Win32/Bubnix

[kormuthka]

asi sa pytam velmi hlupo, ale kde mam tu slozku hladat? na c. nemam taku slozku

[vyosek]

No, to je ono, kdyz neni, tak neni Takze ji nenajdete, ja myslel ze tam bude...

Udelejte tedy ten TDSSKiller

[kormuthka]

21:37:58.0578 3832 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:37:58.0812 3832 ============================================================
21:37:58.0812 3832 Current date / time: 2013/01/23 21:37:58.0812
21:37:58.0812 3832 SystemInfo:
21:37:58.0812 3832
21:37:58.0812 3832 OS Version: 5.1.2600 ServicePack: 3.0
21:37:58.0812 3832 Product type: Workstation
21:37:58.0812 3832 ComputerName: PODSIVKA02
21:37:58.0812 3832 UserName: admin
21:37:58.0812 3832 Windows directory: C:\WINDOWS
21:37:58.0812 3832 System windows directory: C:\WINDOWS
21:37:58.0812 3832 Processor architecture: Intel x86
21:37:58.0812 3832 Number of processors: 1
21:37:58.0812 3832 Page size: 0x1000
21:37:58.0812 3832 Boot type: Normal boot
21:37:58.0812 3832 ============================================================
21:38:00.0453 3832 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:38:00.0453 3832 Drive \Device\Harddisk1\DR4 - Size: 0x3C6C00000 (15.11 Gb), SectorSize: 0x200, Cylinders: 0x7B3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:38:00.0468 3832 Drive \Device\Harddisk2\DR5 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:38:04.0281 3832 ============================================================
21:38:04.0281 3832 \Device\Harddisk0\DR0:
21:38:04.0312 3832 MBR partitions:
21:38:04.0312 3832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x9C263D, BlocksNum 0x6A6B0A2
21:38:04.0312 3832 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x742D6DF, BlocksNum 0x6B660E2
21:38:04.0312 3832 \Device\Harddisk1\DR4:
21:38:04.0312 3832 MBR partitions:
21:38:04.0312 3832 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xC, StartLBA 0x4720, BlocksNum 0x1E318E0
21:38:04.0312 3832 \Device\Harddisk2\DR5:
21:38:04.0312 3832 MBR partitions:
21:38:04.0312 3832 \Device\Harddisk2\DR5\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
21:38:04.0312 3832 ============================================================
21:38:04.0312 3832 C: <-> \Device\Harddisk0\DR0\Partition1
21:38:04.0343 3832 D: <-> \Device\Harddisk0\DR0\Partition2
21:38:04.0343 3832 H: <-> \Device\Harddisk2\DR5\Partition1
21:38:04.0343 3832 ============================================================
21:38:04.0343 3832 Initialize success
21:38:04.0343 3832 ============================================================
21:39:05.0671 3052 ============================================================
21:39:05.0671 3052 Scan started
21:39:05.0671 3052 Mode: Manual; SigCheck; TDLFS;
21:39:05.0671 3052 ============================================================
21:39:06.0203 3052 ================ Scan system memory ========================
21:39:06.0203 3052 System memory - ok
21:39:06.0203 3052 ================ Scan services =============================
21:39:06.0328 3052 Abiosdsk - ok
21:39:06.0390 3052 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:39:09.0312 3052 abp480n5 - ok
21:39:09.0312 3052 AcerMemUsageCheckService - ok
21:39:09.0375 3052 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:39:09.0578 3052 ACPI - ok
21:39:09.0609 3052 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:39:09.0765 3052 ACPIEC - ok
21:39:09.0859 3052 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:39:09.0906 3052 AdobeFlashPlayerUpdateSvc - ok
21:39:09.0953 3052 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:39:10.0140 3052 adpu160m - ok
21:39:10.0187 3052 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:39:10.0375 3052 aec - ok
21:39:10.0421 3052 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:39:10.0484 3052 AFD - ok
21:39:10.0531 3052 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
21:39:10.0687 3052 agp440 - ok
21:39:10.0718 3052 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:39:10.0906 3052 agpCPQ - ok
21:39:10.0937 3052 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:39:11.0031 3052 Aha154x - ok
21:39:11.0078 3052 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:39:11.0281 3052 aic78u2 - ok
21:39:11.0312 3052 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:39:11.0515 3052 aic78xx - ok
21:39:11.0562 3052 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:39:11.0750 3052 Alerter - ok
21:39:11.0796 3052 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
21:39:11.0968 3052 ALG - ok
21:39:12.0000 3052 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
21:39:12.0203 3052 AliIde - ok
21:39:12.0250 3052 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:39:12.0406 3052 alim1541 - ok
21:39:12.0437 3052 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:39:12.0609 3052 amdagp - ok
21:39:12.0640 3052 [ D2B80A58ED4082DA1D2F382F64621DC9 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:39:12.0718 3052 AmdK8 - ok
21:39:12.0765 3052 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
21:39:12.0859 3052 amsint - ok
21:39:12.0921 3052 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:39:12.0937 3052 Apple Mobile Device - ok
21:39:13.0031 3052 AppMgmt - ok
21:39:13.0093 3052 [ BAA6B3CC74A4377D063C5A92DD9C4098 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
21:39:13.0218 3052 AR5211 - ok
21:39:13.0265 3052 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:39:13.0453 3052 Arp1394 - ok
21:39:13.0500 3052 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
21:39:13.0734 3052 asc - ok
21:39:13.0781 3052 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:39:13.0859 3052 asc3350p - ok
21:39:13.0890 3052 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:39:14.0093 3052 asc3550 - ok
21:39:14.0156 3052 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:39:14.0187 3052 aspnet_state - ok
21:39:14.0203 3052 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:39:14.0375 3052 AsyncMac - ok
21:39:14.0406 3052 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:39:14.0562 3052 atapi - ok
21:39:14.0593 3052 Atdisk - ok
21:39:14.0703 3052 [ E9B73D638608B5B20608DB28186D3494 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:39:14.0781 3052 Ati HotKey Poller - ok
21:39:14.0937 3052 [ 2922CD8A5D913E737D4E7A634042E154 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:39:15.0078 3052 ati2mtag - ok
21:39:15.0125 3052 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:39:15.0296 3052 Atmarpc - ok
21:39:15.0406 3052 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:39:15.0578 3052 AudioSrv - ok
21:39:15.0609 3052 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:39:15.0796 3052 audstub - ok
21:39:15.0828 3052 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:39:16.0015 3052 Beep - ok
21:39:16.0125 3052 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
21:39:16.0296 3052 BITS - ok
21:39:16.0390 3052 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:39:16.0421 3052 Bonjour Service - ok
21:39:16.0500 3052 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
21:39:16.0546 3052 Browser - ok
21:39:16.0703 3052 [ 52C724DAC8ADDC50F593E331A9863979 ] Browser Defender Update Service C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
21:39:16.0734 3052 Browser Defender Update Service - ok
21:39:16.0750 3052 btaudio - ok
21:39:16.0765 3052 BTDriver - ok
21:39:16.0796 3052 BTKRNL - ok
21:39:16.0812 3052 BTWDNDIS - ok
21:39:16.0921 3052 [ C75927F7BD22F298ADA922A946DA4586 ] Cam5603D C:\WINDOWS\system32\Drivers\BisonCam.sys
21:39:17.0015 3052 Cam5603D - ok
21:39:17.0062 3052 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:39:17.0265 3052 cbidf - ok
21:39:17.0281 3052 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:39:17.0484 3052 cbidf2k - ok
21:39:17.0515 3052 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:39:17.0671 3052 CCDECODE - ok
21:39:17.0703 3052 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:39:17.0796 3052 cd20xrnt - ok
21:39:17.0828 3052 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:39:18.0046 3052 Cdaudio - ok
21:39:18.0078 3052 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:39:18.0250 3052 Cdfs - ok
21:39:18.0296 3052 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:39:18.0468 3052 Cdrom - ok
21:39:18.0484 3052 Changer - ok
21:39:18.0578 3052 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:39:18.0750 3052 CiSvc - ok
21:39:18.0843 3052 [ D5C2B2085086C2B594502E23913D1CB8 ] CLCapSvc C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
21:39:18.0859 3052 CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
21:39:18.0859 3052 CLCapSvc - detected UnsignedFile.Multi.Generic (1)
21:39:18.0937 3052 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:39:19.0125 3052 ClipSrv - ok
21:39:19.0171 3052 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:39:19.0187 3052 clr_optimization_v2.0.50727_32 - ok
21:39:19.0234 3052 [ 2303219FA3D03DF12636DBB7AD8B6801 ] CLSched C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
21:39:19.0250 3052 CLSched ( UnsignedFile.Multi.Generic ) - warning
21:39:19.0250 3052 CLSched - detected UnsignedFile.Multi.Generic (1)
21:39:19.0281 3052 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:39:19.0453 3052 CmBatt - ok
21:39:19.0484 3052 [ 964D0F042ACA51D5644779EB9D9EE40F ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:39:19.0687 3052 CmdIde - ok
21:39:19.0718 3052 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:39:19.0875 3052 Compbatt - ok
21:39:19.0937 3052 COMSysApp - ok
21:39:19.0984 3052 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:39:20.0203 3052 Cpqarray - ok
21:39:20.0281 3052 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:39:20.0437 3052 CryptSvc - ok
21:39:20.0484 3052 [ 5B417ED5B49D5A65355A81A2A5FBC1E0 ] CyberLink Media Library Service C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
21:39:20.0500 3052 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning
21:39:20.0500 3052 CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)
21:39:20.0562 3052 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:39:20.0750 3052 dac2w2k - ok
21:39:20.0781 3052 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:39:20.0984 3052 dac960nt - ok
21:39:21.0062 3052 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:39:21.0125 3052 DcomLaunch - ok
21:39:21.0171 3052 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:39:21.0359 3052 Dhcp - ok
21:39:21.0390 3052 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:39:21.0562 3052 Disk - ok
21:39:21.0609 3052 [ 08D30AF92C270F2E76787C81589DBAD6 ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
21:39:21.0640 3052 DKbFltr - ok
21:39:21.0703 3052 dmadmin - ok
21:39:21.0828 3052 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:39:22.0031 3052 dmboot - ok
21:39:22.0093 3052 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:39:22.0234 3052 dmio - ok
21:39:22.0265 3052 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:39:22.0468 3052 dmload - ok
21:39:22.0515 3052 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:39:22.0687 3052 dmserver - ok
21:39:22.0718 3052 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:39:22.0890 3052 DMusic - ok
21:39:22.0953 3052 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:39:23.0062 3052 Dnscache - ok
21:39:23.0156 3052 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:39:23.0328 3052 Dot3svc - ok
21:39:23.0375 3052 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:39:23.0578 3052 dpti2o - ok
21:39:23.0656 3052 [ 5BEB3BDAECC6C9348FC0D169CE65ECC6 ] DritekPortIO C:\PROGRA~1\LAUNCH~1\DPortIO.sys
21:39:23.0671 3052 DritekPortIO ( UnsignedFile.Multi.Generic ) - warning
21:39:23.0671 3052 DritekPortIO - detected UnsignedFile.Multi.Generic (1)
21:39:23.0703 3052 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:39:23.0875 3052 drmkaud - ok
21:39:23.0921 3052 [ 63A53BB2A85DD22A5E8D6C5CB6273043 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
21:39:39.0312 3052 eamon - ok
21:39:39.0375 3052 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:39:39.0546 3052 EapHost - ok
21:39:39.0593 3052 [ 4F72DD48A2ED63A57C1210228A472020 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
21:39:39.0656 3052 ehdrv - ok
21:39:39.0859 3052 [ E95AB781773870BD68ABE1AE1B57A8AC ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
21:39:39.0953 3052 ekrn - ok
21:39:40.0031 3052 eLock2BurnerLockDriver - ok
21:39:40.0093 3052 eLock2FSCTLDriver - ok
21:39:40.0156 3052 [ 5AEE9EEDCFBF2B0F9DEC53C27EE722A3 ] EMSCR C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
21:39:40.0187 3052 EMSCR - ok
21:39:40.0218 3052 [ 1079517E33044BFA7FF3C1B9A86F05BF ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
21:39:40.0265 3052 epfwtdir - ok
21:39:40.0343 3052 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:39:40.0500 3052 ERSvc - ok
21:39:40.0546 3052 [ 8E56AB21D10C368029CEA57DE47D79C2 ] ESDCR C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
21:39:40.0562 3052 ESDCR - ok
21:39:40.0609 3052 esgiguard - ok
21:39:40.0656 3052 [ 0A58FADE5E12D3A611427292073362CB ] ESMCR C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
21:39:40.0687 3052 ESMCR - ok
21:39:40.0765 3052 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
21:39:40.0781 3052 Eventlog - ok
21:39:40.0890 3052 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
21:39:40.0937 3052 EventSystem - ok
21:39:40.0984 3052 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:39:41.0156 3052 Fastfat - ok
21:39:41.0234 3052 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:39:41.0281 3052 FastUserSwitchingCompatibility - ok
21:39:41.0359 3052 [ 2CD14C70D1D81AF054AA5ED8024DCAE6 ] Fax C:\WINDOWS\system32\fxssvc.exe
21:39:41.0515 3052 Fax - ok
21:39:41.0546 3052 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:39:41.0718 3052 Fdc - ok
21:39:41.0828 3052 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:39:42.0000 3052 Fips - ok
21:39:42.0046 3052 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:39:42.0218 3052 Flpydisk - ok
21:39:42.0281 3052 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:39:42.0437 3052 FltMgr - ok
21:39:42.0562 3052 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:39:42.0593 3052 FontCache3.0.0.0 - ok
21:39:42.0625 3052 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:39:42.0859 3052 Fs_Rec - ok
21:39:42.0890 3052 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:39:43.0078 3052 Ftdisk - ok
21:39:43.0125 3052 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:39:43.0140 3052 GEARAspiWDM - ok
21:39:43.0171 3052 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:39:43.0328 3052 Gpc - ok
21:39:43.0406 3052 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca9111331f92bd C:\Program Files\Google\Update\GoogleUpdate.exe
21:39:43.0453 3052 gupdate1ca9111331f92bd - ok
21:39:43.0453 3052 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:39:43.0484 3052 gupdatem - ok
21:39:43.0546 3052 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:39:43.0562 3052 gusvc - ok
21:39:43.0609 3052 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:39:43.0765 3052 HDAudBus - ok
21:39:43.0812 3052 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:39:43.0968 3052 helpsvc - ok
21:39:44.0015 3052 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:39:44.0218 3052 HidServ - ok
21:39:44.0250 3052 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:39:44.0421 3052 HidUsb - ok
21:39:44.0484 3052 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:39:44.0656 3052 hkmsvc - ok
21:39:44.0687 3052 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
21:39:44.0906 3052 hpn - ok
21:39:44.0953 3052 [ 358AE1D350E05F5C45F65DCA0BE6BA40 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:39:45.0000 3052 HSFHWAZL - ok
21:39:45.0125 3052 [ C17B97F331A08BED979961245331413D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:39:45.0218 3052 HSF_DPV - ok
21:39:45.0265 3052 [ 83F221DDAE2D2353B41F0227E6E411D7 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
21:39:45.0312 3052 HSXHWAZL - ok
21:39:45.0312 3052 Suspicious service (NoAccess): htiabsn
21:39:45.0406 3052 [ 809CED582B9EF391B9D0851D5C3533AC ] htiabsn C:\WINDOWS\system32\drivers\htiabsn.sys
21:39:45.0406 3052 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\htiabsn.sys. md5: 809CED582B9EF391B9D0851D5C3533AC
21:39:45.0437 3052 htiabsn ( LockedService.Multi.Generic ) - warning
21:39:45.0453 3052 htiabsn - detected LockedService.Multi.Generic (1)
21:39:45.0500 3052 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:39:45.0546 3052 HTTP - ok
21:39:45.0625 3052 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:39:45.0765 3052 HTTPFilter - ok
21:39:45.0796 3052 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
21:39:45.0953 3052 i2omgmt - ok
21:39:46.0000 3052 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:39:46.0171 3052 i2omp - ok
21:39:46.0218 3052 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:39:46.0375 3052 i8042prt - ok
21:39:46.0515 3052 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:39:46.0593 3052 idsvc - ok
21:39:46.0640 3052 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:39:46.0796 3052 Imapi - ok
21:39:47.0156 3052 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:39:47.0328 3052 ImapiService - ok
21:39:47.0390 3052 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:39:47.0593 3052 ini910u - ok
21:39:47.0656 3052 [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15 C:\WINDOWS\system32\drivers\int15.sys
21:39:47.0671 3052 int15 ( UnsignedFile.Multi.Generic ) - warning
21:39:47.0671 3052 int15 - detected UnsignedFile.Multi.Generic (1)
21:39:47.0984 3052 [ 909D03B3B7FB7C830B74F74F4D0EA7CE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:39:48.0328 3052 IntcAzAudAddService - ok
21:39:48.0406 3052 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:39:48.0562 3052 IntelIde - ok
21:39:48.0593 3052 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:39:48.0765 3052 Ip6Fw - ok
21:39:48.0796 3052 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:39:49.0000 3052 IpFilterDriver - ok
21:39:49.0031 3052 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:39:49.0171 3052 IpInIp - ok
21:39:49.0265 3052 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:39:49.0421 3052 IpNat - ok
21:39:49.0515 3052 [ 6E27978A4755F4789F912F5F49392F7C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:39:49.0578 3052 iPod Service - ok
21:39:49.0640 3052 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:39:49.0796 3052 IPSec - ok
21:39:49.0843 3052 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
21:39:50.0031 3052 irda - ok
21:39:50.0062 3052 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:39:50.0218 3052 IRENUM - ok
21:39:50.0328 3052 [ 8024EA8C5B2D2A4D201F418B0AADB804 ] Irmon C:\WINDOWS\System32\irmon.dll
21:39:50.0468 3052 Irmon - ok
21:39:50.0500 3052 [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys
21:39:50.0593 3052 irsir - ok
21:39:50.0656 3052 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:39:50.0812 3052 isapnp - ok
21:39:50.0875 3052 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:39:51.0046 3052 Kbdclass - ok
21:39:51.0078 3052 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:39:51.0250 3052 kbdhid - ok
21:39:51.0312 3052 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:39:51.0468 3052 kmixer - ok
21:39:51.0500 3052 [ D8DF201E64B455DE473FEFD4A7A7AF0C ] KMWDFilter C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
21:39:51.0515 3052 KMWDFilter ( UnsignedFile.Multi.Generic ) - warning
21:39:51.0515 3052 KMWDFilter - detected UnsignedFile.Multi.Generic (1)
21:39:51.0609 3052 [ 393B6C708B318C457317A32A1F45C545 ] KMWDSERVICE C:\Program Files\Silvercrest NM1005 driver\KMWDSrv.exe
21:39:51.0625 3052 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - warning
21:39:51.0625 3052 KMWDSERVICE - detected UnsignedFile.Multi.Generic (1)
21:39:51.0656 3052 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:39:51.0734 3052 KSecDD - ok
21:39:51.0812 3052 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:39:51.0843 3052 lanmanserver - ok
21:39:51.0906 3052 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:39:51.0968 3052 lanmanworkstation - ok
21:39:51.0984 3052 lbrtfdc - ok
21:39:52.0078 3052 [ AB8134127F786C9603817B5318DCEEAA ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:39:52.0109 3052 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:39:52.0109 3052 LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:39:52.0156 3052 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:39:52.0328 3052 LmHosts - ok
21:39:52.0375 3052 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:39:52.0421 3052 MBAMProtector - ok
21:39:52.0468 3052 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:39:52.0500 3052 MBAMScheduler - ok
21:39:52.0578 3052 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:39:52.0625 3052 MBAMService - ok
21:39:52.0671 3052 [ 74F4372AF97A587ECEC527EC34955712 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:39:52.0703 3052 mdmxsdk - ok
21:39:52.0765 3052 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:39:52.0953 3052 Messenger - ok
21:39:52.0984 3052 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:39:53.0187 3052 mnmdd - ok
21:39:53.0250 3052 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:39:53.0406 3052 mnmsrvc - ok
21:39:53.0453 3052 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:39:53.0593 3052 Modem - ok
21:39:53.0640 3052 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:39:53.0796 3052 Mouclass - ok
21:39:53.0843 3052 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:39:54.0078 3052 mouhid - ok
21:39:54.0125 3052 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:39:54.0296 3052 MountMgr - ok
21:39:54.0406 3052 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:39:54.0453 3052 MozillaMaintenance - ok
21:39:54.0500 3052 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:39:54.0703 3052 mraid35x - ok
21:39:54.0765 3052 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:39:54.0937 3052 MRxDAV - ok
21:39:55.0031 3052 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:39:55.0109 3052 MRxSmb - ok
21:39:55.0218 3052 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:39:55.0359 3052 MSDTC - ok
21:39:55.0406 3052 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:39:55.0562 3052 Msfs - ok
21:39:55.0640 3052 MSIServer - ok
21:39:55.0703 3052 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:39:55.0859 3052 MSKSSRV - ok
21:39:55.0890 3052 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:39:56.0046 3052 MSPCLOCK - ok
21:39:56.0093 3052 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:39:56.0265 3052 MSPQM - ok
21:39:56.0296 3052 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:39:56.0437 3052 mssmbios - ok
21:39:56.0484 3052 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:39:56.0656 3052 MSTEE - ok
21:39:56.0687 3052 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:39:56.0750 3052 Mup - ok
21:39:56.0812 3052 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:39:56.0984 3052 NABTSFEC - ok
21:39:57.0093 3052 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:39:57.0265 3052 napagent - ok
21:39:57.0296 3052 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:39:57.0468 3052 NDIS - ok
21:39:57.0515 3052 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:39:57.0687 3052 NdisIP - ok
21:39:57.0718 3052 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:39:57.0765 3052 NdisTapi - ok
21:39:57.0828 3052 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:39:58.0000 3052 Ndisuio - ok
21:39:58.0046 3052 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:39:58.0203 3052 NdisWan - ok
21:39:58.0234 3052 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:39:58.0281 3052 NDProxy - ok
21:39:58.0328 3052 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:39:58.0484 3052 NetBIOS - ok
21:39:58.0531 3052 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:39:58.0687 3052 NetBT - ok
21:39:58.0750 3052 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
21:39:58.0921 3052 NetDDE - ok
21:39:58.0937 3052 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:39:59.0078 3052 NetDDEdsdm - ok
21:39:59.0156 3052 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:39:59.0328 3052 Netlogon - ok
21:39:59.0421 3052 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
21:39:59.0593 3052 Netman - ok
21:39:59.0687 3052 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:39:59.0703 3052 NetTcpPortSharing - ok
21:39:59.0750 3052 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:39:59.0906 3052 NIC1394 - ok
21:39:59.0984 3052 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
21:40:00.0031 3052 Nla - ok
21:40:00.0062 3052 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
21:40:00.0234 3052 nm - ok
21:40:00.0281 3052 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:40:00.0453 3052 Npfs - ok
21:40:00.0515 3052 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:40:00.0703 3052 Ntfs - ok
21:40:00.0734 3052 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
21:40:00.0750 3052 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
21:40:00.0750 3052 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
21:40:00.0781 3052 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:40:00.0937 3052 NtLmSsp - ok
21:40:01.0062 3052 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:40:01.0250 3052 NtmsSvc - ok
21:40:01.0281 3052 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:40:01.0421 3052 Null - ok
21:40:01.0453 3052 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:40:01.0640 3052 NwlnkFlt - ok
21:40:01.0671 3052 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:40:01.0875 3052 NwlnkFwd - ok
21:40:01.0921 3052 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
21:40:02.0093 3052 NwlnkIpx - ok
21:40:02.0140 3052 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
21:40:02.0312 3052 NwlnkNb - ok
21:40:02.0359 3052 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
21:40:02.0531 3052 NwlnkSpx - ok
21:40:02.0593 3052 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:40:02.0734 3052 ohci1394 - ok
21:40:02.0843 3052 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:40:02.0890 3052 ose - ok
21:40:02.0937 3052 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\drivers\Parport.sys
21:40:03.0125 3052 Parport - ok
21:40:03.0156 3052 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:40:03.0312 3052 PartMgr - ok
21:40:03.0343 3052 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:40:03.0546 3052 ParVdm - ok
21:40:03.0593 3052 [ 5F0ED2F6DA0DF347AB7777EEDD5253BB ] PcaSp50 C:\WINDOWS\system32\DRIVERS\PcaSp50.sys
21:40:03.0609 3052 PcaSp50 - ok
21:40:03.0671 3052 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:40:03.0843 3052 PCI - ok
21:40:03.0859 3052 PCIDump - ok
21:40:03.0875 3052 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:40:04.0046 3052 PCIIde - ok
21:40:04.0093 3052 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:40:04.0250 3052 Pcmcia - ok
21:40:04.0296 3052 [ 9DCE45B0DC51EBB7CD7063F8C3B086D0 ] PCTBD C:\WINDOWS\system32\Drivers\PCTBD.sys
21:40:04.0312 3052 PCTBD - ok
21:40:04.0328 3052 PDCOMP - ok
21:40:04.0359 3052 PDFRAME - ok
21:40:04.0375 3052 PDRELI - ok
21:40:04.0390 3052 PDRFRAME - ok
21:40:04.0437 3052 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
21:40:04.0609 3052 perc2 - ok
21:40:04.0671 3052 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:40:04.0859 3052 perc2hib - ok
21:40:04.0937 3052 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
21:40:04.0953 3052 PlugPlay - ok
21:40:05.0000 3052 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:40:05.0140 3052 PolicyAgent - ok
21:40:05.0187 3052 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:40:05.0359 3052 PptpMiniport - ok
21:40:05.0390 3052 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:40:05.0562 3052 Processor - ok
21:40:05.0593 3052 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:40:05.0750 3052 ProtectedStorage - ok
21:40:05.0796 3052 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:40:05.0953 3052 PSched - ok
21:40:06.0000 3052 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:40:06.0187 3052 Ptilink - ok
21:40:06.0234 3052 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:40:06.0250 3052 PxHelp20 - ok
21:40:06.0281 3052 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:40:06.0500 3052 ql1080 - ok
21:40:06.0531 3052 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:40:06.0718 3052 Ql10wnt - ok
21:40:06.0765 3052 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:40:06.0906 3052 ql12160 - ok
21:40:06.0937 3052 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:40:07.0125 3052 ql1240 - ok
21:40:07.0156 3052 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:40:07.0359 3052 ql1280 - ok
21:40:07.0375 3052 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:40:07.0546 3052 RasAcd - ok
21:40:07.0609 3052 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:40:07.0765 3052 RasAuto - ok
21:40:07.0796 3052 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:40:07.0906 3052 Rasirda - ok
21:40:07.0953 3052 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:40:08.0125 3052 Rasl2tp - ok
21:40:08.0203 3052 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:40:08.0375 3052 RasMan - ok
21:40:08.0406 3052 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:40:08.0562 3052 RasPppoe - ok
21:40:08.0593 3052 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:40:08.0781 3052 Raspti - ok
21:40:08.0828 3052 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:40:09.0000 3052 Rdbss - ok
21:40:09.0031 3052 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:40:09.0203 3052 RDPCDD - ok
21:40:09.0265 3052 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:40:09.0437 3052 rdpdr - ok
21:40:09.0484 3052 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:40:09.0546 3052 RDPWD - ok
21:40:09.0625 3052 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:40:09.0781 3052 RDSessMgr - ok
21:40:09.0859 3052 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:40:10.0031 3052 redbook - ok
21:40:10.0140 3052 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:40:10.0296 3052 RemoteAccess - ok
21:40:10.0390 3052 [ A76CDDB6D1F25797843E2557A2118E2E ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:40:10.0390 3052 RichVideo ( UnsignedFile.Multi.Generic ) - warning
21:40:10.0390 3052 RichVideo - detected UnsignedFile.Multi.Generic (1)
21:40:10.0437 3052 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:40:10.0609 3052 RpcLocator - ok
21:40:10.0687 3052 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:40:10.0718 3052 RpcSs - ok
21:40:10.0750 3052 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:40:10.0968 3052 RSVP - ok
21:40:11.0000 3052 [ 911E07056B865760C0762F6221145999 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
21:40:11.0093 3052 RTL8023xp - ok
21:40:11.0156 3052 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
21:40:11.0296 3052 SamSs - ok
21:40:11.0359 3052 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:40:11.0515 3052 SCardSvr - ok
21:40:11.0578 3052 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:40:11.0734 3052 Schedule - ok
21:40:11.0765 3052 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:40:11.0937 3052 sdbus - ok
21:40:11.0984 3052 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:40:12.0140 3052 Secdrv - ok
21:40:12.0203 3052 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:40:12.0375 3052 seclogon - ok
21:40:12.0453 3052 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
21:40:12.0609 3052 SENS - ok
21:40:12.0656 3052 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:40:12.0812 3052 Serial - ok
21:40:12.0875 3052 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:40:13.0031 3052 Sfloppy - ok
21:40:13.0109 3052 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:40:13.0312 3052 SharedAccess - ok
21:40:13.0375 3052 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:40:13.0390 3052 ShellHWDetection - ok
21:40:13.0406 3052 Simbad - ok
21:40:13.0468 3052 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:40:13.0625 3052 sisagp - ok
21:40:13.0734 3052 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:40:13.0781 3052 SkypeUpdate - ok
21:40:13.0828 3052 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:40:13.0984 3052 SLIP - ok
21:40:14.0015 3052 [ 62556D170F22C43A544481E4EE16D2E2 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
21:40:14.0046 3052 SMCIRDA - ok
21:40:14.0109 3052 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:40:14.0203 3052 Sparrow - ok
21:40:14.0250 3052 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:40:14.0406 3052 splitter - ok
21:40:14.0468 3052 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:40:14.0531 3052 Spooler - ok
21:40:14.0593 3052 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:40:14.0750 3052 sr - ok
21:40:14.0812 3052 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
21:40:15.0000 3052 srservice - ok
21:40:15.0093 3052 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:40:15.0156 3052 Srv - ok
21:40:15.0218 3052 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:40:15.0390 3052 SSDPSRV - ok
21:40:15.0453 3052 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:40:15.0640 3052 stisvc - ok
21:40:15.0671 3052 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:40:15.0828 3052 streamip - ok
21:40:15.0890 3052 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:40:16.0031 3052 swenum - ok
21:40:16.0078 3052 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:40:16.0234 3052 swmidi - ok
21:40:16.0312 3052 SwPrv - ok
21:40:16.0343 3052 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
21:40:16.0531 3052 symc810 - ok
21:40:16.0562 3052 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:40:16.0750 3052 symc8xx - ok
21:40:16.0765 3052 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:40:16.0968 3052 sym_hi - ok
21:40:17.0015 3052 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:40:17.0203 3052 sym_u3 - ok
21:40:17.0250 3052 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:40:17.0406 3052 sysaudio - ok
21:40:17.0484 3052 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:40:17.0640 3052 SysmonLog - ok
21:40:17.0703 3052 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:40:17.0875 3052 TapiSrv - ok
21:40:17.0937 3052 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:40:18.0000 3052 Tcpip - ok
21:40:18.0046 3052 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:40:18.0203 3052 TDPIPE - ok
21:40:18.0250 3052 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:40:18.0421 3052 TDTCP - ok
21:40:18.0453 3052 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:40:18.0640 3052 TermDD - ok
21:40:18.0734 3052 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
21:40:18.0906 3052 TermService - ok
21:40:18.0953 3052 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:40:18.0968 3052 Themes - ok
21:40:19.0000 3052 [ FD4FD7D6FDA5C019ED86025D7BE1510F ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
21:40:19.0187 3052 TosIde - ok
21:40:19.0250 3052 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:40:19.0406 3052 TrkWks - ok
21:40:19.0437 3052 [ 97DD70FECA64FB4F63DE7BB7E66A80B1 ] tvicport C:\WINDOWS\system32\drivers\tvicport.sys
21:40:19.0453 3052 tvicport ( UnsignedFile.Multi.Generic ) - warning
21:40:19.0453 3052 tvicport - detected UnsignedFile.Multi.Generic (1)
21:40:19.0468 3052 [ E0C67BE430C6DE490D6CCAECFA071F9E ] UBHelper C:\WINDOWS\system32\drivers\UBHelper.sys
21:40:19.0484 3052 UBHelper ( UnsignedFile.Multi.Generic ) - warning
21:40:19.0484 3052 UBHelper - detected UnsignedFile.Multi.Generic (1)
21:40:19.0546 3052 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:40:19.0703 3052 Udfs - ok
21:40:19.0750 3052 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
21:40:19.0828 3052 ultra - ok
21:40:19.0890 3052 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:40:20.0078 3052 Update - ok
21:40:20.0203 3052 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
21:40:20.0375 3052 upnphost - ok
21:40:20.0453 3052 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
21:40:20.0593 3052 UPS - ok
21:40:20.0640 3052 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:40:20.0687 3052 USBAAPL - ok
21:40:20.0734 3052 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:40:20.0906 3052 usbaudio - ok
21:40:20.0937 3052 [ 9419FAAC6552A51542DBBA02971C841C ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
21:40:21.0031 3052 usbbus - ok
21:40:21.0078 3052 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:40:21.0203 3052 usbccgp - ok
21:40:21.0234 3052 [ C0A466FA4FFEC464320E159BC1BBDC0C ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
21:40:21.0265 3052 UsbDiag - ok
21:40:21.0296 3052 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:40:21.0453 3052 usbehci - ok
21:40:21.0500 3052 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:40:21.0656 3052 usbhub - ok
21:40:21.0703 3052 [ F74A54774A9B0AFEB3C40ADEC68AA600 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
21:40:21.0718 3052 USBModem - ok
21:40:21.0750 3052 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:40:21.0906 3052 usbohci - ok
21:40:21.0937 3052 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:40:22.0093 3052 usbscan - ok
21:40:22.0140 3052 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:40:22.0296 3052 USBSTOR - ok
21:40:22.0328 3052 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:40:22.0484 3052 VgaSave - ok
21:40:22.0515 3052 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:40:22.0687 3052 viaagp - ok
21:40:22.0718 3052 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
21:40:22.0859 3052 ViaIde - ok
21:40:22.0906 3052 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:40:23.0078 3052 VolSnap - ok
21:40:23.0156 3052 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
21:40:23.0312 3052 VSS - ok
21:40:23.0390 3052 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
21:40:23.0546 3052 W32Time - ok
21:40:23.0609 3052 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:40:23.0765 3052 Wanarp - ok
21:40:23.0781 3052 WDICA - ok
21:40:23.0843 3052 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:40:24.0000 3052 wdmaud - ok
21:40:24.0093 3052 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:40:24.0250 3052 WebClient - ok
21:40:24.0343 3052 [ 6F25B08EBBAC9E02E6A0829F2C28999B ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:40:24.0406 3052 winachsf - ok
21:40:24.0453 3052 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:40:24.0625 3052 winmgmt - ok
21:40:24.0703 3052 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:40:24.0750 3052 WmdmPmSN - ok
21:40:24.0796 3052 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:40:24.0953 3052 WmiAcpi - ok
21:40:25.0000 3052 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:40:25.0171 3052 WmiApSrv - ok
21:40:25.0375 3052 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:40:25.0437 3052 WMPNetworkSvc - ok
21:40:25.0484 3052 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:40:25.0656 3052 WS2IFSL - ok
21:40:25.0734 3052 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:40:25.0890 3052 wscsvc - ok
21:40:25.0921 3052 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:40:26.0078 3052 WSTCODEC - ok
21:40:26.0187 3052 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:40:26.0343 3052 wuauserv - ok
21:40:26.0390 3052 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:40:26.0421 3052 WudfPf - ok
21:40:26.0468 3052 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:40:26.0500 3052 WudfRd - ok
21:40:26.0578 3052 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:40:26.0625 3052 WudfSvc - ok
21:40:26.0718 3052 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:40:26.0906 3052 WZCSVC - ok
21:40:27.0000 3052 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:40:27.0156 3052 xmlprov - ok
21:40:27.0203 3052 [ 40AC8590CC9006DBB99FFCB37879D4C6 ] zntport C:\WINDOWS\system32\drivers\zntport.sys
21:40:27.0203 3052 zntport ( UnsignedFile.Multi.Generic ) - warning
21:40:27.0203 3052 zntport - detected UnsignedFile.Multi.Generic (1)
21:40:27.0218 3052 ================ Scan global ===============================
21:40:27.0343 3052 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
21:40:27.0468 3052 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
21:40:27.0562 3052 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
21:40:27.0625 3052 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
21:40:27.0625 3052 [Global] - ok
21:40:27.0640 3052 ================ Scan MBR ==================================
21:40:27.0656 3052 [ 99852D5C3A78447C3D6D82B6155FE848 ] \Device\Harddisk0\DR0
21:40:31.0343 3052 \Device\Harddisk0\DR0 - ok
21:40:31.0359 3052 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR4
21:40:31.0500 3052 \Device\Harddisk1\DR4 - ok
21:40:31.0515 3052 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR5
21:40:31.0671 3052 \Device\Harddisk2\DR5 - ok
21:40:31.0671 3052 ================ Scan VBR ==================================
21:40:31.0687 3052 [ 0538217FD707B4BA08B4F68EF16170C0 ] \Device\Harddisk0\DR0\Partition1
21:40:31.0687 3052 \Device\Harddisk0\DR0\Partition1 - ok
21:40:31.0718 3052 [ 5A02FCC672A7E4100582814A9AB3C66E ] \Device\Harddisk0\DR0\Partition2
21:40:31.0718 3052 \Device\Harddisk0\DR0\Partition2 - ok
21:40:31.0734 3052 [ 5E341B2FCA144DE4E7CBEB3F5E6B1464 ] \Device\Harddisk1\DR4\Partition1
21:40:31.0734 3052 \Device\Harddisk1\DR4\Partition1 - ok
21:40:31.0750 3052 [ D6F218F85BDD56565217243B4577CD3F ] \Device\Harddisk2\DR5\Partition1
21:40:31.0750 3052 \Device\Harddisk2\DR5\Partition1 - ok
21:40:31.0750 3052 ============================================================
21:40:31.0750 3052 Scan finished
21:40:31.0750 3052 ============================================================
21:40:31.0859 2572 Detected object count: 14
21:40:31.0859 2572 Actual detected object count: 14
21:40:53.0125 2572 CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:40:53.0125 2572 CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:40:53.0125 2572 CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
21:40:53.0125 2572 CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:40:53.0125 2572 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:40:53.0125 2572 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:40:53.0125 2572 DritekPortIO ( UnsignedFile.Multi.Generic ) - skipped by user
21:40:53.0125 2572 DritekPortIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:40:53.0125 2572 htiabsn ( LockedService.Multi.Generic ) - skipped by user
21:40:53.0125 2572 htiabsn ( LockedService.Multi.Generic ) - User select action: Skip
21:40:53.0125 2572 int15 ( UnsignedFile.Multi.Generic ) - skipped by user
21:40:53.0125 2572 int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:40:53.0125 2572 KMWDFilter ( UnsignedFile.Multi.Generic ) - skipped by user
21:40:53.0125 2572 KMWDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:40:53.0125 2572 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user
21:40:53.0125 2572 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:40:53.0140 2572 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:40:53.0140 2572 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:40:53.0140 2572 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
21:40:53.0140 2572 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:40:53.0140 2572 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
21:40:53.0140 2572 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:40:53.0140 2572 tvicport ( UnsignedFile.Multi.Generic ) - skipped by user
21:40:53.0140 2572 tvicport ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:40:53.0140 2572 UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
21:40:53.0140 2572 UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:40:53.0140 2572 zntport ( UnsignedFile.Multi.Generic ) - skipped by user
21:40:53.0140 2572 zntport ( UnsignedFile.Multi.Generic ) - User select action: Skip

[vyosek]

Grrr, drzi se mrcha a nejde ji najit

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Ulozte nejlepe na Plochu a rozbalte
• Spustte kliknutim na mbanr
• Nyni postupne kliknete na Next a Update
• Po dokonceni update (aktualizace) databaze kliknete opet na Next
• Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
• Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
• Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
• Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
• PC bude restartovan
• Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

[kormuthka]

mam zlu spravu, vyslo mi error, ze je nedostupni a nemuze pokracovat

[vyosek]

Kdo je nedostupny prosim??

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

• Utilitu spustte a prikazte ji, at skenuje - klik na Scan
• Kliknutim na Save log ulozte log aswMBR na plochu
• Obsah logu aswMBR mi sem vlozte

[kormuthka]

ten program

[vyosek]

Zkuste tedy ten co jsem poslal ted

Zkuste tedy ten MBAR stahnout odsud http://downloads.malwarebytes.org/file/mbar

[kormuthka]

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-23 22:11:14
-----------------------------
22:11:14.203 OS Version: Windows 5.1.2600 Service Pack 3
22:11:14.203 Number of processors: 1 586 0x4C02
22:11:14.203 ComputerName: PODSIVKA02 UserName: admin
22:11:22.031 Initialize success
22:12:28.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:12:28.843 Disk 0 Vendor: TOSHIBA_MK1234GAX AC001A Size: 114473MB BusType: 3
22:12:28.875 Disk 0 MBR read successfully
22:12:28.875 Disk 0 MBR scan
22:12:28.890 Disk 0 unknown MBR code
22:12:28.890 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 4996 MB offset 63
22:12:28.906 Disk 0 Partition 2 80 (A) 0C FAT32 LBA MSWIN4.1 54486 MB offset 10233405
22:12:28.937 Disk 0 Partition 3 00 0C FAT32 LBA MSWIN4.1 54988 MB offset 121820895
22:12:28.937 Disk 0 scanning sectors +234436545
22:12:28.984 Disk 0 scanning C:\WINDOWS\system32\drivers
22:12:52.390 Service scanning
22:13:00.265 Service htiabsn C:\WINDOWS\System32\Drivers\htiabsn.sys **HIDDEN**
22:13:11.578 Modules scanning
22:13:41.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\admin\Plocha\MBR.dat"
22:13:42.000 The log file has been saved successfully to "C:\Documents and Settings\admin\Plocha\aswMBR.txt"

[vyosek]

Fajn, mrchu asi mame, zkuste jeste ten MBAR a pripadne to pomazem jinak...

[kormuthka]

uz to skenuje

[vyosek]

Fajn

[kormuthka]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: FAT32
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 937529344, free: 262119424

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: FAT32
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 937529344, free: 210628608

------------ Kernel report ------------
01/23/2013 21:59:14
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
htiabsn.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
aliide.sys
intelide.sys
toside.sys
viaide.sys
cmdide.sys
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
UBHelper.sys
VolSnap.sys
cpqarray.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
atapi.sys
aha154x.sys
sparrow.sys
symc810.sys
aic78xx.sys
dac960nt.sys
ql10wnt.sys
amsint.sys
asc.sys
asc3550.sys
mraid35x.sys
i2omp.sys
ini910u.sys
ql1240.sys
aic78u2.sys
symc8xx.sys
sym_hi.sys
sym_u3.sys
ABP480N5.SYS
asc3350p.sys
cd20xrnt.sys
ultra.sys
adpu160m.sys
dpti2o.sys
ql1080.sys
ql1280.sys
ql12160.sys
perc2.sys
perc2hib.sys
hpn.sys
cbidf2k.sys
dac2w2k.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
Fastfat.sys
KSecDD.sys
NDIS.sys
sisagp.sys
viaagp.sys
Mup.sys
alim1541.sys
amdagp.sys
agp440.sys
agpCPQ.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\system32\DRIVERS\ar5211.sys
\SystemRoot\system32\DRIVERS\EMS7SK.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\ESM7SK.sys
\SystemRoot\system32\DRIVERS\ESD7SK.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasirda.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\eamon.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\epfwtdir.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\BisonCam.sys
\SystemRoot\System32\Drivers\STREAM.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\nwlnkipx.sys
\SystemRoot\system32\DRIVERS\nwlnknb.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\??\C:\WINDOWS\system32\drivers\int15.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\nwlnkspx.sys
\??\C:\WINDOWS\system32\drivers\tvicport.sys
\??\C:\WINDOWS\system32\drivers\zntport.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\6A6A2D30.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\System32\ntdll.dll
----------- End -----------
<<<1>>>
<<<1>>>
Upper Device Name: Upper Device Name: \Device\Harddisk2\DR5\Device\Harddisk2\DR5
Upper Device Object: 0xffffffff8531b030

Upper Device Object: 0xffffffff8531b030
Upper Device Driver Name: Upper Device Driver Name: \Driver\Disk\\Driver\Disk\

Lower Device Name: Lower Device Name: \Device\000000c3\\Device\000000c3\

Lower Device Object: 0xffffffff853222b8
Lower Device Object: 0xffffffff853222b8
Lower Device Driver Name: Lower Device Driver Name: \Driver\USBSTOR\\Driver\USBSTOR\

Driver name found: USBSTOR
Driver name found: USBSTOR
Initialization returned 0x0
Initialization returned 0x0
Load Function returned 0x0
Load Function returned 0xc0000001
<<<1>>>
<<<1>>>
Upper Device Name: Upper Device Name: \Device\Harddisk1\DR4\Device\Harddisk1\DR4
Upper Device Object: 0xffffffff853446c0

Upper Device Object: 0xffffffff853446c0
Upper Device Driver Name: Upper Device Driver Name: \Driver\Disk\\Driver\Disk\

Lower Device Name: Lower Device Name: \Device\000000c2\\Device\000000c2\

Lower Device Object: 0xffffffff8525d798
Lower Device Object: 0xffffffff8525d798
Lower Device Driver Name: Lower Device Driver Name: \Driver\USBSTOR\\Driver\USBSTOR\

Driver name found: USBSTOR
Driver name found: USBSTOR
<<<1>>>
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0Upper Device Name:
Upper Device Object: 0xffffffff85574030
\Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85574030
Upper Device Driver Name: \Driver\Disk\Upper Device Driver Name:
\Driver\Disk\
Lower Device Name: Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
\Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xffffffff85575d98
Lower Device Driver Name: Lower Device Object: 0xffffffff85575d98
\Driver\atapi\Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi
Driver name found: atapi
Initialization returned 0x0
Initialization returned 0x0
Load Function returned 0x0
Load Function returned 0xc0000001
=======================================


Downloaded database version: v2013.01.23.10
Initializing...
Done!
The system volume seems inaccessible or encrypted. Scan can't continue.
The system volume seems inaccessible or encrypted. Scan can't continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: FAT32
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 937529344, free: 387395584

------------ Kernel report ------------
01/23/2013 22:16:21
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
htiabsn.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
aliide.sys
intelide.sys
toside.sys
viaide.sys
cmdide.sys
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
UBHelper.sys
VolSnap.sys
cpqarray.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
atapi.sys
aha154x.sys
sparrow.sys
symc810.sys
aic78xx.sys
dac960nt.sys
ql10wnt.sys
amsint.sys
asc.sys
asc3550.sys
mraid35x.sys
i2omp.sys
ini910u.sys
ql1240.sys
aic78u2.sys
symc8xx.sys
sym_hi.sys
sym_u3.sys
ABP480N5.SYS
asc3350p.sys
cd20xrnt.sys
ultra.sys
adpu160m.sys
dpti2o.sys
ql1080.sys
ql1280.sys
ql12160.sys
perc2.sys
perc2hib.sys
hpn.sys
cbidf2k.sys
dac2w2k.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
Fastfat.sys
KSecDD.sys
NDIS.sys
sisagp.sys
viaagp.sys
Mup.sys
alim1541.sys
amdagp.sys
agp440.sys
agpCPQ.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\system32\DRIVERS\ar5211.sys
\SystemRoot\system32\DRIVERS\EMS7SK.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\ESM7SK.sys
\SystemRoot\system32\DRIVERS\ESD7SK.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasirda.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\eamon.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\epfwtdir.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\BisonCam.sys
\SystemRoot\System32\Drivers\STREAM.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\nwlnkipx.sys
\SystemRoot\system32\DRIVERS\nwlnknb.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\??\C:\WINDOWS\system32\drivers\int15.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\nwlnkspx.sys
\??\C:\WINDOWS\system32\drivers\tvicport.sys
\??\C:\WINDOWS\system32\drivers\zntport.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\6A6A2D30.sys
\??\C:\DOCUME~1\admin\LOCALS~1\Temp\aswMBR.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff8531b030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000c3\
Lower Device Object: 0xffffffff853222b8
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff8225b620
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff853446c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000c2\
Lower Device Object: 0xffffffff8525d798
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff853ecab8
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85574030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xffffffff85575d98
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xffffffffff81bda8
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85574030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff855746e8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85574030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff855759e8, DeviceName: \Device\000000b3\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85575d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe2cba2f8, 0xffffffff85574030, 0xffffffffff454358
Lower DeviceData: 0xffffffffe1606a18, 0xffffffff85575d98, 0xffffffffff81bda8
<<<3>>>
Volume: C:
File system type: FAT
SectorSize = 512, ClusterSize = 32768 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
File user open failed: C:\WINDOWS\system32\drivers\HTIABSN.SYS (0x0000001f)
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff8531b030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000c3\
Lower Device Object: 0xffffffff853222b8
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff8225b620
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff853446c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000c2\
Lower Device Object: 0xffffffff8525d798
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff853ecab8
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85574030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xffffffff85575d98
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xffffffffff81bda8
File C:\WINDOWS\system32\drivers\HTIABSN.SYS will be destroyed
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5EA4F703

Partition information:

Partition 0 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 10233342

Partition 1 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 10233405 Numsec = 111587490
Partition file system is FAT32
Partition is bootable

Partition 2 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 121820895 Numsec = 112615650

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-234421648-234441648)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff853446c0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff852386b0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff853446c0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8525d798, DeviceName: \Device\000000c2\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xffffffffe2b5eed0, 0xffffffff853446c0, 0xfffffffffea15438
Lower DeviceData: 0xffffffffe1b53170, 0xffffffff8525d798, 0xffffffff853ecab8
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 18208 Numsec = 31660256

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 16219373568 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8531b030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85314b50, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8531b030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff853222b8, DeviceName: \Device\000000c3\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xffffffffe1a49bb0, 0xffffffff8531b030, 0xfffffffffea0fab8
Lower DeviceData: 0xffffffffe2bb9078, 0xffffffff853222b8, 0xffffffff8225b620
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3B724124

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: FAT
SectorSize = 512, ClusterSize = 32768 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: FAT32
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 937529344, free: 625950720

Removal queue found; removal started
Removing C:\WINDOWS\system32\drivers\HTIABSN.SYS...
Removal finished
=======================================

[vyosek]

Krasa, vypada to, ze nam neco pomazal

Stahnete Avenger http://forum.viry.cz/viewtopic.php?f=11&t=19832

• Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
• Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

• Kód: Vybrat vše

  Files to delete:
  C:\WINDOWS\System32\Drivers\htiabsn.sys
  
  Drivers to delete:
  htiabsn

• Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
• Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
• Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
• Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

[kormuthka]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\System32\Drivers\htiabsn.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\htiabsn.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "htiabsn" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.