Skype vir

[a66]

Dobrý den,
po kliknutí na odkaz Skype se odkaz začal rozesílat ode mě a poté přestalo fungovat připojení k internetu. Přikládám log z RSit:

Logfile of random's system information tool 1.09 (written by random/random)
Run by t1 at 2012-11-06 11:45:46
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 272 GB (89%) free of 305 GB
Total RAM: 4029 MB (76% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2a0
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
"taskhost.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-abdbf255-7689-41d5-977a-d8e7fc64602d -SystemEventPortName:HostProcess-e3009e44-26e0-42a8-bd39-195884e2fccc -IoCancelEventPortName:HostProcess-ea3d128c-32d6-4f66-867d-b22640394099 -NonStateChangingEventPortName:HostProcess-d0e22285-3b2b-45f9-bf3f-e35379baaf23 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a9584a39-4126-4165-8d11-78ded6e77150
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
taskhost.exe $(Arg0)
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-234067220-1521876615-1215172825-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-234067220-1521876615-1215172825-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\t1\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-234067220-1521876615-1215172825-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-234067220-1521876615-1215172825-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\t1\AppData\Roaming\Mozilla\Firefox\Profiles\q2c4muzn.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VIAAUD"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-08 165912]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-08 387608]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-08 365592]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 9569096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-10-19 17875120]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-12-04 2792448]
"DoroServer"=C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe [2012-03-10 172032]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]
"V0470Mon.exe"=C:\Windows\V0470Mon.exe [2007-06-04 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\Windows\system32\guard64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-02 259584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-11-09 13:38:10 ----D---- C:\Windows\erdnt
2012-11-09 13:36:57 ----D---- C:\Windows\SYSWOW64\Atheros_L1e
2012-11-09 13:36:15 ----D---- C:\Install
2012-11-09 12:20:51 ----A---- C:\Windows\ntbtlog.txt
2012-11-07 15:58:39 ----A---- C:\Windows\system32\aswBoot.exe
2012-11-07 15:57:42 ----D---- C:\ProgramData\AVAST Software
2012-11-07 15:57:42 ----D---- C:\Program Files\AVAST Software
2012-11-07 15:41:43 ----D---- C:\Users\t1\AppData\Roaming\Malwarebytes
2012-11-07 15:41:37 ----D---- C:\ProgramData\Malwarebytes
2012-11-07 15:19:02 ----A---- C:\Windows\system32\drivers\8e2185ace8825c71.sys
2012-11-07 15:17:15 ----A---- C:\Users\t1\AppData\Roaming\B3DC.exe
2012-11-07 15:17:14 ----RA---- C:\Users\t1\AppData\Roaming\Dnyeyh.exe
2012-11-06 11:45:46 ----D---- C:\rsit
2012-11-06 11:41:36 ----SD---- C:\qqas
2012-11-06 11:39:25 ----D---- C:\Program Files\trend micro
2012-11-06 11:38:05 ----SHD---- C:\$RECYCLE.BIN
2012-11-05 15:01:11 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-11-05 11:41:43 ----D---- C:\Program Files (x86)\RocketDock
2012-11-05 11:26:21 ----A---- C:\Windows\system32\V0470Pin.dll
2012-11-05 11:26:21 ----A---- C:\Windows\system32\drivers\V0470Vid.sys
2012-11-05 11:26:20 ----D---- C:\Live! Cam
2012-11-05 11:26:20 ----A---- C:\Windows\V0470Mon.exe
2012-11-05 11:26:20 ----A---- C:\Windows\SYSWOW64\V0470Hwx.dll
2012-11-05 11:26:20 ----A---- C:\Windows\SYSWOW64\V0470Cvw.dll
2012-11-05 11:26:20 ----A---- C:\Windows\SYSWOW64\cximage.dll
2012-11-05 11:26:20 ----A---- C:\Windows\SYSWOW64\CtCamMgr.dll
2012-11-05 11:26:20 ----A---- C:\Windows\system32\V0470Hwx.dll
2012-11-05 11:26:20 ----A---- C:\Windows\system32\CtCamMgr.dll
2012-11-05 11:26:20 ----A---- C:\Windows\CtDrvIns.exe
2012-11-05 11:11:33 ----D---- C:\Users\t1\AppData\Roaming\Skype
2012-11-05 11:11:28 ----RD---- C:\Program Files (x86)\Skype
2012-11-05 11:11:25 ----D---- C:\ProgramData\Skype
2012-11-05 08:53:20 ----A---- C:\Windows\system32\cmdcsr.dll
2012-11-01 14:27:55 ----D---- C:\Qoobox
2012-10-25 14:22:12 ----D---- C:\Program Files (x86)\winparte4
2012-10-25 13:38:44 ----A---- C:\Windows\SYSWOW64\msi.dll
2012-10-25 13:38:44 ----A---- C:\Windows\system32\msi.dll
2012-10-23 14:24:18 ----D---- C:\Windows\CheckSur
2012-10-23 13:16:55 ----D---- C:\ProgramData\Mozilla
2012-10-23 13:16:55 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-23 10:33:06 ----D---- C:\Program Files (x86)\Acro Software
2012-10-23 10:23:12 ----D---- C:\Program Files (x86)\Adobe
2012-10-23 10:21:59 ----D---- C:\ProgramData\Adobe
2012-10-23 10:18:50 ----D---- C:\Program Files (x86)\DoroPDFWriter
2012-10-23 09:20:18 ----A---- C:\Windows\system32\OxpsConverter.exe
2012-10-23 09:20:16 ----A---- C:\Windows\system32\wintrust.dll
2012-10-23 09:20:16 ----A---- C:\Windows\system32\drivers\ntfs.sys
2012-10-23 09:20:15 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-10-23 09:20:11 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-10-23 09:20:11 ----A---- C:\Windows\system32\tzres.dll
2012-10-23 09:20:07 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-10-23 09:20:07 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-10-23 09:20:07 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-10-23 09:19:58 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-10-23 09:19:58 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-10-23 09:19:58 ----A---- C:\Windows\system32\winsrv.dll
2012-10-23 09:19:58 ----A---- C:\Windows\system32\KernelBase.dll
2012-10-23 09:19:58 ----A---- C:\Windows\system32\kernel32.dll
2012-10-23 09:19:58 ----A---- C:\Windows\system32\conhost.exe
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-23 09:19:57 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-23 09:19:57 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-10-23 09:19:57 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-10-23 09:19:57 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-10-23 09:19:57 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-10-23 09:19:57 ----A---- C:\Windows\system32\wow64win.dll
2012-10-23 09:19:57 ----A---- C:\Windows\system32\wow64cpu.dll
2012-10-23 09:19:57 ----A---- C:\Windows\system32\wow64.dll
2012-10-23 09:19:57 ----A---- C:\Windows\system32\ntvdm64.dll
2012-10-23 09:19:56 ----A---- C:\Windows\SYSWOW64\user.exe
2012-10-23 09:19:49 ----A---- C:\Windows\system32\profsvc.dll
2012-10-23 09:16:09 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2012-10-23 09:16:09 ----A---- C:\Windows\system32\kerberos.dll
2012-10-23 09:15:51 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-10-23 09:15:51 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-10-23 09:15:51 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-10-23 09:15:51 ----A---- C:\Windows\system32\cryptsvc.dll
2012-10-23 09:15:51 ----A---- C:\Windows\system32\cryptnet.dll
2012-10-23 09:15:51 ----A---- C:\Windows\system32\crypt32.dll
2012-10-23 09:11:40 ----D---- C:\NFRoot
2012-10-23 09:10:40 ----D---- C:\Program Files (x86)\Fastream IQ Web FTP Server GUI
2012-10-23 09:10:21 ----D---- C:\Program Files (x86)\Fastream IQ Web FTP Server Engine
2012-10-22 11:28:57 ----HD---- C:\Program Files (x86)\InstallJammer Registry

======List of files/folders modified in the last 1 month======

2012-11-09 13:37:19 ----D---- C:\Windows\system32\catroot
2012-11-09 13:37:18 ----D---- C:\Windows\system32\DriverStore
2012-11-09 13:36:57 ----D---- C:\Windows\SysWOW64
2012-11-09 13:36:52 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-11-09 13:36:48 ----SHD---- C:\System Volume Information
2012-11-09 12:14:41 ----D---- C:\Windows\system32\NDF
2012-11-08 09:01:46 ----RD---- C:\Program Files (x86)
2012-11-08 08:53:31 ----D---- C:\Windows\system32\catroot2
2012-11-07 15:58:40 ----D---- C:\Windows\system32\Tasks
2012-11-07 15:58:38 ----SHD---- C:\Windows\Installer
2012-11-07 15:58:34 ----D---- C:\Windows\winsxs
2012-11-07 15:58:13 ----D---- C:\Windows\system32\config
2012-11-07 15:57:42 ----HD---- C:\ProgramData
2012-11-07 15:38:00 ----SD---- C:\Users\t1\AppData\Roaming\Microsoft
2012-11-07 15:37:52 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-11-06 13:22:04 ----D---- C:\Windows\system32\wdi
2012-11-06 11:45:46 ----D---- C:\Windows\Temp
2012-11-06 11:42:16 ----D---- C:\Windows\System32
2012-11-06 11:42:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-11-06 11:42:15 ----D---- C:\Windows\inf
2012-11-06 11:41:44 ----D---- C:\Windows
2012-11-06 11:41:35 ----D---- C:\Windows\system32\drivers
2012-11-06 11:39:25 ----RD---- C:\Program Files
2012-11-06 10:49:45 ----RSD---- C:\Windows\Fonts
2012-11-05 11:26:55 ----D---- C:\Windows\twain_32
2012-11-05 11:11:28 ----D---- C:\Program Files (x86)\Common Files
2012-11-01 14:27:58 ----D---- C:\Windows\Prefetch
2012-10-26 10:06:51 ----D---- C:\Windows\rescache
2012-10-25 13:40:14 ----D---- C:\Windows\Logs
2012-10-25 13:35:32 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-10-25 13:35:31 ----D---- C:\Windows\system32\cs-CZ
2012-10-25 13:35:31 ----D---- C:\Windows\AppPatch
2012-10-23 14:31:16 ----A---- C:\Windows\system32\MRT.exe
2012-10-23 13:40:26 ----D---- C:\Windows\Cursors
2012-10-23 13:18:35 ----D---- C:\Windows\Tasks
2012-10-23 13:17:01 ----D---- C:\Users\t1\AppData\Roaming\Mozilla
2012-10-23 11:00:21 ----D---- C:\Windows\Microsoft.NET
2012-10-23 11:00:15 ----RSD---- C:\Windows\assembly
2012-10-23 10:26:01 ----D---- C:\Users\t1\AppData\Roaming\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-08 283200]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-02 7369728]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-11-25 1276928]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
S1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2012-02-03 93200]
S3 AsrCDDrv;AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VF0470Vid;Live! Cam Notebook (VF0470); C:\Windows\system32\DRIVERS\V0470Vid.sys [2007-05-09 183200]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 2815496]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 NFService;Fastream IQ Web/FTP Server; C:\PROGRA~2\FASTRE~1\IQWebFTPServerEngine.exe [2008-10-14 3221504]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-05 115168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-24 1255736]

-----------------EOF-----------------

[vyosek]

Zdravim

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

• Ulozte nejlepe na Plochu
• U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
• Kliknete na Scan
• Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[a66]

FSS:
Farbar Service Scanner Version: 09-11-2012
Ran by t1 (administrator) on 06-11-2012 at 19:43:05
Running from "C:\Users\t1\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

RKill:
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/06/2012 07:44:17 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\drivers\acpi.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_neutral_aed2e7a487803437\acpi.sys : 334 208 : 11/21/2010 00:23 AM : d81d9e70b8a6dd14d42d7b4efa65d5f2 [Pos Repl]
+-> C:\Windows\winsxs\amd64_acpi.inf_31bf3856ad364e35_6.1.7601.17514_none_80aec972e4a75989\acpi.sys : 334 208 : 11/21/2010 00:23 AM : d81d9e70b8a6dd14d42d7b4efa65d5f2 [Pos Repl]

* C:\Windows\System32\drivers\afd.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys : 499 712 : 11/21/2010 00:24 AM : d31dc7a16dea4a9baf179f3d6fbdb38c [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys : 498 688 : 12/28/2011 00:59 AM : 1c7857b62de5994a75b054a9fd4c3825 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys : 498 176 : 12/28/2011 00:01 AM : 36a14fd1a23f57046361733b792ca8db [Pos Repl]

* C:\Windows\System32\drivers\agp440.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys : 61 008 : 07/14/2009 00:52 AM : 608c14dba7299d8cb6ed035a68a15799 [Pos Repl]
+-> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys : 61 008 : 07/14/2009 00:52 AM : 608c14dba7299d8cb6ed035a68a15799 [Pos Repl]

* C:\Windows\System32\drivers\asyncmac.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys : 23 040 : 07/14/2009 00:10 AM : 769765ce2cc62867468cea93969b2242 [Pos Repl]

* C:\Windows\System32\drivers\atapi.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys : 24 128 : 07/14/2009 00:52 AM : 02062c0b390b7729edc9e69c680a6f3c [Pos Repl]
+-> C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys : 24 128 : 07/14/2009 00:52 AM : 02062c0b390b7729edc9e69c680a6f3c [Pos Repl]

* C:\Windows\System32\drivers\battc.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\battc.sys : 28 240 : 07/14/2009 00:52 AM : f4de2ae7a9e1badac70bc71ea2c17612 [Pos Repl]
+-> C:\Windows\winsxs\amd64_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_721c84936d812c57\battc.sys : 28 240 : 07/14/2009 00:52 AM : f4de2ae7a9e1badac70bc71ea2c17612 [Pos Repl]

* C:\Windows\System32\drivers\beep.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys : 6 656 : 07/14/2009 00:00 AM : 16a47ce2decc9b099349a5f840654746 [Pos Repl]

* C:\Windows\System32\drivers\bridge.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_6.1.7600.16385_none_63dee2821fc69fce\bridge.sys : 95 232 : 07/14/2009 00:01 AM : 5c2f352a4e961d72518261257aae204b [Pos Repl]

* C:\Windows\System32\drivers\cdfs.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-cdfs_31bf3856ad364e35_6.1.7600.16385_none_025c84b636a4ef6d\cdfs.sys : 92 160 : 07/14/2009 00:19 AM : b8bd2bb284668c84865658c77574381a [Pos Repl]

* C:\Windows\System32\drivers\cdrom.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys : 147 456 : 11/21/2010 00:23 AM : f036ce71586e93d94dab220d7bdf4416 [Pos Repl]
+-> C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys : 147 456 : 11/21/2010 00:23 AM : f036ce71586e93d94dab220d7bdf4416 [Pos Repl]

* C:\Windows\System32\drivers\classpnp.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-classpnp_31bf3856ad364e35_6.1.7601.17514_none_73a9340ac2b15f83\Classpnp.sys : 179 072 : 11/21/2010 00:24 AM : acfad0b512226c7a83c7cb09fd55a9ad [Pos Repl]

* C:\Windows\System32\drivers\CmBatt.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\CmBatt.sys : 17 664 : 07/14/2009 00:31 AM : 0840155d0bddf1190f84a663c284bd33 [Pos Repl]
+-> C:\Windows\winsxs\amd64_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_721c84936d812c57\CmBatt.sys : 17 664 : 07/14/2009 00:31 AM : 0840155d0bddf1190f84a663c284bd33 [Pos Repl]

* C:\Windows\System32\drivers\compbatt.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\compbatt.sys : 21 584 : 07/14/2009 00:52 AM : 102de219c3f61415f964c88e9085ad14 [Pos Repl]
+-> C:\Windows\winsxs\amd64_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_721c84936d812c57\compbatt.sys : 21 584 : 07/14/2009 00:52 AM : 102de219c3f61415f964c88e9085ad14 [Pos Repl]

* C:\Windows\System32\drivers\diskdump.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.17514_none_c4e43b7bade5bb1e\Diskdump.sys : 27 520 : 11/21/2010 00:24 AM : b27a7b563f66ead82b488ebad5e4dd55 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.17601_none_c4ec0c6fade0504f\Diskdump.sys : 27 520 : 04/23/2011 00:15 AM : 9bbd8b5855bc6578957f82341f9cde5a [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.21710_none_c569d904c706f2b3\Diskdump.sys : 27 520 : 04/22/2011 09:50 PM : ab566fe481398d77436d628c16895097 [Pos Repl]

* C:\Windows\System32\drivers\disk.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys : 73 280 : 07/14/2009 00:47 AM : 9819eee8b5ea3784ec4af3b137a5244c [Pos Repl]
+-> C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys : 73 280 : 07/14/2009 09:47 AM : 9819eee8b5ea3784ec4af3b137a5244c [Pos Repl]

* C:\Windows\System32\drivers\drmkaud.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\drmkaud.sys : 5 632 : 07/14/2009 00:06 AM : 9b19f34400d24df84c858a421c205754 [Pos Repl]
+-> C:\Windows\winsxs\amd64_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_bc5c4aba33d6af68\drmkaud.sys : 5 632 : 07/14/2009 09:06 AM : 9b19f34400d24df84c858a421c205754 [Pos Repl]

* C:\Windows\System32\drivers\drmk.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\drmk.sys : 116 224 : 07/14/2009 00:01 AM : 21d26064aedb4988f785bb4a3a2c051e [Pos Repl]
+-> C:\Windows\winsxs\amd64_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_bc5c4aba33d6af68\drmk.sys : 116 224 : 07/14/2009 09:01 AM : 21d26064aedb4988f785bb4a3a2c051e [Pos Repl]

* C:\Windows\System32\drivers\dxapi.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-useros_31bf3856ad364e35_6.1.7600.16385_none_2963a67886ddf81e\dxapi.sys : 16 896 : 07/14/2009 09:38 AM : bf24d6f2ed97fe830bfd52b246f98e67 [Pos Repl]

* C:\Windows\System32\drivers\dxg.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-dxg_31bf3856ad364e35_6.1.7600.16385_none_04e0334574ce0f74\dxg.sys : 98 816 : 07/14/2009 09:38 AM : fede0629ecb23650d48989517d4914da [Pos Repl]

* C:\Windows\System32\drivers\fastfat.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys : 204 800 : 07/14/2009 09:23 AM : 0adc83218b66a6db380c330836f3e36d [Pos Repl]

* C:\Windows\System32\drivers\fdc.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_neutral_bbcfca39fdc02275\fdc.sys : 29 696 : 07/14/2009 00:00 AM : d765d19cd8ef61f650c384f62fac00ab [Pos Repl]
+-> C:\Windows\winsxs\amd64_fdc.inf_31bf3856ad364e35_6.1.7600.16385_none_5d86a514fa18ed1d\fdc.sys : 29 696 : 07/14/2009 09:00 AM : d765d19cd8ef61f650c384f62fac00ab [Pos Repl]

* C:\Windows\System32\drivers\flpydisk.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\flpydisk.sys : 24 576 : 07/14/2009 00:00 AM : c172a0f53008eaeb8ea33fe10e177af5 [Pos Repl]
+-> C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\flpydisk.sys : 24 576 : 07/14/2009 09:00 AM : c172a0f53008eaeb8ea33fe10e177af5 [Pos Repl]

* C:\Windows\System32\drivers\fltMgr.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-filtermanager-core_31bf3856ad364e35_6.1.7601.17514_none_6f2f7861416b9bc6\fltMgr.sys : 289 664 : 11/21/2010 09:24 AM : da6b67270fd9db3697b20fce94950741 [Pos Repl]

* C:\Windows\System32\drivers\fs_rec.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17514_none_83784bb654f0d178\fs_rec.sys : 23 104 : 07/14/2009 09:47 AM : e95ef8547de20cf0603557c0cf7a9462 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17787_none_832fa0ec5526db62\fs_rec.sys : 23 408 : 03/01/2012 09:46 AM : 6bd9295cc032dd3077c671fccf579a7b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.21933_none_83eb4e116e1f8742\fs_rec.sys : 23 408 : 03/01/2012 09:33 AM : b67646b415693fac2a45124ebf873d78 [Pos Repl]

* C:\Windows\System32\drivers\hidclass.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\hidclass.sys : 76 800 : 11/21/2010 00:23 AM : 8b0e40e7e8bbf5acf390465609d89ff1 [Pos Repl]
+-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7601.17514_none_7e959f3636bd3a1c\hidclass.sys : 76 800 : 11/21/2010 09:23 AM : 8b0e40e7e8bbf5acf390465609d89ff1 [Pos Repl]

* C:\Windows\System32\drivers\hidparse.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\hidparse.sys : 32 896 : 07/14/2009 00:06 AM : 49ee2e52e6cd03947dad72f65367be06 [Pos Repl]
+-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7601.17514_none_7e959f3636bd3a1c\hidparse.sys : 32 896 : 07/14/2009 09:06 AM : 49ee2e52e6cd03947dad72f65367be06 [Pos Repl]

* C:\Windows\System32\drivers\hidusb.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\hidusb.sys : 30 208 : 11/21/2010 00:23 AM : 9592090a7e2b61cd582b612b6df70536 [Pos Repl]
+-> C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7601.17514_none_7e959f3636bd3a1c\hidusb.sys : 30 208 : 11/21/2010 09:23 AM : 9592090a7e2b61cd582b612b6df70536 [Pos Repl]

* C:\Windows\System32\drivers\http.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-http_31bf3856ad364e35_6.1.7601.17514_none_0ae701b82f7a7759\http.sys : 753 664 : 11/21/2010 09:23 AM : 0ea7de1acb728dd5a369fd742d6eee28 [Pos Repl]

* C:\Windows\System32\drivers\i8042prt.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys : 105 472 : 07/14/2009 00:19 AM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys : 105 472 : 07/14/2009 00:19 AM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys : 105 472 : 07/14/2009 09:19 AM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys : 105 472 : 07/14/2009 09:19 AM : fa55c73d4affa7ee23ac4be53b4592d3 [Pos Repl]

* C:\Windows\System32\drivers\intelide.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\intelide.sys : 16 960 : 07/14/2009 00:48 AM : f00f20e70c6ec3aa366910083a0518aa [Pos Repl]
+-> C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\intelide.sys : 16 960 : 07/14/2009 09:48 AM : f00f20e70c6ec3aa366910083a0518aa [Pos Repl]

* C:\Windows\System32\drivers\intelppm.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\intelppm.sys : 62 464 : 07/14/2009 00:19 AM : ada036632c664caa754079041cf1f8c1 [Pos Repl]
+-> C:\Windows\winsxs\amd64_cpu.inf_31bf3856ad364e35_6.1.7600.16385_none_b93f4c460912265a\intelppm.sys : 62 464 : 07/14/2009 09:19 AM : ada036632c664caa754079041cf1f8c1 [Pos Repl]

* C:\Windows\System32\drivers\ipfltdrv.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-rasipfilter_31bf3856ad364e35_6.1.7601.17514_none_458f8957d5cef9fa\ipfltdrv.sys : 82 944 : 11/21/2010 09:24 AM : c9f0e1bd74365a8771590e9008d22ab6 [Pos Repl]

* C:\Windows\System32\drivers\ipnat.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-ipnat_31bf3856ad364e35_6.1.7600.16385_none_b70d093f950ce2cf\ipnat.sys : 116 224 : 07/14/2009 09:10 AM : af9b39a7e7b6caa203b3862582e9f2d0 [Pos Repl]

* C:\Windows\System32\drivers\irenum.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-irdaircomm_31bf3856ad364e35_6.1.7600.16385_none_84866db23e5a6f30\irenum.sys : 17 920 : 07/14/2009 09:08 AM : 3abf5e7213eb28966d55d58b515d5ce9 [Pos Repl]

* C:\Windows\System32\drivers\isapnp.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys : 20 544 : 07/14/2009 00:48 AM : 2f7b28dc3e1183e5eb418df55c204f38 [Pos Repl]
+-> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys : 20 544 : 07/14/2009 09:48 AM : 2f7b28dc3e1183e5eb418df55c204f38 [Pos Repl]

* C:\Windows\System32\drivers\kbdclass.sys [NoSig]
+-> C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys : 50 768 : 07/14/2009 00:48 AM : bc02336f1cba7dcc7d1213bb588a68a5 [Pos Repl]
+-> C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys : 50 768 : 07/14/2009 09:48 AM : bc02336f1cba7dcc7d1213bb588a68a5 [Pos Repl]

* C:\Windows\System32\drivers\ksecdd.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\ksecdd.sys : 95 616 : 11/21/2010 09:24 AM : ccd53b5bd33ce0c889e830d839c8b66e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\ksecdd.sys : 95 600 : 11/17/2011 09:49 AM : da1e991a61cfdd755a589e206b97644b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\ksecdd.sys : 95 600 : 06/02/2012 09:48 AM : 97a7070aea4c058b6418519e869a63b4 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\ksecdd.sys : 95 600 : 11/17/2011 09:31 AM : 44112506709c9ee7e8ac38e161706e34 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\ksecdd.sys : 95 600 : 06/04/2012 09:55 AM : d44556c48f351bb26f3a8c90200f495a [Pos Repl]

* C:\Windows\System32\drivers\ks.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7601.17514_none_b5a6c7c6ac83a58e\ks.sys : 243 712 : 11/21/2010 09:24 AM : 24fbf5cc5c04150073c315a7c83521ee [Pos Repl]

* C:\Windows\System32\ntoskrnl.exe [NoSig]
+-> C:\Windows\SysWOW64\ntoskrnl.exe : 3 914 096 : 08/30/2012 07:12 PM : 948f0b444cb6cc35fe5f9de52420cb95 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe : 5 563 776 : 11/21/2010 09:24 AM : c6cec3e6cc9842b73501c70aa64c00fe [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe : 5 561 216 : 06/23/2011 09:43 AM : 577841951e8bad6ea8288106693cd39f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe : 5 559 664 : 03/31/2012 09:05 AM : 03b5c6dba5a770ceefd1615e380c6bc3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_ca41cd33cad1e557\ntoskrnl.exe : 5 559 664 : 05/04/2012 01:06 PM : 2819bb6417b85d38169a4f151463a815 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_ca35fee3cadae518\ntoskrnl.exe : 5 559 664 : 08/30/2012 08:03 PM : fe905d59663e86bfe51623947b7425fd [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe : 5 561 728 : 06/23/2011 08:22 AM : ce6af5ec2db1567b6297adcb56b39b5d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe : 5 561 200 : 03/31/2012 08:39 AM : 708a4c721cee6b3845b5a54477d873cf [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_ca975af6e4164384\ntoskrnl.exe : 5 561 200 : 05/04/2012 08:51 AM : 6a692db27a943b463e97b749dd34f3da [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_cae9b336e3d92f09\ntoskrnl.exe : 5 562 736 : 08/30/2012 08:02 PM : a0d1c0e813a7c6e17c029375ac2ace18 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe : 3 911 040 : 11/21/2010 08:23 AM : 2088d9994332583edb3c561de31ea5ad [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe : 3 912 576 : 06/23/2011 08:33 AM : fb58abd5e1f75a2cf713c9dff0ec0804 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe : 3 913 072 : 03/31/2012 08:39 AM : 28f44480e411c3ddf04b63f6560e6ef4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntoskrnl.exe : 3 913 072 : 05/04/2012 08:03 AM : 53483a0b2de3617e832f1dbaf9620f39 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntoskrnl.exe : 3 914 096 : 08/30/2012 07:12 PM : 948f0b444cb6cc35fe5f9de52420cb95 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe : 3 912 576 : 06/23/2011 07:55 AM : 90efdb506f6140eea9dee398d9449d86 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe : 3 916 656 : 03/31/2012 07:37 AM : 2e02a17e8965ad671e4987e503ad38b1 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntoskrnl.exe : 3 916 656 : 05/04/2012 07:03 AM : a37a39568c8ec9a17d1b7471445b81a8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntoskrnl.exe : 3 917 168 : 08/30/2012 07:06 PM : 5355a85d26eecfa3a68b1f55b0c59a20 [Pos Repl]

Checking HOSTS File:

* No issues found.

Program finished at: 11/06/2012 07:45:42 PM
Execution time: 0 hours(s), 1 minute(s), and 24 seconds(s)

ComboFix:
ComboFix 12-11-13.03 - t1 14.11.2012 19:48:40.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4029.2893 [GMT 1:00]
Spuštěný z: c:\users\t1\Desktop\ComboFix.exe
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\t1\AppData\Roaming\B3DC.exe
c:\users\t1\AppData\Roaming\Dnyeyh.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-14 do 2012-11-14 )))))))))))))))))))))))))))))))
.
.
2012-11-14 18:51 . 2012-11-14 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-09 12:36 . 2012-11-09 12:36 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-11-09 12:36 . 2012-11-09 12:36 -------- d-----w- C:\Install
2012-11-08 07:56 . 2012-11-08 08:02 -------- d-----w- c:\users\t1\AppData\Local\ElevatedDiagnostics
2012-11-07 14:58 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-07 14:57 . 2012-11-08 07:59 -------- d-----w- c:\programdata\AVAST Software
2012-11-07 14:57 . 2012-11-07 14:57 -------- d-----w- c:\program files\AVAST Software
2012-11-07 14:41 . 2012-11-07 14:41 -------- d-----w- c:\users\t1\AppData\Roaming\Malwarebytes
2012-11-07 14:41 . 2012-11-07 14:41 -------- d-----w- c:\programdata\Malwarebytes
2012-11-07 14:38 . 2012-11-07 14:38 -------- d-----w- c:\users\t1\AppData\Local\Macromedia
2012-11-06 10:45 . 2012-11-06 10:45 -------- d-----w- C:\rsit
2012-11-06 10:41 . 2012-11-06 10:41 -------- d-----w- C:\qqas
2012-11-06 10:39 . 2012-11-06 10:39 -------- d-----w- c:\program files\trend micro
2012-11-06 07:04 . 2012-10-17 00:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4445A795-6DFD-4104-9A40-F2E49D6ADEC8}\mpengine.dll
2012-11-05 10:41 . 2012-11-05 10:41 -------- d-----w- c:\program files (x86)\RocketDock
2012-11-05 10:11 . 2012-11-06 18:42 -------- d-----w- c:\users\t1\AppData\Roaming\Skype
2012-11-05 10:11 . 2012-11-05 10:11 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-05 10:11 . 2012-11-05 10:11 -------- d-----r- c:\program files (x86)\Skype
2012-11-05 10:11 . 2012-11-05 10:11 -------- d-----w- c:\programdata\Skype
2012-11-05 07:53 . 2012-03-11 21:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-10-25 13:22 . 2012-10-25 13:22 -------- d-----w- c:\program files (x86)\winparte4
2012-10-25 12:38 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-10-25 12:38 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-10-23 13:24 . 2012-10-23 13:24 -------- d-----w- c:\windows\CheckSur
2012-10-23 12:18 . 2012-10-23 12:19 -------- d-----w- c:\users\t1\AppData\Local\Google
2012-10-23 12:17 . 2012-10-23 12:17 -------- d-----w- c:\users\t1\AppData\Local\Mozilla
2012-10-23 12:16 . 2012-11-06 07:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-23 09:34 . 2012-10-23 09:34 -------- d-----w- c:\users\t1\AppData\Local\CutePDF Writer
2012-10-23 09:33 . 2012-10-26 12:48 -------- d-----w- c:\program files (x86)\Acro Software
2012-10-23 09:26 . 2012-10-23 09:26 -------- d-----w- c:\users\t1\AppData\Local\Adobe
2012-10-23 09:23 . 2012-10-23 09:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-10-23 09:18 . 2012-10-23 09:18 -------- d-----w- c:\program files (x86)\DoroPDFWriter
2012-10-23 08:20 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-23 08:20 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-23 08:20 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-23 08:20 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-23 08:20 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-23 08:20 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-23 08:20 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-23 08:16 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-23 08:16 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-23 08:15 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-23 08:15 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-23 08:15 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-23 08:15 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-23 08:15 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-23 08:15 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-23 08:11 . 2012-10-23 08:11 -------- d-----w- C:\NFRoot
2012-10-23 08:10 . 2012-10-23 08:12 -------- d-----w- c:\program files (x86)\Fastream IQ Web FTP Server GUI
2012-10-23 08:10 . 2012-10-23 08:20 -------- d-----w- c:\program files (x86)\Fastream IQ Web FTP Server Engine
2012-10-22 10:28 . 2012-10-25 13:21 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 14:37 . 2012-10-04 05:56 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-07 14:37 . 2012-02-24 17:16 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-23 13:31 . 2012-02-24 16:41 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-24 11:15 . 2012-10-03 22:31 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-10-03 22:31 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-10-03 22:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-10-03 22:31 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-10-03 22:31 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-10-03 22:31 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-10-03 22:31 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-10-03 22:31 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-10-03 22:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-10-03 22:31 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-10-03 22:31 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-10-03 22:31 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-10-03 22:31 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-10-03 22:31 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-10-03 22:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-10-03 22:31 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-10-03 22:31 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-10-03 22:31 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-10-03 22:31 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-10-03 22:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-10-03 22:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-10-03 22:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-20 17:38 . 2012-10-23 08:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\atapi.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\asyncmac.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\kbdclass.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ndis.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ntfs.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\null.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tcpip.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2012-08-30 . 948F0B444CB6CC35FE5F9DE52420CB95 . 3914096 . . [6.1.7601.17944] .. c:\windows\erdnt\cache86\ntoskrnl.exe
[7] 2012-08-30 . 948F0B444CB6CC35FE5F9DE52420CB95 . 3914096 . . [6.1.7601.17944] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2012-08-30 . 948F0B444CB6CC35FE5F9DE52420CB95 . 3914096 . . [6.1.7601.17944] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntoskrnl.exe
[7] 2012-08-30 . 5355A85D26EECFA3A68B1F55B0C59A20 . 3917168 . . [6.1.7601.22103] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntoskrnl.exe
[7] 2012-05-04 . A37A39568C8EC9A17D1B7471445B81A8 . 3916656 . . [6.1.7601.21987] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntoskrnl.exe
[7] 2012-05-04 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntoskrnl.exe
[7] 2012-03-31 . 28F44480E411C3DDF04B63F6560E6EF4 . 3913072 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe
[7] 2012-03-31 . 2E02A17E8965AD671E4987E503AD38B1 . 3916656 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe
[7] 2011-06-23 . 90EFDB506F6140EEA9DEE398D9449D86 . 3912576 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
[7] 2010-11-21 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-10-19 17875120]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 2792448]
"DoroServer"="c:\program files (x86)\DoroPDFWriter\DoroServer.exe" [2012-03-10 172032]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-04 32768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NFService;Fastream IQ Web/FTP Server;c:\progra~2\FASTRE~1\IQWebFTPServerEngine.exe [2008-10-14 3221504]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\DRIVERS\V0470Vid.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-24 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - 8e2185ace8825c71
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-04 14:37]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-234067220-1521876615-1215172825-1000Core.job
- c:\users\t1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-23 12:18]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-234067220-1521876615-1215172825-1000UA.job
- c:\users\t1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-23 12:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-08 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.10
FF - ProfilePath - c:\users\t1\AppData\Roaming\Mozilla\Firefox\Profiles\q2c4muzn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2012-11-07 15:58; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-VIAAUD - c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe
AddRemove-krem2002_is1 - c:\krem2002\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\8e2185ace8825c71]
"ImagePath"="\SystemRoot\System32\Drivers\8e2185ace8825c71.sys"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-11-14 19:52:54
ComboFix-quarantined-files.txt 2012-11-14 18:52
.
Před spuštěním: Volných bajtů: 284 580 827 136
Po spuštění: Volných bajtů: 284 948 090 880
.
- - End Of File - - EA99C43C1151AD1DCC7AA9549B603D59

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Driver::
  8e2185ace8825c71
  
  Collect::
  C:\Windows\system32\drivers\8e2185ace8825c71.sys
  C:\Users\t1\AppData\Roaming\B3DC.exe
  C:\Users\t1\AppData\Roaming\Dnyeyh.exe
  
  Restore::
  c:\windows\system32\drivers\atapi.sys
  c:\windows\system32\drivers\asyncmac.sys
  c:\windows\system32\drivers\kbdclass.sys
  c:\windows\system32\drivers\ndis.sys
  c:\windows\system32\drivers\ntfs.sys
  c:\windows\system32\drivers\null.sys
  c:\windows\system32\drivers\tcpip.sys
  c:\windows\system32\drivers\tdx.sys
  c:\windows\system32\ntoskrnl.exe
  
  FCopy::
  c:\Windows\winsxs\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7601.17514_none_b5a6c7c6ac83a58e\ks.sys | C:\Windows\System32\drivers\ks.sys
  C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys | C:\Windows\System32\drivers\isapnp.sys
   C:\Windows\winsxs\amd64_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.17514_none_c4e43b7bade5bb1e\Diskdump.sys | C:\Windows\System32\drivers\diskdump.sys
  C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\compbatt.sys | C:\Windows\System32\drivers\compbatt.sys
  C:\Windows\winsxs\amd64_microsoft-windows-classpnp_31bf3856ad364e35_6.1.7601.17514_none_73a9340ac2b15f83\Classpnp.sys | C:\Windows\System32\drivers\classpnp.sys
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"=-
  
  File::
  c:\windows\Tasks\Adobe Flash Player Updater.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-234067220-1521876615-1215172825-1000Core.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-234067220-1521876615-1215172825-1000UA.job
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[a66]

ComboFix 12-11-13.03 - t1 14.11.2012 21:55:10.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4029.3049 [GMT 1:00]
Spuštěný z: c:\users\t1\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\t1\Desktop\CFScript.txt
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-234067220-1521876615-1215172825-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-234067220-1521876615-1215172825-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-234067220-1521876615-1215172825-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-234067220-1521876615-1215172825-1000UA.job
.
Nakažená kopie c:\windows\system32\drivers\asyncmac.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys
.
Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
.
Nakažená kopie c:\windows\system32\drivers\kbdclass.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys
.
Nakažená kopie c:\windows\system32\drivers\ndis.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
.
Nakažená kopie c:\windows\system32\drivers\ntfs.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_0477c74a33a2859a\ntfs.sys
.
Nakažená kopie c:\windows\system32\drivers\null.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys
.
Nakažená kopie c:\windows\system32\drivers\tcpip.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
.
Nakažená kopie c:\windows\system32\drivers\tdx.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
.
c:\windows\system32\ntoskrnl.exe . . . je infikován!!
.
.
--------------- FCopy ---------------
.
c:\windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys --> c:\windows\System32\drivers\isapnp.sys
c:\windows\winsxs\amd64_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.17514_none_c4e43b7bade5bb1e\Diskdump.sys --> c:\windows\System32\drivers\diskdump.sys
c:\windows\System32\DriverStore\FileRepository\battery.inf_amd64_neutral_cb8fa151a7b7cb80\compbatt.sys --> c:\windows\System32\drivers\compbatt.sys
c:\windows\winsxs\amd64_microsoft-windows-classpnp_31bf3856ad364e35_6.1.7601.17514_none_73a9340ac2b15f83\Classpnp.sys --> c:\windows\System32\drivers\classpnp.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_8E2185ACE8825C71
-------\Service_8e2185ace8825c71
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-14 do 2012-11-14 )))))))))))))))))))))))))))))))
.
.
2012-11-14 20:57 . 2012-11-14 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-14 20:36 . 2010-11-21 03:24 179072 ----a-w- c:\windows\SysWow64\drivers\classpnp.sys
2012-11-14 20:36 . 2010-11-21 03:24 27520 ----a-w- c:\windows\SysWow64\drivers\diskdump.sys
2012-11-14 20:36 . 2009-07-14 01:52 21584 ----a-w- c:\windows\SysWow64\drivers\compbatt.sys
2012-11-14 20:36 . 2012-11-14 20:36 0 ----a-w- c:\windows\SysWow64\drivers\ks.sys
2012-11-14 20:36 . 2009-07-14 01:48 20544 ----a-w- c:\windows\SysWow64\drivers\isapnp.sys
2012-11-09 12:36 . 2012-11-09 12:36 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-11-09 12:36 . 2012-11-09 12:36 -------- d-----w- C:\Install
2012-11-08 07:56 . 2012-11-08 08:02 -------- d-----w- c:\users\t1\AppData\Local\ElevatedDiagnostics
2012-11-07 14:58 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-07 14:57 . 2012-11-08 07:59 -------- d-----w- c:\programdata\AVAST Software
2012-11-07 14:57 . 2012-11-07 14:57 -------- d-----w- c:\program files\AVAST Software
2012-11-07 14:41 . 2012-11-07 14:41 -------- d-----w- c:\users\t1\AppData\Roaming\Malwarebytes
2012-11-07 14:41 . 2012-11-07 14:41 -------- d-----w- c:\programdata\Malwarebytes
2012-11-07 14:38 . 2012-11-07 14:38 -------- d-----w- c:\users\t1\AppData\Local\Macromedia
2012-11-06 10:45 . 2012-11-06 10:45 -------- d-----w- C:\rsit
2012-11-06 10:41 . 2012-11-06 10:41 -------- d-----w- C:\qqas
2012-11-06 10:39 . 2012-11-06 10:39 -------- d-----w- c:\program files\trend micro
2012-11-06 07:04 . 2012-10-17 00:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4445A795-6DFD-4104-9A40-F2E49D6ADEC8}\mpengine.dll
2012-11-05 10:41 . 2012-11-05 10:41 -------- d-----w- c:\program files (x86)\RocketDock
2012-11-05 10:11 . 2012-11-14 20:40 -------- d-----w- c:\users\t1\AppData\Roaming\Skype
2012-11-05 10:11 . 2012-11-05 10:11 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-05 10:11 . 2012-11-05 10:11 -------- d-----r- c:\program files (x86)\Skype
2012-11-05 10:11 . 2012-11-05 10:11 -------- d-----w- c:\programdata\Skype
2012-11-05 07:53 . 2012-03-11 21:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-10-25 13:22 . 2012-10-25 13:22 -------- d-----w- c:\program files (x86)\winparte4
2012-10-25 12:38 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-10-25 12:38 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-10-23 13:24 . 2012-10-23 13:24 -------- d-----w- c:\windows\CheckSur
2012-10-23 12:18 . 2012-10-23 12:19 -------- d-----w- c:\users\t1\AppData\Local\Google
2012-10-23 12:17 . 2012-10-23 12:17 -------- d-----w- c:\users\t1\AppData\Local\Mozilla
2012-10-23 12:16 . 2012-11-06 07:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-23 09:34 . 2012-10-23 09:34 -------- d-----w- c:\users\t1\AppData\Local\CutePDF Writer
2012-10-23 09:33 . 2012-10-26 12:48 -------- d-----w- c:\program files (x86)\Acro Software
2012-10-23 09:26 . 2012-10-23 09:26 -------- d-----w- c:\users\t1\AppData\Local\Adobe
2012-10-23 09:23 . 2012-10-23 09:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-10-23 09:18 . 2012-10-23 09:18 -------- d-----w- c:\program files (x86)\DoroPDFWriter
2012-10-23 08:20 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-23 08:20 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-23 08:20 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-23 08:20 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-23 08:20 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-23 08:20 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-23 08:20 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-23 08:20 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-23 08:20 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-23 08:16 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-23 08:16 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-23 08:15 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-23 08:15 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-23 08:15 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-23 08:15 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-23 08:15 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-23 08:15 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-23 08:11 . 2012-10-23 08:11 -------- d-----w- C:\NFRoot
2012-10-23 08:10 . 2012-10-23 08:12 -------- d-----w- c:\program files (x86)\Fastream IQ Web FTP Server GUI
2012-10-23 08:10 . 2012-10-23 08:20 -------- d-----w- c:\program files (x86)\Fastream IQ Web FTP Server Engine
2012-10-22 10:28 . 2012-10-25 13:21 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 14:37 . 2012-10-04 05:56 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-07 14:37 . 2012-02-24 17:16 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-23 13:31 . 2012-02-24 16:41 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-24 11:15 . 2012-10-03 22:31 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-10-03 22:31 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-10-03 22:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-10-03 22:31 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-10-03 22:31 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-10-03 22:31 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-10-03 22:31 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-10-03 22:31 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-10-03 22:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-10-03 22:31 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-10-03 22:31 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-10-03 22:31 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-10-03 22:31 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-10-03 22:31 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-10-03 22:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-10-03 22:31 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-10-03 22:31 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-10-03 22:31 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-10-03 22:31 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-10-03 22:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-10-03 22:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-10-03 22:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-10-01 12:11 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-10-03 22:56 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-10-01 12:11 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-10-01 12:11 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-23 08:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 2792448]
"DoroServer"="c:\program files (x86)\DoroPDFWriter\DoroServer.exe" [2012-03-10 172032]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-04 32768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\DRIVERS\V0470Vid.sys [2007-05-09 183200]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-24 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-08 283200]
S2 NFService;Fastream IQ Web/FTP Server;c:\progra~2\FASTRE~1\IQWebFTPServerEngine.exe [2008-10-14 3221504]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1276928]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 8E2185ACE8825C71
*Deregistered* - 8e2185ace8825c71
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAAUD"="c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-08 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.10
FF - ProfilePath - c:\users\t1\AppData\Roaming\Mozilla\Firefox\Profiles\q2c4muzn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2012-11-07 15:58; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-krem2002_is1 - c:\krem2002\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\8e2185ace8825c71]
"ImagePath"="\SystemRoot\System32\Drivers\8e2185ace8825c71.sys"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Celkový čas: 2012-11-14 22:00:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-14 21:00
ComboFix2.txt 2012-11-14 18:52
.
Před spuštěním: Volných bajtů: 285 717 889 024
Po spuštění: Volných bajtů: 285 128 798 208
.
- - End Of File - - 3DF85D865BE807F611FA2BEFBCE1224E

[vyosek]

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :services
  8e2185ace8825c71
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "Adobe ARM"=-
  
  :files
  C:\Windows\system32\drivers\8e2185ace8825c71.sys
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[a66]

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named 8e2185ace8825c71 was found to stop!
Service\Driver key 8e2185ace8825c71 not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\drivers\8e2185ace8825c71.sys not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: t1
->Temp folder emptied: 170817 bytes
->Temporary Internet Files folder emptied: 50125346 bytes
->FireFox cache emptied: 175896359 bytes
->Google Chrome cache emptied: 20485101 bytes
->Flash cache emptied: 1291 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33325 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50641 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 235,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: t1
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: t1

Total Java Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 11142012_232639

[vyosek]

Jen se zeptam co jste tam delal 1.11. s ComboFixem?

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Kliknete na volbu Change parametrs
• V okne Additional Option zakliknete vsechny moznosti
• Kliknete na OK
• Utilite prikazte, at skenuje - klik na Start Scan
• Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
• Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
• Pokud mate vsude Skip, kliknete na Continue
• Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

[a66]

Combofix hlásil nesprávné datum v PC, srovnal jsem ho, ale nevím, zda bylo právě 1. 11. 2012.
23:45:07.0705 0960 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:45:07.0721 0960 ============================================================
23:45:07.0721 0960 Current date / time: 2012/11/14 23:45:07.0721
23:45:07.0721 0960 SystemInfo:
23:45:07.0721 0960
23:45:07.0721 0960 OS Version: 6.1.7601 ServicePack: 1.0
23:45:07.0721 0960 Product type: Workstation
23:45:07.0721 0960 ComputerName: T1-PC
23:45:07.0721 0960 UserName: t1
23:45:07.0721 0960 Windows directory: C:\Windows
23:45:07.0721 0960 System windows directory: C:\Windows
23:45:07.0721 0960 Running under WOW64
23:45:07.0721 0960 Processor architecture: Intel x64
23:45:07.0721 0960 Number of processors: 2
23:45:07.0721 0960 Page size: 0x1000
23:45:07.0721 0960 Boot type: Normal boot
23:45:07.0721 0960 ============================================================
23:45:13.0727 0960 !crdlk
23:45:13.0727 0960 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
23:45:13.0742 0960 Drive \Device\Harddisk1\DR2 - Size: 0xEFA00000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:45:13.0742 0960 ============================================================
23:45:13.0742 0960 \Device\Harddisk0\DR0:
23:45:13.0742 0960 MBR partitions:
23:45:13.0742 0960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:45:13.0742 0960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
23:45:13.0742 0960 \Device\Harddisk1\DR2:
23:45:13.0742 0960 MBR partitions:
23:45:13.0742 0960 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3E, BlocksNum 0x77C5AA
23:45:13.0742 0960 ============================================================
23:45:13.0758 0960 C: <-> \Device\Harddisk0\DR0\Partition2
23:45:13.0758 0960 ============================================================
23:45:13.0758 0960 Initialize success
23:45:13.0758 0960 ============================================================
23:45:40.0686 2376 ============================================================
23:45:40.0686 2376 Scan started
23:45:40.0686 2376 Mode: Manual; SigCheck; TDLFS;
23:45:40.0686 2376 ============================================================
23:45:41.0029 2376 ================ Scan system memory ========================
23:45:41.0029 2376 System memory - ok
23:45:41.0029 2376 ================ Scan services =============================
23:45:41.0169 2376 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:45:41.0263 2376 1394ohci - ok
23:45:41.0279 2376 Suspicious service (NoAccess): 8e2185ace8825c71
23:45:41.0325 2376 [ C1951B96E3C47CCF242FA6405D6DE234 ] 8e2185ace8825c71 C:\Windows\System32\Drivers\8e2185ace8825c71.sys
23:45:41.0325 2376 Suspicious file (NoAccess): C:\Windows\System32\Drivers\8e2185ace8825c71.sys. md5: C1951B96E3C47CCF242FA6405D6DE234
23:45:41.0388 2376 8e2185ace8825c71 ( Rootkit.Win32.Necurs.gen ) - infected
23:45:41.0388 2376 8e2185ace8825c71 - detected Rootkit.Win32.Necurs.gen (0)
23:45:41.0435 2376 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:45:41.0450 2376 ACPI - ok
23:45:41.0481 2376 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:45:41.0528 2376 AcpiPmi - ok
23:45:41.0606 2376 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:45:41.0606 2376 AdobeARMservice - ok
23:45:41.0731 2376 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:45:41.0747 2376 AdobeFlashPlayerUpdateSvc - ok
23:45:41.0793 2376 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:45:41.0809 2376 adp94xx - ok
23:45:41.0840 2376 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:45:41.0856 2376 adpahci - ok
23:45:41.0887 2376 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:45:41.0887 2376 adpu320 - ok
23:45:41.0949 2376 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:45:41.0996 2376 AeLookupSvc - ok
23:45:42.0027 2376 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:45:42.0090 2376 AFD - ok
23:45:42.0121 2376 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:45:42.0121 2376 agp440 - ok
23:45:42.0152 2376 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:45:42.0183 2376 ALG - ok
23:45:42.0230 2376 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:45:42.0246 2376 aliide - ok
23:45:42.0261 2376 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:45:42.0277 2376 amdide - ok
23:45:42.0293 2376 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:45:42.0339 2376 AmdK8 - ok
23:45:42.0339 2376 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:45:42.0371 2376 AmdPPM - ok
23:45:42.0417 2376 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:45:42.0433 2376 amdsata - ok
23:45:42.0464 2376 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:45:42.0480 2376 amdsbs - ok
23:45:42.0511 2376 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:45:42.0511 2376 amdxata - ok
23:45:42.0558 2376 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:45:42.0605 2376 AppID - ok
23:45:42.0636 2376 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:45:42.0683 2376 AppIDSvc - ok
23:45:42.0698 2376 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:45:42.0745 2376 Appinfo - ok
23:45:42.0792 2376 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:45:42.0823 2376 AppMgmt - ok
23:45:42.0854 2376 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
23:45:42.0854 2376 arc - ok
23:45:42.0885 2376 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:45:42.0885 2376 arcsas - ok
23:45:42.0948 2376 AsrCDDrv - ok
23:45:42.0963 2376 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:45:43.0010 2376 AsyncMac - ok
23:45:43.0057 2376 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:45:43.0073 2376 atapi - ok
23:45:43.0119 2376 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:45:43.0166 2376 AudioEndpointBuilder - ok
23:45:43.0197 2376 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:45:43.0229 2376 AudioSrv - ok
23:45:43.0291 2376 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:45:43.0338 2376 AxInstSV - ok
23:45:43.0353 2376 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:45:43.0385 2376 b06bdrv - ok
23:45:43.0400 2376 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:45:43.0431 2376 b57nd60a - ok
23:45:43.0478 2376 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:45:43.0494 2376 BDESVC - ok
23:45:43.0525 2376 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:45:43.0572 2376 Beep - ok
23:45:43.0619 2376 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:45:43.0665 2376 BFE - ok
23:45:43.0728 2376 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
23:45:43.0806 2376 BITS - ok
23:45:43.0821 2376 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:45:43.0853 2376 blbdrive - ok
23:45:43.0884 2376 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:45:43.0931 2376 bowser - ok
23:45:43.0962 2376 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:45:43.0993 2376 BrFiltLo - ok
23:45:44.0009 2376 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:45:44.0024 2376 BrFiltUp - ok
23:45:44.0040 2376 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:45:44.0071 2376 BridgeMP - ok
23:45:44.0118 2376 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:45:44.0149 2376 Browser - ok
23:45:44.0165 2376 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:45:44.0180 2376 Brserid - ok
23:45:44.0196 2376 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:45:44.0211 2376 BrSerWdm - ok
23:45:44.0227 2376 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:45:44.0243 2376 BrUsbMdm - ok
23:45:44.0258 2376 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:45:44.0274 2376 BrUsbSer - ok
23:45:44.0305 2376 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:45:44.0321 2376 BTHMODEM - ok
23:45:44.0383 2376 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:45:44.0430 2376 bthserv - ok
23:45:44.0461 2376 catchme - ok
23:45:44.0492 2376 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:45:44.0539 2376 cdfs - ok
23:45:44.0570 2376 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:45:44.0570 2376 cdrom - ok
23:45:44.0617 2376 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:45:44.0664 2376 CertPropSvc - ok
23:45:44.0695 2376 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
23:45:44.0726 2376 circlass - ok
23:45:44.0742 2376 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:45:44.0757 2376 CLFS - ok
23:45:44.0835 2376 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:45:44.0835 2376 clr_optimization_v2.0.50727_32 - ok
23:45:44.0898 2376 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:45:44.0913 2376 clr_optimization_v2.0.50727_64 - ok
23:45:44.0976 2376 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:45:44.0991 2376 clr_optimization_v4.0.30319_32 - ok
23:45:45.0007 2376 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:45:45.0023 2376 clr_optimization_v4.0.30319_64 - ok
23:45:45.0069 2376 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
23:45:45.0085 2376 CmBatt - ok
23:45:45.0194 2376 [ CEE48CCC4D561DDB19C72F9FB55D28D5 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
23:45:45.0241 2376 cmdAgent - ok
23:45:45.0272 2376 [ 0599D5A458D4E0E37AB84E9D1C5C73E5 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
23:45:45.0288 2376 cmdGuard - ok
23:45:45.0303 2376 [ 2D3E08C7106F748F9EFF3DEC14142D3E ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
23:45:45.0319 2376 cmdHlp - ok
23:45:45.0366 2376 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:45:45.0366 2376 cmdide - ok
23:45:45.0413 2376 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:45:45.0428 2376 CNG - ok
23:45:45.0444 2376 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:45:45.0459 2376 Compbatt - ok
23:45:45.0475 2376 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:45:45.0506 2376 CompositeBus - ok
23:45:45.0522 2376 COMSysApp - ok
23:45:45.0537 2376 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:45:45.0553 2376 crcdisk - ok
23:45:45.0584 2376 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:45:45.0631 2376 CryptSvc - ok
23:45:45.0693 2376 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
23:45:45.0693 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\csc.sys. md5: 54DA3DFD29ED9F1619B6F53F3CE55E49
23:45:45.0725 2376 CSC ( LockedFile.Multi.Generic ) - warning
23:45:45.0725 2376 CSC - detected LockedFile.Multi.Generic (1)
23:45:45.0771 2376 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
23:45:45.0818 2376 CscService - ok
23:45:45.0881 2376 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:45:45.0927 2376 DcomLaunch - ok
23:45:45.0959 2376 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:45:46.0005 2376 defragsvc - ok
23:45:46.0037 2376 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:45:46.0037 2376 Suspicious file (NoAccess): C:\Windows\system32\Drivers\dfsc.sys. md5: 9BB2EF44EAA163B29C4A4587887A0FE4
23:45:46.0068 2376 DfsC ( LockedFile.Multi.Generic ) - warning
23:45:46.0068 2376 DfsC - detected LockedFile.Multi.Generic (1)
23:45:46.0130 2376 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:45:46.0193 2376 Dhcp - ok
23:45:46.0208 2376 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:45:46.0208 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3
23:45:46.0208 2376 discache ( LockedFile.Multi.Generic ) - warning
23:45:46.0208 2376 discache - detected LockedFile.Multi.Generic (1)
23:45:46.0224 2376 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
23:45:46.0224 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C
23:45:46.0224 2376 Disk ( LockedFile.Multi.Generic ) - warning
23:45:46.0224 2376 Disk - detected LockedFile.Multi.Generic (1)
23:45:46.0239 2376 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
23:45:46.0239 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\dmvsc.sys. md5: 5DB085A8A6600BE6401F2B24EECB5415
23:45:46.0255 2376 dmvsc ( LockedFile.Multi.Generic ) - warning
23:45:46.0255 2376 dmvsc - detected LockedFile.Multi.Generic (1)
23:45:46.0286 2376 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:45:46.0333 2376 Dnscache - ok
23:45:46.0380 2376 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:45:46.0427 2376 dot3svc - ok
23:45:46.0458 2376 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:45:46.0489 2376 DPS - ok
23:45:46.0536 2376 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:45:46.0567 2376 drmkaud - ok
23:45:46.0614 2376 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:45:46.0629 2376 dtsoftbus01 - ok
23:45:46.0707 2376 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:45:46.0739 2376 DXGKrnl - ok
23:45:46.0785 2376 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:45:46.0832 2376 EapHost - ok
23:45:46.0910 2376 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:45:46.0910 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F
23:45:46.0926 2376 ebdrv ( LockedFile.Multi.Generic ) - warning
23:45:46.0926 2376 ebdrv - detected LockedFile.Multi.Generic (1)
23:45:46.0973 2376 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:45:47.0004 2376 EFS - ok
23:45:47.0066 2376 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:45:47.0097 2376 ehRecvr - ok
23:45:47.0129 2376 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:45:47.0144 2376 ehSched - ok
23:45:47.0191 2376 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:45:47.0191 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184
23:45:47.0191 2376 elxstor ( LockedFile.Multi.Generic ) - warning
23:45:47.0207 2376 elxstor - detected LockedFile.Multi.Generic (1)
23:45:47.0222 2376 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:45:47.0222 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B
23:45:47.0222 2376 ErrDev ( LockedFile.Multi.Generic ) - warning
23:45:47.0222 2376 ErrDev - detected LockedFile.Multi.Generic (1)
23:45:47.0331 2376 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:45:47.0378 2376 EventSystem - ok
23:45:47.0409 2376 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:45:47.0409 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B
23:45:47.0425 2376 exfat ( LockedFile.Multi.Generic ) - warning
23:45:47.0425 2376 exfat - detected LockedFile.Multi.Generic (1)
23:45:47.0441 2376 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:45:47.0441 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D
23:45:47.0441 2376 fastfat ( LockedFile.Multi.Generic ) - warning
23:45:47.0441 2376 fastfat - detected LockedFile.Multi.Generic (1)
23:45:47.0472 2376 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:45:47.0503 2376 Fax - ok
23:45:47.0519 2376 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
23:45:47.0519 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB
23:45:47.0519 2376 fdc ( LockedFile.Multi.Generic ) - warning
23:45:47.0519 2376 fdc - detected LockedFile.Multi.Generic (1)
23:45:47.0565 2376 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:45:47.0612 2376 fdPHost - ok
23:45:47.0643 2376 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:45:47.0675 2376 FDResPub - ok
23:45:47.0721 2376 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:45:47.0721 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930
23:45:47.0753 2376 FileInfo ( LockedFile.Multi.Generic ) - warning
23:45:47.0753 2376 FileInfo - detected LockedFile.Multi.Generic (1)
23:45:47.0753 2376 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:45:47.0753 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47
23:45:47.0768 2376 Filetrace ( LockedFile.Multi.Generic ) - warning
23:45:47.0768 2376 Filetrace - detected LockedFile.Multi.Generic (1)
23:45:47.0784 2376 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:45:47.0784 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5
23:45:47.0799 2376 flpydisk ( LockedFile.Multi.Generic ) - warning
23:45:47.0799 2376 flpydisk - detected LockedFile.Multi.Generic (1)
23:45:47.0815 2376 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:45:47.0815 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741
23:45:47.0815 2376 FltMgr ( LockedFile.Multi.Generic ) - warning
23:45:47.0815 2376 FltMgr - detected LockedFile.Multi.Generic (1)
23:45:47.0862 2376 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
23:45:47.0940 2376 FontCache - ok
23:45:48.0002 2376 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:45:48.0002 2376 FontCache3.0.0.0 - ok
23:45:48.0033 2376 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:45:48.0033 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC
23:45:48.0080 2376 FsDepends ( LockedFile.Multi.Generic ) - warning
23:45:48.0080 2376 FsDepends - detected LockedFile.Multi.Generic (1)
23:45:48.0127 2376 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:45:48.0127 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B
23:45:48.0127 2376 Fs_Rec ( LockedFile.Multi.Generic ) - warning
23:45:48.0127 2376 Fs_Rec - detected LockedFile.Multi.Generic (1)
23:45:48.0174 2376 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:45:48.0174 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1F7B25B858FA27015169FE95E54108ED
23:45:48.0174 2376 fvevol ( LockedFile.Multi.Generic ) - warning
23:45:48.0174 2376 fvevol - detected LockedFile.Multi.Generic (1)
23:45:48.0189 2376 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:45:48.0205 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6
23:45:48.0205 2376 gagp30kx ( LockedFile.Multi.Generic ) - warning
23:45:48.0205 2376 gagp30kx - detected LockedFile.Multi.Generic (1)
23:45:48.0252 2376 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:45:48.0314 2376 gpsvc - ok
23:45:48.0314 2376 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:45:48.0314 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0
23:45:48.0314 2376 hcw85cir ( LockedFile.Multi.Generic ) - warning
23:45:48.0314 2376 hcw85cir - detected LockedFile.Multi.Generic (1)
23:45:48.0361 2376 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:45:48.0392 2376 HdAudAddService - ok
23:45:48.0408 2376 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:45:48.0439 2376 HDAudBus - ok
23:45:48.0455 2376 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:45:48.0455 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F
23:45:48.0455 2376 HidBatt ( LockedFile.Multi.Generic ) - warning
23:45:48.0455 2376 HidBatt - detected LockedFile.Multi.Generic (1)
23:45:48.0470 2376 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:45:48.0470 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104
23:45:48.0470 2376 HidBth ( LockedFile.Multi.Generic ) - warning
23:45:48.0470 2376 HidBth - detected LockedFile.Multi.Generic (1)
23:45:48.0486 2376 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
23:45:48.0486 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825
23:45:48.0501 2376 HidIr ( LockedFile.Multi.Generic ) - warning
23:45:48.0501 2376 HidIr - detected LockedFile.Multi.Generic (1)
23:45:48.0533 2376 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
23:45:48.0595 2376 hidserv - ok
23:45:48.0595 2376 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:45:48.0595 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536
23:45:48.0611 2376 HidUsb ( LockedFile.Multi.Generic ) - warning
23:45:48.0611 2376 HidUsb - detected LockedFile.Multi.Generic (1)
23:45:48.0642 2376 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:45:48.0673 2376 hkmsvc - ok
23:45:48.0689 2376 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:45:48.0720 2376 HomeGroupListener - ok
23:45:48.0751 2376 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:45:48.0767 2376 HomeGroupProvider - ok
23:45:48.0782 2376 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:45:48.0782 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC
23:45:48.0782 2376 HpSAMD ( LockedFile.Multi.Generic ) - warning
23:45:48.0782 2376 HpSAMD - detected LockedFile.Multi.Generic (1)
23:45:48.0829 2376 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:45:48.0829 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28
23:45:48.0845 2376 HTTP ( LockedFile.Multi.Generic ) - warning
23:45:48.0845 2376 HTTP - detected LockedFile.Multi.Generic (1)
23:45:48.0860 2376 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:45:48.0860 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392
23:45:48.0860 2376 hwpolicy ( LockedFile.Multi.Generic ) - warning
23:45:48.0860 2376 hwpolicy - detected LockedFile.Multi.Generic (1)
23:45:48.0876 2376 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:45:48.0876 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3
23:45:48.0876 2376 i8042prt ( LockedFile.Multi.Generic ) - warning
23:45:48.0876 2376 i8042prt - detected LockedFile.Multi.Generic (1)
23:45:48.0923 2376 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:45:48.0923 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366
23:45:48.0923 2376 iaStorV ( LockedFile.Multi.Generic ) - warning
23:45:48.0923 2376 iaStorV - detected LockedFile.Multi.Generic (1)
23:45:49.0001 2376 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:45:49.0032 2376 idsvc - ok
23:45:49.0172 2376 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:45:49.0172 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\igdkmd64.sys. md5: 2D18C9E1F23970DE32D78D3B1CDDA0A7
23:45:49.0188 2376 igfx ( LockedFile.Multi.Generic ) - warning
23:45:49.0188 2376 igfx - detected LockedFile.Multi.Generic (1)
23:45:49.0219 2376 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:45:49.0219 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21
23:45:49.0235 2376 iirsp ( LockedFile.Multi.Generic ) - warning
23:45:49.0235 2376 iirsp - detected LockedFile.Multi.Generic (1)
23:45:49.0297 2376 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:45:49.0375 2376 IKEEXT - ok
23:45:49.0406 2376 [ EFFF0AFD27CC97BF0E5E0BAB78419DE7 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
23:45:49.0422 2376 inspect - ok
23:45:49.0453 2376 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:45:49.0453 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA
23:45:49.0484 2376 intelide ( LockedFile.Multi.Generic ) - warning
23:45:49.0484 2376 intelide - detected LockedFile.Multi.Generic (1)
23:45:49.0531 2376 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:45:49.0531 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1
23:45:49.0531 2376 intelppm ( LockedFile.Multi.Generic ) - warning
23:45:49.0531 2376 intelppm - detected LockedFile.Multi.Generic (1)
23:45:49.0578 2376 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:45:49.0625 2376 IPBusEnum - ok
23:45:49.0671 2376 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:45:49.0671 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6
23:45:49.0687 2376 IpFilterDriver ( LockedFile.Multi.Generic ) - warning
23:45:49.0687 2376 IpFilterDriver - detected LockedFile.Multi.Generic (1)
23:45:49.0703 2376 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:45:49.0749 2376 iphlpsvc - ok
23:45:49.0765 2376 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:45:49.0765 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A
23:45:49.0765 2376 IPMIDRV ( LockedFile.Multi.Generic ) - warning
23:45:49.0765 2376 IPMIDRV - detected LockedFile.Multi.Generic (1)
23:45:49.0781 2376 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:45:49.0781 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0
23:45:49.0781 2376 IPNAT ( LockedFile.Multi.Generic ) - warning
23:45:49.0781 2376 IPNAT - detected LockedFile.Multi.Generic (1)
23:45:49.0796 2376 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:45:49.0796 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9
23:45:49.0812 2376 IRENUM ( LockedFile.Multi.Generic ) - warning
23:45:49.0812 2376 IRENUM - detected LockedFile.Multi.Generic (1)
23:45:49.0843 2376 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:45:49.0843 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38
23:45:49.0843 2376 isapnp ( LockedFile.Multi.Generic ) - warning
23:45:49.0843 2376 isapnp - detected LockedFile.Multi.Generic (1)
23:45:49.0859 2376 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:45:49.0859 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD
23:45:49.0859 2376 iScsiPrt ( LockedFile.Multi.Generic ) - warning
23:45:49.0859 2376 iScsiPrt - detected LockedFile.Multi.Generic (1)
23:45:49.0890 2376 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:45:49.0890 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5
23:45:49.0890 2376 kbdclass ( LockedFile.Multi.Generic ) - warning
23:45:49.0890 2376 kbdclass - detected LockedFile.Multi.Generic (1)
23:45:49.0905 2376 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:45:49.0905 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484
23:45:49.0905 2376 kbdhid ( LockedFile.Multi.Generic ) - warning
23:45:49.0905 2376 kbdhid - detected LockedFile.Multi.Generic (1)
23:45:49.0921 2376 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:45:49.0937 2376 KeyIso - ok
23:45:49.0968 2376 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:45:49.0968 2376 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: 97A7070AEA4C058B6418519E869A63B4
23:45:49.0968 2376 KSecDD ( LockedFile.Multi.Generic ) - warning
23:45:49.0968 2376 KSecDD - detected LockedFile.Multi.Generic (1)
23:45:49.0983 2376 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:45:49.0983 2376 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 26C43A7C2862447EC59DEDA188D1DA07
23:45:49.0999 2376 KSecPkg ( LockedFile.Multi.Generic ) - warning
23:45:49.0999 2376 KSecPkg - detected LockedFile.Multi.Generic (1)
23:45:49.0999 2376 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:45:49.0999 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4
23:45:49.0999 2376 ksthunk ( LockedFile.Multi.Generic ) - warning
23:45:49.0999 2376 ksthunk - detected LockedFile.Multi.Generic (1)
23:45:50.0061 2376 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:45:50.0124 2376 KtmRm - ok
23:45:50.0155 2376 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
23:45:50.0155 2376 L1C - ok
23:45:50.0202 2376 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
23:45:50.0249 2376 LanmanServer - ok
23:45:50.0264 2376 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:45:50.0311 2376 LanmanWorkstation - ok
23:45:50.0358 2376 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:45:50.0405 2376 lltdio - ok
23:45:50.0436 2376 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:45:50.0498 2376 lltdsvc - ok
23:45:50.0514 2376 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:45:50.0561 2376 lmhosts - ok
23:45:50.0592 2376 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:45:50.0592 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6
23:45:50.0639 2376 LSI_FC ( LockedFile.Multi.Generic ) - warning
23:45:50.0639 2376 LSI_FC - detected LockedFile.Multi.Generic (1)
23:45:50.0670 2376 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:45:50.0670 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810
23:45:50.0670 2376 LSI_SAS ( LockedFile.Multi.Generic ) - warning
23:45:50.0670 2376 LSI_SAS - detected LockedFile.Multi.Generic (1)
23:45:50.0685 2376 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:45:50.0685 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93
23:45:50.0685 2376 LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
23:45:50.0685 2376 LSI_SAS2 - detected LockedFile.Multi.Generic (1)
23:45:50.0701 2376 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:45:50.0701 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A
23:45:50.0701 2376 LSI_SCSI ( LockedFile.Multi.Generic ) - warning
23:45:50.0701 2376 LSI_SCSI - detected LockedFile.Multi.Generic (1)
23:45:50.0717 2376 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:45:50.0717 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E
23:45:50.0717 2376 luafv ( LockedFile.Multi.Generic ) - warning
23:45:50.0717 2376 luafv - detected LockedFile.Multi.Generic (1)
23:45:50.0763 2376 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:45:50.0779 2376 Mcx2Svc - ok
23:45:50.0795 2376 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
23:45:50.0795 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4
23:45:50.0795 2376 megasas ( LockedFile.Multi.Generic ) - warning
23:45:50.0795 2376 megasas - detected LockedFile.Multi.Generic (1)
23:45:50.0810 2376 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:45:50.0810 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3
23:45:50.0810 2376 MegaSR ( LockedFile.Multi.Generic ) - warning
23:45:50.0810 2376 MegaSR - detected LockedFile.Multi.Generic (1)
23:45:50.0841 2376 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:45:50.0904 2376 MMCSS - ok
23:45:50.0935 2376 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:45:50.0935 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137
23:45:50.0935 2376 Modem ( LockedFile.Multi.Generic ) - warning
23:45:50.0935 2376 Modem - detected LockedFile.Multi.Generic (1)
23:45:50.0982 2376 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:45:50.0982 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA
23:45:50.0982 2376 monitor ( LockedFile.Multi.Generic ) - warning
23:45:50.0982 2376 monitor - detected LockedFile.Multi.Generic (1)
23:45:51.0013 2376 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:45:51.0013 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99
23:45:51.0013 2376 mouclass ( LockedFile.Multi.Generic ) - warning
23:45:51.0013 2376 mouclass - detected LockedFile.Multi.Generic (1)
23:45:51.0029 2376 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:45:51.0029 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6
23:45:51.0029 2376 mouhid ( LockedFile.Multi.Generic ) - warning
23:45:51.0029 2376 mouhid - detected LockedFile.Multi.Generic (1)
23:45:51.0044 2376 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:45:51.0044 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA
23:45:51.0060 2376 mountmgr ( LockedFile.Multi.Generic ) - warning
23:45:51.0060 2376 mountmgr - detected LockedFile.Multi.Generic (1)
23:45:51.0122 2376 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:45:51.0138 2376 MozillaMaintenance - ok
23:45:51.0153 2376 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:45:51.0153 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58
23:45:51.0153 2376 mpio ( LockedFile.Multi.Generic ) - warning
23:45:51.0153 2376 mpio - detected LockedFile.Multi.Generic (1)
23:45:51.0185 2376 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:45:51.0185 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F
23:45:51.0185 2376 mpsdrv ( LockedFile.Multi.Generic ) - warning
23:45:51.0200 2376 mpsdrv - detected LockedFile.Multi.Generic (1)
23:45:51.0247 2376 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:45:51.0294 2376 MpsSvc - ok
23:45:51.0325 2376 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:45:51.0325 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380
23:45:51.0325 2376 MRxDAV ( LockedFile.Multi.Generic ) - warning
23:45:51.0325 2376 MRxDAV - detected LockedFile.Multi.Generic (1)
23:45:51.0356 2376 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:45:51.0356 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC
23:45:51.0372 2376 mrxsmb ( LockedFile.Multi.Generic ) - warning
23:45:51.0372 2376 mrxsmb - detected LockedFile.Multi.Generic (1)
23:45:51.0387 2376 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:45:51.0387 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163
23:45:51.0387 2376 mrxsmb10 ( LockedFile.Multi.Generic ) - warning
23:45:51.0387 2376 mrxsmb10 - detected LockedFile.Multi.Generic (1)
23:45:51.0419 2376 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:45:51.0419 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C
23:45:51.0419 2376 mrxsmb20 ( LockedFile.Multi.Generic ) - warning
23:45:51.0419 2376 mrxsmb20 - detected LockedFile.Multi.Generic (1)
23:45:51.0465 2376 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:45:51.0465 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796
23:45:51.0481 2376 msahci ( LockedFile.Multi.Generic ) - warning
23:45:51.0481 2376 msahci - detected LockedFile.Multi.Generic (1)
23:45:51.0497 2376 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:45:51.0497 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900
23:45:51.0497 2376 msdsm ( LockedFile.Multi.Generic ) - warning
23:45:51.0497 2376 msdsm - detected LockedFile.Multi.Generic (1)
23:45:51.0528 2376 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:45:51.0543 2376 MSDTC - ok
23:45:51.0590 2376 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:45:51.0590 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96
23:45:51.0606 2376 Msfs ( LockedFile.Multi.Generic ) - warning
23:45:51.0606 2376 Msfs - detected LockedFile.Multi.Generic (1)
23:45:51.0621 2376 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:45:51.0621 2376 Suspicious file (NoAccess): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326
23:45:51.0621 2376 mshidkmdf ( LockedFile.Multi.Generic ) - warning
23:45:51.0621 2376 mshidkmdf - detected LockedFile.Multi.Generic (1)
23:45:51.0637 2376 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:45:51.0637 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D
23:45:51.0637 2376 msisadrv ( LockedFile.Multi.Generic ) - warning
23:45:51.0637 2376 msisadrv - detected LockedFile.Multi.Generic (1)
23:45:51.0684 2376 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:45:51.0731 2376 MSiSCSI - ok
23:45:51.0746 2376 msiserver - ok
23:45:51.0762 2376 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:45:51.0762 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366
23:45:51.0762 2376 MSKSSRV ( LockedFile.Multi.Generic ) - warning
23:45:51.0762 2376 MSKSSRV - detected LockedFile.Multi.Generic (1)
23:45:51.0777 2376 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:45:51.0777 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3
23:45:51.0777 2376 MSPCLOCK ( LockedFile.Multi.Generic ) - warning
23:45:51.0777 2376 MSPCLOCK - detected LockedFile.Multi.Generic (1)
23:45:51.0809 2376 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:45:51.0809 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0
23:45:51.0809 2376 MSPQM ( LockedFile.Multi.Generic ) - warning
23:45:51.0809 2376 MSPQM - detected LockedFile.Multi.Generic (1)
23:45:51.0855 2376 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:45:51.0855 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D
23:45:51.0855 2376 MsRPC ( LockedFile.Multi.Generic ) - warning
23:45:51.0855 2376 MsRPC - detected LockedFile.Multi.Generic (1)
23:45:51.0887 2376 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:45:51.0887 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288
23:45:51.0902 2376 mssmbios ( LockedFile.Multi.Generic ) - warning
23:45:51.0902 2376 mssmbios - detected LockedFile.Multi.Generic (1)
23:45:51.0918 2376 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:45:51.0918 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779
23:45:51.0918 2376 MSTEE ( LockedFile.Multi.Generic ) - warning
23:45:51.0918 2376 MSTEE - detected LockedFile.Multi.Generic (1)
23:45:51.0933 2376 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:45:51.0933 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD
23:45:51.0949 2376 MTConfig ( LockedFile.Multi.Generic ) - warning
23:45:51.0949 2376 MTConfig - detected LockedFile.Multi.Generic (1)
23:45:51.0965 2376 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:45:51.0965 2376 Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8
23:45:51.0980 2376 Mup ( LockedFile.Multi.Generic ) - warning
23:45:51.0980 2376 Mup - detected LockedFile.Multi.Generic (1)
23:45:52.0011 2376 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:45:52.0058 2376 napagent - ok
23:45:52.0089 2376 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:45:52.0089 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33
23:45:52.0089 2376 NativeWifiP ( LockedFile.Multi.Generic ) - warning
23:45:52.0089 2376 NativeWifiP - detected LockedFile.Multi.Generic (1)
23:45:52.0167 2376 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:45:52.0167 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: 760E38053BF56E501D562B70AD796B88
23:45:52.0167 2376 NDIS ( LockedFile.Multi.Generic ) - warning
23:45:52.0167 2376 NDIS - detected LockedFile.Multi.Generic (1)
23:45:52.0199 2376 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:45:52.0199 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC
23:45:52.0199 2376 NdisCap ( LockedFile.Multi.Generic ) - warning
23:45:52.0199 2376 NdisCap - detected LockedFile.Multi.Generic (1)
23:45:52.0230 2376 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:45:52.0230 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5
23:45:52.0230 2376 NdisTapi ( LockedFile.Multi.Generic ) - warning
23:45:52.0230 2376 NdisTapi - detected LockedFile.Multi.Generic (1)
23:45:52.0261 2376 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:45:52.0261 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356
23:45:52.0261 2376 Ndisuio ( LockedFile.Multi.Generic ) - warning
23:45:52.0261 2376 Ndisuio - detected LockedFile.Multi.Generic (1)
23:45:52.0277 2376 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:45:52.0277 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11
23:45:52.0292 2376 NdisWan ( LockedFile.Multi.Generic ) - warning
23:45:52.0292 2376 NdisWan - detected LockedFile.Multi.Generic (1)
23:45:52.0323 2376 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:45:52.0323 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879
23:45:52.0323 2376 NDProxy ( LockedFile.Multi.Generic ) - warning
23:45:52.0323 2376 NDProxy - detected LockedFile.Multi.Generic (1)
23:45:52.0339 2376 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:45:52.0339 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4
23:45:52.0339 2376 NetBIOS ( LockedFile.Multi.Generic ) - warning
23:45:52.0339 2376 NetBIOS - detected LockedFile.Multi.Generic (1)
23:45:52.0370 2376 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:45:52.0401 2376 NetBT - ok
23:45:52.0433 2376 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:45:52.0433 2376 Netlogon - ok
23:45:52.0495 2376 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:45:52.0526 2376 Netman - ok
23:45:52.0573 2376 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:45:52.0620 2376 netprofm - ok
23:45:52.0682 2376 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:45:52.0698 2376 NetTcpPortSharing - ok
23:45:52.0729 2376 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:45:52.0729 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92
23:45:52.0745 2376 nfrd960 ( LockedFile.Multi.Generic ) - warning
23:45:52.0745 2376 nfrd960 - detected LockedFile.Multi.Generic (1)
23:45:52.0854 2376 [ C9C54C185D5728028A559319F137D44E ] NFService C:\PROGRA~2\FASTRE~1\IQWebFTPServerEngine.exe
23:45:52.0916 2376 NFService ( UnsignedFile.Multi.Generic ) - warning
23:45:52.0916 2376 NFService - detected UnsignedFile.Multi.Generic (1)
23:45:52.0963 2376 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:45:53.0010 2376 NlaSvc - ok
23:45:53.0025 2376 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:45:53.0025 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7
23:45:53.0072 2376 Npfs ( LockedFile.Multi.Generic ) - warning
23:45:53.0072 2376 Npfs - detected LockedFile.Multi.Generic (1)
23:45:53.0103 2376 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:45:53.0150 2376 nsi - ok
23:45:53.0181 2376 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:45:53.0181 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001
23:45:53.0181 2376 nsiproxy ( LockedFile.Multi.Generic ) - warning
23:45:53.0181 2376 nsiproxy - detected LockedFile.Multi.Generic (1)
23:45:53.0228 2376 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:45:53.0228 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: E453ACF4E7D44E5530B5D5F2B9CA8563
23:45:53.0244 2376 Ntfs ( LockedFile.Multi.Generic ) - warning
23:45:53.0244 2376 Ntfs - detected LockedFile.Multi.Generic (1)
23:45:53.0259 2376 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:45:53.0259 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1
23:45:53.0259 2376 Null ( LockedFile.Multi.Generic ) - warning
23:45:53.0259 2376 Null - detected LockedFile.Multi.Generic (1)
23:45:53.0291 2376 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:45:53.0291 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD
23:45:53.0306 2376 nvraid ( LockedFile.Multi.Generic ) - warning
23:45:53.0306 2376 nvraid - detected LockedFile.Multi.Generic (1)
23:45:53.0337 2376 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:45:53.0337 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A
23:45:53.0353 2376 nvstor ( LockedFile.Multi.Generic ) - warning
23:45:53.0353 2376 nvstor - detected LockedFile.Multi.Generic (1)
23:45:53.0369 2376 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:45:53.0369 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05
23:45:53.0369 2376 nv_agp ( LockedFile.Multi.Generic ) - warning
23:45:53.0369 2376 nv_agp - detected LockedFile.Multi.Generic (1)
23:45:53.0462 2376 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:45:53.0478 2376 odserv - ok
23:45:53.0509 2376 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:45:53.0509 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0
23:45:53.0540 2376 ohci1394 ( LockedFile.Multi.Generic ) - warning
23:45:53.0540 2376 ohci1394 - detected LockedFile.Multi.Generic (1)
23:45:53.0571 2376 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:45:53.0587 2376 ose - ok
23:45:53.0634 2376 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:45:53.0665 2376 p2pimsvc - ok
23:45:53.0696 2376 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:45:53.0727 2376 p2psvc - ok
23:45:53.0743 2376 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:45:53.0743 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887
23:45:53.0759 2376 Parport ( LockedFile.Multi.Generic ) - warning
23:45:53.0759 2376 Parport - detected LockedFile.Multi.Generic (1)
23:45:53.0837 2376 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:45:53.0837 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C
23:45:53.0837 2376 partmgr ( LockedFile.Multi.Generic ) - warning
23:45:53.0837 2376 partmgr - detected LockedFile.Multi.Generic (1)
23:45:53.0852 2376 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:45:53.0883 2376 PcaSvc - ok
23:45:53.0899 2376 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:45:53.0899 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3
23:45:53.0899 2376 pci ( LockedFile.Multi.Generic ) - warning
23:45:53.0899 2376 pci - detected LockedFile.Multi.Generic (1)
23:45:53.0915 2376 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:45:53.0915 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA
23:45:53.0915 2376 pciide ( LockedFile.Multi.Generic ) - warning
23:45:53.0915 2376 pciide - detected LockedFile.Multi.Generic (1)
23:45:53.0946 2376 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:45:53.0946 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F
23:45:53.0946 2376 pcmcia ( LockedFile.Multi.Generic ) - warning
23:45:53.0946 2376 pcmcia - detected LockedFile.Multi.Generic (1)
23:45:53.0961 2376 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:45:53.0961 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603
23:45:53.0961 2376 pcw ( LockedFile.Multi.Generic ) - warning
23:45:53.0961 2376 pcw - detected LockedFile.Multi.Generic (1)
23:45:53.0993 2376 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:45:53.0993 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E
23:45:53.0993 2376 PEAUTH ( LockedFile.Multi.Generic ) - warning
23:45:53.0993 2376 PEAUTH - detected LockedFile.Multi.Generic (1)
23:45:54.0039 2376 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:45:54.0102 2376 PeerDistSvc - ok
23:45:54.0195 2376 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:45:54.0242 2376 PerfHost - ok
23:45:54.0320 2376 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:45:54.0383 2376 pla - ok
23:45:54.0445 2376 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:45:54.0476 2376 PlugPlay - ok
23:45:54.0507 2376 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:45:54.0539 2376 PNRPAutoReg - ok
23:45:54.0570 2376 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:45:54.0585 2376 PNRPsvc - ok
23:45:54.0663 2376 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:45:54.0710 2376 PolicyAgent - ok
23:45:54.0773 2376 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:45:54.0835 2376 Power - ok
23:45:54.0882 2376 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:45:54.0944 2376 PptpMiniport - ok
23:45:54.0960 2376 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
23:45:54.0960 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF
23:45:54.0991 2376 Processor ( LockedFile.Multi.Generic ) - warning
23:45:54.0991 2376 Processor - detected LockedFile.Multi.Generic (1)
23:45:55.0038 2376 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:45:55.0069 2376 ProfSvc - ok
23:45:55.0100 2376 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:45:55.0116 2376 ProtectedStorage - ok
23:45:55.0163 2376 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:45:55.0163 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D
23:45:55.0163 2376 Psched ( LockedFile.Multi.Generic ) - warning
23:45:55.0163 2376 Psched - detected LockedFile.Multi.Generic (1)
23:45:55.0194 2376 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:45:55.0194 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0
23:45:55.0209 2376 ql2300 ( LockedFile.Multi.Generic ) - warning
23:45:55.0209 2376 ql2300 - detected LockedFile.Multi.Generic (1)
23:45:55.0225 2376 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:45:55.0225 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8
23:45:55.0241 2376 ql40xx ( LockedFile.Multi.Generic ) - warning
23:45:55.0241 2376 ql40xx - detected LockedFile.Multi.Generic (1)
23:45:55.0287 2376 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:45:55.0303 2376 QWAVE - ok
23:45:55.0319 2376 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:45:55.0319 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C
23:45:55.0319 2376 QWAVEdrv ( LockedFile.Multi.Generic ) - warning
23:45:55.0319 2376 QWAVEdrv - detected LockedFile.Multi.Generic (1)
23:45:55.0350 2376 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:45:55.0350 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704
23:45:55.0350 2376 RasAcd ( LockedFile.Multi.Generic ) - warning
23:45:55.0350 2376 RasAcd - detected LockedFile.Multi.Generic (1)
23:45:55.0397 2376 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:45:55.0397 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90
23:45:55.0397 2376 RasAgileVpn ( LockedFile.Multi.Generic ) - warning
23:45:55.0397 2376 RasAgileVpn - detected LockedFile.Multi.Generic (1)
23:45:55.0428 2376 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:45:55.0475 2376 RasAuto - ok
23:45:55.0490 2376 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:45:55.0490 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA
23:45:55.0490 2376 Rasl2tp ( LockedFile.Multi.Generic ) - warning
23:45:55.0490 2376 Rasl2tp - detected LockedFile.Multi.Generic (1)
23:45:55.0537 2376 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:45:55.0584 2376 RasMan - ok
23:45:55.0599 2376 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:45:55.0599 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25
23:45:55.0615 2376 RasPppoe ( LockedFile.Multi.Generic ) - warning
23:45:55.0615 2376 RasPppoe - detected LockedFile.Multi.Generic (1)
23:45:55.0615 2376 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:45:55.0615 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB
23:45:55.0631 2376 RasSstp ( LockedFile.Multi.Generic ) - warning
23:45:55.0631 2376 RasSstp - detected LockedFile.Multi.Generic (1)
23:45:55.0646 2376 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:45:55.0646 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F
23:45:55.0646 2376 rdbss ( LockedFile.Multi.Generic ) - warning
23:45:55.0646 2376 rdbss - detected LockedFile.Multi.Generic (1)
23:45:55.0662 2376 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:45:55.0662 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D
23:45:55.0677 2376 rdpbus ( LockedFile.Multi.Generic ) - warning
23:45:55.0677 2376 rdpbus - detected LockedFile.Multi.Generic (1)
23:45:55.0693 2376 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:45:55.0693 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24
23:45:55.0709 2376 RDPCDD ( LockedFile.Multi.Generic ) - warning
23:45:55.0709 2376 RDPCDD - detected LockedFile.Multi.Generic (1)
23:45:55.0740 2376 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:45:55.0740 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpdr.sys. md5: 1B6163C503398B23FF8B939C67747683
23:45:55.0740 2376 RDPDR ( LockedFile.Multi.Generic ) - warning
23:45:55.0740 2376 RDPDR - detected LockedFile.Multi.Generic (1)
23:45:55.0755 2376 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:45:55.0755 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365
23:45:55.0771 2376 RDPENCDD ( LockedFile.Multi.Generic ) - warning
23:45:55.0771 2376 RDPENCDD - detected LockedFile.Multi.Generic (1)
23:45:55.0787 2376 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:45:55.0787 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A
23:45:55.0787 2376 RDPREFMP ( LockedFile.Multi.Generic ) - warning
23:45:55.0787 2376 RDPREFMP - detected LockedFile.Multi.Generic (1)
23:45:55.0833 2376 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:45:55.0833 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A
23:45:55.0833 2376 RDPWD ( LockedFile.Multi.Generic ) - warning
23:45:55.0833 2376 RDPWD - detected LockedFile.Multi.Generic (1)
23:45:55.0896 2376 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:45:55.0896 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520
23:45:55.0911 2376 rdyboost ( LockedFile.Multi.Generic ) - warning
23:45:55.0911 2376 rdyboost - detected LockedFile.Multi.Generic (1)
23:45:55.0958 2376 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:45:56.0005 2376 RemoteAccess - ok
23:45:56.0021 2376 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:45:56.0067 2376 RemoteRegistry - ok
23:45:56.0114 2376 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:45:56.0177 2376 RpcEptMapper - ok
23:45:56.0192 2376 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:45:56.0223 2376 RpcLocator - ok
23:45:56.0255 2376 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:45:56.0286 2376 RpcSs - ok
23:45:56.0348 2376 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:45:56.0379 2376 rspndr - ok
23:45:56.0426 2376 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:45:56.0426 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\vms3cap.sys. md5: E60C0A09F997826C7627B244195AB581
23:45:56.0442 2376 s3cap ( LockedFile.Multi.Generic ) - warning
23:45:56.0442 2376 s3cap - detected LockedFile.Multi.Generic (1)
23:45:56.0473 2376 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:45:56.0473 2376 SamSs - ok
23:45:56.0489 2376 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:45:56.0489 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B
23:45:56.0504 2376 sbp2port ( LockedFile.Multi.Generic ) - warning
23:45:56.0504 2376 sbp2port - detected LockedFile.Multi.Generic (1)
23:45:56.0551 2376 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:45:56.0598 2376 SCardSvr - ok
23:45:56.0613 2376 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:45:56.0613 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B
23:45:56.0613 2376 scfilter ( LockedFile.Multi.Generic ) - warning
23:45:56.0613 2376 scfilter - detected LockedFile.Multi.Generic (1)
23:45:56.0676 2376 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:45:56.0754 2376 Schedule - ok
23:45:56.0785 2376 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:45:56.0816 2376 SCPolicySvc - ok
23:45:56.0847 2376 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:45:56.0879 2376 SDRSVC - ok
23:45:56.0910 2376 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:45:56.0910 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186
23:45:56.0972 2376 secdrv ( LockedFile.Multi.Generic ) - warning
23:45:56.0972 2376 secdrv - detected LockedFile.Multi.Generic (1)
23:45:57.0003 2376 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:45:57.0035 2376 seclogon - ok
23:45:57.0066 2376 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
23:45:57.0113 2376 SENS - ok
23:45:57.0144 2376 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:45:57.0159 2376 SensrSvc - ok
23:45:57.0191 2376 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:45:57.0191 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B
23:45:57.0206 2376 Serenum ( LockedFile.Multi.Generic ) - warning
23:45:57.0206 2376 Serenum - detected LockedFile.Multi.Generic (1)
23:45:57.0253 2376 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:45:57.0253 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6
23:45:57.0253 2376 Serial ( LockedFile.Multi.Generic ) - warning
23:45:57.0253 2376 Serial - detected LockedFile.Multi.Generic (1)
23:45:57.0284 2376 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:45:57.0284 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3
23:45:57.0300 2376 sermouse ( LockedFile.Multi.Generic ) - warning
23:45:57.0300 2376 sermouse - detected LockedFile.Multi.Generic (1)
23:45:57.0362 2376 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:45:57.0409 2376 SessionEnv - ok
23:45:57.0425 2376 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:45:57.0425 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF
23:45:57.0425 2376 sffdisk ( LockedFile.Multi.Generic ) - warning
23:45:57.0425 2376 sffdisk - detected LockedFile.Multi.Generic (1)
23:45:57.0440 2376 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:45:57.0440 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF
23:45:57.0440 2376 sffp_mmc ( LockedFile.Multi.Generic ) - warning
23:45:57.0440 2376 sffp_mmc - detected LockedFile.Multi.Generic (1)
23:45:57.0456 2376 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:45:57.0456 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C
23:45:57.0456 2376 sffp_sd ( LockedFile.Multi.Generic ) - warning
23:45:57.0456 2376 sffp_sd - detected LockedFile.Multi.Generic (1)
23:45:57.0456 2376 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:45:57.0456 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4
23:45:57.0471 2376 sfloppy ( LockedFile.Multi.Generic ) - warning
23:45:57.0471 2376 sfloppy - detected LockedFile.Multi.Generic (1)
23:45:57.0503 2376 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:45:57.0549 2376 SharedAccess - ok
23:45:57.0581 2376 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:45:57.0627 2376 ShellHWDetection - ok
23:45:57.0674 2376 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:45:57.0674 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1
23:45:57.0690 2376 SiSRaid2 ( LockedFile.Multi.Generic ) - warning
23:45:57.0690 2376 SiSRaid2 - detected LockedFile.Multi.Generic (1)
23:45:57.0705 2376 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:45:57.0705 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4
23:45:57.0705 2376 SiSRaid4 ( LockedFile.Multi.Generic ) - warning
23:45:57.0705 2376 SiSRaid4 - detected LockedFile.Multi.Generic (1)
23:45:57.0737 2376 [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:45:57.0752 2376 SkypeUpdate - ok
23:45:57.0768 2376 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:45:57.0768 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4
23:45:57.0783 2376 Smb ( LockedFile.Multi.Generic ) - warning
23:45:57.0783 2376 Smb - detected LockedFile.Multi.Generic (1)
23:45:57.0830 2376 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:45:57.0861 2376 SNMPTRAP - ok
23:45:57.0908 2376 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:45:57.0908 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9
23:45:57.0924 2376 spldr ( LockedFile.Multi.Generic ) - warning
23:45:57.0924 2376 spldr - detected LockedFile.Multi.Generic (1)
23:45:57.0955 2376 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:45:57.0986 2376 Spooler - ok
23:45:58.0064 2376 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:45:58.0142 2376 sppsvc - ok
23:45:58.0173 2376 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:45:58.0205 2376 sppuinotify - ok
23:45:58.0236 2376 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:45:58.0236 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B

[a66]

2. půlka

23:45:58.0267 2376 srv ( LockedFile.Multi.Generic ) - warning
23:45:58.0267 2376 srv - detected LockedFile.Multi.Generic (1)
23:45:58.0283 2376 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:45:58.0283 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28
23:45:58.0283 2376 srv2 ( LockedFile.Multi.Generic ) - warning
23:45:58.0283 2376 srv2 - detected LockedFile.Multi.Generic (1)
23:45:58.0314 2376 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:45:58.0314 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3
23:45:58.0314 2376 srvnet ( LockedFile.Multi.Generic ) - warning
23:45:58.0314 2376 srvnet - detected LockedFile.Multi.Generic (1)
23:45:58.0361 2376 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:45:58.0423 2376 SSDPSRV - ok
23:45:58.0454 2376 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:45:58.0485 2376 SstpSvc - ok
23:45:58.0501 2376 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:45:58.0517 2376 stexstor - ok
23:45:58.0563 2376 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:45:58.0579 2376 stisvc - ok
23:45:58.0610 2376 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:45:58.0610 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\vmstorfl.sys. md5: 7785DC213270D2FC066538DAF94087E7
23:45:58.0626 2376 storflt ( LockedFile.Multi.Generic ) - warning
23:45:58.0626 2376 storflt - detected LockedFile.Multi.Generic (1)
23:45:58.0657 2376 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
23:45:58.0688 2376 StorSvc - ok
23:45:58.0704 2376 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:45:58.0704 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\storvsc.sys. md5: D34E4943D5AC096C8EDEEBFD80D76E23
23:45:58.0719 2376 storvsc ( LockedFile.Multi.Generic ) - warning
23:45:58.0719 2376 storvsc - detected LockedFile.Multi.Generic (1)
23:45:58.0751 2376 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:45:58.0751 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90
23:45:58.0751 2376 swenum ( LockedFile.Multi.Generic ) - warning
23:45:58.0751 2376 swenum - detected LockedFile.Multi.Generic (1)
23:45:58.0797 2376 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:45:58.0829 2376 swprv - ok
23:45:58.0907 2376 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:45:58.0985 2376 SysMain - ok
23:45:59.0000 2376 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:45:59.0016 2376 TabletInputService - ok
23:45:59.0047 2376 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:45:59.0094 2376 TapiSrv - ok
23:45:59.0141 2376 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:45:59.0187 2376 TBS - ok
23:45:59.0265 2376 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:45:59.0265 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: F782CAD3CEDBB3F9FFE3BF2775D92DDC
23:45:59.0297 2376 Tcpip ( LockedFile.Multi.Generic ) - warning
23:45:59.0297 2376 Tcpip - detected LockedFile.Multi.Generic (1)
23:45:59.0343 2376 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:45:59.0343 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: F782CAD3CEDBB3F9FFE3BF2775D92DDC
23:45:59.0359 2376 TCPIP6 ( LockedFile.Multi.Generic ) - warning
23:45:59.0359 2376 TCPIP6 - detected LockedFile.Multi.Generic (1)
23:45:59.0390 2376 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:45:59.0390 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: DF687E3D8836BFB04FCC0615BF15A519
23:45:59.0390 2376 tcpipreg ( LockedFile.Multi.Generic ) - warning
23:45:59.0390 2376 tcpipreg - detected LockedFile.Multi.Generic (1)
23:45:59.0421 2376 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:45:59.0421 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C
23:45:59.0421 2376 TDPIPE ( LockedFile.Multi.Generic ) - warning
23:45:59.0421 2376 TDPIPE - detected LockedFile.Multi.Generic (1)
23:45:59.0453 2376 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:45:59.0453 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8
23:45:59.0468 2376 TDTCP ( LockedFile.Multi.Generic ) - warning
23:45:59.0468 2376 TDTCP - detected LockedFile.Multi.Generic (1)
23:45:59.0484 2376 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:45:59.0484 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806
23:45:59.0484 2376 tdx ( LockedFile.Multi.Generic ) - warning
23:45:59.0484 2376 tdx - detected LockedFile.Multi.Generic (1)
23:45:59.0499 2376 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:45:59.0499 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5
23:45:59.0515 2376 TermDD ( LockedFile.Multi.Generic ) - warning
23:45:59.0515 2376 TermDD - detected LockedFile.Multi.Generic (1)
23:45:59.0546 2376 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:45:59.0609 2376 TermService - ok
23:45:59.0655 2376 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:45:59.0671 2376 Themes - ok
23:45:59.0687 2376 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:45:59.0718 2376 THREADORDER - ok
23:45:59.0733 2376 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:45:59.0780 2376 TrkWks - ok
23:45:59.0827 2376 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:45:59.0874 2376 TrustedInstaller - ok
23:45:59.0905 2376 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:45:59.0905 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: CE18B2CDFC837C99E5FAE9CA6CBA5D30
23:45:59.0936 2376 tssecsrv ( LockedFile.Multi.Generic ) - warning
23:45:59.0936 2376 tssecsrv - detected LockedFile.Multi.Generic (1)
23:45:59.0967 2376 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:45:59.0967 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9
23:45:59.0983 2376 TsUsbFlt ( LockedFile.Multi.Generic ) - warning
23:45:59.0983 2376 TsUsbFlt - detected LockedFile.Multi.Generic (1)
23:45:59.0999 2376 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:45:59.0999 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\TsUsbGD.sys. md5: 9CC2CCAE8A84820EAECB886D477CBCB8
23:45:59.0999 2376 TsUsbGD ( LockedFile.Multi.Generic ) - warning
23:45:59.0999 2376 TsUsbGD - detected LockedFile.Multi.Generic (1)
23:46:00.0014 2376 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:46:00.0014 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894
23:46:00.0014 2376 tunnel ( LockedFile.Multi.Generic ) - warning
23:46:00.0014 2376 tunnel - detected LockedFile.Multi.Generic (1)
23:46:00.0030 2376 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:46:00.0030 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67
23:46:00.0045 2376 uagp35 ( LockedFile.Multi.Generic ) - warning
23:46:00.0045 2376 uagp35 - detected LockedFile.Multi.Generic (1)
23:46:00.0061 2376 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:46:00.0061 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593
23:46:00.0077 2376 udfs ( LockedFile.Multi.Generic ) - warning
23:46:00.0077 2376 udfs - detected LockedFile.Multi.Generic (1)
23:46:00.0108 2376 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:46:00.0139 2376 UI0Detect - ok
23:46:00.0139 2376 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:46:00.0139 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320
23:46:00.0139 2376 uliagpkx ( LockedFile.Multi.Generic ) - warning
23:46:00.0139 2376 uliagpkx - detected LockedFile.Multi.Generic (1)
23:46:00.0186 2376 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:46:00.0186 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561
23:46:00.0186 2376 umbus ( LockedFile.Multi.Generic ) - warning
23:46:00.0201 2376 umbus - detected LockedFile.Multi.Generic (1)
23:46:00.0201 2376 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
23:46:00.0201 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D
23:46:00.0217 2376 UmPass ( LockedFile.Multi.Generic ) - warning
23:46:00.0217 2376 UmPass - detected LockedFile.Multi.Generic (1)
23:46:00.0248 2376 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
23:46:00.0279 2376 UmRdpService - ok
23:46:00.0326 2376 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:46:00.0373 2376 upnphost - ok
23:46:00.0435 2376 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:46:00.0435 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbaudio.sys. md5: 82E8F44688E6FAC57B5B7C6FC7ADBC2A
23:46:00.0451 2376 usbaudio ( LockedFile.Multi.Generic ) - warning
23:46:00.0451 2376 usbaudio - detected LockedFile.Multi.Generic (1)
23:46:00.0498 2376 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:46:00.0498 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6F1A3157A1C89435352CEB543CDB359C
23:46:00.0498 2376 usbccgp ( LockedFile.Multi.Generic ) - warning
23:46:00.0498 2376 usbccgp - detected LockedFile.Multi.Generic (1)
23:46:00.0545 2376 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:46:00.0560 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7
23:46:00.0560 2376 usbcir ( LockedFile.Multi.Generic ) - warning
23:46:00.0560 2376 usbcir - detected LockedFile.Multi.Generic (1)
23:46:00.0576 2376 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:46:00.0576 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbehci.sys. md5: C025055FE7B87701EB042095DF1A2D7B
23:46:00.0576 2376 usbehci ( LockedFile.Multi.Generic ) - warning
23:46:00.0576 2376 usbehci - detected LockedFile.Multi.Generic (1)
23:46:00.0607 2376 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:46:00.0607 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287C6C9410B111B68B52CA298F7B8C24
23:46:00.0623 2376 usbhub ( LockedFile.Multi.Generic ) - warning
23:46:00.0623 2376 usbhub - detected LockedFile.Multi.Generic (1)
23:46:00.0638 2376 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:46:00.0638 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: 9840FC418B4CBD632D3D0A667A725C31
23:46:00.0638 2376 usbohci ( LockedFile.Multi.Generic ) - warning
23:46:00.0638 2376 usbohci - detected LockedFile.Multi.Generic (1)
23:46:00.0685 2376 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:46:00.0685 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D
23:46:00.0701 2376 usbprint ( LockedFile.Multi.Generic ) - warning
23:46:00.0701 2376 usbprint - detected LockedFile.Multi.Generic (1)
23:46:00.0732 2376 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:46:00.0732 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6
23:46:00.0732 2376 USBSTOR ( LockedFile.Multi.Generic ) - warning
23:46:00.0732 2376 USBSTOR - detected LockedFile.Multi.Generic (1)
23:46:00.0779 2376 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:46:00.0779 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbuhci.sys. md5: 62069A34518BCF9C1FD9E74B3F6DB7CD
23:46:00.0779 2376 usbuhci ( LockedFile.Multi.Generic ) - warning
23:46:00.0779 2376 usbuhci - detected LockedFile.Multi.Generic (1)
23:46:00.0825 2376 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:46:00.0857 2376 UxSms - ok
23:46:00.0888 2376 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:46:00.0903 2376 VaultSvc - ok
23:46:00.0935 2376 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:46:00.0935 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD
23:46:00.0935 2376 vdrvroot ( LockedFile.Multi.Generic ) - warning
23:46:00.0935 2376 vdrvroot - detected LockedFile.Multi.Generic (1)
23:46:00.0966 2376 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:46:01.0013 2376 vds - ok
23:46:01.0059 2376 [ 8108E4573F819A6C76C7EFB4021B4DFE ] VF0470Vid C:\Windows\system32\DRIVERS\V0470Vid.sys
23:46:01.0059 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\V0470Vid.sys. md5: 8108E4573F819A6C76C7EFB4021B4DFE
23:46:01.0059 2376 VF0470Vid ( LockedFile.Multi.Generic ) - warning
23:46:01.0059 2376 VF0470Vid - detected LockedFile.Multi.Generic (1)
23:46:01.0075 2376 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:46:01.0075 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD
23:46:01.0091 2376 vga ( LockedFile.Multi.Generic ) - warning
23:46:01.0091 2376 vga - detected LockedFile.Multi.Generic (1)
23:46:01.0122 2376 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:46:01.0122 2376 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC
23:46:01.0122 2376 VgaSave ( LockedFile.Multi.Generic ) - warning
23:46:01.0122 2376 VgaSave - detected LockedFile.Multi.Generic (1)
23:46:01.0137 2376 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:46:01.0137 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB
23:46:01.0137 2376 vhdmp ( LockedFile.Multi.Generic ) - warning
23:46:01.0137 2376 vhdmp - detected LockedFile.Multi.Generic (1)
23:46:01.0200 2376 [ 7999B714275315DA05A2EC3C0F80D9D2 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
23:46:01.0200 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\viahduaa.sys. md5: 7999B714275315DA05A2EC3C0F80D9D2
23:46:01.0200 2376 VIAHdAudAddService ( LockedFile.Multi.Generic ) - warning
23:46:01.0200 2376 VIAHdAudAddService - detected LockedFile.Multi.Generic (1)
23:46:01.0231 2376 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:46:01.0231 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54
23:46:01.0231 2376 viaide ( LockedFile.Multi.Generic ) - warning
23:46:01.0231 2376 viaide - detected LockedFile.Multi.Generic (1)
23:46:01.0262 2376 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:46:01.0278 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\vmbus.sys. md5: 86EA3E79AE350FEA5331A1303054005F
23:46:01.0278 2376 vmbus ( LockedFile.Multi.Generic ) - warning
23:46:01.0278 2376 vmbus - detected LockedFile.Multi.Generic (1)
23:46:01.0293 2376 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:46:01.0293 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\VMBusHID.sys. md5: 7DE90B48F210D29649380545DB45A187
23:46:01.0293 2376 VMBusHID ( LockedFile.Multi.Generic ) - warning
23:46:01.0293 2376 VMBusHID - detected LockedFile.Multi.Generic (1)
23:46:01.0340 2376 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:46:01.0340 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0
23:46:01.0340 2376 volmgr ( LockedFile.Multi.Generic ) - warning
23:46:01.0340 2376 volmgr - detected LockedFile.Multi.Generic (1)
23:46:01.0356 2376 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:46:01.0356 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B
23:46:01.0356 2376 volmgrx ( LockedFile.Multi.Generic ) - warning
23:46:01.0356 2376 volmgrx - detected LockedFile.Multi.Generic (1)
23:46:01.0371 2376 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:46:01.0371 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639
23:46:01.0371 2376 volsnap ( LockedFile.Multi.Generic ) - warning
23:46:01.0371 2376 volsnap - detected LockedFile.Multi.Generic (1)
23:46:01.0418 2376 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
23:46:01.0418 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpchbus.sys. md5: B4A73CA4EF9A02B9738CEA9AD5FE5917
23:46:01.0418 2376 vpcbus ( LockedFile.Multi.Generic ) - warning
23:46:01.0418 2376 vpcbus - detected LockedFile.Multi.Generic (1)
23:46:01.0465 2376 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
23:46:01.0465 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpcnfltr.sys. md5: E675FB2B48C54F09895482E2253B289C
23:46:01.0481 2376 vpcnfltr ( LockedFile.Multi.Generic ) - warning
23:46:01.0481 2376 vpcnfltr - detected LockedFile.Multi.Generic (1)
23:46:01.0496 2376 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
23:46:01.0496 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpcusb.sys. md5: 5FB42082B0D19A0268705F1DD343DF20
23:46:01.0496 2376 vpcusb ( LockedFile.Multi.Generic ) - warning
23:46:01.0496 2376 vpcusb - detected LockedFile.Multi.Generic (1)
23:46:01.0543 2376 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
23:46:01.0543 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\vpcvmm.sys. md5: 207B6539799CC1C112661A9B620DD233
23:46:01.0543 2376 vpcvmm ( LockedFile.Multi.Generic ) - warning
23:46:01.0543 2376 vpcvmm - detected LockedFile.Multi.Generic (1)
23:46:01.0590 2376 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:46:01.0590 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997
23:46:01.0590 2376 vsmraid ( LockedFile.Multi.Generic ) - warning
23:46:01.0590 2376 vsmraid - detected LockedFile.Multi.Generic (1)
23:46:01.0652 2376 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:46:01.0746 2376 VSS - ok
23:46:01.0777 2376 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:46:01.0793 2376 Suspicious file (NoAccess): C:\Windows\System32\drivers\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1
23:46:01.0793 2376 vwifibus ( LockedFile.Multi.Generic ) - warning
23:46:01.0793 2376 vwifibus - detected LockedFile.Multi.Generic (1)
23:46:01.0824 2376 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:46:01.0886 2376 W32Time - ok
23:46:01.0917 2376 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:46:01.0917 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E
23:46:01.0917 2376 WacomPen ( LockedFile.Multi.Generic ) - warning
23:46:01.0917 2376 WacomPen - detected LockedFile.Multi.Generic (1)
23:46:01.0964 2376 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:46:01.0964 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
23:46:01.0964 2376 WANARP ( LockedFile.Multi.Generic ) - warning
23:46:01.0964 2376 WANARP - detected LockedFile.Multi.Generic (1)
23:46:01.0980 2376 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:46:01.0980 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
23:46:01.0980 2376 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
23:46:01.0980 2376 Wanarpv6 - detected LockedFile.Multi.Generic (1)
23:46:02.0058 2376 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:46:02.0105 2376 WatAdminSvc - ok
23:46:02.0167 2376 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:46:02.0214 2376 wbengine - ok
23:46:02.0245 2376 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:46:02.0261 2376 WbioSrvc - ok
23:46:02.0276 2376 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:46:02.0307 2376 wcncsvc - ok
23:46:02.0339 2376 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:46:02.0370 2376 WcsPlugInService - ok
23:46:02.0401 2376 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
23:46:02.0401 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC
23:46:02.0432 2376 Wd ( LockedFile.Multi.Generic ) - warning
23:46:02.0432 2376 Wd - detected LockedFile.Multi.Generic (1)
23:46:02.0479 2376 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:46:02.0479 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250
23:46:02.0495 2376 Wdf01000 ( LockedFile.Multi.Generic ) - warning
23:46:02.0495 2376 Wdf01000 - detected LockedFile.Multi.Generic (1)
23:46:02.0526 2376 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:46:02.0557 2376 WdiServiceHost - ok
23:46:02.0557 2376 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:46:02.0573 2376 WdiSystemHost - ok
23:46:02.0604 2376 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:46:02.0635 2376 WebClient - ok
23:46:02.0666 2376 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:46:02.0713 2376 Wecsvc - ok
23:46:02.0729 2376 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:46:02.0760 2376 wercplsupport - ok
23:46:02.0791 2376 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:46:02.0822 2376 WerSvc - ok
23:46:02.0853 2376 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:46:02.0853 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725
23:46:02.0885 2376 WfpLwf ( LockedFile.Multi.Generic ) - warning
23:46:02.0885 2376 WfpLwf - detected LockedFile.Multi.Generic (1)
23:46:02.0916 2376 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:46:02.0916 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC
23:46:02.0916 2376 WIMMount ( LockedFile.Multi.Generic ) - warning
23:46:02.0916 2376 WIMMount - detected LockedFile.Multi.Generic (1)
23:46:02.0931 2376 WinDefend - ok
23:46:02.0963 2376 WinHttpAutoProxySvc - ok
23:46:03.0025 2376 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:46:03.0072 2376 Winmgmt - ok
23:46:03.0134 2376 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:46:03.0197 2376 WinRM - ok
23:46:03.0306 2376 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:46:03.0368 2376 Wlansvc - ok
23:46:03.0399 2376 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:46:03.0399 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778
23:46:03.0415 2376 WmiAcpi ( LockedFile.Multi.Generic ) - warning
23:46:03.0415 2376 WmiAcpi - detected LockedFile.Multi.Generic (1)
23:46:03.0446 2376 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:46:03.0477 2376 wmiApSrv - ok
23:46:03.0509 2376 WMPNetworkSvc - ok
23:46:03.0540 2376 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:46:03.0555 2376 WPCSvc - ok
23:46:03.0587 2376 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:46:03.0618 2376 WPDBusEnum - ok
23:46:03.0649 2376 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:46:03.0649 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52
23:46:03.0665 2376 ws2ifsl ( LockedFile.Multi.Generic ) - warning
23:46:03.0665 2376 ws2ifsl - detected LockedFile.Multi.Generic (1)
23:46:03.0727 2376 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
23:46:03.0758 2376 wscsvc - ok
23:46:03.0774 2376 WSearch - ok
23:46:03.0852 2376 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:46:03.0930 2376 wuauserv - ok
23:46:03.0945 2376 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:46:03.0945 2376 Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C
23:46:03.0992 2376 WudfPf ( LockedFile.Multi.Generic ) - warning
23:46:03.0992 2376 WudfPf - detected LockedFile.Multi.Generic (1)
23:46:04.0023 2376 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:46:04.0023 2376 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682
23:46:04.0039 2376 WUDFRd ( LockedFile.Multi.Generic ) - warning
23:46:04.0039 2376 WUDFRd - detected LockedFile.Multi.Generic (1)
23:46:04.0070 2376 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:46:04.0101 2376 wudfsvc - ok
23:46:04.0148 2376 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:46:04.0179 2376 WwanSvc - ok
23:46:04.0195 2376 ================ Scan global ===============================
23:46:04.0273 2376 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:46:04.0304 2376 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
23:46:04.0304 2376 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
23:46:04.0335 2376 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:46:04.0367 2376 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:46:04.0367 2376 [Global] - ok
23:46:04.0367 2376 ================ Scan MBR ==================================
23:46:04.0382 2376 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:46:04.0616 2376 \Device\Harddisk0\DR0 - ok
23:46:04.0632 2376 [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk1\DR2
23:46:04.0725 2376 \Device\Harddisk1\DR2 - ok
23:46:04.0725 2376 ================ Scan VBR ==================================
23:46:04.0741 2376 [ 6E7FD59030E67D073E8450E151926521 ] \Device\Harddisk0\DR0\Partition1
23:46:04.0741 2376 \Device\Harddisk0\DR0\Partition1 - ok
23:46:04.0757 2376 [ 5A34E5102CB76BDE7AE301CB59726815 ] \Device\Harddisk0\DR0\Partition2
23:46:04.0757 2376 \Device\Harddisk0\DR0\Partition2 - ok
23:46:04.0757 2376 [ C22840B344ED0439E9B382A2B8C15FD4 ] \Device\Harddisk1\DR2\Partition1
23:46:04.0757 2376 \Device\Harddisk1\DR2\Partition1 - ok
23:46:04.0757 2376 ============================================================
23:46:04.0757 2376 Scan finished
23:46:04.0757 2376 ============================================================
23:46:04.0772 0172 Detected object count: 194
23:46:04.0772 0172 Actual detected object count: 194
23:47:28.0997 0172 8e2185ace8825c71 ( Rootkit.Win32.Necurs.gen ) - skipped by user
23:47:28.0997 0172 8e2185ace8825c71 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
23:47:28.0997 0172 CSC ( LockedFile.Multi.Generic ) - skipped by user
23:47:28.0997 0172 CSC ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:28.0997 0172 DfsC ( LockedFile.Multi.Generic ) - skipped by user
23:47:28.0997 0172 DfsC ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:28.0997 0172 discache ( LockedFile.Multi.Generic ) - skipped by user
23:47:28.0997 0172 discache ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:28.0997 0172 Disk ( LockedFile.Multi.Generic ) - skipped by user
23:47:28.0997 0172 Disk ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:28.0997 0172 dmvsc ( LockedFile.Multi.Generic ) - skipped by user
23:47:28.0997 0172 dmvsc ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:28.0997 0172 ebdrv ( LockedFile.Multi.Generic ) - skipped by user
23:47:28.0997 0172 ebdrv ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0012 0172 elxstor ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0012 0172 elxstor ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0012 0172 ErrDev ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0012 0172 ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0012 0172 exfat ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0012 0172 exfat ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0012 0172 fastfat ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0012 0172 fastfat ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0012 0172 fdc ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0012 0172 fdc ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0012 0172 FileInfo ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0012 0172 FileInfo ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0012 0172 Filetrace ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0012 0172 Filetrace ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0012 0172 flpydisk ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0012 0172 flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0012 0172 FltMgr ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0012 0172 FltMgr ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0012 0172 FsDepends ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0012 0172 FsDepends ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0012 0172 Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0012 0172 Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0012 0172 fvevol ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0012 0172 fvevol ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0028 0172 gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0028 0172 gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0028 0172 hcw85cir ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0028 0172 hcw85cir ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0028 0172 HidBatt ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0028 0172 HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0028 0172 HidBth ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0028 0172 HidBth ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0028 0172 HidIr ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0028 0172 HidIr ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0028 0172 HidUsb ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0028 0172 HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0028 0172 HpSAMD ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0028 0172 HpSAMD ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0028 0172 HTTP ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0028 0172 HTTP ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0028 0172 hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0028 0172 hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0028 0172 i8042prt ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0028 0172 i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0028 0172 iaStorV ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0028 0172 iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0028 0172 igfx ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0028 0172 igfx ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0028 0172 iirsp ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0028 0172 iirsp ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0028 0172 intelide ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0028 0172 intelide ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0028 0172 intelppm ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0028 0172 intelppm ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0044 0172 IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0044 0172 IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0044 0172 IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0044 0172 IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0044 0172 IPNAT ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0044 0172 IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0044 0172 IRENUM ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0044 0172 IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0044 0172 isapnp ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0044 0172 isapnp ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0044 0172 iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0044 0172 iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0044 0172 kbdclass ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0044 0172 kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0044 0172 kbdhid ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0044 0172 kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0044 0172 KSecDD ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0044 0172 KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0044 0172 KSecPkg ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0044 0172 KSecPkg ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0044 0172 ksthunk ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0044 0172 ksthunk ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0044 0172 LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0044 0172 LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0044 0172 LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0044 0172 LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0044 0172 LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0044 0172 LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0044 0172 LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0044 0172 LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0059 0172 luafv ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0059 0172 luafv ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0059 0172 megasas ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0059 0172 megasas ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0059 0172 MegaSR ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0059 0172 MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0059 0172 Modem ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0059 0172 Modem ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0059 0172 monitor ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0059 0172 monitor ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0059 0172 mouclass ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0059 0172 mouclass ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0059 0172 mouhid ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0059 0172 mouhid ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0059 0172 mountmgr ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0059 0172 mountmgr ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0059 0172 mpio ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0059 0172 mpio ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0059 0172 mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0059 0172 mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0059 0172 MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0059 0172 MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0059 0172 mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0059 0172 mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0059 0172 mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0059 0172 mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0059 0172 mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0059 0172 mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0075 0172 msahci ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0075 0172 msahci ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0075 0172 msdsm ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0075 0172 msdsm ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0075 0172 Msfs ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0075 0172 Msfs ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0075 0172 mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0075 0172 mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0075 0172 msisadrv ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0075 0172 msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0075 0172 MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0075 0172 MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0075 0172 MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0075 0172 MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0075 0172 MSPQM ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0075 0172 MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0075 0172 MsRPC ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0075 0172 MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0075 0172 mssmbios ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0075 0172 mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0075 0172 MSTEE ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0075 0172 MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0075 0172 MTConfig ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0075 0172 MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0075 0172 Mup ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0075 0172 Mup ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0075 0172 NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0075 0172 NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0075 0172 NDIS ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0075 0172 NDIS ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 NdisCap ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 NdisWan ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 NDProxy ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 NFService ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 NFService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 Npfs ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 Npfs ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 Ntfs ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 Null ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 Null ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 nvraid ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 nvraid ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 nvstor ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 nvstor ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 nv_agp ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0090 0172 ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0090 0172 ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0106 0172 Parport ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0106 0172 Parport ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0106 0172 partmgr ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0106 0172 partmgr ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0106 0172 pci ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0106 0172 pci ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0106 0172 pciide ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0106 0172 pciide ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0106 0172 pcmcia ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0106 0172 pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0106 0172 pcw ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0106 0172 pcw ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0106 0172 PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0106 0172 PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0106 0172 Processor ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0106 0172 Processor ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0106 0172 Psched ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0106 0172 Psched ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0106 0172 ql2300 ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0106 0172 ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0106 0172 ql40xx ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0106 0172 ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0106 0172 QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0106 0172 QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0106 0172 RasAcd ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0106 0172 RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0106 0172 RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0106 0172 RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0106 0172 Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0106 0172 Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0122 0172 RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0122 0172 RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0122 0172 RasSstp ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0122 0172 RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0122 0172 rdbss ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0122 0172 rdbss ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0122 0172 rdpbus ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0122 0172 rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0122 0172 RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0122 0172 RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0122 0172 RDPDR ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0122 0172 RDPDR ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0122 0172 RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0122 0172 RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0122 0172 RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0122 0172 RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0122 0172 RDPWD ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0122 0172 RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0122 0172 rdyboost ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0122 0172 rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0122 0172 s3cap ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0122 0172 s3cap ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0122 0172 sbp2port ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0122 0172 sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0122 0172 scfilter ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0122 0172 scfilter ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0122 0172 secdrv ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0122 0172 secdrv ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0137 0172 Serenum ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0137 0172 Serenum ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0137 0172 Serial ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0137 0172 Serial ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0137 0172 sermouse ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0137 0172 sermouse ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0137 0172 sffdisk ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0137 0172 sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0137 0172 sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0137 0172 sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0137 0172 sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0137 0172 sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0137 0172 sfloppy ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0137 0172 sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0137 0172 SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0137 0172 SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0137 0172 SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0137 0172 SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0137 0172 Smb ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0137 0172 Smb ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0137 0172 spldr ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0137 0172 spldr ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0137 0172 srv ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0137 0172 srv ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0137 0172 srv2 ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0137 0172 srv2 ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0137 0172 srvnet ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0137 0172 srvnet ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0137 0172 storflt ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0137 0172 storflt ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0153 0172 storvsc ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0153 0172 storvsc ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0153 0172 swenum ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0153 0172 swenum ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0153 0172 Tcpip ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0153 0172 Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0153 0172 TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0153 0172 TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0153 0172 tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0153 0172 tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0153 0172 TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0153 0172 TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0153 0172 TDTCP ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0153 0172 TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0153 0172 tdx ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0153 0172 tdx ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0153 0172 TermDD ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0153 0172 TermDD ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0153 0172 tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0153 0172 tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0153 0172 TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0153 0172 TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0153 0172 TsUsbGD ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0153 0172 TsUsbGD ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0153 0172 tunnel ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0153 0172 tunnel ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0153 0172 uagp35 ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0153 0172 uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0153 0172 udfs ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0153 0172 udfs ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 umbus ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 umbus ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 UmPass ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 UmPass ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 usbaudio ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 usbaudio ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 usbccgp ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 usbcir ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 usbehci ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 usbhub ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 usbohci ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 usbprint ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 VF0470Vid ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 VF0470Vid ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 vga ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 vga ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0168 0172 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0168 0172 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0184 0172 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0184 0172 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0184 0172 VIAHdAudAddService ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0184 0172 VIAHdAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0184 0172 viaide ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0184 0172 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0184 0172 vmbus ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0184 0172 vmbus ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0184 0172 VMBusHID ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0184 0172 VMBusHID ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0184 0172 volmgr ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0184 0172 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0184 0172 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0184 0172 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0184 0172 volsnap ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0184 0172 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0184 0172 vpcbus ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0184 0172 vpcbus ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0184 0172 vpcnfltr ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0184 0172 vpcnfltr ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0184 0172 vpcusb ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0184 0172 vpcusb ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0184 0172 vpcvmm ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0184 0172 vpcvmm ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0184 0172 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0184 0172 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0184 0172 vwifibus ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0184 0172 vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0184 0172 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0184 0172 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0200 0172 WANARP ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0200 0172 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0200 0172 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0200 0172 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0200 0172 Wd ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0200 0172 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0200 0172 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0200 0172 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0200 0172 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0200 0172 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0200 0172 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0200 0172 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0200 0172 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0200 0172 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0200 0172 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0200 0172 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0200 0172 WudfPf ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0200 0172 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
23:47:29.0200 0172 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
23:47:29.0200 0172 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip

[vyosek]

Co se tyce ComboFixu, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"


Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Spustte znovu TDSSKiller a u polozky 8e2185ace8825c71 ( Rootkit.Win32.Necurs.gen ) nechte predvolenou moznost TDSSka, probehne restart, log opet rad uvidim

[a66]

Tak internet se rozeběhl. TDSSiller.log:

00:10:02.0038 2572 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:10:04.0046 2572 ============================================================
00:10:04.0046 2572 Current date / time: 2012/11/15 00:10:04.0046
00:10:04.0046 2572 SystemInfo:
00:10:04.0046 2572
00:10:04.0046 2572 OS Version: 6.1.7601 ServicePack: 1.0
00:10:04.0046 2572 Product type: Workstation
00:10:04.0046 2572 ComputerName: T1-PC
00:10:04.0046 2572 UserName: t1
00:10:04.0046 2572 Windows directory: C:\Windows
00:10:04.0046 2572 System windows directory: C:\Windows
00:10:04.0046 2572 Running under WOW64
00:10:04.0046 2572 Processor architecture: Intel x64
00:10:04.0046 2572 Number of processors: 2
00:10:04.0046 2572 Page size: 0x1000
00:10:04.0046 2572 Boot type: Normal boot
00:10:04.0046 2572 ============================================================
00:10:04.0856 2572 BG loaded
00:10:05.0168 2572 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:10:05.0178 2572 ============================================================
00:10:05.0178 2572 \Device\Harddisk0\DR0:
00:10:05.0178 2572 MBR partitions:
00:10:05.0178 2572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:10:05.0178 2572 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
00:10:05.0178 2572 ============================================================
00:10:05.0218 2572 C: <-> \Device\Harddisk0\DR0\Partition2
00:10:05.0218 2572 ============================================================
00:10:05.0218 2572 Initialize success
00:10:05.0218 2572 ============================================================
00:10:16.0652 2812 ============================================================
00:10:16.0652 2812 Scan started
00:10:16.0652 2812 Mode: Manual; SigCheck; TDLFS;
00:10:16.0652 2812 ============================================================
00:10:17.0541 2812 ================ Scan system memory ========================
00:10:17.0541 2812 System memory - ok
00:10:17.0541 2812 ================ Scan services =============================
00:10:17.0666 2812 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:10:17.0822 2812 1394ohci - ok
00:10:17.0853 2812 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:10:17.0869 2812 ACPI - ok
00:10:17.0884 2812 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:10:17.0947 2812 AcpiPmi - ok
00:10:17.0994 2812 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:10:18.0009 2812 AdobeARMservice - ok
00:10:18.0134 2812 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:10:18.0134 2812 AdobeFlashPlayerUpdateSvc - ok
00:10:18.0181 2812 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:10:18.0196 2812 adp94xx - ok
00:10:18.0212 2812 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:10:18.0228 2812 adpahci - ok
00:10:18.0243 2812 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:10:18.0243 2812 adpu320 - ok
00:10:18.0274 2812 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:10:18.0384 2812 AeLookupSvc - ok
00:10:18.0430 2812 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:10:18.0493 2812 AFD - ok
00:10:18.0524 2812 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:10:18.0540 2812 agp440 - ok
00:10:18.0571 2812 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:10:18.0602 2812 ALG - ok
00:10:18.0633 2812 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:10:18.0649 2812 aliide - ok
00:10:18.0664 2812 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:10:18.0664 2812 amdide - ok
00:10:18.0680 2812 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:10:18.0711 2812 AmdK8 - ok
00:10:18.0727 2812 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
00:10:18.0758 2812 AmdPPM - ok
00:10:18.0789 2812 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:10:18.0805 2812 amdsata - ok
00:10:18.0820 2812 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
00:10:18.0836 2812 amdsbs - ok
00:10:18.0836 2812 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:10:18.0852 2812 amdxata - ok
00:10:18.0867 2812 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:10:18.0992 2812 AppID - ok
00:10:19.0023 2812 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:10:19.0070 2812 AppIDSvc - ok
00:10:19.0070 2812 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:10:19.0132 2812 Appinfo - ok
00:10:19.0164 2812 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
00:10:19.0195 2812 AppMgmt - ok
00:10:19.0210 2812 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
00:10:19.0226 2812 arc - ok
00:10:19.0226 2812 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:10:19.0242 2812 arcsas - ok
00:10:19.0288 2812 AsrCDDrv - ok
00:10:19.0304 2812 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:10:19.0351 2812 AsyncMac - ok
00:10:19.0351 2812 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:10:19.0366 2812 atapi - ok
00:10:19.0413 2812 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:10:19.0476 2812 AudioEndpointBuilder - ok
00:10:19.0491 2812 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:10:19.0522 2812 AudioSrv - ok
00:10:19.0569 2812 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:10:19.0600 2812 AxInstSV - ok
00:10:19.0632 2812 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
00:10:19.0647 2812 b06bdrv - ok
00:10:19.0678 2812 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:10:19.0710 2812 b57nd60a - ok
00:10:19.0725 2812 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:10:19.0756 2812 BDESVC - ok
00:10:19.0772 2812 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:10:19.0803 2812 Beep - ok
00:10:19.0834 2812 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:10:19.0881 2812 BFE - ok
00:10:19.0912 2812 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
00:10:19.0959 2812 BITS - ok
00:10:19.0975 2812 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:10:20.0006 2812 blbdrive - ok
00:10:20.0022 2812 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:10:20.0068 2812 bowser - ok
00:10:20.0084 2812 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
00:10:20.0115 2812 BrFiltLo - ok
00:10:20.0115 2812 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
00:10:20.0131 2812 BrFiltUp - ok
00:10:20.0146 2812 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
00:10:20.0193 2812 BridgeMP - ok
00:10:20.0240 2812 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:10:20.0256 2812 Browser - ok
00:10:20.0256 2812 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:10:20.0287 2812 Brserid - ok
00:10:20.0287 2812 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:10:20.0302 2812 BrSerWdm - ok
00:10:20.0318 2812 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:10:20.0334 2812 BrUsbMdm - ok
00:10:20.0334 2812 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:10:20.0349 2812 BrUsbSer - ok
00:10:20.0365 2812 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:10:20.0380 2812 BTHMODEM - ok
00:10:20.0412 2812 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:10:20.0458 2812 bthserv - ok
00:10:20.0474 2812 catchme - ok
00:10:20.0490 2812 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:10:20.0552 2812 cdfs - ok
00:10:20.0568 2812 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:10:20.0583 2812 cdrom - ok
00:10:20.0599 2812 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:10:20.0630 2812 CertPropSvc - ok
00:10:20.0661 2812 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
00:10:20.0692 2812 circlass - ok
00:10:20.0708 2812 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:10:20.0724 2812 CLFS - ok
00:10:20.0770 2812 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:10:20.0786 2812 clr_optimization_v2.0.50727_32 - ok
00:10:20.0817 2812 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:10:20.0833 2812 clr_optimization_v2.0.50727_64 - ok
00:10:20.0880 2812 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:10:20.0911 2812 clr_optimization_v4.0.30319_32 - ok
00:10:20.0942 2812 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:10:20.0958 2812 clr_optimization_v4.0.30319_64 - ok
00:10:20.0989 2812 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
00:10:21.0004 2812 CmBatt - ok
00:10:21.0098 2812 [ CEE48CCC4D561DDB19C72F9FB55D28D5 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
00:10:21.0176 2812 cmdAgent - ok
00:10:21.0192 2812 [ 0599D5A458D4E0E37AB84E9D1C5C73E5 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
00:10:21.0207 2812 cmdGuard - ok
00:10:21.0223 2812 [ 2D3E08C7106F748F9EFF3DEC14142D3E ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
00:10:21.0223 2812 cmdHlp - ok
00:10:21.0238 2812 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:10:21.0238 2812 cmdide - ok
00:10:21.0270 2812 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:10:21.0285 2812 CNG - ok
00:10:21.0301 2812 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
00:10:21.0301 2812 Compbatt - ok
00:10:21.0316 2812 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
00:10:21.0348 2812 CompositeBus - ok
00:10:21.0363 2812 COMSysApp - ok
00:10:21.0363 2812 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:10:21.0379 2812 crcdisk - ok
00:10:21.0410 2812 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:10:21.0441 2812 CryptSvc - ok
00:10:21.0472 2812 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
00:10:21.0519 2812 CSC - ok
00:10:21.0550 2812 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
00:10:21.0582 2812 CscService - ok
00:10:21.0597 2812 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:10:21.0644 2812 DcomLaunch - ok
00:10:21.0675 2812 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:10:21.0722 2812 defragsvc - ok
00:10:21.0738 2812 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:10:21.0784 2812 DfsC - ok
00:10:21.0800 2812 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:10:21.0847 2812 Dhcp - ok
00:10:21.0862 2812 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:10:21.0909 2812 discache - ok
00:10:21.0909 2812 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
00:10:21.0925 2812 Disk - ok
00:10:21.0940 2812 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
00:10:21.0972 2812 dmvsc - ok
00:10:21.0987 2812 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:10:22.0034 2812 Dnscache - ok
00:10:22.0050 2812 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:10:22.0081 2812 dot3svc - ok
00:10:22.0096 2812 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:10:22.0128 2812 DPS - ok
00:10:22.0159 2812 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:10:22.0190 2812 drmkaud - ok
00:10:22.0221 2812 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:10:22.0221 2812 dtsoftbus01 - ok
00:10:22.0268 2812 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:10:22.0284 2812 DXGKrnl - ok
00:10:22.0299 2812 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:10:22.0346 2812 EapHost - ok
00:10:22.0424 2812 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
00:10:22.0502 2812 ebdrv - ok
00:10:22.0518 2812 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:10:22.0549 2812 EFS - ok
00:10:22.0611 2812 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:10:22.0642 2812 ehRecvr - ok
00:10:22.0658 2812 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:10:22.0674 2812 ehSched - ok
00:10:22.0674 2812 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:10:22.0705 2812 elxstor - ok
00:10:22.0705 2812 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:10:22.0736 2812 ErrDev - ok
00:10:22.0767 2812 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:10:22.0814 2812 EventSystem - ok
00:10:22.0845 2812 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:10:22.0892 2812 exfat - ok
00:10:22.0892 2812 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:10:22.0939 2812 fastfat - ok
00:10:22.0986 2812 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:10:23.0017 2812 Fax - ok
00:10:23.0032 2812 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
00:10:23.0079 2812 fdc - ok
00:10:23.0095 2812 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:10:23.0142 2812 fdPHost - ok
00:10:23.0157 2812 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:10:23.0204 2812 FDResPub - ok
00:10:23.0220 2812 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:10:23.0235 2812 FileInfo - ok
00:10:23.0251 2812 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:10:23.0282 2812 Filetrace - ok
00:10:23.0298 2812 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
00:10:23.0313 2812 flpydisk - ok
00:10:23.0344 2812 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:10:23.0344 2812 FltMgr - ok
00:10:23.0376 2812 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
00:10:23.0454 2812 FontCache - ok
00:10:23.0500 2812 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:10:23.0516 2812 FontCache3.0.0.0 - ok
00:10:23.0516 2812 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:10:23.0532 2812 FsDepends - ok
00:10:23.0547 2812 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:10:23.0563 2812 Fs_Rec - ok
00:10:23.0578 2812 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:10:23.0594 2812 fvevol - ok
00:10:23.0625 2812 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:10:23.0625 2812 gagp30kx - ok
00:10:23.0656 2812 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:10:23.0688 2812 gpsvc - ok
00:10:23.0703 2812 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:10:23.0719 2812 hcw85cir - ok
00:10:23.0750 2812 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:10:23.0781 2812 HdAudAddService - ok
00:10:23.0797 2812 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:10:23.0812 2812 HDAudBus - ok
00:10:23.0828 2812 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
00:10:23.0844 2812 HidBatt - ok
00:10:23.0844 2812 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:10:23.0875 2812 HidBth - ok
00:10:23.0875 2812 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
00:10:23.0890 2812 HidIr - ok
00:10:23.0890 2812 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
00:10:23.0922 2812 hidserv - ok
00:10:23.0953 2812 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:10:23.0968 2812 HidUsb - ok
00:10:23.0968 2812 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:10:24.0015 2812 hkmsvc - ok
00:10:24.0031 2812 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:10:24.0046 2812 HomeGroupListener - ok
00:10:24.0062 2812 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:10:24.0078 2812 HomeGroupProvider - ok
00:10:24.0078 2812 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:10:24.0093 2812 HpSAMD - ok
00:10:24.0124 2812 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:10:24.0171 2812 HTTP - ok
00:10:24.0187 2812 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:10:24.0202 2812 hwpolicy - ok
00:10:24.0202 2812 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:10:24.0218 2812 i8042prt - ok
00:10:24.0249 2812 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:10:24.0265 2812 iaStorV - ok
00:10:24.0312 2812 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:10:24.0343 2812 idsvc - ok
00:10:24.0468 2812 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
00:10:24.0577 2812 igfx - ok
00:10:24.0577 2812 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:10:24.0592 2812 iirsp - ok
00:10:24.0624 2812 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:10:24.0670 2812 IKEEXT - ok
00:10:24.0702 2812 [ EFFF0AFD27CC97BF0E5E0BAB78419DE7 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
00:10:24.0702 2812 inspect - ok
00:10:24.0717 2812 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:10:24.0733 2812 intelide - ok
00:10:24.0748 2812 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:10:24.0764 2812 intelppm - ok
00:10:24.0795 2812 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:10:24.0826 2812 IPBusEnum - ok
00:10:24.0842 2812 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:10:24.0873 2812 IpFilterDriver - ok
00:10:24.0873 2812 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:10:24.0920 2812 iphlpsvc - ok
00:10:24.0920 2812 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:10:24.0936 2812 IPMIDRV - ok
00:10:24.0951 2812 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:10:24.0982 2812 IPNAT - ok
00:10:24.0998 2812 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:10:25.0014 2812 IRENUM - ok
00:10:25.0045 2812 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:10:25.0045 2812 isapnp - ok
00:10:25.0060 2812 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:10:25.0060 2812 iScsiPrt - ok
00:10:25.0076 2812 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:10:25.0092 2812 kbdclass - ok
00:10:25.0092 2812 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:10:25.0123 2812 kbdhid - ok
00:10:25.0138 2812 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:10:25.0138 2812 KeyIso - ok
00:10:25.0170 2812 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:10:25.0185 2812 KSecDD - ok
00:10:25.0185 2812 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:10:25.0201 2812 KSecPkg - ok
00:10:25.0201 2812 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:10:25.0232 2812 ksthunk - ok
00:10:25.0263 2812 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:10:25.0310 2812 KtmRm - ok
00:10:25.0341 2812 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
00:10:25.0341 2812 L1C - ok
00:10:25.0372 2812 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
00:10:25.0419 2812 LanmanServer - ok
00:10:25.0419 2812 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:10:25.0466 2812 LanmanWorkstation - ok
00:10:25.0497 2812 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:10:25.0528 2812 lltdio - ok
00:10:25.0544 2812 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:10:25.0591 2812 lltdsvc - ok
00:10:25.0606 2812 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:10:25.0653 2812 lmhosts - ok
00:10:25.0669 2812 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:10:25.0684 2812 LSI_FC - ok
00:10:25.0700 2812 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:10:25.0700 2812 LSI_SAS - ok
00:10:25.0716 2812 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
00:10:25.0716 2812 LSI_SAS2 - ok
00:10:25.0731 2812 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:10:25.0731 2812 LSI_SCSI - ok
00:10:25.0747 2812 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:10:25.0794 2812 luafv - ok
00:10:25.0825 2812 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:10:25.0825 2812 Mcx2Svc - ok
00:10:25.0840 2812 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
00:10:25.0840 2812 megasas - ok
00:10:25.0856 2812 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
00:10:25.0872 2812 MegaSR - ok
00:10:25.0887 2812 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:10:25.0918 2812 MMCSS - ok
00:10:25.0934 2812 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:10:25.0965 2812 Modem - ok
00:10:25.0981 2812 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:10:26.0012 2812 monitor - ok
00:10:26.0012 2812 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:10:26.0028 2812 mouclass - ok
00:10:26.0043 2812 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:10:26.0043 2812 mouhid - ok
00:10:26.0059 2812 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:10:26.0059 2812 mountmgr - ok
00:10:26.0121 2812 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:10:26.0137 2812 MozillaMaintenance - ok
00:10:26.0137 2812 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:10:26.0152 2812 mpio - ok
00:10:26.0168 2812 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:10:26.0199 2812 mpsdrv - ok
00:10:26.0215 2812 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:10:26.0262 2812 MpsSvc - ok
00:10:26.0277 2812 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:10:26.0308 2812 MRxDAV - ok
00:10:26.0340 2812 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:10:26.0371 2812 mrxsmb - ok
00:10:26.0386 2812 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:10:26.0402 2812 mrxsmb10 - ok
00:10:26.0418 2812 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:10:26.0433 2812 mrxsmb20 - ok
00:10:26.0464 2812 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:10:26.0464 2812 msahci - ok
00:10:26.0480 2812 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:10:26.0480 2812 msdsm - ok
00:10:26.0511 2812 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:10:26.0527 2812 MSDTC - ok
00:10:26.0542 2812 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:10:26.0574 2812 Msfs - ok
00:10:26.0589 2812 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:10:26.0636 2812 mshidkmdf - ok
00:10:26.0652 2812 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:10:26.0652 2812 msisadrv - ok
00:10:26.0683 2812 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:10:26.0730 2812 MSiSCSI - ok
00:10:26.0730 2812 msiserver - ok
00:10:26.0745 2812 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:10:26.0792 2812 MSKSSRV - ok
00:10:26.0808 2812 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:10:26.0839 2812 MSPCLOCK - ok
00:10:26.0854 2812 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:10:26.0901 2812 MSPQM - ok
00:10:26.0932 2812 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:10:26.0948 2812 MsRPC - ok
00:10:26.0948 2812 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:10:26.0964 2812 mssmbios - ok
00:10:26.0979 2812 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:10:27.0010 2812 MSTEE - ok
00:10:27.0026 2812 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
00:10:27.0042 2812 MTConfig - ok
00:10:27.0042 2812 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:10:27.0057 2812 Mup - ok
00:10:27.0073 2812 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:10:27.0120 2812 napagent - ok
00:10:27.0135 2812 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:10:27.0166 2812 NativeWifiP - ok
00:10:27.0198 2812 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:10:27.0759 2812 NDIS - ok
00:10:27.0759 2812 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:10:27.0790 2812 NdisCap - ok
00:10:27.0822 2812 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:10:27.0868 2812 NdisTapi - ok
00:10:27.0884 2812 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:10:27.0931 2812 Ndisuio - ok
00:10:28.0009 2812 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:10:28.0056 2812 NdisWan - ok
00:10:28.0102 2812 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:10:28.0134 2812 NDProxy - ok
00:10:28.0212 2812 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:10:28.0305 2812 NetBIOS - ok
00:10:28.0399 2812 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:10:28.0430 2812 NetBT - ok
00:10:28.0461 2812 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:10:28.0461 2812 Netlogon - ok
00:10:28.0524 2812 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:10:28.0555 2812 Netman - ok
00:10:28.0586 2812 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:10:28.0617 2812 netprofm - ok
00:10:28.0648 2812 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:10:28.0664 2812 NetTcpPortSharing - ok
00:10:28.0711 2812 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:10:28.0711 2812 nfrd960 - ok
00:10:28.0882 2812 [ C9C54C185D5728028A559319F137D44E ] NFService C:\PROGRA~2\FASTRE~1\IQWebFTPServerEngine.exe
00:10:28.0945 2812 NFService ( UnsignedFile.Multi.Generic ) - warning
00:10:28.0945 2812 NFService - detected UnsignedFile.Multi.Generic (1)
00:10:28.0976 2812 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:10:29.0038 2812 NlaSvc - ok
00:10:29.0054 2812 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:10:29.0085 2812 Npfs - ok
00:10:29.0101 2812 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:10:29.0132 2812 nsi - ok
00:10:29.0163 2812 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:10:29.0194 2812 nsiproxy - ok
00:10:29.0350 2812 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:10:29.0382 2812 Ntfs - ok
00:10:29.0413 2812 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:10:29.0460 2812 Null - ok
00:10:29.0475 2812 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:10:29.0491 2812 nvraid - ok
00:10:29.0584 2812 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:10:29.0631 2812 nvstor - ok
00:10:29.0709 2812 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:10:29.0740 2812 nv_agp - ok
00:10:29.0928 2812 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:10:29.0943 2812 odserv - ok
00:10:29.0990 2812 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:10:30.0021 2812 ohci1394 - ok
00:10:30.0162 2812 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:10:30.0193 2812 ose - ok
00:10:30.0293 2812 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:10:30.0384 2812 p2pimsvc - ok
00:10:30.0470 2812 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:10:30.0494 2812 p2psvc - ok
00:10:30.0534 2812 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:10:30.0571 2812 Parport - ok
00:10:30.0609 2812 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:10:30.0637 2812 partmgr - ok
00:10:30.0675 2812 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:10:30.0707 2812 PcaSvc - ok
00:10:30.0753 2812 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:10:30.0779 2812 pci - ok
00:10:30.0800 2812 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:10:30.0811 2812 pciide - ok
00:10:30.0851 2812 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:10:30.0892 2812 pcmcia - ok
00:10:30.0898 2812 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:10:30.0909 2812 pcw - ok
00:10:30.0936 2812 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:10:30.0995 2812 PEAUTH - ok
00:10:31.0133 2812 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:10:31.0206 2812 PeerDistSvc - ok
00:10:31.0599 2812 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:10:31.0614 2812 PerfHost - ok
00:10:31.0739 2812 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:10:31.0786 2812 pla - ok
00:10:31.0848 2812 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:10:31.0880 2812 PlugPlay - ok
00:10:31.0895 2812 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:10:31.0958 2812 PNRPAutoReg - ok
00:10:31.0973 2812 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:10:31.0989 2812 PNRPsvc - ok
00:10:32.0051 2812 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:10:32.0098 2812 PolicyAgent - ok
00:10:32.0160 2812 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:10:32.0207 2812 Power - ok
00:10:32.0270 2812 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:10:32.0301 2812 PptpMiniport - ok
00:10:32.0348 2812 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
00:10:32.0363 2812 Processor - ok
00:10:32.0410 2812 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:10:32.0475 2812 ProfSvc - ok
00:10:32.0512 2812 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:10:32.0544 2812 ProtectedStorage - ok
00:10:32.0733 2812 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:10:32.0834 2812 Psched - ok
00:10:32.0997 2812 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:10:33.0076 2812 ql2300 - ok
00:10:33.0101 2812 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:10:33.0119 2812 ql40xx - ok
00:10:33.0187 2812 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:10:33.0241 2812 QWAVE - ok
00:10:33.0278 2812 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:10:33.0322 2812 QWAVEdrv - ok
00:10:33.0361 2812 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:10:33.0429 2812 RasAcd - ok
00:10:33.0525 2812 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:10:33.0565 2812 RasAgileVpn - ok
00:10:33.0589 2812 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:10:33.0637 2812 RasAuto - ok
00:10:33.0734 2812 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:10:33.0783 2812 Rasl2tp - ok
00:10:33.0871 2812 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:10:33.0905 2812 RasMan - ok
00:10:33.0926 2812 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:10:33.0966 2812 RasPppoe - ok
00:10:34.0010 2812 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:10:34.0058 2812 RasSstp - ok
00:10:34.0065 2812 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:10:34.0116 2812 rdbss - ok
00:10:34.0128 2812 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:10:34.0153 2812 rdpbus - ok
00:10:34.0168 2812 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:10:34.0199 2812 RDPCDD - ok
00:10:34.0220 2812 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:10:34.0232 2812 RDPDR - ok
00:10:34.0247 2812 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:10:34.0289 2812 RDPENCDD - ok
00:10:34.0294 2812 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:10:34.0325 2812 RDPREFMP - ok
00:10:34.0350 2812 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:10:34.0370 2812 RDPWD - ok
00:10:34.0391 2812 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:10:34.0405 2812 rdyboost - ok
00:10:34.0430 2812 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:10:34.0462 2812 RemoteAccess - ok
00:10:34.0488 2812 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:10:34.0533 2812 RemoteRegistry - ok
00:10:34.0557 2812 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:10:34.0603 2812 RpcEptMapper - ok
00:10:34.0625 2812 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:10:34.0647 2812 RpcLocator - ok
00:10:34.0671 2812 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:10:34.0707 2812 RpcSs - ok
00:10:34.0733 2812 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:10:34.0768 2812 rspndr - ok
00:10:34.0795 2812 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
00:10:34.0825 2812 s3cap - ok
00:10:34.0855 2812 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:10:34.0875 2812 SamSs - ok
00:10:34.0898 2812 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:10:34.0922 2812 sbp2port - ok
00:10:34.0967 2812 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:10:35.0002 2812 SCardSvr - ok
00:10:35.0014 2812 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:10:35.0089 2812 scfilter - ok
00:10:35.0118 2812 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:10:35.0218 2812 Schedule - ok
00:10:35.0257 2812 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:10:35.0290 2812 SCPolicySvc - ok
00:10:35.0320 2812 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:10:35.0370 2812 SDRSVC - ok
00:10:35.0439 2812 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:10:35.0496 2812 secdrv - ok
00:10:35.0519 2812 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:10:35.0554 2812 seclogon - ok
00:10:35.0567 2812 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
00:10:35.0628 2812 SENS - ok
00:10:35.0662 2812 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:10:35.0719 2812 SensrSvc - ok
00:10:35.0737 2812 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:10:35.0771 2812 Serenum - ok
00:10:35.0836 2812 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:10:35.0875 2812 Serial - ok
00:10:35.0899 2812 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:10:35.0955 2812 sermouse - ok
00:10:35.0980 2812 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:10:36.0069 2812 SessionEnv - ok
00:10:36.0087 2812 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:10:36.0102 2812 sffdisk - ok
00:10:36.0136 2812 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:10:36.0207 2812 sffp_mmc - ok
00:10:36.0211 2812 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:10:36.0238 2812 sffp_sd - ok
00:10:36.0259 2812 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:10:36.0271 2812 sfloppy - ok
00:10:36.0303 2812 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:10:36.0334 2812 SharedAccess - ok
00:10:36.0365 2812 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:10:36.0396 2812 ShellHWDetection - ok
00:10:36.0412 2812 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
00:10:36.0412 2812 SiSRaid2 - ok
00:10:36.0427 2812 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:10:36.0427 2812 SiSRaid4 - ok
00:10:36.0474 2812 [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:10:36.0474 2812 SkypeUpdate - ok
00:10:36.0490 2812 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:10:36.0537 2812 Smb - ok
00:10:36.0568 2812 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:10:36.0583 2812 SNMPTRAP - ok
00:10:36.0599 2812 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:10:36.0615 2812 spldr - ok
00:10:36.0646 2812 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:10:36.0661 2812 Spooler - ok
00:10:36.0708 2812 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:10:36.0817 2812 sppsvc - ok
00:10:36.0833 2812 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:10:36.0864 2812 sppuinotify - ok
00:10:36.0895 2812 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:10:36.0927 2812 srv - ok
00:10:36.0927 2812 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:10:36.0942 2812 srv2 - ok
00:10:36.0958 2812 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:10:36.0973 2812 srvnet - ok
00:10:37.0005 2812 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:10:37.0036 2812 SSDPSRV - ok
00:10:37.0051 2812 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:10:37.0083 2812 SstpSvc - ok
00:10:37.0114 2812 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
00:10:37.0114 2812 stexstor - ok
00:10:37.0161 2812 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:10:37.0176 2812 stisvc - ok
00:10:37.0207 2812 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
00:10:37.0207 2812 storflt - ok
00:10:37.0239 2812 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
00:10:37.0270 2812 StorSvc - ok
00:10:37.0270 2812 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
00:10:37.0285 2812 storvsc - ok
00:10:37.0301 2812 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:10:37.0317 2812 swenum - ok
00:10:37.0332 2812 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:10:37.0363 2812 swprv - ok
00:10:37.0395 2812 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:10:37.0441 2812 SysMain - ok
00:10:37.0457 2812 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:10:37.0473 2812 TabletInputService - ok
00:10:37.0473 2812 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:10:37.0519 2812 TapiSrv - ok
00:10:37.0535 2812 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:10:37.0566 2812 TBS - ok
00:10:37.0613 2812 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:10:37.0675 2812 Tcpip - ok
00:10:37.0707 2812 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:10:37.0738 2812 TCPIP6 - ok
00:10:37.0753 2812 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:10:37.0800 2812 tcpipreg - ok
00:10:37.0816 2812 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:10:37.0831 2812 TDPIPE - ok
00:10:37.0847 2812 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:10:37.0863 2812 TDTCP - ok
00:10:37.0878 2812 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:10:37.0909 2812 tdx - ok
00:10:37.0909 2812 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:10:37.0925 2812 TermDD - ok
00:10:37.0956 2812 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:10:38.0003 2812 TermService - ok
00:10:38.0019 2812 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:10:38.0034 2812 Themes - ok
00:10:38.0034 2812 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:10:38.0065 2812 THREADORDER - ok
00:10:38.0081 2812 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:10:38.0128 2812 TrkWks - ok
00:10:38.0175 2812 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:10:38.0206 2812 TrustedInstaller - ok
00:10:38.0221 2812 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:10:38.0253 2812 tssecsrv - ok
00:10:38.0268 2812 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:10:38.0284 2812 TsUsbFlt - ok
00:10:38.0299 2812 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
00:10:38.0299 2812 TsUsbGD - ok
00:10:38.0315 2812 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:10:38.0362 2812 tunnel - ok
00:10:38.0377 2812 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:10:38.0377 2812 uagp35 - ok
00:10:38.0393 2812 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:10:38.0440 2812 udfs - ok
00:10:38.0455 2812 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:10:38.0487 2812 UI0Detect - ok
00:10:38.0502 2812 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:10:38.0502 2812 uliagpkx - ok
00:10:38.0518 2812 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:10:38.0549 2812 umbus - ok
00:10:38.0565 2812 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
00:10:38.0580 2812 UmPass - ok
00:10:38.0611 2812 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
00:10:38.0627 2812 UmRdpService - ok
00:10:38.0674 2812 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:10:38.0705 2812 upnphost - ok
00:10:38.0736 2812 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
00:10:38.0767 2812 usbaudio - ok
00:10:38.0783 2812 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:10:38.0799 2812 usbccgp - ok
00:10:38.0830 2812 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:10:38.0830 2812 usbcir - ok
00:10:38.0845 2812 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:10:38.0861 2812 usbehci - ok
00:10:38.0877 2812 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:10:38.0908 2812 usbhub - ok
00:10:38.0923 2812 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:10:38.0939 2812 usbohci - ok
00:10:38.0955 2812 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:10:38.0986 2812 usbprint - ok
00:10:39.0001 2812 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:10:39.0033 2812 USBSTOR - ok
00:10:39.0048 2812 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:10:39.0064 2812 usbuhci - ok
00:10:39.0079 2812 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:10:39.0111 2812 UxSms - ok
00:10:39.0126 2812 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:10:39.0142 2812 VaultSvc - ok
00:10:39.0157 2812 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:10:39.0157 2812 vdrvroot - ok
00:10:39.0189 2812 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:10:39.0235 2812 vds - ok
00:10:39.0267 2812 [ 8108E4573F819A6C76C7EFB4021B4DFE ] VF0470Vid C:\Windows\system32\DRIVERS\V0470Vid.sys
00:10:39.0298 2812 VF0470Vid - ok
00:10:39.0313 2812 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:10:39.0329 2812 vga - ok
00:10:39.0329 2812 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:10:39.0376 2812 VgaSave - ok
00:10:39.0376 2812 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:10:39.0391 2812 vhdmp - ok
00:10:39.0438 2812 [ 7999B714275315DA05A2EC3C0F80D9D2 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
00:10:39.0469 2812 VIAHdAudAddService - ok
00:10:39.0485 2812 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:10:39.0485 2812 viaide - ok
00:10:39.0516 2812 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
00:10:39.0532 2812 vmbus - ok
00:10:39.0547 2812 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
00:10:39.0579 2812 VMBusHID - ok
00:10:39.0594 2812 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:10:39.0594 2812 volmgr - ok
00:10:39.0610 2812 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:10:39.0625 2812 volmgrx - ok
00:10:39.0625 2812 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:10:39.0641 2812 volsnap - ok
00:10:39.0672 2812 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
00:10:39.0688 2812 vpcbus - ok
00:10:39.0719 2812 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
00:10:39.0735 2812 vpcnfltr - ok
00:10:39.0735 2812 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
00:10:39.0766 2812 vpcusb - ok
00:10:39.0797 2812 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
00:10:39.0813 2812 vpcvmm - ok
00:10:39.0813 2812 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:10:39.0828 2812 vsmraid - ok
00:10:39.0859 2812 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:10:39.0937 2812 VSS - ok
00:10:39.0953 2812 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:10:39.0969 2812 vwifibus - ok
00:10:39.0969 2812 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:10:40.0015 2812 W32Time - ok
00:10:40.0015 2812 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:10:40.0047 2812 WacomPen - ok
00:10:40.0062 2812 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:10:40.0093 2812 WANARP - ok
00:10:40.0093 2812 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:10:40.0125 2812 Wanarpv6 - ok
00:10:40.0171 2812 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:10:40.0218 2812 WatAdminSvc - ok
00:10:40.0249 2812 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:10:40.0296 2812 wbengine - ok
00:10:40.0312 2812 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:10:40.0327 2812 WbioSrvc - ok
00:10:40.0327 2812 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:10:40.0359 2812 wcncsvc - ok
00:10:40.0374 2812 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:10:40.0405 2812 WcsPlugInService - ok
00:10:40.0421 2812 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
00:10:40.0421 2812 Wd - ok
00:10:40.0483 2812 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:10:40.0515 2812 Wdf01000 - ok
00:10:40.0546 2812 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:10:40.0561 2812 WdiServiceHost - ok
00:10:40.0577 2812 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:10:40.0593 2812 WdiSystemHost - ok
00:10:40.0593 2812 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:10:40.0624 2812 WebClient - ok
00:10:40.0639 2812 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:10:40.0671 2812 Wecsvc - ok
00:10:40.0686 2812 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:10:40.0717 2812 wercplsupport - ok
00:10:40.0733 2812 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:10:40.0764 2812 WerSvc - ok
00:10:40.0780 2812 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:10:40.0811 2812 WfpLwf - ok
00:10:40.0827 2812 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:10:40.0827 2812 WIMMount - ok
00:10:40.0842 2812 WinDefend - ok
00:10:40.0842 2812 WinHttpAutoProxySvc - ok
00:10:40.0905 2812 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:10:40.0936 2812 Winmgmt - ok
00:10:40.0967 2812 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:10:41.0045 2812 WinRM - ok
00:10:41.0076 2812 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:10:41.0123 2812 Wlansvc - ok
00:10:41.0139 2812 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:10:41.0154 2812 WmiAcpi - ok
00:10:41.0185 2812 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:10:41.0201 2812 wmiApSrv - ok
00:10:41.0232 2812 WMPNetworkSvc - ok
00:10:41.0248 2812 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:10:41.0263 2812 WPCSvc - ok
00:10:41.0263 2812 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:10:41.0279 2812 WPDBusEnum - ok
00:10:41.0295 2812 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:10:41.0326 2812 ws2ifsl - ok
00:10:41.0326 2812 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
00:10:41.0357 2812 wscsvc - ok
00:10:41.0357 2812 WSearch - ok
00:10:41.0419 2812 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:10:41.0451 2812 wuauserv - ok
00:10:41.0466 2812 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:10:41.0497 2812 WudfPf - ok
00:10:41.0529 2812 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:10:41.0560 2812 WUDFRd - ok
00:10:41.0560 2812 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:10:41.0591 2812 wudfsvc - ok
00:10:41.0607 2812 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:10:41.0638 2812 WwanSvc - ok
00:10:41.0638 2812 ================ Scan global ===============================
00:10:41.0669 2812 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:10:41.0700 2812 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
00:10:41.0700 2812 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
00:10:41.0731 2812 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:10:41.0763 2812 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:10:41.0763 2812 [Global] - ok
00:10:41.0763 2812 ================ Scan MBR ==================================
00:10:41.0763 2812 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:10:42.0012 2812 \Device\Harddisk0\DR0 - ok
00:10:42.0012 2812 ================ Scan VBR ==================================
00:10:42.0012 2812 [ 6E7FD59030E67D073E8450E151926521 ] \Device\Harddisk0\DR0\Partition1
00:10:42.0012 2812 \Device\Harddisk0\DR0\Partition1 - ok
00:10:42.0043 2812 [ 5A34E5102CB76BDE7AE301CB59726815 ] \Device\Harddisk0\DR0\Partition2
00:10:42.0043 2812 \Device\Harddisk0\DR0\Partition2 - ok
00:10:42.0043 2812 ============================================================
00:10:42.0043 2812 Scan finished
00:10:42.0043 2812 ============================================================
00:10:42.0059 2840 Detected object count: 1
00:10:42.0059 2840 Actual detected object count: 1
00:10:56.0161 2840 NFService ( UnsignedFile.Multi.Generic ) - skipped by user
00:10:56.0161 2840 NFService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:13:09.0457 2524 Deinitialize success

[vyosek]

Skript pro ComboFix - postup stejny

Kód: Vybrat vše

KillAll::

Rootkit::
C:\Windows\system32\drivers\8e2185ace8825c71.sys

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

Reboot::

[a66]

ComboFix 12-11-14.01 - t1 15.11.2012 0:24.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4029.2875 [GMT 1:00]
Spuštěný z: c:\users\t1\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\t1\Desktop\CFScript.txt
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-14 do 2012-11-14 )))))))))))))))))))))))))))))))
.
.
2012-11-14 23:27 . 2012-11-14 23:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-14 23:08 . 2012-11-14 23:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-14 22:26 . 2012-11-14 22:26 -------- d-----w- C:\_OTM
2012-11-14 20:36 . 2010-11-21 03:24 179072 ----a-w- c:\windows\SysWow64\drivers\classpnp.sys
2012-11-14 20:36 . 2010-11-21 03:24 27520 ----a-w- c:\windows\SysWow64\drivers\diskdump.sys
2012-11-14 20:36 . 2009-07-14 01:52 21584 ----a-w- c:\windows\SysWow64\drivers\compbatt.sys
2012-11-14 20:36 . 2012-11-14 20:36 0 ----a-w- c:\windows\SysWow64\drivers\ks.sys
2012-11-14 20:36 . 2009-07-14 01:48 20544 ----a-w- c:\windows\SysWow64\drivers\isapnp.sys
2012-11-09 12:36 . 2012-11-09 12:36 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-11-09 12:36 . 2012-11-09 12:36 -------- d-----w- C:\Install
2012-11-08 07:56 . 2012-11-08 08:02 -------- d-----w- c:\users\t1\AppData\Local\ElevatedDiagnostics
2012-11-07 14:58 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-07 14:57 . 2012-11-08 07:59 -------- d-----w- c:\programdata\AVAST Software
2012-11-07 14:57 . 2012-11-07 14:57 -------- d-----w- c:\program files\AVAST Software
2012-11-07 14:41 . 2012-11-07 14:41 -------- d-----w- c:\users\t1\AppData\Roaming\Malwarebytes
2012-11-07 14:41 . 2012-11-07 14:41 -------- d-----w- c:\programdata\Malwarebytes
2012-11-07 14:38 . 2012-11-07 14:38 -------- d-----w- c:\users\t1\AppData\Local\Macromedia
2012-11-06 10:45 . 2012-11-06 10:45 -------- d-----w- C:\rsit
2012-11-06 10:41 . 2012-11-06 10:41 -------- d-----w- C:\qqas
2012-11-06 10:39 . 2012-11-06 10:39 -------- d-----w- c:\program files\trend micro
2012-11-06 07:04 . 2012-10-17 00:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4445A795-6DFD-4104-9A40-F2E49D6ADEC8}\mpengine.dll
2012-11-05 10:41 . 2012-11-05 10:41 -------- d-----w- c:\program files (x86)\RocketDock
2012-11-05 10:11 . 2012-11-14 20:40 -------- d-----w- c:\users\t1\AppData\Roaming\Skype
2012-11-05 10:11 . 2012-11-05 10:11 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-05 10:11 . 2012-11-05 10:11 -------- d-----r- c:\program files (x86)\Skype
2012-11-05 10:11 . 2012-11-05 10:11 -------- d-----w- c:\programdata\Skype
2012-11-05 07:53 . 2012-03-11 21:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-10-25 13:22 . 2012-10-25 13:22 -------- d-----w- c:\program files (x86)\winparte4
2012-10-25 12:38 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-10-25 12:38 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-10-23 13:24 . 2012-10-23 13:24 -------- d-----w- c:\windows\CheckSur
2012-10-23 12:18 . 2012-10-23 12:19 -------- d-----w- c:\users\t1\AppData\Local\Google
2012-10-23 12:17 . 2012-10-23 12:17 -------- d-----w- c:\users\t1\AppData\Local\Mozilla
2012-10-23 12:16 . 2012-11-06 07:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-23 09:34 . 2012-10-23 09:34 -------- d-----w- c:\users\t1\AppData\Local\CutePDF Writer
2012-10-23 09:33 . 2012-10-26 12:48 -------- d-----w- c:\program files (x86)\Acro Software
2012-10-23 09:26 . 2012-10-23 09:26 -------- d-----w- c:\users\t1\AppData\Local\Adobe
2012-10-23 09:23 . 2012-10-23 09:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-10-23 09:18 . 2012-10-23 09:18 -------- d-----w- c:\program files (x86)\DoroPDFWriter
2012-10-23 08:20 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-23 08:20 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-23 08:20 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-23 08:20 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-23 08:20 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-23 08:20 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-23 08:20 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-23 08:20 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-23 08:20 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-23 08:16 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-23 08:16 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-23 08:15 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-23 08:15 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-23 08:15 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-23 08:15 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-23 08:15 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-23 08:15 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-23 08:11 . 2012-10-23 08:11 -------- d-----w- C:\NFRoot
2012-10-23 08:10 . 2012-10-23 08:12 -------- d-----w- c:\program files (x86)\Fastream IQ Web FTP Server GUI
2012-10-23 08:10 . 2012-10-23 08:20 -------- d-----w- c:\program files (x86)\Fastream IQ Web FTP Server Engine
2012-10-22 10:28 . 2012-10-25 13:21 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 14:37 . 2012-10-04 05:56 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-07 14:37 . 2012-02-24 17:16 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-23 13:31 . 2012-02-24 16:41 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-24 11:15 . 2012-10-03 22:31 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-10-03 22:31 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-10-03 22:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-10-03 22:31 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-10-03 22:31 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-10-03 22:31 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-10-03 22:31 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-10-03 22:31 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-10-03 22:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-10-03 22:31 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-10-03 22:31 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-10-03 22:31 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-10-03 22:31 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-10-03 22:31 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-10-03 22:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-10-03 22:31 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-10-03 22:31 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-10-03 22:31 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-10-03 22:31 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-10-03 22:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-10-03 22:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-10-03 22:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-10-01 12:11 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-10-03 22:56 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-10-01 12:11 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-10-01 12:11 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-23 08:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 2792448]
"DoroServer"="c:\program files (x86)\DoroPDFWriter\DoroServer.exe" [2012-03-10 172032]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-04 32768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\DRIVERS\V0470Vid.sys [2007-05-09 183200]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-24 1255736]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-08 283200]
S2 NFService;Fastream IQ Web/FTP Server;c:\progra~2\FASTRE~1\IQWebFTPServerEngine.exe [2008-10-14 3221504]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1276928]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAAUD"="c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-08 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.10
FF - ProfilePath - c:\users\t1\AppData\Roaming\Mozilla\Firefox\Profiles\q2c4muzn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-34667509.sys
AddRemove-krem2002_is1 - c:\krem2002\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Celkový čas: 2012-11-15 00:36:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-14 23:36
ComboFix2.txt 2012-11-14 21:00
ComboFix3.txt 2012-11-14 18:52
.
Před spuštěním: Volných bajtů: 284 002 201 600
Po spuštění: Volných bajtů: 283 690 344 448
.
- - End Of File - - CC5D91F7079F73598CF0C1BD804BDE97

[vyosek]

Fajn, jak se chova PC