48.0125 2124 idsvc - ok
21:16:48.0281 2124 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
21:16:48.0296 2124 IJPLMSVC - ok
21:16:48.0359 2124 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:16:48.0578 2124 Imapi - ok
21:16:48.0656 2124 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
21:16:48.0875 2124 ImapiService - ok
21:16:48.0890 2124 ini910u - ok
21:16:48.0937 2124 IntelIde - ok
21:16:48.0984 2124 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:16:49.0265 2124 Ip6Fw - ok
21:16:49.0328 2124 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:16:49.0640 2124 IpFilterDriver - ok
21:16:49.0734 2124 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:16:49.0968 2124 IpInIp - ok
21:16:50.0015 2124 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:16:50.0234 2124 IpNat - ok
21:16:50.0296 2124 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:16:50.0546 2124 IPSec - ok
21:16:50.0593 2124 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:16:50.0703 2124 IRENUM - ok
21:16:50.0750 2124 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:16:50.0968 2124 isapnp - ok
21:16:51.0078 2124 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
21:16:51.0109 2124 JavaQuickStarterService - ok
21:16:51.0156 2124 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:16:51.0375 2124 Kbdclass - ok
21:16:51.0437 2124 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:16:51.0687 2124 kbdhid - ok
21:16:51.0765 2124 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:16:51.0953 2124 kmixer - ok
21:16:52.0000 2124 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:16:52.0062 2124 KSecDD - ok
21:16:52.0125 2124 LanmanServer (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
21:16:52.0156 2124 LanmanServer - ok
21:16:52.0218 2124 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
21:16:52.0296 2124 lanmanworkstation - ok
21:16:52.0312 2124 lbrtfdc - ok
21:16:52.0390 2124 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
21:16:52.0640 2124 LmHosts - ok
21:16:52.0765 2124 McciCMService (4f74184920b2d6e33024409b4c5c57c1) C:\Program Files\Common Files\Motive\McciCMService.exe
21:16:52.0812 2124 McciCMService ( UnsignedFile.Multi.Generic ) - warning
21:16:52.0812 2124 McciCMService - detected UnsignedFile.Multi.Generic (1)
21:16:52.0859 2124 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
21:16:53.0125 2124 Messenger - ok
21:16:53.0203 2124 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:16:53.0265 2124 Microsoft Office Groove Audit Service - ok
21:16:53.0312 2124 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:16:53.0484 2124 mnmdd - ok
21:16:53.0546 2124 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
21:16:53.0828 2124 mnmsrvc - ok
21:16:53.0875 2124 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
21:16:54.0140 2124 Modem - ok
21:16:54.0171 2124 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:16:54.0390 2124 Mouclass - ok
21:16:54.0437 2124 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:16:54.0656 2124 mouhid - ok
21:16:54.0687 2124 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:16:54.0890 2124 MountMgr - ok
21:16:54.0921 2124 mraid35x - ok
21:16:54.0968 2124 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:16:55.0000 2124 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
21:16:55.0000 2124 MREMP50 - detected UnsignedFile.Multi.Generic (1)
21:16:55.0015 2124 MREMP50a64 - ok
21:16:55.0031 2124 MREMPR5 - ok
21:16:55.0046 2124 MRENDIS5 - ok
21:16:55.0062 2124 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:16:55.0093 2124 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
21:16:55.0093 2124 MRESP50 - detected UnsignedFile.Multi.Generic (1)
21:16:55.0109 2124 MRESP50a64 - ok
21:16:55.0156 2124 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:16:55.0375 2124 MRxDAV - ok
21:16:55.0453 2124 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:16:55.0546 2124 MRxSmb - ok
21:16:55.0593 2124 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
21:16:55.0812 2124 MSDTC - ok
21:16:55.0859 2124 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:16:56.0046 2124 Msfs - ok
21:16:56.0062 2124 MSIServer - ok
21:16:56.0375 2124 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:16:56.0625 2124 MSKSSRV - ok
21:16:56.0656 2124 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:16:56.0890 2124 MSPCLOCK - ok
21:16:56.0906 2124 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:16:57.0156 2124 MSPQM - ok
21:16:57.0203 2124 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:16:57.0406 2124 mssmbios - ok
21:16:57.0453 2124 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:16:57.0515 2124 Mup - ok
21:16:57.0578 2124 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
21:16:57.0890 2124 napagent - ok
21:16:57.0937 2124 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:16:58.0187 2124 NDIS - ok
21:16:58.0234 2124 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:16:58.0281 2124 NdisTapi - ok
21:16:58.0328 2124 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:16:58.0531 2124 Ndisuio - ok
21:16:58.0593 2124 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:16:58.0812 2124 NdisWan - ok
21:16:58.0875 2124 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:16:58.0937 2124 NDProxy - ok
21:16:58.0984 2124 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
21:16:59.0015 2124 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:16:59.0015 2124 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:16:59.0078 2124 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:16:59.0328 2124 NetBIOS - ok
21:16:59.0359 2124 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:16:59.0562 2124 NetBT - ok
21:16:59.0625 2124 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:16:59.0843 2124 NetDDE - ok
21:16:59.0875 2124 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:17:00.0093 2124 NetDDEdsdm - ok
21:17:00.0140 2124 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:17:00.0406 2124 Netlogon - ok
21:17:00.0453 2124 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
21:17:00.0656 2124 Netman - ok
21:17:00.0796 2124 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:17:00.0812 2124 NetTcpPortSharing - ok
21:17:00.0859 2124 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
21:17:00.0906 2124 Nla - ok
21:17:00.0953 2124 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
21:17:01.0218 2124 nmwcd - ok
21:17:01.0281 2124 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
21:17:01.0375 2124 nmwcdc - ok
21:17:01.0437 2124 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
21:17:01.0562 2124 nmwcdnsu - ok
21:17:01.0593 2124 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
21:17:01.0703 2124 nmwcdnsuc - ok
21:17:01.0734 2124 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:17:01.0953 2124 Npfs - ok
21:17:02.0031 2124 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:17:02.0281 2124 Ntfs - ok
21:17:02.0312 2124 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:17:02.0515 2124 NtLmSsp - ok
21:17:02.0578 2124 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
21:17:02.0859 2124 NtmsSvc - ok
21:17:02.0906 2124 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:17:03.0125 2124 Null - ok
21:17:03.0281 2124 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:17:03.0750 2124 nv - ok
21:17:03.0906 2124 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:17:04.0156 2124 NwlnkFlt - ok
21:17:04.0171 2124 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:17:04.0437 2124 NwlnkFwd - ok
21:17:04.0625 2124 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:17:04.0765 2124 odserv - ok
21:17:04.0828 2124 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:17:04.0875 2124 ose - ok
21:17:04.0921 2124 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
21:17:05.0125 2124 Parport - ok
21:17:05.0156 2124 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:17:05.0343 2124 PartMgr - ok
21:17:05.0390 2124 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
21:17:05.0609 2124 ParVdm - ok
21:17:05.0656 2124 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:17:05.0734 2124 pccsmcfd - ok
21:17:05.0796 2124 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
21:17:05.0984 2124 PCI - ok
21:17:06.0000 2124 PCIDump - ok
21:17:06.0031 2124 PCIIde - ok
21:17:06.0078 2124 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:17:06.0375 2124 Pcmcia - ok
21:17:06.0406 2124 PDCOMP - ok
21:17:06.0421 2124 PDFRAME - ok
21:17:06.0468 2124 PDRELI - ok
21:17:06.0500 2124 PDRFRAME - ok
21:17:06.0515 2124 perc2 - ok
21:17:06.0546 2124 perc2hib - ok
21:17:06.0656 2124 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:17:06.0687 2124 PlugPlay - ok
21:17:06.0718 2124 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
21:17:06.0750 2124 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:17:06.0750 2124 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:17:06.0828 2124 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:17:07.0046 2124 PolicyAgent - ok
21:17:07.0078 2124 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:17:07.0312 2124 PptpMiniport - ok
21:17:07.0343 2124 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:17:07.0562 2124 ProtectedStorage - ok
21:17:07.0578 2124 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:17:07.0781 2124 PSched - ok
21:17:07.0859 2124 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:17:08.0062 2124 Ptilink - ok
21:17:08.0093 2124 ql1080 - ok
21:17:08.0109 2124 Ql10wnt - ok
21:17:08.0140 2124 ql12160 - ok
21:17:08.0171 2124 ql1240 - ok
21:17:08.0187 2124 ql1280 - ok
21:17:08.0218 2124 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:17:08.0453 2124 RasAcd - ok
21:17:08.0515 2124 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
21:17:08.0765 2124 RasAuto - ok
21:17:08.0796 2124 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:17:09.0046 2124 Rasl2tp - ok
21:17:09.0093 2124 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
21:17:09.0328 2124 RasMan - ok
21:17:09.0359 2124 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:17:09.0593 2124 RasPppoe - ok
21:17:09.0640 2124 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:17:09.0843 2124 Raspti - ok
21:17:09.0890 2124 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:17:10.0109 2124 Rdbss - ok
21:17:10.0156 2124 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:17:10.0359 2124 RDPCDD - ok
21:17:10.0406 2124 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:17:10.0500 2124 RDPWD - ok
21:17:10.0562 2124 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
21:17:10.0859 2124 RDSessMgr - ok
21:17:10.0921 2124 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:17:11.0125 2124 redbook - ok
21:17:11.0203 2124 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
21:17:11.0453 2124 RemoteAccess - ok
21:17:11.0500 2124 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
21:17:11.0687 2124 RpcLocator - ok
21:17:11.0765 2124 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
21:17:11.0796 2124 RpcSs - ok
21:17:11.0859 2124 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
21:17:12.0078 2124 RSVP - ok
21:17:12.0125 2124 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
21:17:12.0171 2124 rtl8139 - ok
21:17:12.0218 2124 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:17:12.0453 2124 SamSs - ok
21:17:12.0515 2124 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
21:17:12.0734 2124 SCardSvr - ok
21:17:12.0796 2124 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
21:17:13.0031 2124 Schedule - ok
21:17:13.0062 2124 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:17:13.0171 2124 Secdrv - ok
21:17:13.0218 2124 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
21:17:13.0437 2124 seclogon - ok
21:17:13.0468 2124 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
21:17:13.0671 2124 SENS - ok
21:17:13.0718 2124 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:17:13.0906 2124 serenum - ok
21:17:13.0921 2124 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
21:17:14.0203 2124 Serial - ok
21:17:14.0343 2124 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:17:14.0515 2124 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
21:17:14.0515 2124 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
21:17:14.0656 2124 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:17:14.0921 2124 Sfloppy - ok
21:17:14.0968 2124 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
21:17:15.0218 2124 SharedAccess - ok
21:17:15.0281 2124 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:17:15.0296 2124 ShellHWDetection - ok
21:17:15.0328 2124 Simbad - ok
21:17:15.0359 2124 Sparrow - ok
21:17:15.0421 2124 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:17:15.0656 2124 splitter - ok
21:17:15.0703 2124 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:17:15.0734 2124 Spooler - ok
21:17:16.0062 2124 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
21:17:16.0062 2124 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
21:17:16.0062 2124 sptd ( LockedFile.Multi.Generic ) - warning
21:17:16.0062 2124 sptd - detected LockedFile.Multi.Generic (1)
21:17:16.0187 2124 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
21:17:16.0281 2124 sr - ok
21:17:16.0812 2124 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
21:17:17.0062 2124 srservice - ok
21:17:17.0359 2124 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:17:17.0484 2124 Srv - ok
21:17:17.0531 2124 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
21:17:17.0640 2124 SSDPSRV - ok
21:17:17.0718 2124 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
21:17:17.0937 2124 stisvc - ok
21:17:18.0000 2124 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:17:18.0234 2124 swenum - ok
21:17:18.0265 2124 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:17:18.0515 2124 swmidi - ok
21:17:18.0531 2124 SwPrv - ok
21:17:18.0562 2124 symc810 - ok
21:17:18.0578 2124 symc8xx - ok
21:17:18.0609 2124 sym_hi - ok
21:17:18.0640 2124 sym_u3 - ok
21:17:18.0671 2124 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:17:18.0890 2124 sysaudio - ok
21:17:18.0937 2124 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
21:17:19.0125 2124 SysmonLog - ok
21:17:19.0171 2124 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
21:17:19.0390 2124 TapiSrv - ok
21:17:19.0468 2124 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:17:19.0546 2124 Tcpip - ok
21:17:19.0578 2124 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:17:19.0812 2124 TDPIPE - ok
21:17:19.0843 2124 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:17:20.0109 2124 TDTCP - ok
21:17:20.0156 2124 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:17:20.0375 2124 TermDD - ok
21:17:20.0421 2124 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
21:17:20.0625 2124 TermService - ok
21:17:20.0687 2124 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:17:20.0703 2124 Themes - ok
21:17:20.0718 2124 TosIde - ok
21:17:20.0796 2124 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
21:17:20.0984 2124 TrkWks - ok
21:17:21.0046 2124 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
21:17:21.0250 2124 uagp35 - ok
21:17:21.0312 2124 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:17:21.0531 2124 Udfs - ok
21:17:21.0578 2124 ultra - ok
21:17:21.0671 2124 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:17:21.0937 2124 Update - ok
21:17:22.0000 2124 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
21:17:22.0093 2124 upnphost - ok
21:17:22.0140 2124 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
21:17:22.0218 2124 upperdev - ok
21:17:22.0265 2124 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
21:17:22.0437 2124 UPS - ok
21:17:22.0500 2124 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:17:22.0765 2124 usbccgp - ok
21:17:22.0828 2124 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:17:23.0015 2124 usbehci - ok
21:17:23.0046 2124 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:17:23.0265 2124 usbhub - ok
21:17:23.0312 2124 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:17:23.0531 2124 usbscan - ok
21:17:23.0593 2124 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
21:17:23.0843 2124 usbser - ok
21:17:23.0875 2124 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
21:17:23.0968 2124 UsbserFilt - ok
21:17:24.0031 2124 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:17:24.0203 2124 USBSTOR - ok
21:17:24.0234 2124 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:17:24.0453 2124 usbuhci - ok
21:17:24.0484 2124 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:17:24.0687 2124 VgaSave - ok
21:17:24.0734 2124 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:17:24.0953 2124 ViaIde - ok
21:17:25.0015 2124 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
21:17:25.0218 2124 VolSnap - ok
21:17:25.0265 2124 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
21:17:25.0375 2124 VSS - ok
21:17:25.0453 2124 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
21:17:25.0640 2124 W32Time - ok
21:17:25.0703 2124 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:17:25.0921 2124 Wanarp - ok
21:17:26.0000 2124 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:17:26.0109 2124 Wdf01000 - ok
21:17:26.0140 2124 WDICA - ok
21:17:26.0203 2124 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:17:26.0375 2124 wdmaud - ok
21:17:26.0437 2124 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
21:17:26.0671 2124 WebClient - ok
21:17:26.0796 2124 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:17:27.0031 2124 winmgmt - ok
21:17:27.0125 2124 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:17:27.0218 2124 WmdmPmSN - ok
21:17:27.0281 2124 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:17:27.0484 2124 WmiApSrv - ok
21:17:27.0640 2124 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:17:27.0765 2124 WMPNetworkSvc - ok
21:17:27.0828 2124 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:17:27.0875 2124 WpdUsb - ok
21:17:28.0031 2124 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:17:28.0140 2124 WPFFontCache_v0400 - ok
21:17:28.0203 2124 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:17:28.0421 2124 WS2IFSL - ok
21:17:28.0453 2124 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
21:17:28.0687 2124 wscsvc - ok
21:17:28.0703 2124 WSearch - ok
21:17:28.0781 2124 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
21:17:29.0000 2124 wuauserv - ok
21:17:29.0046 2124 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:17:29.0093 2124 WudfPf - ok
21:17:29.0140 2124 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:17:29.0203 2124 WudfRd - ok
21:17:29.0250 2124 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
21:17:29.0281 2124 WudfSvc - ok
21:17:29.0359 2124 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
21:17:29.0625 2124 WZCSVC - ok
21:17:29.0687 2124 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
21:17:29.0953 2124 xmlprov - ok
21:17:29.0984 2124 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
21:17:30.0015 2124 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
21:17:30.0015 2124 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
21:17:30.0078 2124 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk1\DR14
21:17:30.0187 2124 \Device\Harddisk1\DR14 - ok
21:17:30.0203 2124 Boot (0x1200) (9d96a33ebdbc1f24b090b0a1224c41fa) \Device\Harddisk0\DR0\Partition0
21:17:30.0203 2124 \Device\Harddisk0\DR0\Partition0 - ok
21:17:30.0250 2124 Boot (0x1200) (56e35ae201a76289848adda82bfec6d3) \Device\Harddisk1\DR14\Partition0
21:17:30.0250 2124 \Device\Harddisk1\DR14\Partition0 - ok
21:17:30.0250 2124 ============================================================
21:17:30.0250 2124 Scan finished
21:17:30.0250 2124 ============================================================
21:17:30.0390 2732 Detected object count: 9
21:17:30.0390 2732 Actual detected object count: 9
21:18:07.0203 2732 602XML Updater ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0203 2732 602XML Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0203 2732 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0203 2732 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0203 2732 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0203 2732 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0203 2732 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0203 2732 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0218 2732 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0218 2732 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0218 2732 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0218 2732 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0234 2732 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0234 2732 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0234 2732 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:18:07.0234 2732 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:18:07.0234 2732 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user
21:18:07.0234 2732 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
21:16:04.0984 2068 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
21:16:05.0593 2068 ============================================================
21:16:05.0593 2068 Current date / time: 2012/06/26 21:16:05.0593
21:16:05.0593 2068 SystemInfo:
21:16:05.0593 2068
21:16:05.0593 2068 OS Version: 5.1.2600 ServicePack: 3.0
21:16:05.0593 2068 Product type: Workstation
21:16:05.0593 2068 ComputerName: PEVNA
21:16:05.0593 2068 UserName: František Eliáš
21:16:05.0593 2068 Windows directory: C:\WINDOWS
21:16:05.0593 2068 System windows directory: C:\WINDOWS
21:16:05.0593 2068 Processor architecture: Intel x86
21:16:05.0593 2068 Number of processors: 1
21:16:05.0625 2068 Page size: 0x1000
21:16:05.0625 2068 Boot type: Normal boot
21:16:05.0625 2068 ============================================================
21:16:10.0406 2068 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:16:10.0406 2068 Drive \Device\Harddisk1\DR14 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:16:10.0406 2068 ============================================================
21:16:10.0406 2068 \Device\Harddisk0\DR0:
21:16:10.0406 2068 MBR partitions:
21:16:10.0406 2068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A40EC
21:16:10.0406 2068 \Device\Harddisk1\DR14:
21:16:10.0406 2068 MBR partitions:
21:16:10.0406 2068 \Device\Harddisk1\DR14\Partition0: MBR, Type 0xC, StartLBA 0x890, BlocksNum 0xEEF770
21:16:10.0406 2068 ============================================================
21:16:10.0437 2068 C: <-> \Device\Harddisk0\DR0\Partition0
21:16:10.0437 2068 ============================================================
21:16:10.0437 2068 Initialize success
21:16:10.0437 2068 ============================================================
21:16:27.0562 2124 ============================================================
21:16:27.0562 2124 Scan started
21:16:27.0562 2124 Mode: Manual; SigCheck; TDLFS;
21:16:27.0562 2124 ============================================================
21:16:28.0093 2124 602XML Updater (ebd7bd25c1d33b10d2251194c300ee85) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
21:16:28.0375 2124 602XML Updater ( UnsignedFile.Multi.Generic ) - warning
21:16:28.0375 2124 602XML Updater - detected UnsignedFile.Multi.Generic (1)
21:16:28.0515 2124 Abiosdsk - ok
21:16:28.0546 2124 abp480n5 - ok
21:16:28.0609 2124 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:16:29.0000 2124 ACPI - ok
21:16:29.0031 2124 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:16:29.0250 2124 ACPIEC - ok
21:16:29.0281 2124 adpu160m - ok
21:16:29.0343 2124 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:16:29.0593 2124 aec - ok
21:16:29.0640 2124 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:16:29.0703 2124 AFD - ok
21:16:29.0718 2124 Aha154x - ok
21:16:29.0750 2124 aic78u2 - ok
21:16:29.0781 2124 aic78xx - ok
21:16:29.0890 2124 ALCXWDM (02d94d2d336d3de8c5e8fe04a62d552d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:16:30.0046 2124 ALCXWDM - ok
21:16:30.0109 2124 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
21:16:30.0296 2124 Alerter - ok
21:16:30.0328 2124 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
21:16:30.0453 2124 ALG - ok
21:16:30.0468 2124 AliIde - ok
21:16:30.0531 2124 AmdK7 (3980814f8027d27ea003e2e3d9d4f604) C:\WINDOWS\system32\DRIVERS\amdk7.sys
21:16:30.0750 2124 AmdK7 - ok
21:16:30.0765 2124 amsint - ok
21:16:30.0781 2124 AppMgmt - ok
21:16:30.0812 2124 asc - ok
21:16:30.0843 2124 asc3350p - ok
21:16:30.0859 2124 asc3550 - ok
21:16:30.0984 2124 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:16:31.0046 2124 aspnet_state - ok
21:16:31.0093 2124 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:16:31.0312 2124 AsyncMac - ok
21:16:31.0359 2124 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:16:31.0562 2124 atapi - ok
21:16:31.0578 2124 Atdisk - ok
21:16:31.0640 2124 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:16:31.0906 2124 Atmarpc - ok
21:16:31.0937 2124 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
21:16:32.0203 2124 AudioSrv - ok
21:16:32.0250 2124 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:16:32.0468 2124 audstub - ok
21:16:32.0531 2124 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:16:32.0750 2124 Beep - ok
21:16:32.0828 2124 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
21:16:33.0156 2124 BITS - ok
21:16:33.0203 2124 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
21:16:33.0421 2124 Browser - ok
21:16:33.0546 2124 catchme - ok
21:16:33.0609 2124 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:16:33.0859 2124 cbidf2k - ok
21:16:33.0875 2124 cd20xrnt - ok
21:16:33.0937 2124 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:16:34.0218 2124 Cdaudio - ok
21:16:34.0281 2124 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:16:34.0515 2124 Cdfs - ok
21:16:34.0562 2124 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:16:34.0812 2124 Cdrom - ok
21:16:34.0843 2124 Changer - ok
21:16:34.0906 2124 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
21:16:35.0140 2124 CiSvc - ok
21:16:35.0171 2124 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
21:16:35.0437 2124 ClipSrv - ok
21:16:35.0515 2124 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:16:35.0562 2124 clr_optimization_v2.0.50727_32 - ok
21:16:35.0640 2124 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:16:35.0703 2124 clr_optimization_v4.0.30319_32 - ok
21:16:35.0718 2124 CmdIde - ok
21:16:35.0734 2124 COMSysApp - ok
21:16:35.0781 2124 Cpqarray - ok
21:16:35.0828 2124 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
21:16:36.0078 2124 CryptSvc - ok
21:16:36.0109 2124 dac2w2k - ok
21:16:36.0125 2124 dac960nt - ok
21:16:36.0203 2124 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
21:16:36.0343 2124 DcomLaunch - ok
21:16:36.0421 2124 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
21:16:36.0750 2124 Dhcp - ok
21:16:36.0796 2124 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:16:37.0031 2124 Disk - ok
21:16:37.0062 2124 dmadmin - ok
21:16:37.0156 2124 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
21:16:37.0578 2124 dmboot - ok
21:16:37.0609 2124 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
21:16:37.0875 2124 dmio - ok
21:16:37.0921 2124 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:16:38.0203 2124 dmload - ok
21:16:38.0250 2124 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
21:16:38.0515 2124 dmserver - ok
21:16:38.0578 2124 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:16:38.0843 2124 DMusic - ok
21:16:38.0890 2124 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
21:16:38.0984 2124 Dnscache - ok
21:16:39.0062 2124 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
21:16:39.0312 2124 Dot3svc - ok
21:16:39.0328 2124 dpti2o - ok
21:16:39.0375 2124 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:16:39.0625 2124 drmkaud - ok
21:16:39.0687 2124 eamon (ba3bb79c859292c3ff2a21b05e64696f) C:\WINDOWS\system32\DRIVERS\eamon.sys
21:16:39.0796 2124 eamon - ok
21:16:39.0859 2124 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
21:16:40.0140 2124 EapHost - ok
21:16:40.0187 2124 ehdrv (3c747a0d8ce29720302972ac6ed09733) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
21:16:40.0218 2124 ehdrv - ok
21:16:40.0296 2124 EhttpSrv (679ad4afcaf9520cc5607d204ae27cce) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
21:16:40.0328 2124 EhttpSrv - ok
21:16:40.0406 2124 ekrn (82a0ee1f5ccc82cc5453d24ff186e9b0) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
21:16:40.0562 2124 ekrn - ok
21:16:40.0640 2124 epfwtdir (c24fae2e95936bb8f0d4941c329cc663) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
21:16:40.0656 2124 epfwtdir - ok
21:16:40.0687 2124 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
21:16:40.0953 2124 ERSvc - ok
21:16:41.0015 2124 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
21:16:41.0265 2124 es1371 - ok
21:16:41.0312 2124 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:16:41.0437 2124 Eventlog - ok
21:16:41.0500 2124 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
21:16:41.0578 2124 EventSystem - ok
21:16:41.0625 2124 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:16:41.0875 2124 Fastfat - ok
21:16:41.0937 2124 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:16:42.0031 2124 FastUserSwitchingCompatibility - ok
21:16:42.0093 2124 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:16:42.0343 2124 Fdc - ok
21:16:42.0375 2124 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
21:16:42.0625 2124 FETNDIS - ok
21:16:42.0671 2124 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
21:16:42.0921 2124 Fips - ok
21:16:43.0000 2124 FirebirdGuardianDefaultInstance - ok
21:16:43.0031 2124 FirebirdServerDefaultInstance - ok
21:16:43.0093 2124 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:16:43.0296 2124 Flpydisk - ok
21:16:43.0359 2124 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:16:43.0578 2124 FltMgr - ok
21:16:43.0890 2124 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:16:43.0968 2124 FontCache3.0.0.0 - ok
21:16:44.0062 2124 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:16:44.0296 2124 Fs_Rec - ok
21:16:44.0546 2124 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:16:44.0781 2124 Ftdisk - ok
21:16:44.0875 2124 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:16:45.0109 2124 gameenum - ok
21:16:45.0265 2124 GemCCID (86d3d834d35ebe920d85ffedcef79faf) C:\WINDOWS\system32\Drivers\GemCCID.sys
21:16:45.0453 2124 GemCCID - ok
21:16:45.0453 2124 GMSIPCI - ok
21:16:45.0484 2124 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:16:45.0734 2124 Gpc - ok
21:16:45.0875 2124 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:16:46.0156 2124 helpsvc - ok
21:16:46.0218 2124 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
21:16:46.0468 2124 HidServ - ok
21:16:46.0515 2124 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:16:46.0734 2124 hidusb - ok
21:16:46.0796 2124 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
21:16:47.0046 2124 hkmsvc - ok
21:16:47.0062 2124 hpn - ok
21:16:47.0140 2124 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:16:47.0203 2124 HTTP - ok
21:16:47.0265 2124 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
21:16:47.0531 2124 HTTPFilter - ok
21:16:47.0546 2124 i2omgmt - ok
21:16:47.0578 2124 i2omp - ok
21:16:47.0640 2124 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:16:47.0859 2124 i8042prt - ok
21:16:48.0000 2124 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:16:48.0125 2124 idsvc - ok
21:16:48.0281 2124 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
21:16:48.0296 2124 IJPLMSVC - ok
21:16:48.0359 2124 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:16:48.0578 2124 Imapi - ok
21:16:48.0656 2124 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
21:16:48.0875 2124 ImapiService - ok
21:16:48.0890 2124 ini910u - ok
21:16:48.0937 2124 IntelIde - ok
21:16:48.0984 2124 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:16:49.0265 2124 Ip6Fw - ok
21:16:49.0328 2124 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:16:49.0640 2124 IpFilterDriver - ok
21:16:49.0734 2124 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:16:49.0968 2124 IpInIp - ok
21:16:50.0015 2124 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:16:50.0234 2124 IpNat - ok
21:16:50.0296 2124 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:16:50.0546 2124 IPSec - ok
21:16:50.0593 2124 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:16:50.0703 2124 IRENUM - ok
21:16:50.0750 2124 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:16:50.0968 2124 isapnp - ok
21:16:51.0078 2124 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
21:16:51.0109 2124 JavaQuickStarterService - ok
21:16:51.0156 2124 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:16:51.0375 2124 Kbdclass - ok
21:16:51.0437 2124 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:16:51.0687 2124 kbdhid - ok
21:16:51.0765 2124 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:16:51.0953 2124 kmixer - ok
21:16:52.0000 2124 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:16:52.0062 2124 KSecDD - ok
21:16:52.0125 2124 LanmanServer (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
21:16:52.0156 2124 LanmanServer - ok
21:16:52.0218 2124 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
21:16:52.0296 2124 lanmanworkstation - ok
21:16:52.0312 2124 lbrtfdc - ok
21:16:52.0390 2124 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
21:16:52.0640 2124 LmHosts - ok
21:16:52.0765 2124 McciCMService (4f74184920b2d6e33024409b4c5c57c1) C:\Program Files\Common Files\Motive\McciCMService.exe
21:16:52.0812 2124 McciCMService ( UnsignedFile.Multi.Generic ) - warning
21:16:52.0812 2124 McciCMService - detected UnsignedFile.Multi.Generic (1)
21:16:52.0859 2124 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
21:16:53.0125 2124 Messenger - ok
21:16:53.0203 2124 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:16:53.0265 2124 Microsoft Office Groove Audit Service - ok
21:16:53.0312 2124 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:16:53.0484 2124 mnmdd - ok
21:16:53.0546 2124 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
21:16:53.0828 2124 mnmsrvc - ok
21:16:53.0875 2124 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
21:16:54.0140 2124 Modem - ok
21:16:54.0171 2124 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:16:54.0390 2124 Mouclass - ok
21:16:54.0437 2124 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:16:54.0656 2124 mouhid - ok
21:16:54.0687 2124 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:16:54.0890 2124 MountMgr - ok
21:16:54.0921 2124 mraid35x - ok
21:16:54.0968 2124 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:16:55.0000 2124 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
21:16:55.0000 2124 MREMP50 - detected UnsignedFile.Multi.Generic (1)
21:16:55.0015 2124 MREMP50a64 - ok
21:16:55.0031 2124 MREMPR5 - ok
21:16:55.0046 2124 MRENDIS5 - ok
21:16:55.0062 2124 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:16:55.0093 2124 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
21:16:55.0093 2124 MRESP50 - detected UnsignedFile.Multi.Generic (1)
21:16:55.0109 2124 MRESP50a64 - ok
21:16:55.0156 2124 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:16:55.0375 2124 MRxDAV - ok
21:16:55.0453 2124 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:16:55.0546 2124 MRxSmb - ok
21:16:55.0593 2124 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
21:16:55.0812 2124 MSDTC - ok
21:16:55.0859 2124 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:16:56.0046 2124 Msfs - ok
21:16:56.0062 2124 MSIServer - ok
21:16:56.0375 2124 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:16:56.0625 2124 MSKSSRV - ok
21:16:56.0656 2124 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:16:56.0890 2124 MSPCLOCK - ok
21:16:56.0906 2124 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:16:57.0156 2124 MSPQM - ok
21:16:57.0203 2124 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:16:57.0406 2124 mssmbios - ok
21:16:57.0453 2124 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:16:57.0515 2124 Mup - ok
21:16:57.0578 2124 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
21:16:57.0890 2124 napagent - ok
21:16:57.0937 2124 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:16:58.0187 2124 NDIS - ok
21:16:58.0234 2124 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:16:58.0281 2124 NdisTapi - ok
21:16:58.0328 2124 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:16:58.0531 2124 Ndisuio - ok
21:16:58.0593 2124 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:16:58.0812 2124 NdisWan - ok
21:16:58.0875 2124 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:16:58.0937 2124 NDProxy - ok
21:16:58.0984 2124 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
21:16:59.0015 2124 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:16:59.0015 2124 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:16:59.0078 2124 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:16:59.0328 2124 NetBIOS - ok
21:16:59.0359 2124 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:16:59.0562 2124 NetBT - ok
21:16:59.0625 2124 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:16:59.0843 2124 NetDDE - ok
21:16:59.0875 2124 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:17:00.0093 2124 NetDDEdsdm - ok
21:17:00.0140 2124 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:17:00.0406 2124 Netlogon - ok
21:17:00.0453 2124 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
21:17:00.0656 2124 Netman - ok
21:17:00.0796 2124 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:17:00.0812 2124 NetTcpPortSharing - ok
21:17:00.0859 2124 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
21:17:00.0906 2124 Nla - ok
21:17:00.0953 2124 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
21:17:01.0218 2124 nmwcd - ok
21:17:01.0281 2124 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
21:17:01.0375 2124 nmwcdc - ok
21:17:01.0437 2124 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
21:17:01.0562 2124 nmwcdnsu - ok
21:17:01.0593 2124 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
21:17:01.0703 2124 nmwcdnsuc - ok
21:17:01.0734 2124 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:17:01.0953 2124 Npfs - ok
21:17:02.0031 2124 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:17:02.0281 2124 Ntfs - ok
21:17:02.0312 2124 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:17:02.0515 2124 NtLmSsp - ok
21:17:02.0578 2124 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
21:17:02.0859 2124 NtmsSvc - ok
21:17:02.0906 2124 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:17:03.0125 2124 Null - ok
21:17:03.0281 2124 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:17:03.0750 2124 nv - ok
21:17:03.0906 2124 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:17:04.0156 2124 NwlnkFlt - ok
21:17:04.0171 2124 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:17:04.0437 2124 NwlnkFwd - ok
21:17:04.0625 2124 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:17:04.0765 2124 odserv - ok
21:17:04.0828 2124 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:17:04.0875 2124 ose - ok
21:17:04.0921 2124 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
21:17:05.0125 2124 Parport - ok
21:17:05.0156 2124 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:17:05.0343 2124 PartMgr - ok
21:17:05.0390 2124 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
21:17:05.0609 2124 ParVdm - ok
21:17:05.0656 2124 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:17:05.0734 2124 pccsmcfd - ok
21:17:05.0796 2124 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
21:17:05.0984 2124 PCI - ok
21:17:06.0000 2124 PCIDump - ok
21:17:06.0031 2124 PCIIde - ok
21:17:06.0078 2124 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:17:06.0375 2124 Pcmcia - ok
21:17:06.0406 2124 PDCOMP - ok
21:17:06.0421 2124 PDFRAME - ok
21:17:06.0468 2124 PDRELI - ok
21:17:06.0500 2124 PDRFRAME - ok
21:17:06.0515 2124 perc2 - ok
21:17:06.0546 2124 perc2hib - ok
21:17:06.0656 2124 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:17:06.0687 2124 PlugPlay - ok
21:17:06.0718 2124 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
21:17:06.0750 2124 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:17:06.0750 2124 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:17:06.0828 2124 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:17:07.0046 2124 PolicyAgent - ok
21:17:07.0078 2124 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:17:07.0312 2124 PptpMiniport - ok
21:17:07.0343 2124 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:17:07.0562 2124 ProtectedStorage - ok
21:17:07.0578 2124 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:17:07.0781 2124 PSched - ok
21:17:07.0859 2124 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:17:08.0062 2124 Ptilink - ok
21:17:08.0093 2124 ql1080 - ok
21:17:08.0109 2124 Ql10wnt - ok
21:17:08.0140 2124 ql12160 - ok
21:17:08.0171 2124 ql1240 - ok
21:17:08.0187 2124 ql1280 - ok
21:17:08.0218 2124 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:17:08.0453 2124 RasAcd - ok
21:17:08.0515 2124 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
21:17:08.0765 2124 RasAuto - ok
21:17:08.0796 2124 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:17:09.0046 2124 Rasl2tp - ok
21:17:09.0093 2124 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
21:17:09.0328 2124 RasMan - ok
21:17:09.0359 2124 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:17:09.0593 2124 RasPppoe - ok
21:17:09.0640 2124 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:17:09.0843 2124 Raspti - ok
21:17:09.0890 2124 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:17:10.0109 2124 Rdbss - ok
21:17:10.0156 2124 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:17:10.0359 2124 RDPCDD - ok
21:17:10.0406 2124 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:17:10.0500 2124 RDPWD - ok
21:17:10.0562 2124 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
21:17:10.0859 2124 RDSessMgr - ok
21:17:10.0921 2124 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:17:11.0125 2124 redbook - ok
21:17:11.0203 2124 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
21:17:11.0453 2124 RemoteAccess - ok
21:17:11.0500 2124 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
21:17:11.0687 2124 RpcLocator - ok
21:17:11.0765 2124 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
21:17:11.0796 2124 RpcSs - ok
21:17:11.0859 2124 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
21:17:12.0078 2124 RSVP - ok
21:17:12.0125 2124 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
21:17:12.0171 2124 rtl8139 - ok
21:17:12.0218 2124 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:17:12.0453 2124 SamSs - ok
21:17:12.0515 2124 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
21:17:12.0734 2124 SCardSvr - ok
21:17:12.0796 2124 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
21:17:13.0031 2124 Schedule - ok
21:17:13.0062 2124 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:17:13.0171 2124 Secdrv - ok
21:17:13.0218 2124 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
21:17:13.0437 2124 seclogon - ok
21:17:13.0468 2124 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
21:17:13.0671 2124 SENS - ok
21:17:13.0718 2124 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:17:13.0906 2124 serenum - ok
21:17:13.0921 2124 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
21:17:14.0203 2124 Serial - ok
21:17:14.0343 2124 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:17:14.0515 2124 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
21:17:14.0515 2124 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
21:17:14.0656 2124 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:17:14.0921 2124 Sfloppy - ok
21:17:14.0968 2124 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
21:17:15.0218 2124 SharedAccess - ok
21:17:15.0281 2124 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:17:15.0296 2124 ShellHWDetection - ok
21:17:15.0328 2124 Simbad - ok
21:17:15.0359 2124 Sparrow - ok
21:17:15.0421 2124 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:17:15.0656 2124 splitter - ok
21:17:15.0703 2124 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:17:15.0734 2124 Spooler - ok
21:17:16.0062 2124 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
21:17:16.0062 2124 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
21:17:16.0062 2124 sptd ( LockedFile.Multi.Generic ) - warning
21:17:16.0062 2124 sptd - detected LockedFile.Multi.Generic (1)
21:17:16.0187 2124 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
21:17:16.0281 2124 sr - ok
21:17:16.0812 2124 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
21:17:17.0062 2124 srservice - ok
21:17:17.0359 2124 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:17:17.0484 2124 Srv - ok
21:17:17.0531 2124 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
21:17:17.0640 2124 SSDPSRV - ok
21:17:17.0718 2124 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
21:17:17.0937 2124 stisvc - ok
21:17:18.0000 2124 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:17:18.0234 2124 swenum - ok
21:17:18.0265 2124 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:17:18.0515 2124 swmidi - ok
21:17:18.0531 2124 SwPrv - ok
21:17:18.0562 2124 symc810 - ok
21:17:18.0578 2124 symc8xx - ok
21:17:18.0609 2124 sym_hi - ok
21:17:18.0640 2124 sym_u3 - ok
21:17:18.0671 2124 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:17:18.0890 2124 sysaudio - ok
21:17:18.0937 2124 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
21:17:19.0125 2124 SysmonLog - ok
21:17:19.0171 2124 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
21:17:19.0390 2124 TapiSrv - ok
21:17:19.0468 2124 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:17:19.0546 2124 Tcpip - ok
21:17:19.0578 2124 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:17:19.0812 2124 TDPIPE - ok
21:17:19.0843 2124 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:17:20.0109 2124 TDTCP - ok
21:17:20.0156 2124 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:17:20.0375 2124 TermDD - ok
21:17:20.0421 2124 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
21:17:20.0625 2124 TermService - ok
21:17:20.0687 2124 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:17:20.0703 2124 Themes - ok
21:17:20.0718 2124 TosIde - ok
21:17:20.0796 2124 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
21:17:20.0984 2124 TrkWks - ok
21:17:21.0046 2124 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
21:17:21.0250 2124 uagp35 - ok
21:17:21.0312 2124 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:17:21.0531 2124 Udfs - ok
21:17:21.0578 2124 ultra - ok
21:17:21.0671 2124 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:17:21.0937 2124 Update - ok
21:17:22.0000 2124 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
21:17:22.0093 2124 upnphost - ok
21:17:22.0140 2124 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
21:17:22.0218 2124 upperdev - ok
21:17:22.0265 2124 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
21:17:22.0437 2124 UPS - ok
21:17:22.0500 2124 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:17:22.0765 2124 usbccgp - ok
21:17:22.0828 2124 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:17:23.0015 2124 usbehci - ok
21:17:23.0046 2124 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:17:23.0265 2124 usbhub - ok
21:17:23.0312 2124 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:17:23.0531 2124 usbscan - ok
21:17:23.0593 2124 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
21:17:23.0843 2124 usbser - ok
21:17:23.0875 2124 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
21:17:23.0968 2124 UsbserFilt - ok
21:17:24.0031 2124 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:17:24.0203 2124 USBSTOR - ok
21:17:24.0234 2124 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:17:24.0453 2124 usbuhci - ok
21:17:24.0484 2124 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:17:24.0687 2124 VgaSave - ok
21:17:24.0734 2124 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:17:24.0953 2124 ViaIde - ok
21:17:25.0015 2124 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
21:17:25.0218 2124 VolSnap - ok
21:17:25.0265 2124 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
21:17:25.0375 2124 VSS - ok
21:17:25.0453 2124 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
21:17:25.0640 2124 W32Time - ok
21:17:25.0703 2124 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:17:25.0921 2124 Wanarp - ok
21:17:26.0000 2124 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:17:26.0109 2124 Wdf01000 - ok
21:17:26.0140 2124 WDICA - ok
21:17:26.0203 2124 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:17:26.0375 2124 wdmaud - ok
21:17:26.0437 2124 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
21:17:26.0671 2124 WebClient - ok
21:17:26.0796 2124 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:17:27.0031 2124 winmgmt - ok
21:17:27.0125 2124 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:17:27.0218 2124 WmdmPmSN - ok
21:17:27.0281 2124 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:17:27.0484 2124 WmiApSrv - ok
21:17:27.0640 2124 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:17:27.0765 2124 WMPNetworkSvc - ok
21:17:27.0828 2124 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:17:27.0875 2124 WpdUsb - ok
21:17:28.0031 2124 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:17:28.0140 2124 WPFFontCache_v0400 - ok
21:17:28.0203 2124 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:17:28.0421 2124 WS2IFSL - ok
21:17:28.0453 2124 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
21:17:28.0687 2124 wscsvc - ok
21:17:28.0703 2124 WSearch - ok
21:17:28.0781 2124 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
21:17:29.0000 2124 wuauserv - ok
21:17:29.0046 2124 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:17:29.0093 2124 WudfPf - ok
21:17:29.0140 2124 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:17:29.0203 2124 WudfRd - ok
21:17:29.0250 2124 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
21:17:29.0281 2124 WudfSvc - ok
21:17:29.0359 2124 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
21:17:29.0625 2124 WZCSVC - ok
21:17:29.0687 2124 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
21:17:29.0953 2124 xmlprov - ok
21:17:29.0984 2124 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
21:17:30.0015 2124 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
21:17:30.0015 2124 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
21:17:30.0078 2124 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk1\DR14
21:17:30.0187 2124 \Device\Harddisk1\DR14 - ok
21:17:30.0203 2124 Boot (0x1200) (9d96a33ebdbc1f24b090b0a1224c41fa) \Device\Harddisk0\DR0\Partition0
21:17:30.0203 2124 \Device\Harddisk0\DR0\Partition0 - ok
21:17:30.0250 2124 Boot (0x1200) (56e35ae201a76289848adda82bfec6d3) \Device\Harddisk1\DR14\Partition0
21:17:30.0250 2124 \Device\Harddisk1\DR14\Partition0 - ok
21:17:30.0250 2124 ============================================================
21:17:30.0250 2124 Scan finished
21:17:30.0250 2124 ============================================================
21:17:30.0390 2732 Detected object count: 9
21:17:30.0390 2732 Actual detected object count: 9
21:18:07.0203 2732 602XML Updater ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0203 2732 602XML Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0203 2732 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0203 2732 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0203 2732 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0203 2732 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0203 2732 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0203 2732 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0218 2732 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0218 2732 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0218 2732 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0218 2732 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0234 2732 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:07.0234 2732 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:07.0234 2732 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:18:07.0234 2732 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:18:07.0234 2732 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user
21:18:07.0234 2732 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
Re: Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun
a zde je log po Léčbě (Cure)
21:32:44.0953 3504 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
21:32:45.0203 3504 ============================================================
21:32:45.0203 3504 Current date / time: 2012/06/26 21:32:45.0203
21:32:45.0203 3504 SystemInfo:
21:32:45.0203 3504
21:32:45.0218 3504 OS Version: 5.1.2600 ServicePack: 3.0
21:32:45.0218 3504 Product type: Workstation
21:32:45.0218 3504 ComputerName: PEVNA
21:32:45.0234 3504 UserName: František Eliáš
21:32:45.0234 3504 Windows directory: C:\WINDOWS
21:32:45.0234 3504 System windows directory: C:\WINDOWS
21:32:45.0234 3504 Processor architecture: Intel x86
21:32:45.0234 3504 Number of processors: 1
21:32:45.0234 3504 Page size: 0x1000
21:32:45.0234 3504 Boot type: Normal boot
21:32:45.0234 3504 ============================================================
21:32:51.0015 3504 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:32:51.0015 3504 ============================================================
21:32:51.0015 3504 \Device\Harddisk0\DR0:
21:32:51.0015 3504 MBR partitions:
21:32:51.0015 3504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A40EC
21:32:51.0015 3504 ============================================================
21:32:51.0046 3504 C: <-> \Device\Harddisk0\DR0\Partition0
21:32:51.0062 3504 ============================================================
21:32:51.0062 3504 Initialize success
21:32:51.0062 3504 ============================================================
21:33:08.0343 3528 ============================================================
21:33:08.0343 3528 Scan started
21:33:08.0343 3528 Mode: Manual; SigCheck; TDLFS;
21:33:08.0343 3528 ============================================================
21:33:08.0640 3528 602XML Updater (ebd7bd25c1d33b10d2251194c300ee85) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
21:33:10.0718 3528 602XML Updater ( UnsignedFile.Multi.Generic ) - warning
21:33:10.0718 3528 602XML Updater - detected UnsignedFile.Multi.Generic (1)
21:33:10.0859 3528 Abiosdsk - ok
21:33:10.0890 3528 abp480n5 - ok
21:33:10.0968 3528 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:33:12.0406 3528 ACPI - ok
21:33:12.0453 3528 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:33:12.0703 3528 ACPIEC - ok
21:33:12.0718 3528 adpu160m - ok
21:33:12.0781 3528 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:33:13.0093 3528 aec - ok
21:33:13.0140 3528 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:33:13.0218 3528 AFD - ok
21:33:13.0234 3528 Aha154x - ok
21:33:13.0265 3528 aic78u2 - ok
21:33:13.0281 3528 aic78xx - ok
21:33:13.0375 3528 ALCXWDM (02d94d2d336d3de8c5e8fe04a62d552d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:33:13.0671 3528 ALCXWDM - ok
21:33:13.0750 3528 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
21:33:13.0953 3528 Alerter - ok
21:33:14.0000 3528 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
21:33:14.0078 3528 ALG - ok
21:33:14.0093 3528 AliIde - ok
21:33:14.0140 3528 AmdK7 (3980814f8027d27ea003e2e3d9d4f604) C:\WINDOWS\system32\DRIVERS\amdk7.sys
21:33:14.0390 3528 AmdK7 - ok
21:33:14.0406 3528 amsint - ok
21:33:14.0437 3528 AppMgmt - ok
21:33:14.0453 3528 asc - ok
21:33:14.0484 3528 asc3350p - ok
21:33:14.0515 3528 asc3550 - ok
21:33:14.0671 3528 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:33:14.0781 3528 aspnet_state - ok
21:33:14.0828 3528 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:33:15.0093 3528 AsyncMac - ok
21:33:15.0140 3528 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:33:15.0343 3528 atapi - ok
21:33:15.0359 3528 Atdisk - ok
21:33:15.0421 3528 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:33:15.0687 3528 Atmarpc - ok
21:33:15.0734 3528 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
21:33:15.0968 3528 AudioSrv - ok
21:33:16.0015 3528 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:33:16.0281 3528 audstub - ok
21:33:16.0328 3528 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:33:16.0609 3528 Beep - ok
21:33:16.0671 3528 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
21:33:17.0109 3528 BITS - ok
21:33:17.0156 3528 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
21:33:17.0375 3528 Browser - ok
21:33:17.0531 3528 catchme - ok
21:33:17.0578 3528 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:33:17.0859 3528 cbidf2k - ok
21:33:17.0875 3528 cd20xrnt - ok
21:33:17.0937 3528 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:33:18.0218 3528 Cdaudio - ok
21:33:18.0265 3528 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:33:18.0562 3528 Cdfs - ok
21:33:18.0609 3528 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:33:18.0906 3528 Cdrom - ok
21:33:18.0968 3528 Changer - ok
21:33:19.0015 3528 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
21:33:19.0265 3528 CiSvc - ok
21:33:19.0296 3528 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
21:33:19.0796 3528 ClipSrv - ok
21:33:19.0843 3528 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:33:19.0890 3528 clr_optimization_v2.0.50727_32 - ok
21:33:19.0984 3528 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:33:20.0125 3528 clr_optimization_v4.0.30319_32 - ok
21:33:20.0156 3528 CmdIde - ok
21:33:20.0171 3528 COMSysApp - ok
21:33:20.0218 3528 Cpqarray - ok
21:33:20.0265 3528 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
21:33:20.0515 3528 CryptSvc - ok
21:33:20.0531 3528 dac2w2k - ok
21:33:20.0546 3528 dac960nt - ok
21:33:20.0625 3528 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
21:33:20.0765 3528 DcomLaunch - ok
21:33:20.0843 3528 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
21:33:21.0078 3528 Dhcp - ok
21:33:21.0125 3528 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:33:21.0421 3528 Disk - ok
21:33:21.0437 3528 dmadmin - ok
21:33:21.0515 3528 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
21:33:21.0968 3528 dmboot - ok
21:33:22.0015 3528 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
21:33:22.0343 3528 dmio - ok
21:33:22.0390 3528 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:33:22.0640 3528 dmload - ok
21:33:22.0703 3528 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
21:33:22.0984 3528 dmserver - ok
21:33:23.0031 3528 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:33:23.0359 3528 DMusic - ok
21:33:23.0406 3528 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
21:33:23.0562 3528 Dnscache - ok
21:33:23.0593 3528 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
21:33:23.0890 3528 Dot3svc - ok
21:33:23.0906 3528 dpti2o - ok
21:33:23.0953 3528 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:33:24.0250 3528 drmkaud - ok
21:33:24.0312 3528 eamon (ba3bb79c859292c3ff2a21b05e64696f) C:\WINDOWS\system32\DRIVERS\eamon.sys
21:33:24.0562 3528 eamon - ok
21:33:24.0593 3528 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
21:33:24.0859 3528 EapHost - ok
21:33:24.0921 3528 ehdrv (3c747a0d8ce29720302972ac6ed09733) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
21:33:25.0062 3528 ehdrv - ok
21:33:25.0187 3528 EhttpSrv (679ad4afcaf9520cc5607d204ae27cce) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
21:33:25.0250 3528 EhttpSrv - ok
21:33:25.0328 3528 ekrn (82a0ee1f5ccc82cc5453d24ff186e9b0) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
21:33:25.0406 3528 ekrn - ok
21:33:25.0468 3528 epfwtdir (c24fae2e95936bb8f0d4941c329cc663) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
21:33:25.0609 3528 epfwtdir - ok
21:33:25.0640 3528 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
21:33:25.0890 3528 ERSvc - ok
21:33:25.0953 3528 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
21:33:26.0296 3528 es1371 - ok
21:33:26.0359 3528 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:33:26.0453 3528 Eventlog - ok
21:33:26.0531 3528 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
21:33:26.0593 3528 EventSystem - ok
21:33:26.0640 3528 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:33:27.0015 3528 Fastfat - ok
21:33:27.0062 3528 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:33:27.0140 3528 FastUserSwitchingCompatibility - ok
21:33:27.0187 3528 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:33:27.0500 3528 Fdc - ok
21:33:27.0531 3528 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
21:33:27.0828 3528 FETNDIS - ok
21:33:27.0875 3528 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
21:33:28.0187 3528 Fips - ok
21:33:28.0281 3528 FirebirdGuardianDefaultInstance - ok
21:33:28.0312 3528 FirebirdServerDefaultInstance - ok
21:33:28.0375 3528 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:33:28.0656 3528 Flpydisk - ok
21:33:28.0718 3528 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:33:29.0031 3528 FltMgr - ok
21:33:29.0140 3528 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:33:29.0187 3528 FontCache3.0.0.0 - ok
21:33:29.0234 3528 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:33:29.0531 3528 Fs_Rec - ok
21:33:29.0578 3528 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:33:29.0859 3528 Ftdisk - ok
21:33:29.0906 3528 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:33:30.0187 3528 gameenum - ok
21:33:30.0234 3528 GemCCID (86d3d834d35ebe920d85ffedcef79faf) C:\WINDOWS\system32\Drivers\GemCCID.sys
21:33:30.0343 3528 GemCCID - ok
21:33:30.0359 3528 GMSIPCI - ok
21:33:30.0406 3528 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:33:30.0687 3528 Gpc - ok
21:33:30.0796 3528 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:33:31.0062 3528 helpsvc - ok
21:33:31.0125 3528 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
21:33:31.0343 3528 HidServ - ok
21:33:31.0390 3528 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:33:31.0703 3528 hidusb - ok
21:33:31.0765 3528 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
21:33:32.0000 3528 hkmsvc - ok
21:33:32.0015 3528 hpn - ok
21:33:32.0078 3528 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:33:32.0140 3528 HTTP - ok
21:33:32.0203 3528 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
21:33:32.0468 3528 HTTPFilter - ok
21:33:32.0484 3528 i2omgmt - ok
21:33:32.0515 3528 i2omp - ok
21:33:32.0578 3528 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:33:32.0937 3528 i8042prt - ok
21:33:33.0046 3528 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:33:33.0171 3528 idsvc - ok
21:33:33.0328 3528 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
21:33:33.0343 3528 IJPLMSVC - ok
21:33:33.0437 3528 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:33:33.0718 3528 Imapi - ok
21:33:33.0781 3528 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
21:33:34.0109 3528 ImapiService - ok
21:33:34.0125 3528 ini910u - ok
21:33:34.0171 3528 IntelIde - ok
21:33:34.0218 3528 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:33:34.0593 3528 Ip6Fw - ok
21:33:34.0625 3528 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:33:34.0968 3528 IpFilterDriver - ok
21:33:35.0015 3528 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:33:35.0312 3528 IpInIp - ok
21:33:35.0359 3528 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:33:35.0593 3528 IpNat - ok
21:33:35.0656 3528 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:33:35.0984 3528 IPSec - ok
21:33:36.0031 3528 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:33:36.0156 3528 IRENUM - ok
21:33:36.0218 3528 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:33:36.0484 3528 isapnp - ok
21:33:36.0562 3528 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
21:33:36.0593 3528 JavaQuickStarterService - ok
21:33:36.0640 3528 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:33:36.0937 3528 Kbdclass - ok
21:33:36.0968 3528 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:33:37.0265 3528 kbdhid - ok
21:33:37.0328 3528 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:33:37.0671 3528 kmixer - ok
21:33:37.0734 3528 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:33:37.0859 3528 KSecDD - ok
21:33:37.0906 3528 LanmanServer (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
21:33:37.0984 3528 LanmanServer - ok
21:33:38.0031 3528 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
21:33:38.0078 3528 lanmanworkstation - ok
21:33:38.0109 3528 lbrtfdc - ok
21:33:38.0187 3528 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
21:33:38.0421 3528 LmHosts - ok
21:33:38.0562 3528 McciCMService (4f74184920b2d6e33024409b4c5c57c1) C:\Program Files\Common Files\Motive\McciCMService.exe
21:33:38.0593 3528 McciCMService ( UnsignedFile.Multi.Generic ) - warning
21:33:38.0593 3528 McciCMService - detected UnsignedFile.Multi.Generic (1)
21:33:38.0640 3528 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
21:33:38.0968 3528 Messenger - ok
21:33:39.0046 3528 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:33:39.0093 3528 Microsoft Office Groove Audit Service - ok
21:33:39.0140 3528 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:33:39.0375 3528 mnmdd - ok
21:33:39.0453 3528 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
21:33:39.0750 3528 mnmsrvc - ok
21:33:39.0781 3528 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
21:33:40.0031 3528 Modem - ok
21:33:40.0093 3528 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:33:40.0390 3528 Mouclass - ok
21:33:40.0453 3528 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:33:40.0734 3528 mouhid - ok
21:33:40.0781 3528 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:33:41.0062 3528 MountMgr - ok
21:33:41.0078 3528 mraid35x - ok
21:33:41.0125 3528 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:33:41.0171 3528 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
21:33:41.0171 3528 MREMP50 - detected UnsignedFile.Multi.Generic (1)
21:33:41.0203 3528 MREMP50a64 - ok
21:33:41.0218 3528 MREMPR5 - ok
21:33:41.0250 3528 MRENDIS5 - ok
21:33:41.0328 3528 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:33:41.0359 3528 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
21:33:41.0359 3528 MRESP50 - detected UnsignedFile.Multi.Generic (1)
21:33:41.0375 3528 MRESP50a64 - ok
21:33:41.0437 3528 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:33:41.0812 3528 MRxDAV - ok
21:33:41.0875 3528 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:33:41.0984 3528 MRxSmb - ok
21:33:42.0031 3528 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
21:33:42.0281 3528 MSDTC - ok
21:33:42.0390 3528 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:33:42.0609 3528 Msfs - ok
21:33:42.0640 3528 MSIServer - ok
21:33:42.0687 3528 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:33:42.0984 3528 MSKSSRV - ok
21:33:43.0031 3528 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:33:43.0281 3528 MSPCLOCK - ok
21:33:43.0296 3528 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:33:43.0578 3528 MSPQM - ok
21:33:43.0640 3528 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:33:43.0859 3528 mssmbios - ok
21:33:43.0906 3528 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:33:43.0968 3528 Mup - ok
21:33:44.0031 3528 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
21:33:44.0312 3528 napagent - ok
21:33:44.0343 3528 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:33:44.0593 3528 NDIS - ok
21:33:44.0640 3528 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:33:44.0734 3528 NdisTapi - ok
21:33:44.0796 3528 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:33:45.0109 3528 Ndisuio - ok
21:33:45.0171 3528 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:33:45.0437 3528 NdisWan - ok
21:33:45.0484 3528 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:33:45.0593 3528 NDProxy - ok
21:33:45.0640 3528 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
21:33:45.0687 3528 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:33:45.0687 3528 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:33:45.0734 3528 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:33:46.0015 3528 NetBIOS - ok
21:33:46.0093 3528 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:33:46.0421 3528 NetBT - ok
21:33:46.0468 3528 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:33:46.0703 3528 NetDDE - ok
21:33:46.0734 3528 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:33:46.0968 3528 NetDDEdsdm - ok
21:33:47.0046 3528 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:33:47.0234 3528 Netlogon - ok
21:33:47.0281 3528 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
21:33:47.0531 3528 Netman - ok
21:33:47.0671 3528 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:33:47.0718 3528 NetTcpPortSharing - ok
21:33:47.0781 3528 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
21:33:47.0828 3528 Nla - ok
21:33:47.0875 3528 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
21:33:48.0125 3528 nmwcd - ok
21:33:48.0171 3528 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
21:33:48.0265 3528 nmwcdc - ok
21:33:48.0328 3528 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
21:33:48.0468 3528 nmwcdnsu - ok
21:33:48.0500 3528 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
21:33:48.0593 3528 nmwcdnsuc - ok
21:33:48.0640 3528 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:33:48.0890 3528 Npfs - ok
21:33:48.0953 3528 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:33:49.0406 3528 Ntfs - ok
21:33:49.0468 3528 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:33:49.0687 3528 NtLmSsp - ok
21:33:49.0781 3528 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
21:33:50.0109 3528 NtmsSvc - ok
21:33:50.0171 3528 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:33:50.0421 3528 Null - ok
21:33:50.0546 3528 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:33:50.0984 3528 nv - ok
21:33:51.0140 3528 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:33:51.0421 3528 NwlnkFlt - ok
21:33:51.0437 3528 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:33:51.0718 3528 NwlnkFwd - ok
21:33:51.0890 3528 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:33:52.0031 3528 odserv - ok
21:33:52.0062 3528 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:33:52.0140 3528 ose - ok
21:33:52.0218 3528 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
21:33:52.0500 3528 Parport - ok
21:33:52.0531 3528 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:33:52.0812 3528 PartMgr - ok
21:33:52.0859 3528 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
21:33:53.0078 3528 ParVdm - ok
21:33:53.0125 3528 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:33:53.0187 3528 pccsmcfd - ok
21:33:53.0234 3528 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
21:33:53.0484 3528 PCI - ok
21:33:53.0515 3528 PCIDump - ok
21:33:53.0546 3528 PCIIde - ok
21:33:53.0609 3528 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:33:53.0875 3528 Pcmcia - ok
21:33:53.0890 3528 PDCOMP - ok
21:33:53.0906 3528 PDFRAME - ok
21:33:53.0937 3528 PDRELI - ok
21:33:53.0953 3528 PDRFRAME - ok
21:33:53.0984 3528 perc2 - ok
21:33:54.0000 3528 perc2hib - ok
21:33:54.0109 3528 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:33:54.0125 3528 PlugPlay - ok
21:33:54.0187 3528 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
21:33:54.0234 3528 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:33:54.0234 3528 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:33:54.0281 3528 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:33:54.0500 3528 PolicyAgent - ok
21:33:54.0531 3528 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:33:54.0843 3528 PptpMiniport - ok
21:33:54.0875 3528 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:33:55.0062 3528 ProtectedStorage - ok
21:33:55.0109 3528 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:33:55.0390 3528 PSched - ok
21:33:55.0453 3528 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:33:55.0718 3528 Ptilink - ok
21:33:55.0734 3528 ql1080 - ok
21:33:55.0765 3528 Ql10wnt - ok
21:33:55.0796 3528 ql12160 - ok
21:33:55.0812 3528 ql1240 - ok
21:33:55.0843 3528 ql1280 - ok
21:33:55.0890 3528 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:33:56.0140 3528 RasAcd - ok
21:33:56.0187 3528 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
21:33:56.0468 3528 RasAuto - ok
21:33:56.0515 3528 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:33:56.0796 3528 Rasl2tp - ok
21:33:56.0843 3528 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
21:33:57.0046 3528 RasMan - ok
21:33:57.0093 3528 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:33:57.0359 3528 RasPppoe - ok
21:33:57.0406 3528 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:33:57.0640 3528 Raspti - ok
21:33:57.0703 3528 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:33:58.0062 3528 Rdbss - ok
21:33:58.0093 3528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:33:58.0328 3528 RDPCDD - ok
21:33:58.0375 3528 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:33:58.0468 3528 RDPWD - ok
21:33:58.0531 3528 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
21:33:58.0781 3528 RDSessMgr - ok
21:33:58.0843 3528 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:33:59.0125 3528 redbook - ok
21:33:59.0187 3528 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
21:33:59.0453 3528 RemoteAccess - ok
21:33:59.0500 3528 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
21:33:59.0812 3528 RpcLocator - ok
21:33:59.0890 3528 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
21:33:59.0968 3528 RpcSs - ok
21:34:00.0031 3528 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
21:34:00.0296 3528 RSVP - ok
21:34:00.0343 3528 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
21:34:00.0484 3528 rtl8139 - ok
21:34:00.0546 3528 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:34:00.0781 3528 SamSs - ok
21:34:00.0843 3528 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
21:34:01.0062 3528 SCardSvr - ok
21:34:01.0109 3528 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
21:34:01.0343 3528 Schedule - ok
21:34:01.0421 3528 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:34:01.0531 3528 Secdrv - ok
21:34:01.0578 3528 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
21:34:01.0765 3528 seclogon - ok
21:34:01.0796 3528 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
21:34:02.0078 3528 SENS - ok
21:34:02.0140 3528 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:34:02.0359 3528 serenum - ok
21:34:02.0390 3528 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
21:34:02.0671 3528 Serial - ok
21:34:02.0828 3528 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:34:02.0921 3528 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
21:34:02.0921 3528 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
21:34:03.0046 3528 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:34:03.0296 3528 Sfloppy - ok
21:34:03.0359 3528 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
21:34:03.0656 3528 SharedAccess - ok
21:34:03.0687 3528 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:34:03.0718 3528 ShellHWDetection - ok
21:34:03.0750 3528 Simbad - ok
21:34:03.0812 3528 Sparrow - ok
21:34:03.0875 3528 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:34:04.0156 3528 splitter - ok
21:34:04.0218 3528 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:34:04.0250 3528 Spooler - ok
21:34:04.0328 3528 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
21:34:04.0328 3528 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
21:34:04.0343 3528 sptd ( LockedFile.Multi.Generic ) - warning
21:34:04.0343 3528 sptd - detected LockedFile.Multi.Generic (1)
21:34:04.0421 3528 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
21:34:04.0562 3528 sr - ok
21:34:04.0593 3528 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
21:34:04.0703 3528 srservice - ok
21:34:04.0765 3528 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:34:04.0906 3528 Srv - ok
21:34:04.0953 3528 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
21:34:05.0046 3528 SSDPSRV - ok
21:34:05.0093 3528 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
21:34:05.0359 3528 stisvc - ok
21:34:05.0421 3528 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:34:05.0671 3528 swenum - ok
21:34:05.0718 3528 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:34:06.0000 3528 swmidi - ok
21:34:06.0031 3528 SwPrv - ok
21:34:06.0062 3528 symc810 - ok
21:34:06.0093 3528 symc8xx - ok
21:34:06.0109 3528 sym_hi - ok
21:34:06.0140 3528 sym_u3 - ok
21:34:06.0203 3528 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:34:06.0421 3528 sysaudio - ok
21:34:06.0484 3528 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
21:34:06.0703 3528 SysmonLog - ok
21:34:06.0734 3528 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
21:34:06.0937 3528 TapiSrv - ok
21:34:07.0000 3528 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:34:07.0109 3528 Tcpip - ok
21:34:07.0156 3528 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:34:07.0437 3528 TDPIPE - ok
21:34:07.0468 3528 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:34:07.0718 3528 TDTCP - ok
21:34:07.0765 3528 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:34:08.0109 3528 TermDD - ok
21:34:08.0203 3528 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
21:34:08.0406 3528 TermService - ok
21:34:08.0484 3528 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:34:08.0500 3528 Themes - ok
21:34:08.0515 3528 TosIde - ok
21:34:08.0578 3528 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
21:34:08.0796 3528 TrkWks - ok
21:34:08.0875 3528 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
21:34:09.0203 3528 uagp35 - ok
21:34:09.0250 3528 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:34:09.0500 3528 Udfs - ok
21:34:09.0546 3528 ultra - ok
21:34:09.0593 3528 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:34:10.0031 3528 Update - ok
21:34:10.0093 3528 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
21:34:10.0218 3528 upnphost - ok
21:34:10.0250 3528 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
21:34:10.0328 3528 upperdev - ok
21:34:10.0390 3528 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
21:34:10.0593 3528 UPS - ok
21:34:10.0640 3528 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:34:10.0906 3528 usbccgp - ok
21:34:10.0953 3528 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:34:11.0234 3528 usbehci - ok
21:34:11.0265 3528 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:34:11.0531 3528 usbhub - ok
21:34:11.0609 3528 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:34:11.0875 3528 usbscan - ok
21:34:11.0937 3528 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
21:34:12.0218 3528 usbser - ok
21:34:12.0265 3528 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
21:34:12.0359 3528 UsbserFilt - ok
21:34:12.0406 3528 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:34:12.0593 3528 USBSTOR - ok
21:34:12.0640 3528 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:34:12.0921 3528 usbuhci - ok
21:34:12.0984 3528 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:34:13.0234 3528 VgaSave - ok
21:34:13.0281 3528 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:34:13.0546 3528 ViaIde - ok
21:34:13.0609 3528 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
21:34:13.0921 3528 VolSnap - ok
21:34:13.0968 3528 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
21:34:14.0109 3528 VSS - ok
21:34:14.0171 3528 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
21:34:14.0359 3528 W32Time - ok
21:34:14.0421 3528 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:34:14.0703 3528 Wanarp - ok
21:34:14.0765 3528 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:34:14.0875 3528 Wdf01000 - ok
21:34:14.0890 3528 WDICA - ok
21:34:14.0937 3528 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:34:15.0171 3528 wdmaud - ok
21:34:15.0203 3528 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
21:34:15.0421 3528 WebClient - ok
21:34:15.0546 3528 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:34:15.0781 3528 winmgmt - ok
21:34:15.0859 3528 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:34:15.0953 3528 WmdmPmSN - ok
21:34:16.0031 3528 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:34:16.0234 3528 WmiApSrv - ok
21:34:16.0375 3528 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:34:16.0609 3528 WMPNetworkSvc - ok
21:34:16.0671 3528 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:34:16.0718 3528 WpdUsb - ok
21:34:16.0875 3528 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:34:17.0046 3528 WPFFontCache_v0400 - ok
21:34:17.0093 3528 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:34:17.0359 3528 WS2IFSL - ok
21:34:17.0421 3528 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
21:34:17.0656 3528 wscsvc - ok
21:34:17.0671 3528 WSearch - ok
21:34:17.0734 3528 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
21:34:17.0937 3528 wuauserv - ok
21:34:17.0984 3528 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:34:18.0046 3528 WudfPf - ok
21:34:18.0078 3528 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:34:18.0125 3528 WudfRd - ok
21:34:18.0156 3528 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
21:34:18.0187 3528 WudfSvc - ok
21:34:18.0265 3528 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
21:34:18.0531 3528 WZCSVC - ok
21:34:18.0562 3528 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
21:34:18.0828 3528 xmlprov - ok
21:34:18.0875 3528 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
21:34:19.0343 3528 \Device\Harddisk0\DR0 - ok
21:34:19.0375 3528 Boot (0x1200) (9d96a33ebdbc1f24b090b0a1224c41fa) \Device\Harddisk0\DR0\Partition0
21:34:19.0390 3528 \Device\Harddisk0\DR0\Partition0 - ok
21:34:19.0390 3528 ============================================================
21:34:19.0390 3528 Scan finished
21:34:19.0390 3528 ============================================================
21:34:19.0531 3520 Detected object count: 8
21:34:19.0531 3520 Actual detected object count: 8
21:34:35.0828 3520 602XML Updater ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 602XML Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:34:42.0640 3496 Deinitialize success
21:32:44.0953 3504 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
21:32:45.0203 3504 ============================================================
21:32:45.0203 3504 Current date / time: 2012/06/26 21:32:45.0203
21:32:45.0203 3504 SystemInfo:
21:32:45.0203 3504
21:32:45.0218 3504 OS Version: 5.1.2600 ServicePack: 3.0
21:32:45.0218 3504 Product type: Workstation
21:32:45.0218 3504 ComputerName: PEVNA
21:32:45.0234 3504 UserName: František Eliáš
21:32:45.0234 3504 Windows directory: C:\WINDOWS
21:32:45.0234 3504 System windows directory: C:\WINDOWS
21:32:45.0234 3504 Processor architecture: Intel x86
21:32:45.0234 3504 Number of processors: 1
21:32:45.0234 3504 Page size: 0x1000
21:32:45.0234 3504 Boot type: Normal boot
21:32:45.0234 3504 ============================================================
21:32:51.0015 3504 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:32:51.0015 3504 ============================================================
21:32:51.0015 3504 \Device\Harddisk0\DR0:
21:32:51.0015 3504 MBR partitions:
21:32:51.0015 3504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A40EC
21:32:51.0015 3504 ============================================================
21:32:51.0046 3504 C: <-> \Device\Harddisk0\DR0\Partition0
21:32:51.0062 3504 ============================================================
21:32:51.0062 3504 Initialize success
21:32:51.0062 3504 ============================================================
21:33:08.0343 3528 ============================================================
21:33:08.0343 3528 Scan started
21:33:08.0343 3528 Mode: Manual; SigCheck; TDLFS;
21:33:08.0343 3528 ============================================================
21:33:08.0640 3528 602XML Updater (ebd7bd25c1d33b10d2251194c300ee85) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
21:33:10.0718 3528 602XML Updater ( UnsignedFile.Multi.Generic ) - warning
21:33:10.0718 3528 602XML Updater - detected UnsignedFile.Multi.Generic (1)
21:33:10.0859 3528 Abiosdsk - ok
21:33:10.0890 3528 abp480n5 - ok
21:33:10.0968 3528 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:33:12.0406 3528 ACPI - ok
21:33:12.0453 3528 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:33:12.0703 3528 ACPIEC - ok
21:33:12.0718 3528 adpu160m - ok
21:33:12.0781 3528 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:33:13.0093 3528 aec - ok
21:33:13.0140 3528 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:33:13.0218 3528 AFD - ok
21:33:13.0234 3528 Aha154x - ok
21:33:13.0265 3528 aic78u2 - ok
21:33:13.0281 3528 aic78xx - ok
21:33:13.0375 3528 ALCXWDM (02d94d2d336d3de8c5e8fe04a62d552d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:33:13.0671 3528 ALCXWDM - ok
21:33:13.0750 3528 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
21:33:13.0953 3528 Alerter - ok
21:33:14.0000 3528 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
21:33:14.0078 3528 ALG - ok
21:33:14.0093 3528 AliIde - ok
21:33:14.0140 3528 AmdK7 (3980814f8027d27ea003e2e3d9d4f604) C:\WINDOWS\system32\DRIVERS\amdk7.sys
21:33:14.0390 3528 AmdK7 - ok
21:33:14.0406 3528 amsint - ok
21:33:14.0437 3528 AppMgmt - ok
21:33:14.0453 3528 asc - ok
21:33:14.0484 3528 asc3350p - ok
21:33:14.0515 3528 asc3550 - ok
21:33:14.0671 3528 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:33:14.0781 3528 aspnet_state - ok
21:33:14.0828 3528 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:33:15.0093 3528 AsyncMac - ok
21:33:15.0140 3528 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:33:15.0343 3528 atapi - ok
21:33:15.0359 3528 Atdisk - ok
21:33:15.0421 3528 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:33:15.0687 3528 Atmarpc - ok
21:33:15.0734 3528 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
21:33:15.0968 3528 AudioSrv - ok
21:33:16.0015 3528 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:33:16.0281 3528 audstub - ok
21:33:16.0328 3528 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:33:16.0609 3528 Beep - ok
21:33:16.0671 3528 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
21:33:17.0109 3528 BITS - ok
21:33:17.0156 3528 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
21:33:17.0375 3528 Browser - ok
21:33:17.0531 3528 catchme - ok
21:33:17.0578 3528 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:33:17.0859 3528 cbidf2k - ok
21:33:17.0875 3528 cd20xrnt - ok
21:33:17.0937 3528 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:33:18.0218 3528 Cdaudio - ok
21:33:18.0265 3528 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:33:18.0562 3528 Cdfs - ok
21:33:18.0609 3528 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:33:18.0906 3528 Cdrom - ok
21:33:18.0968 3528 Changer - ok
21:33:19.0015 3528 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
21:33:19.0265 3528 CiSvc - ok
21:33:19.0296 3528 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
21:33:19.0796 3528 ClipSrv - ok
21:33:19.0843 3528 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:33:19.0890 3528 clr_optimization_v2.0.50727_32 - ok
21:33:19.0984 3528 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:33:20.0125 3528 clr_optimization_v4.0.30319_32 - ok
21:33:20.0156 3528 CmdIde - ok
21:33:20.0171 3528 COMSysApp - ok
21:33:20.0218 3528 Cpqarray - ok
21:33:20.0265 3528 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
21:33:20.0515 3528 CryptSvc - ok
21:33:20.0531 3528 dac2w2k - ok
21:33:20.0546 3528 dac960nt - ok
21:33:20.0625 3528 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
21:33:20.0765 3528 DcomLaunch - ok
21:33:20.0843 3528 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
21:33:21.0078 3528 Dhcp - ok
21:33:21.0125 3528 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:33:21.0421 3528 Disk - ok
21:33:21.0437 3528 dmadmin - ok
21:33:21.0515 3528 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
21:33:21.0968 3528 dmboot - ok
21:33:22.0015 3528 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
21:33:22.0343 3528 dmio - ok
21:33:22.0390 3528 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:33:22.0640 3528 dmload - ok
21:33:22.0703 3528 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
21:33:22.0984 3528 dmserver - ok
21:33:23.0031 3528 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:33:23.0359 3528 DMusic - ok
21:33:23.0406 3528 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
21:33:23.0562 3528 Dnscache - ok
21:33:23.0593 3528 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
21:33:23.0890 3528 Dot3svc - ok
21:33:23.0906 3528 dpti2o - ok
21:33:23.0953 3528 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:33:24.0250 3528 drmkaud - ok
21:33:24.0312 3528 eamon (ba3bb79c859292c3ff2a21b05e64696f) C:\WINDOWS\system32\DRIVERS\eamon.sys
21:33:24.0562 3528 eamon - ok
21:33:24.0593 3528 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
21:33:24.0859 3528 EapHost - ok
21:33:24.0921 3528 ehdrv (3c747a0d8ce29720302972ac6ed09733) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
21:33:25.0062 3528 ehdrv - ok
21:33:25.0187 3528 EhttpSrv (679ad4afcaf9520cc5607d204ae27cce) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
21:33:25.0250 3528 EhttpSrv - ok
21:33:25.0328 3528 ekrn (82a0ee1f5ccc82cc5453d24ff186e9b0) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
21:33:25.0406 3528 ekrn - ok
21:33:25.0468 3528 epfwtdir (c24fae2e95936bb8f0d4941c329cc663) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
21:33:25.0609 3528 epfwtdir - ok
21:33:25.0640 3528 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
21:33:25.0890 3528 ERSvc - ok
21:33:25.0953 3528 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
21:33:26.0296 3528 es1371 - ok
21:33:26.0359 3528 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:33:26.0453 3528 Eventlog - ok
21:33:26.0531 3528 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
21:33:26.0593 3528 EventSystem - ok
21:33:26.0640 3528 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:33:27.0015 3528 Fastfat - ok
21:33:27.0062 3528 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:33:27.0140 3528 FastUserSwitchingCompatibility - ok
21:33:27.0187 3528 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:33:27.0500 3528 Fdc - ok
21:33:27.0531 3528 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
21:33:27.0828 3528 FETNDIS - ok
21:33:27.0875 3528 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
21:33:28.0187 3528 Fips - ok
21:33:28.0281 3528 FirebirdGuardianDefaultInstance - ok
21:33:28.0312 3528 FirebirdServerDefaultInstance - ok
21:33:28.0375 3528 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:33:28.0656 3528 Flpydisk - ok
21:33:28.0718 3528 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:33:29.0031 3528 FltMgr - ok
21:33:29.0140 3528 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:33:29.0187 3528 FontCache3.0.0.0 - ok
21:33:29.0234 3528 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:33:29.0531 3528 Fs_Rec - ok
21:33:29.0578 3528 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:33:29.0859 3528 Ftdisk - ok
21:33:29.0906 3528 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:33:30.0187 3528 gameenum - ok
21:33:30.0234 3528 GemCCID (86d3d834d35ebe920d85ffedcef79faf) C:\WINDOWS\system32\Drivers\GemCCID.sys
21:33:30.0343 3528 GemCCID - ok
21:33:30.0359 3528 GMSIPCI - ok
21:33:30.0406 3528 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:33:30.0687 3528 Gpc - ok
21:33:30.0796 3528 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:33:31.0062 3528 helpsvc - ok
21:33:31.0125 3528 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
21:33:31.0343 3528 HidServ - ok
21:33:31.0390 3528 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:33:31.0703 3528 hidusb - ok
21:33:31.0765 3528 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
21:33:32.0000 3528 hkmsvc - ok
21:33:32.0015 3528 hpn - ok
21:33:32.0078 3528 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:33:32.0140 3528 HTTP - ok
21:33:32.0203 3528 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
21:33:32.0468 3528 HTTPFilter - ok
21:33:32.0484 3528 i2omgmt - ok
21:33:32.0515 3528 i2omp - ok
21:33:32.0578 3528 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:33:32.0937 3528 i8042prt - ok
21:33:33.0046 3528 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:33:33.0171 3528 idsvc - ok
21:33:33.0328 3528 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
21:33:33.0343 3528 IJPLMSVC - ok
21:33:33.0437 3528 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:33:33.0718 3528 Imapi - ok
21:33:33.0781 3528 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
21:33:34.0109 3528 ImapiService - ok
21:33:34.0125 3528 ini910u - ok
21:33:34.0171 3528 IntelIde - ok
21:33:34.0218 3528 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:33:34.0593 3528 Ip6Fw - ok
21:33:34.0625 3528 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:33:34.0968 3528 IpFilterDriver - ok
21:33:35.0015 3528 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:33:35.0312 3528 IpInIp - ok
21:33:35.0359 3528 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:33:35.0593 3528 IpNat - ok
21:33:35.0656 3528 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:33:35.0984 3528 IPSec - ok
21:33:36.0031 3528 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:33:36.0156 3528 IRENUM - ok
21:33:36.0218 3528 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:33:36.0484 3528 isapnp - ok
21:33:36.0562 3528 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
21:33:36.0593 3528 JavaQuickStarterService - ok
21:33:36.0640 3528 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:33:36.0937 3528 Kbdclass - ok
21:33:36.0968 3528 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:33:37.0265 3528 kbdhid - ok
21:33:37.0328 3528 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:33:37.0671 3528 kmixer - ok
21:33:37.0734 3528 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:33:37.0859 3528 KSecDD - ok
21:33:37.0906 3528 LanmanServer (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
21:33:37.0984 3528 LanmanServer - ok
21:33:38.0031 3528 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
21:33:38.0078 3528 lanmanworkstation - ok
21:33:38.0109 3528 lbrtfdc - ok
21:33:38.0187 3528 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
21:33:38.0421 3528 LmHosts - ok
21:33:38.0562 3528 McciCMService (4f74184920b2d6e33024409b4c5c57c1) C:\Program Files\Common Files\Motive\McciCMService.exe
21:33:38.0593 3528 McciCMService ( UnsignedFile.Multi.Generic ) - warning
21:33:38.0593 3528 McciCMService - detected UnsignedFile.Multi.Generic (1)
21:33:38.0640 3528 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
21:33:38.0968 3528 Messenger - ok
21:33:39.0046 3528 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:33:39.0093 3528 Microsoft Office Groove Audit Service - ok
21:33:39.0140 3528 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:33:39.0375 3528 mnmdd - ok
21:33:39.0453 3528 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
21:33:39.0750 3528 mnmsrvc - ok
21:33:39.0781 3528 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
21:33:40.0031 3528 Modem - ok
21:33:40.0093 3528 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:33:40.0390 3528 Mouclass - ok
21:33:40.0453 3528 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:33:40.0734 3528 mouhid - ok
21:33:40.0781 3528 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:33:41.0062 3528 MountMgr - ok
21:33:41.0078 3528 mraid35x - ok
21:33:41.0125 3528 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:33:41.0171 3528 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
21:33:41.0171 3528 MREMP50 - detected UnsignedFile.Multi.Generic (1)
21:33:41.0203 3528 MREMP50a64 - ok
21:33:41.0218 3528 MREMPR5 - ok
21:33:41.0250 3528 MRENDIS5 - ok
21:33:41.0328 3528 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:33:41.0359 3528 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
21:33:41.0359 3528 MRESP50 - detected UnsignedFile.Multi.Generic (1)
21:33:41.0375 3528 MRESP50a64 - ok
21:33:41.0437 3528 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:33:41.0812 3528 MRxDAV - ok
21:33:41.0875 3528 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:33:41.0984 3528 MRxSmb - ok
21:33:42.0031 3528 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
21:33:42.0281 3528 MSDTC - ok
21:33:42.0390 3528 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:33:42.0609 3528 Msfs - ok
21:33:42.0640 3528 MSIServer - ok
21:33:42.0687 3528 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:33:42.0984 3528 MSKSSRV - ok
21:33:43.0031 3528 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:33:43.0281 3528 MSPCLOCK - ok
21:33:43.0296 3528 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:33:43.0578 3528 MSPQM - ok
21:33:43.0640 3528 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:33:43.0859 3528 mssmbios - ok
21:33:43.0906 3528 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:33:43.0968 3528 Mup - ok
21:33:44.0031 3528 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
21:33:44.0312 3528 napagent - ok
21:33:44.0343 3528 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:33:44.0593 3528 NDIS - ok
21:33:44.0640 3528 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:33:44.0734 3528 NdisTapi - ok
21:33:44.0796 3528 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:33:45.0109 3528 Ndisuio - ok
21:33:45.0171 3528 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:33:45.0437 3528 NdisWan - ok
21:33:45.0484 3528 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:33:45.0593 3528 NDProxy - ok
21:33:45.0640 3528 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
21:33:45.0687 3528 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:33:45.0687 3528 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:33:45.0734 3528 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:33:46.0015 3528 NetBIOS - ok
21:33:46.0093 3528 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:33:46.0421 3528 NetBT - ok
21:33:46.0468 3528 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:33:46.0703 3528 NetDDE - ok
21:33:46.0734 3528 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
21:33:46.0968 3528 NetDDEdsdm - ok
21:33:47.0046 3528 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:33:47.0234 3528 Netlogon - ok
21:33:47.0281 3528 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
21:33:47.0531 3528 Netman - ok
21:33:47.0671 3528 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:33:47.0718 3528 NetTcpPortSharing - ok
21:33:47.0781 3528 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
21:33:47.0828 3528 Nla - ok
21:33:47.0875 3528 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
21:33:48.0125 3528 nmwcd - ok
21:33:48.0171 3528 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
21:33:48.0265 3528 nmwcdc - ok
21:33:48.0328 3528 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
21:33:48.0468 3528 nmwcdnsu - ok
21:33:48.0500 3528 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
21:33:48.0593 3528 nmwcdnsuc - ok
21:33:48.0640 3528 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:33:48.0890 3528 Npfs - ok
21:33:48.0953 3528 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:33:49.0406 3528 Ntfs - ok
21:33:49.0468 3528 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:33:49.0687 3528 NtLmSsp - ok
21:33:49.0781 3528 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
21:33:50.0109 3528 NtmsSvc - ok
21:33:50.0171 3528 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:33:50.0421 3528 Null - ok
21:33:50.0546 3528 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:33:50.0984 3528 nv - ok
21:33:51.0140 3528 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:33:51.0421 3528 NwlnkFlt - ok
21:33:51.0437 3528 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:33:51.0718 3528 NwlnkFwd - ok
21:33:51.0890 3528 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:33:52.0031 3528 odserv - ok
21:33:52.0062 3528 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:33:52.0140 3528 ose - ok
21:33:52.0218 3528 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
21:33:52.0500 3528 Parport - ok
21:33:52.0531 3528 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:33:52.0812 3528 PartMgr - ok
21:33:52.0859 3528 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
21:33:53.0078 3528 ParVdm - ok
21:33:53.0125 3528 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:33:53.0187 3528 pccsmcfd - ok
21:33:53.0234 3528 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
21:33:53.0484 3528 PCI - ok
21:33:53.0515 3528 PCIDump - ok
21:33:53.0546 3528 PCIIde - ok
21:33:53.0609 3528 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:33:53.0875 3528 Pcmcia - ok
21:33:53.0890 3528 PDCOMP - ok
21:33:53.0906 3528 PDFRAME - ok
21:33:53.0937 3528 PDRELI - ok
21:33:53.0953 3528 PDRFRAME - ok
21:33:53.0984 3528 perc2 - ok
21:33:54.0000 3528 perc2hib - ok
21:33:54.0109 3528 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
21:33:54.0125 3528 PlugPlay - ok
21:33:54.0187 3528 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
21:33:54.0234 3528 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:33:54.0234 3528 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:33:54.0281 3528 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:33:54.0500 3528 PolicyAgent - ok
21:33:54.0531 3528 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:33:54.0843 3528 PptpMiniport - ok
21:33:54.0875 3528 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:33:55.0062 3528 ProtectedStorage - ok
21:33:55.0109 3528 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:33:55.0390 3528 PSched - ok
21:33:55.0453 3528 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:33:55.0718 3528 Ptilink - ok
21:33:55.0734 3528 ql1080 - ok
21:33:55.0765 3528 Ql10wnt - ok
21:33:55.0796 3528 ql12160 - ok
21:33:55.0812 3528 ql1240 - ok
21:33:55.0843 3528 ql1280 - ok
21:33:55.0890 3528 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:33:56.0140 3528 RasAcd - ok
21:33:56.0187 3528 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
21:33:56.0468 3528 RasAuto - ok
21:33:56.0515 3528 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:33:56.0796 3528 Rasl2tp - ok
21:33:56.0843 3528 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
21:33:57.0046 3528 RasMan - ok
21:33:57.0093 3528 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:33:57.0359 3528 RasPppoe - ok
21:33:57.0406 3528 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:33:57.0640 3528 Raspti - ok
21:33:57.0703 3528 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:33:58.0062 3528 Rdbss - ok
21:33:58.0093 3528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:33:58.0328 3528 RDPCDD - ok
21:33:58.0375 3528 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:33:58.0468 3528 RDPWD - ok
21:33:58.0531 3528 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
21:33:58.0781 3528 RDSessMgr - ok
21:33:58.0843 3528 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:33:59.0125 3528 redbook - ok
21:33:59.0187 3528 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
21:33:59.0453 3528 RemoteAccess - ok
21:33:59.0500 3528 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
21:33:59.0812 3528 RpcLocator - ok
21:33:59.0890 3528 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
21:33:59.0968 3528 RpcSs - ok
21:34:00.0031 3528 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
21:34:00.0296 3528 RSVP - ok
21:34:00.0343 3528 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
21:34:00.0484 3528 rtl8139 - ok
21:34:00.0546 3528 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
21:34:00.0781 3528 SamSs - ok
21:34:00.0843 3528 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
21:34:01.0062 3528 SCardSvr - ok
21:34:01.0109 3528 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
21:34:01.0343 3528 Schedule - ok
21:34:01.0421 3528 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:34:01.0531 3528 Secdrv - ok
21:34:01.0578 3528 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
21:34:01.0765 3528 seclogon - ok
21:34:01.0796 3528 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
21:34:02.0078 3528 SENS - ok
21:34:02.0140 3528 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:34:02.0359 3528 serenum - ok
21:34:02.0390 3528 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
21:34:02.0671 3528 Serial - ok
21:34:02.0828 3528 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:34:02.0921 3528 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
21:34:02.0921 3528 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
21:34:03.0046 3528 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:34:03.0296 3528 Sfloppy - ok
21:34:03.0359 3528 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
21:34:03.0656 3528 SharedAccess - ok
21:34:03.0687 3528 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:34:03.0718 3528 ShellHWDetection - ok
21:34:03.0750 3528 Simbad - ok
21:34:03.0812 3528 Sparrow - ok
21:34:03.0875 3528 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:34:04.0156 3528 splitter - ok
21:34:04.0218 3528 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:34:04.0250 3528 Spooler - ok
21:34:04.0328 3528 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
21:34:04.0328 3528 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
21:34:04.0343 3528 sptd ( LockedFile.Multi.Generic ) - warning
21:34:04.0343 3528 sptd - detected LockedFile.Multi.Generic (1)
21:34:04.0421 3528 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
21:34:04.0562 3528 sr - ok
21:34:04.0593 3528 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
21:34:04.0703 3528 srservice - ok
21:34:04.0765 3528 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:34:04.0906 3528 Srv - ok
21:34:04.0953 3528 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
21:34:05.0046 3528 SSDPSRV - ok
21:34:05.0093 3528 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
21:34:05.0359 3528 stisvc - ok
21:34:05.0421 3528 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:34:05.0671 3528 swenum - ok
21:34:05.0718 3528 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:34:06.0000 3528 swmidi - ok
21:34:06.0031 3528 SwPrv - ok
21:34:06.0062 3528 symc810 - ok
21:34:06.0093 3528 symc8xx - ok
21:34:06.0109 3528 sym_hi - ok
21:34:06.0140 3528 sym_u3 - ok
21:34:06.0203 3528 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:34:06.0421 3528 sysaudio - ok
21:34:06.0484 3528 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
21:34:06.0703 3528 SysmonLog - ok
21:34:06.0734 3528 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
21:34:06.0937 3528 TapiSrv - ok
21:34:07.0000 3528 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:34:07.0109 3528 Tcpip - ok
21:34:07.0156 3528 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:34:07.0437 3528 TDPIPE - ok
21:34:07.0468 3528 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:34:07.0718 3528 TDTCP - ok
21:34:07.0765 3528 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:34:08.0109 3528 TermDD - ok
21:34:08.0203 3528 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
21:34:08.0406 3528 TermService - ok
21:34:08.0484 3528 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
21:34:08.0500 3528 Themes - ok
21:34:08.0515 3528 TosIde - ok
21:34:08.0578 3528 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
21:34:08.0796 3528 TrkWks - ok
21:34:08.0875 3528 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
21:34:09.0203 3528 uagp35 - ok
21:34:09.0250 3528 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:34:09.0500 3528 Udfs - ok
21:34:09.0546 3528 ultra - ok
21:34:09.0593 3528 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:34:10.0031 3528 Update - ok
21:34:10.0093 3528 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
21:34:10.0218 3528 upnphost - ok
21:34:10.0250 3528 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
21:34:10.0328 3528 upperdev - ok
21:34:10.0390 3528 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
21:34:10.0593 3528 UPS - ok
21:34:10.0640 3528 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:34:10.0906 3528 usbccgp - ok
21:34:10.0953 3528 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:34:11.0234 3528 usbehci - ok
21:34:11.0265 3528 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:34:11.0531 3528 usbhub - ok
21:34:11.0609 3528 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:34:11.0875 3528 usbscan - ok
21:34:11.0937 3528 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
21:34:12.0218 3528 usbser - ok
21:34:12.0265 3528 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
21:34:12.0359 3528 UsbserFilt - ok
21:34:12.0406 3528 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:34:12.0593 3528 USBSTOR - ok
21:34:12.0640 3528 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:34:12.0921 3528 usbuhci - ok
21:34:12.0984 3528 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:34:13.0234 3528 VgaSave - ok
21:34:13.0281 3528 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:34:13.0546 3528 ViaIde - ok
21:34:13.0609 3528 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
21:34:13.0921 3528 VolSnap - ok
21:34:13.0968 3528 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
21:34:14.0109 3528 VSS - ok
21:34:14.0171 3528 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
21:34:14.0359 3528 W32Time - ok
21:34:14.0421 3528 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:34:14.0703 3528 Wanarp - ok
21:34:14.0765 3528 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:34:14.0875 3528 Wdf01000 - ok
21:34:14.0890 3528 WDICA - ok
21:34:14.0937 3528 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:34:15.0171 3528 wdmaud - ok
21:34:15.0203 3528 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
21:34:15.0421 3528 WebClient - ok
21:34:15.0546 3528 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:34:15.0781 3528 winmgmt - ok
21:34:15.0859 3528 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:34:15.0953 3528 WmdmPmSN - ok
21:34:16.0031 3528 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:34:16.0234 3528 WmiApSrv - ok
21:34:16.0375 3528 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:34:16.0609 3528 WMPNetworkSvc - ok
21:34:16.0671 3528 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:34:16.0718 3528 WpdUsb - ok
21:34:16.0875 3528 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:34:17.0046 3528 WPFFontCache_v0400 - ok
21:34:17.0093 3528 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:34:17.0359 3528 WS2IFSL - ok
21:34:17.0421 3528 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
21:34:17.0656 3528 wscsvc - ok
21:34:17.0671 3528 WSearch - ok
21:34:17.0734 3528 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
21:34:17.0937 3528 wuauserv - ok
21:34:17.0984 3528 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:34:18.0046 3528 WudfPf - ok
21:34:18.0078 3528 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:34:18.0125 3528 WudfRd - ok
21:34:18.0156 3528 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
21:34:18.0187 3528 WudfSvc - ok
21:34:18.0265 3528 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
21:34:18.0531 3528 WZCSVC - ok
21:34:18.0562 3528 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
21:34:18.0828 3528 xmlprov - ok
21:34:18.0875 3528 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
21:34:19.0343 3528 \Device\Harddisk0\DR0 - ok
21:34:19.0375 3528 Boot (0x1200) (9d96a33ebdbc1f24b090b0a1224c41fa) \Device\Harddisk0\DR0\Partition0
21:34:19.0390 3528 \Device\Harddisk0\DR0\Partition0 - ok
21:34:19.0390 3528 ============================================================
21:34:19.0390 3528 Scan finished
21:34:19.0390 3528 ============================================================
21:34:19.0531 3520 Detected object count: 8
21:34:19.0531 3520 Actual detected object count: 8
21:34:35.0828 3520 602XML Updater ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 602XML Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:34:35.0828 3520 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:34:35.0828 3520 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:34:42.0640 3496 Deinitialize success
Re: Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun
Ahoj,
ano je od Trojana pokoj.
Ted jsem spustil jeste NOD a ten nasel nejake dalsi 4 infiltrace. Ale ty jsem uz zvladl sam.
VELICE DEKUJI,
jsem vasim dluznikem.
ano je od Trojana pokoj.
Ted jsem spustil jeste NOD a ten nasel nejake dalsi 4 infiltrace. Ale ty jsem uz zvladl sam.
VELICE DEKUJI,
jsem vasim dluznikem.
Re: Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun
To vis, ja zas takovej profik nejsem.
Ale snazim se porad zdokonalovat.
SAmozrejme ta moje veta, kdyz ji takhle ctu...... to byla opravdu zhovadilost.
Omlouvam se za ni, jestli vas nejak pohorsila ci dokonce rozcilila.
Jeste jednou diky diky
Ale snazim se porad zdokonalovat.
SAmozrejme ta moje veta, kdyz ji takhle ctu...... to byla opravdu zhovadilost.
Omlouvam se za ni, jestli vas nejak pohorsila ci dokonce rozcilila.
Jeste jednou diky diky
Re: Problem s Haveti na PC: WIN32/Agent.SDG.Gen trojsky kun
jj, to verim.
Ten druhy prispevek jsem psal v rychlosti, protoze me deti uz tahaly za nohu at jdu s nima ven.
Takze jsem to DOST DOST DOST odflaknul.
lol
Ten druhy prispevek jsem psal v rychlosti, protoze me deti uz tahaly za nohu at jdu s nima ven.
Takze jsem to DOST DOST DOST odflaknul.
lol
Přispějete na provoz fóra?