Vyskakování okna AVASTU

[Mamlas01]

Dobrý den, prosím o kontrolu logu, zřejmě jsem si něco stahnul omylem do počítače. AVAST antivurus mi každých pár minut od včerejška vyhazuje okno s touto hláškou: Zablokován škodlivý URL a pod tím Síťový štít programu avast! zablokoval nebezpečnou stránku a ještě jednu hlášku: Zablokován Malware a pod tím Síťový štít programu avast! zablokoval nebezpečnou stránku nebo soubor. To okno vyskakuje i když nemám spuštěný žádný webový prohlížeč. Je to trochu starodávná a různě poskládaná mašinka, ale v dílně postačující. Přikládám log z RSIT děkuji.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Mamlas 01 at 2013-04-05 14:16:48
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (64%) free of 35 GB
Total RAM: 767 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:17:17, on 5.4.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TP-LINK\COMMON\TWCU.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\TP-LINK\COMMON\RaRegistry.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
c:\program files\teamviewer\version8\TeamViewer_Desktop.exe
E:\Programy\RSIT\RSIT.exe
C:\Program Files\trend micro\Mamlas 01.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/?gl=CZ&hl=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: TP-LINK Wireless Utility.lnk = C:\Program Files\TP-LINK\COMMON\TWCU.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\TP-LINK\COMMON\RaRegistry.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

--
End of file - 5461 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Mamlas 01\Data aplikací\Mozilla\Firefox\Profiles\g99og08i.default

prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/?utm_source=ch-br ... _medium=ff"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Mamlas 01\Data aplikací\Mozilla\Firefox\Profiles\g99og08i.default\extensions\
centrumpomocnik@centrum.cz
{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18705664]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
TP-LINK Wireless Utility.lnk - C:\Program Files\TP-LINK\COMMON\TWCU.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-04-05 14:16:51 ----D---- C:\Program Files\trend micro
2013-04-05 14:16:47 ----D---- C:\rsit
2013-04-03 18:35:50 ----SHD---- C:\Config.Msi
2013-03-31 12:00:18 ----DC---- C:\WINDOWS\$NtUninstallKB2807986$
2013-03-18 15:37:47 ----A---- C:\WINDOWS\system32\drivers\aswVmm.sys
2013-03-18 15:37:47 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2013-03-18 15:37:44 ----A---- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2013-03-08 19:45:49 ----D---- C:\Program Files\Mozilla Firefox
2013-03-08 19:28:18 ----D---- C:\Program Files\Common Files\Skype
2013-03-08 19:28:16 ----RD---- C:\Program Files\Skype

======List of files/folders modified in the last 1 month======

2013-04-05 14:16:59 ----D---- C:\WINDOWS\Temp
2013-04-05 14:16:51 ----RD---- C:\Program Files
2013-04-05 14:04:39 ----D---- C:\WINDOWS\system32\CatRoot2
2013-04-05 14:04:34 ----SD---- C:\WINDOWS\Tasks
2013-04-05 14:02:13 ----D---- C:\Documents and Settings\Mamlas 01\Data aplikací\Skype
2013-04-05 13:59:25 ----D---- C:\WINDOWS\system32\drivers
2013-04-05 01:33:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-04-03 18:36:04 ----SHD---- C:\WINDOWS\Installer
2013-04-03 18:36:02 ----D---- C:\WINDOWS\WinSxS
2013-04-03 18:35:51 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-04-03 18:18:52 ----D---- C:\WINDOWS
2013-04-03 18:18:12 ----D---- C:\WINDOWS\system32
2013-04-03 18:18:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-04-03 18:15:10 ----RSD---- C:\WINDOWS\assembly
2013-04-03 18:14:26 ----D---- C:\WINDOWS\system32\config
2013-04-03 18:14:12 ----D---- C:\WINDOWS\system32\wbem
2013-04-03 18:14:11 ----D---- C:\WINDOWS\Registration
2013-04-03 18:13:21 ----HD---- C:\WINDOWS\inf
2013-04-03 18:12:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-04-03 18:12:45 ----D---- C:\Program Files\Internet Explorer
2013-04-03 17:08:23 ----D---- C:\WINDOWS\SoftwareDistribution
2013-04-03 17:04:05 ----D---- C:\WINDOWS\system32\Restore
2013-04-03 16:22:41 ----D---- C:\WINDOWS\Debug
2013-03-31 12:00:58 ----D---- C:\WINDOWS\ie8updates
2013-03-31 12:00:44 ----HD---- C:\WINDOWS\$hf_mig$
2013-03-18 16:24:16 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-03-18 15:34:32 ----D---- C:\Documents and Settings\Mamlas 01\Data aplikací\vlc
2013-03-13 00:45:47 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-03-08 19:28:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-03-08 19:28:18 ----D---- C:\Program Files\Common Files
2013-03-07 01:32:42 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-03-07 49248]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-03-07 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-03-07 765736]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-03-07 368176]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-03-07 62376]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 HPFECP13;HPFECP13; C:\WINDOWS\System32\drivers\HPFECP13.SYS [1998-07-30 52800]
R2 Scutum50;Scutum50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\Scutum50.sys [2010-06-25 19072]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2008-04-14 326912]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 rt2870;TP-LINK Wireless USB Adapter; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2010-06-25 827488]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-03-07 164736]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\TP-LINK\COMMON\RaRegistry.exe [2010-06-25 185632]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-23 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-23 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-08 115608]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Mamlas01]

Vkládám log z aswMBR:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-05 15:46:58
-----------------------------
15:46:58.968 OS Version: Windows 5.1.2600 Service Pack 3
15:46:58.968 Number of processors: 1 586 0x204
15:46:58.968 ComputerName: COMPUTER UserName:
15:47:00.562 Initialize success
15:47:02.312 AVAST engine defs: 13040500
15:47:46.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:47:46.796 Disk 0 Vendor: ST3802110A 3.AAJ Size: 76318MB BusType: 3
15:47:46.796 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
15:47:46.796 Disk 1 Vendor: IC35L020AVER07-0 ER2OA46A Size: 19092MB BusType: 3
15:47:46.968 Disk 0 MBR read successfully
15:47:46.968 Disk 0 MBR scan
15:47:47.062 Disk 0 Windows XP default MBR code
15:47:47.078 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 35000 MB offset 63
15:47:47.093 Disk 0 Partition - 00 0F Extended LBA 41315 MB offset 71682030
15:47:47.109 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 41315 MB offset 71682093
15:47:47.140 Disk 0 scanning sectors +156296385
15:47:47.312 Disk 0 scanning C:\WINDOWS\system32\drivers
15:47:58.046 File: C:\WINDOWS\system32\drivers\netbt.sys **SUSPICIOUS**
15:48:04.562 Scan finished successfully
15:48:22.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mamlas 01\Dokumenty\MBR.dat"
15:48:22.406 The log file has been saved successfully to "C:\Documents and Settings\Mamlas 01\Dokumenty\aswMBR.txt"

Tady je odkaz na MBR.dat:
https://www.virustotal.com/cs/file/884f ... 365169836/

Tady je RKU save log jsem nenašel, ale save Report doufám že je to to samé:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAddBootEntry, Type: Address change 0x806499C3-->F3EAF59C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtAllocateVirtualMemory, Type: Address change 0x8056926A-->F3F8B388 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtAssignProcessToJobObject, Type: Address change 0x805A12DE-->F3EB002E [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtClose, Type: Address change 0x80567B6D-->F3EF3316 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateEvent, Type: Address change 0x805700A2-->F3EBB7F2 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateEventPair, Type: Address change 0x8064A014-->F3EBB83E [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateIoCompletion, Type: Address change 0x8058E59D-->F3EBB9D8 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x805737EF-->F3EF2CCA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateMutant, Type: Address change 0x80577648-->F3EBB760 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateSection, Type: Address change 0x805653B3-->F3EBB882 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateSemaphore, Type: Address change 0x8057D60D-->F3EBB7A8 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateThread, Type: Address change 0x8057888D-->F3EB052C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtCreateTimer, Type: Address change 0x805DCB62-->F3EBB992 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDebugActiveProcess, Type: Address change 0x8065C0BD-->F3EB0DE4 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDeleteBootEntry, Type: Address change 0x806499AF-->F3EAF602 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x80595A22-->F3EF39DC [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x80593642-->F3EF3C92 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x80574942-->F3EB45C2 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtEnumerateKey, Type: Address change 0x80573EFD-->F3EF3847 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Address change 0x8058192B-->F3EF36B2 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtFreeVirtualMemory, Type: Address change 0x80569B95-->F3F8B450 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtLoadDriver, Type: Address change 0x805A2915-->F3EAF1EA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtModifyBootEntry, Type: Address change 0x806499AF-->F3EAF668 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtNotifyChangeKey, Type: Address change 0x805919D3-->F3EB498C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtNotifyChangeMultipleKeys, Type: Address change 0x80591A9C-->F3EB1874 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenEvent, Type: Address change 0x80581A98-->F3EBB81C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenEventPair, Type: Address change 0x8064A107-->F3EBB860 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenIoCompletion, Type: Address change 0x80616CB3-->F3EBB9FC [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80568FE8-->F3EF3026 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenMutant, Type: Address change 0x805776F6-->F3EBB786 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x80574B29-->F3EB3EA8 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenSection, Type: Address change 0x8056E4E7-->F3EBB910 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenSemaphore, Type: Address change 0x805DABE3-->F3EBB7D0 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x80590C64-->F3EB429A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtOpenTimer, Type: Address change 0x80649F3D-->F3EBB9B6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Address change 0x80574ED8-->F3F8B5B0 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtQueryKey, Type: Address change 0x80573C06-->F3EF352D [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtQueryObject, Type: Address change 0x80582894-->F3EB1740 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtQueryValueKey, Type: Address change 0x8056A499-->F3EF337F [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtQueueApcThread, Type: Address change 0x8058E2BA-->F3EB1296 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtRenameKey, Type: Address change 0x8064F678-->F3F984DA [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x8064FB69-->F3EF2310 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetBootEntryOrder, Type: Address change 0x806499C3-->F3EAF6CE [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetBootOptions, Type: Address change 0x806499C3-->F3EAF734 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetContextThread, Type: Address change 0x8062E763-->F3EB0C5E [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetSystemInformation, Type: Address change 0x805A6A01-->F3EAF284 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetSystemPowerState, Type: Address change 0x8066858B-->F3EAF45A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x8057DA5B-->F3EF3AE3 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtShutdownSystem, Type: Address change 0x80648033-->F3EAF3E8 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSuspendProcess, Type: Address change 0x8062FE79-->F3EB0FAE [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSuspendThread, Type: Address change 0x805E0525-->F3EB1110 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtSystemDebugControl, Type: Address change 0x8064ABAB-->F3EAF4E2 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtTerminateProcess, Type: Address change 0x805857B9-->F3EB0A9C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtTerminateThread, Type: Address change 0x80577F9F-->F3EB0C3E [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtUnloadDriver, Type: Address change 0x8061A11A-->F3F899E4 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtVdmControl, Type: Address change 0x805BE8E8-->F3EAF79A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
ntoskrnl.exe-->NtWriteVirtualMemory, Type: Address change 0x80581512-->F3EB008A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x83BC8A00 [4] System
0x83928BE0 [128] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x838C54E0 [316] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x83928340 [320] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software, avast! Antivirus)
0x839B04E0 [348] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation, Windows Defender User Interface)
0x8396EDA0 [368] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x8396E690 [380] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A., Skype )
0x8398F978 [492] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Správce relací systému Windows NT)
0x838DF6C8 [532] C:\Program Files\TP-LINK\COMMON\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD. , TWCU MFC Application)
0x824FD198 [548] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x83914BE0 [552] C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L., WinZip Executable)
0x83AE0C08 [708] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x839D6DA0 [732] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x839C97E8 [776] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x83936C10 [788] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x83AD8C20 [960] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8395A7E8 [1064] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x83934A90 [1096] C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation, Service Executable)
0x838D6BE0 [1180] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8251EB50 [1232] C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH, TeamViewer 8)
0x828944E8 [1292] C:\Program Files\TP-LINK\COMMON\RaRegistry.exe (Ralink Technology, Corp., RalinkRegistryWriter)
0x83A88AF8 [1328] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8391D600 [1368] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x838ED658 [1408] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x83924C68 [1424] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8284F6B0 [1576] C:\Documents and Settings\Mamlas 01\Plocha\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
0x838F3DA0 [1672] C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software, avast! Service)
0x82829860 [1708] C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH, TeamViewer 8)
0x83930488 [1792] C:\WINDOWS\explorer.exe (Microsoft Corporation, Průzkumník Windows)
0x827F6898 [2256] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x82524960 [3044] C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation, WMI)
0x824FA4E0 [3200] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x8252BDA0 [3836] C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH, TeamViewer 8)
0x8289FBE8 [3852] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2195200 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2195200 bytes
0x804D7000 RAW 2195200 bytes
0x804D7000 WMIxWDM 2195200 bytes
0xBF800000 Win32k 1867776 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1867776 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF3DA6000 C:\WINDOWS\system32\DRIVERS\rt2870.sys 823296 bytes (Ralink Technology, Corp., Ralink 802.11 USB Wireless Adapter Driver)
0xF3E97000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 782336 bytes (AVAST Software, avast! Virtualization Driver)
0xF759C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF738A000 C:\WINDOWS\system32\drivers\smwdm.sys 540672 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF3FD6000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF72B0000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xBF012000 C:\WINDOWS\System32\ati2dvaa.dll 380928 bytes (ATI Technologies Inc., ATI RAGE 128 WindowsNT Display Driver)
0xF40F4000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF3F7E000 C:\WINDOWS\System32\Drivers\aswSP.SYS 360448 bytes (AVAST Software, avast! self protection module)
0xF345C000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF74AC000 C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys 327680 bytes (ATI Technologies Inc., ATI RAGE 128 Miniport Driver)
0xBF06F000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF2E57000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF730E000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF76E0000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF37EF000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF756F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF2C4C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF4046000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF4093000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF768A000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF40BB000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF3000000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF7366000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF742C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7450000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF4071000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF3C54000 C:\WINDOWS\system32\drivers\aswMonFlt.sys 139264 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7652000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF76B0000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7555000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7672000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF3D8E000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7629000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF734F000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF36EA000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7473000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7498000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
!!!!!!!!!!!Hidden driver: 0xF40E1000 00001570 77824 bytes
0xF414D000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7640000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7487000 C:\WINDOWS\system32\DRIVERS\el90xbc5.sys 69632 bytes (3Com Corporation, 3Com EtherLink PCI Driver)
0xF76CF000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF733E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF780F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF78AF000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF788F000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF78CF000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF78BF000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF385C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF793F000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF795F000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 53248 bytes (AVAST Software, avast! TDI Filter Driver)
0xF776F000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF386C000 C:\WINDOWS\System32\drivers\HPFECP13.SYS 53248 bytes
0xF787F000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF78DF000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF774F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF2A7C000 C:\DOCUME~1\MAMLAS~1\LOCALS~1\Temp\aswMBR.sys 49152 bytes
0xF78FF000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF778F000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF77EF000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF789F000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF773F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF78EF000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF77CF000 C:\WINDOWS\System32\Drivers\AswRdr.SYS 40960 bytes (AVAST Software, avast! TDI Redirect Driver)
0xF777F000 aswRvrt.sys 40960 bytes (-, -)
0xF786F000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
0xF772F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF792F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF791F000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF30F4000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF775F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF790F000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF796F000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7A5F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF79FF000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF79AF000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7AF7000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 24576 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7A07000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7A0F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7A17000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7A4F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7A3F000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7A57000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF79B7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7A27000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7A2F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF79CF000 C:\WINDOWS\System32\Drivers\Scutum50.sys 20480 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 SPR Protocol Driver)
0xF7A1F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7ACF000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7BEB000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF3CCA000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7BC3000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7B3F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF4184000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7BCB000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7C17000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7C43000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7C4B000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7C35000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7C5B000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7C49000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7C33000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7C2F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7C4D000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7C71000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7C4F000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7C45000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7C47000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7C31000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7DC3000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7CFD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7E52000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0x837F87A9 unknown_irp_handler 2135 bytes
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [netbt.sys]
0x837F855D Unknown page with executable code, 2723 bytes
0x837FA251 Unknown page with executable code, 3503 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B750, Type: Inline - RelativeJump 0x804E2750-->804E2747 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B78C, Type: Inline - RelativeJump 0x804E278C-->804E2783 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B79C, Type: Inline - RelativeJump 0x804E279C-->804E2793 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B7C8, Type: Inline - PushRet 0x804E27C8-->83F3EB45 [unknown_code_page]
ntoskrnl.exe+0x0000B874, Type: Inline - RelativeJump 0x804E2874-->804E2895 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B880, Type: Inline - RelativeJump 0x804E2880-->804E2877 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B8A0, Type: Inline - RelativeJump 0x804E28A0-->804E2897 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B8AC, Type: Inline - RelativeJump 0x804E28AC-->804E28A7 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B8C4, Type: Inline - RelativeJump 0x804E28C4-->804E28BB [ntoskrnl.exe]
ntoskrnl.exe+0x0000B944, Type: Inline - RelativeJump 0x804E2944-->804E293B [ntoskrnl.exe]
ntoskrnl.exe+0x0000B97C, Type: Inline - RelativeJump 0x804E297C-->804E29B5 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA05, Type: Inline - RelativeJump 0x804E2A05-->EB0C5EF3 [unknown_code_page]
ntoskrnl.exe+0x0000BA78, Type: Inline - RelativeJump 0x804E2A78-->EAF45AF3 [unknown_code_page]
ntoskrnl.exe+0x0000BAAC, Type: Inline - RelativeJump 0x804E2AAC-->804E2AA7 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BAD0, Type: Inline - PushRet 0x804E2AD0-->F38064E8 [mrxdav.sys]
ntoskrnl.exe+0x0000BB0C, Type: Inline - RelativeJump 0x804E2B0C-->804E2B03 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x8058304C-->F3FA4BA4 [aswSP.SYS]
ntoskrnl.exe-->ObInsertObject, Type: Inline - RelativeJump 0x8056513A-->F3FA3554 [aswSP.SYS]
ntoskrnl.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x8059EA42-->F3FA1A3A [aswSP.SYS]
[1064]svchost.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[1064]svchost.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[1096]MsMpEng.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[1096]MsMpEng.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[1180]svchost.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[1180]svchost.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[1232]tv_w32.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E27101-->003E0C0C [unknown_code_page]
[1232]tv_w32.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E27189-->003E0E10 [unknown_code_page]
[1232]tv_w32.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E26E69-->003E0804 [unknown_code_page]
[1232]tv_w32.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E27001-->003E0A08 [unknown_code_page]
[1232]tv_w32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E27211-->003E01F8 [unknown_code_page]
[1232]tv_w32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->003E03FC [unknown_code_page]
[1232]tv_w32.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E274B1-->003E0600 [unknown_code_page]
[1232]tv_w32.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E26D81-->003E1014 [unknown_code_page]
[1232]tv_w32.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[1232]tv_w32.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[1232]tv_w32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C91632D-->003C01F8 [unknown_code_page]
[1232]tv_w32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C9171CD-->003C03FC [unknown_code_page]
[1232]tv_w32.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E381211-->003D0600 [unknown_code_page]
[1232]tv_w32.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->003D0804 [unknown_code_page]
[1232]tv_w32.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E3817F7-->003D01F8 [unknown_code_page]
[1232]tv_w32.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E37D5F3-->003D0A08 [unknown_code_page]
[1232]tv_w32.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E3818AC-->003D03FC [unknown_code_page]
[128]spoolsv.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[128]spoolsv.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[1292]RaRegistry.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[1292]RaRegistry.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[1328]svchost.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[1328]svchost.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[1368]svchost.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[1368]svchost.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[1408]svchost.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[1408]svchost.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[1424]svchost.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[1424]svchost.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[1672]AvastSvc.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[1672]AvastSvc.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[1672]AvastSvc.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->64C8FC70 [aswCmnBS.dll]
[1708]TeamViewer_Service.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[1708]TeamViewer_Service.exe-->mswsock.dll-->AcceptEx, Type: IAT modification 0x006593CC-->71A37B98 [mswsock.dll]
[1708]TeamViewer_Service.exe-->mswsock.dll-->GetAcceptExSockaddrs, Type: IAT modification 0x006593C8-->71A4ECCA [mswsock.dll]
[1708]TeamViewer_Service.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[1792]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DC1218-->5D067774 [shimeng.dll]
[1792]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A7118C-->5D067774 [shimeng.dll]
[1792]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5D067774 [shimeng.dll]
[1792]explorer.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[1792]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5D067774 [shimeng.dll]
[1792]explorer.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[1792]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5D067774 [shimeng.dll]
[1792]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->5D067774 [shimeng.dll]
[1792]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x40C014B0-->5D067774 [shimeng.dll]
[1792]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A9109C-->5D067774 [shimeng.dll]
[2256]wscntfy.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[2256]wscntfy.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[3044]wmiprvse.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E27101-->00320C0C [unknown_code_page]
[3044]wmiprvse.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E27189-->00320E10 [unknown_code_page]
[3044]wmiprvse.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E26E69-->00320804 [unknown_code_page]
[3044]wmiprvse.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E27001-->00320A08 [unknown_code_page]
[3044]wmiprvse.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E27211-->003201F8 [unknown_code_page]
[3044]wmiprvse.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->003203FC [unknown_code_page]
[3044]wmiprvse.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E274B1-->00320600 [unknown_code_page]
[3044]wmiprvse.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E26D81-->00321014 [unknown_code_page]
[3044]wmiprvse.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[3044]wmiprvse.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[3044]wmiprvse.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C91632D-->003101F8 [unknown_code_page]
[3044]wmiprvse.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C9171CD-->003103FC [unknown_code_page]
[3044]wmiprvse.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E381211-->00330600 [unknown_code_page]
[3044]wmiprvse.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00330804 [unknown_code_page]
[3044]wmiprvse.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E3817F7-->003301F8 [unknown_code_page]
[3044]wmiprvse.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E37D5F3-->00330A08 [unknown_code_page]
[3044]wmiprvse.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E3818AC-->003303FC [unknown_code_page]
[316]svchost.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[316]svchost.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[3200]alg.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E27101-->00330C0C [unknown_code_page]
[3200]alg.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E27189-->00330E10 [unknown_code_page]
[3200]alg.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E26E69-->00330804 [unknown_code_page]
[3200]alg.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E27001-->00330A08 [unknown_code_page]
[3200]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E27211-->003301F8 [unknown_code_page]
[3200]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->003303FC [unknown_code_page]
[3200]alg.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E274B1-->00330600 [unknown_code_page]
[3200]alg.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E26D81-->00331014 [unknown_code_page]
[3200]alg.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[3200]alg.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[3200]alg.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C91632D-->003101F8 [unknown_code_page]
[3200]alg.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C9171CD-->003103FC [unknown_code_page]
[3200]alg.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E381211-->00320600 [unknown_code_page]
[3200]alg.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00320804 [unknown_code_page]
[3200]alg.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E3817F7-->003201F8 [unknown_code_page]
[3200]alg.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E37D5F3-->00320A08 [unknown_code_page]
[3200]alg.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E3818AC-->003203FC [unknown_code_page]
[320]AvastUI.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[320]AvastUI.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[320]AvastUI.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->64C8FC70 [aswCmnBS.dll]
[348]MSASCui.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[348]MSASCui.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[368]ctfmon.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[368]ctfmon.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[380]Skype.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[380]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x015CD0C4-->00402C88 [Skype.exe]
[380]Skype.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x015CD0C8-->0020FF00 [unknown_code_page]
[380]Skype.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[3836]TeamViewer.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E27101-->003F0C0C [unknown_code_page]
[3836]TeamViewer.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E27189-->003F0E10 [unknown_code_page]
[3836]TeamViewer.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E26E69-->003F0804 [unknown_code_page]
[3836]TeamViewer.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E27001-->003F0A08 [unknown_code_page]
[3836]TeamViewer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E27211-->003F01F8 [unknown_code_page]
[3836]TeamViewer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->003F03FC [unknown_code_page]
[3836]TeamViewer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E274B1-->003F0600 [unknown_code_page]
[3836]TeamViewer.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E26D81-->003F1014 [unknown_code_page]
[3836]TeamViewer.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[3836]TeamViewer.exe-->mswsock.dll-->AcceptEx, Type: IAT modification 0x00AE1618-->71A37B98 [mswsock.dll]
[3836]TeamViewer.exe-->mswsock.dll-->GetAcceptExSockaddrs, Type: IAT modification 0x00AE161C-->71A4ECCA [mswsock.dll]
[3836]TeamViewer.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[3836]TeamViewer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C91632D-->003D01F8 [unknown_code_page]
[3836]TeamViewer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C9171CD-->003D03FC [unknown_code_page]
[3836]TeamViewer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E381211-->003E0600 [unknown_code_page]
[3836]TeamViewer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->003E0804 [unknown_code_page]
[3836]TeamViewer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E3817F7-->003E01F8 [unknown_code_page]
[3836]TeamViewer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E37D5F3-->003E0A08 [unknown_code_page]
[3836]TeamViewer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E3818AC-->003E03FC [unknown_code_page]
[3852]firefox.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E27101-->004F0C0C [unknown_code_page]
[3852]firefox.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E27189-->004F0E10 [unknown_code_page]
[3852]firefox.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E26E69-->004F0804 [unknown_code_page]
[3852]firefox.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E27001-->004F0A08 [unknown_code_page]
[3852]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E27211-->004F01F8 [unknown_code_page]
[3852]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->004F03FC [unknown_code_page]
[3852]firefox.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E274B1-->004F0600 [unknown_code_page]
[3852]firefox.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E26D81-->004F1014 [unknown_code_page]
[3852]firefox.exe-->crypt32.dll+0x00012F42, Type: Inline - RelativeJump 0x77A82F42-->02D3F630 [unknown_code_page]
[3852]firefox.exe-->crypt32.dll+0x0001B761, Type: Inline - RelativeJump 0x77A8B761-->02D3F6A0 [unknown_code_page]
[3852]firefox.exe-->crypt32.dll-->CertGetCertificateChain, Type: Inline - RelativeJump 0x77A82F47-->77A82F42 [crypt32.dll]
[3852]firefox.exe-->crypt32.dll-->CertVerifyCertificateChainPolicy, Type: Inline - RelativeJump 0x77A8B766-->77A8B761 [crypt32.dll]
[3852]firefox.exe-->gdi32.dll+0x00009E14, Type: Inline - RelativeJump 0x77F19E14-->01926AFA [xul.dll]
[3852]firefox.exe-->gdi32.dll-->CreateDIBSection, Type: Inline - RelativeJump 0x77F19E19-->77F19E14 [gdi32.dll]
[3852]firefox.exe-->kernel32.dll+0x00009AEC, Type: Inline - RelativeJump 0x7C809AEC-->01926B9C [xul.dll]
[3852]firefox.exe-->kernel32.dll+0x0000B9A0, Type: Inline - RelativeJump 0x7C80B9A0-->01926B79 [xul.dll]
[3852]firefox.exe-->kernel32.dll+0x000449C8, Type: Inline - RelativeJump 0x7C8449C8-->015EF84B [xul.dll]
[3852]firefox.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[3852]firefox.exe-->kernel32.dll-->MapViewOfFile, Type: Inline - RelativeJump 0x7C80B9A5-->7C80B9A0 [kernel32.dll]
[3852]firefox.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x7C8449CD-->7C8449C8 [kernel32.dll]
[3852]firefox.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->7C809AEC [kernel32.dll]
[3852]firefox.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[3852]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C91632D-->015DD180 [xul.dll]
[3852]firefox.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C9171CD-->003103FC [unknown_code_page]
[3852]firefox.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E381211-->00320600 [unknown_code_page]
[3852]firefox.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00320804 [unknown_code_page]
[3852]firefox.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E3817F7-->003201F8 [unknown_code_page]
[3852]firefox.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E37D5F3-->00320A08 [unknown_code_page]
[3852]firefox.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E3818AC-->003203FC [unknown_code_page]
[492]smss.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[532]TWCU.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[532]TWCU.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[548]plugin-container.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E27101-->00350C0C [unknown_code_page]
[548]plugin-container.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E27189-->00350E10 [unknown_code_page]
[548]plugin-container.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E26E69-->00350804 [unknown_code_page]
[548]plugin-container.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E27001-->00350A08 [unknown_code_page]
[548]plugin-container.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E27211-->003501F8 [unknown_code_page]
[548]plugin-container.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E273A9-->003503FC [unknown_code_page]
[548]plugin-container.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E274B1-->00350600 [unknown_code_page]
[548]plugin-container.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E26D81-->00351014 [unknown_code_page]
[548]plugin-container.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[548]plugin-container.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[548]plugin-container.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C91632D-->003101F8 [unknown_code_page]
[548]plugin-container.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C9171CD-->003103FC [unknown_code_page]
[548]plugin-container.exe-->user32.dll+0x0001C298, Type: Inline - RelativeJump 0x7E37C298-->1082FE5B [xul.dll]
[548]plugin-container.exe-->user32.dll+0x0001C2B6, Type: Inline - RelativeJump 0x7E37C2B6-->1082FDEA [xul.dll]
[548]plugin-container.exe-->user32.dll+0x00055319, Type: Inline - RelativeJump 0x7E3B5319-->1045EE7F [xul.dll]
[548]plugin-container.exe-->user32.dll-->GetWindowInfo, Type: Inline - RelativeJump 0x7E37C49C-->1045E982 [xul.dll]
[548]plugin-container.exe-->user32.dll-->SetWindowLongA, Type: Inline - RelativeJump 0x7E37C29D-->7E37C298 [user32.dll]
[548]plugin-container.exe-->user32.dll-->SetWindowLongW, Type: Inline - RelativeJump 0x7E37C2BB-->7E37C2B6 [user32.dll]
[548]plugin-container.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E381211-->00360600 [unknown_code_page]
[548]plugin-container.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00360804 [unknown_code_page]
[548]plugin-container.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E3817F7-->003601F8 [unknown_code_page]
[548]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E3B531E-->7E3B5319 [user32.dll]
[548]plugin-container.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E37D5F3-->00360A08 [unknown_code_page]
[548]plugin-container.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E3818AC-->003603FC [unknown_code_page]
[552]WZQKPICK.EXE-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[552]WZQKPICK.EXE-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[708]csrss.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[708]csrss.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[732]winlogon.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[732]winlogon.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[776]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->003D0002 [unknown_code_page]
[776]services.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[776]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->003D0000 [unknown_code_page]
[776]services.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[788]lsass.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[788]lsass.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]
[960]svchost.exe-->kernel32.dll+0x00068E04, Type: Code Mismatch 0x7C868E04 + 429572 [62]
[960]svchost.exe-->ntdll.dll+0x00016865, Type: Code Mismatch 0x7C916865 + 92261 [62]

[Mamlas01]

Vkládám odkaz na virustotal a zatim pokračuju s PSHunterem

https://www.virustotal.com/cs/file/48d0 ... 365173831/

[Mamlas01]

Přikládám log z PCHunteru

[Mamlas01]

Vkládám log:

17:41:55.0718 3696 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:41:55.0968 3696 ============================================================
17:41:55.0968 3696 Current date / time: 2013/04/05 17:41:55.0968
17:41:55.0968 3696 SystemInfo:
17:41:55.0968 3696
17:41:55.0968 3696 OS Version: 5.1.2600 ServicePack: 3.0
17:41:55.0968 3696 Product type: Workstation
17:41:55.0968 3696 ComputerName: COMPUTER
17:41:55.0968 3696 UserName: Mamlas 01
17:41:55.0968 3696 Windows directory: C:\WINDOWS
17:41:55.0968 3696 System windows directory: C:\WINDOWS
17:41:55.0968 3696 Processor architecture: Intel x86
17:41:55.0968 3696 Number of processors: 1
17:41:55.0968 3696 Page size: 0x1000
17:41:55.0968 3696 Boot type: Normal boot
17:41:55.0968 3696 ============================================================
17:41:57.0203 3696 Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:42:00.0218 3696 Drive \Device\Harddisk1\DR1 - Size: 0x4A94F0000 (18.65 Gb), SectorSize: 0x200, Cylinders: 0x982, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K1', Flags 0x00000054
17:42:00.0250 3696 ============================================================
17:42:00.0250 3696 \Device\Harddisk0\DR0:
17:42:00.0250 3696 MBR partitions:
17:42:00.0250 3696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x445C7AF
17:42:00.0265 3696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x50B1C94
17:42:00.0265 3696 \Device\Harddisk1\DR1:
17:42:00.0281 3696 MBR partitions:
17:42:00.0281 3696 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2546802
17:42:00.0281 3696 ============================================================
17:42:00.0359 3696 C: <-> \Device\Harddisk0\DR0\Partition1
17:42:00.0437 3696 E: <-> \Device\Harddisk0\DR0\Partition2
17:42:00.0531 3696 F: <-> \Device\Harddisk1\DR1\Partition1
17:42:00.0531 3696 ============================================================
17:42:00.0531 3696 Initialize success
17:42:00.0531 3696 ============================================================
17:42:33.0812 3672 ============================================================
17:42:33.0828 3672 Scan started
17:42:33.0828 3672 Mode: Manual; SigCheck; TDLFS;
17:42:33.0828 3672 ============================================================
17:42:34.0140 3672 ================ Scan system memory ========================
17:42:34.0156 3672 System memory - ok
17:42:34.0156 3672 ================ Scan services =============================
17:42:34.0453 3672 50073EB9 - ok
17:42:34.0500 3672 Abiosdsk - ok
17:42:34.0531 3672 abp480n5 - ok
17:42:34.0578 3672 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
17:42:35.0953 3672 ac97intc - ok
17:42:36.0015 3672 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:42:36.0328 3672 ACPI - ok
17:42:36.0390 3672 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:42:36.0718 3672 ACPIEC - ok
17:42:36.0812 3672 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:42:36.0921 3672 AdobeFlashPlayerUpdateSvc - ok
17:42:36.0968 3672 adpu160m - ok
17:42:37.0015 3672 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
17:42:37.0296 3672 aeaudio - ok
17:42:37.0359 3672 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:42:37.0718 3672 aec - ok
17:42:37.0781 3672 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:42:37.0906 3672 AFD - ok
17:42:37.0968 3672 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:42:38.0343 3672 agp440 - ok
17:42:38.0359 3672 Aha154x - ok
17:42:38.0390 3672 aic78u2 - ok
17:42:38.0437 3672 aic78xx - ok
17:42:38.0484 3672 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:42:38.0859 3672 Alerter - ok
17:42:38.0890 3672 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
17:42:39.0078 3672 ALG - ok
17:42:39.0109 3672 AliIde - ok
17:42:39.0140 3672 amsint - ok
17:42:39.0203 3672 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:42:39.0390 3672 AppMgmt - ok
17:42:39.0406 3672 asc - ok
17:42:39.0437 3672 asc3350p - ok
17:42:39.0468 3672 asc3550 - ok
17:42:39.0890 3672 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:42:40.0015 3672 aspnet_state - ok
17:42:40.0062 3672 [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:42:40.0187 3672 aswFsBlk - ok
17:42:40.0265 3672 [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
17:42:40.0312 3672 aswMonFlt - ok
17:42:40.0375 3672 [ C1A411B7CCD604554D96EFDAC2F83617 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
17:42:40.0406 3672 AswRdr - ok
17:42:40.0437 3672 [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
17:42:40.0500 3672 aswRvrt - ok
17:42:40.0593 3672 [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
17:42:40.0671 3672 aswSnx - ok
17:42:40.0734 3672 [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
17:42:40.0796 3672 aswSP - ok
17:42:40.0828 3672 [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
17:42:40.0859 3672 aswTdi - ok
17:42:40.0906 3672 [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
17:42:40.0953 3672 aswVmm - ok
17:42:41.0000 3672 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:42:41.0750 3672 AsyncMac - ok
17:42:41.0796 3672 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:42:43.0437 3672 atapi - ok
17:42:43.0468 3672 Atdisk - ok
17:42:43.0562 3672 [ 6C6416058635B6FA00263D22A1740E37 ] ati2mtaa C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
17:42:45.0250 3672 ati2mtaa - ok
17:42:45.0328 3672 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:42:46.0046 3672 Atmarpc - ok
17:42:46.0093 3672 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:42:46.0437 3672 AudioSrv - ok
17:42:46.0468 3672 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:42:46.0843 3672 audstub - ok
17:42:46.0984 3672 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:42:47.0031 3672 avast! Antivirus - ok
17:42:47.0093 3672 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:42:47.0437 3672 Beep - ok
17:42:47.0484 3672 [ 32790D68DDCF79C990622564585CA546 ] BlackBox C:\WINDOWS\system32\drivers\BlackBox.sys
17:42:47.0531 3672 BlackBox ( UnsignedFile.Multi.Generic ) - warning
17:42:47.0531 3672 BlackBox - detected UnsignedFile.Multi.Generic (1)
17:42:47.0609 3672 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
17:42:47.0718 3672 Browser - ok
17:42:47.0781 3672 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:42:48.0140 3672 cbidf2k - ok
17:42:48.0171 3672 cd20xrnt - ok
17:42:48.0234 3672 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:42:48.0609 3672 Cdaudio - ok
17:42:48.0687 3672 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:42:49.0046 3672 Cdfs - ok
17:42:49.0125 3672 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:42:49.0468 3672 Cdrom - ok
17:42:49.0500 3672 Changer - ok
17:42:49.0562 3672 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:42:49.0906 3672 CiSvc - ok
17:42:49.0937 3672 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:42:50.0312 3672 ClipSrv - ok
17:42:50.0390 3672 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:42:50.0593 3672 clr_optimization_v4.0.30319_32 - ok
17:42:50.0609 3672 CmdIde - ok
17:42:50.0640 3672 COMSysApp - ok
17:42:50.0703 3672 Cpqarray - ok
17:42:50.0765 3672 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:42:51.0140 3672 CryptSvc - ok
17:42:51.0171 3672 dac2w2k - ok
17:42:51.0218 3672 dac960nt - ok
17:42:51.0281 3672 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:42:51.0453 3672 DcomLaunch - ok
17:42:51.0515 3672 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:42:51.0875 3672 Dhcp - ok
17:42:51.0921 3672 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:42:52.0265 3672 Disk - ok
17:42:52.0296 3672 dmadmin - ok
17:42:52.0390 3672 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:42:52.0796 3672 dmboot - ok
17:42:52.0859 3672 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:42:53.0218 3672 dmio - ok
17:42:53.0281 3672 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:42:53.0625 3672 dmload - ok
17:42:53.0687 3672 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:42:54.0062 3672 dmserver - ok
17:42:54.0109 3672 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:42:54.0484 3672 DMusic - ok
17:42:54.0531 3672 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:42:54.0640 3672 Dnscache - ok
17:42:54.0703 3672 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:42:55.0078 3672 Dot3svc - ok
17:42:55.0109 3672 dpti2o - ok
17:42:55.0156 3672 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:42:55.0531 3672 drmkaud - ok
17:42:55.0578 3672 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:42:55.0953 3672 EapHost - ok
17:42:56.0000 3672 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
17:42:56.0375 3672 EL90XBC - ok
17:42:56.0421 3672 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:42:56.0843 3672 ERSvc - ok
17:42:56.0906 3672 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
17:42:56.0984 3672 Eventlog - ok
17:42:57.0031 3672 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
17:42:57.0140 3672 EventSystem - ok
17:42:57.0203 3672 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:42:57.0546 3672 Fastfat - ok
17:42:57.0593 3672 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:42:57.0734 3672 FastUserSwitchingCompatibility - ok
17:42:57.0812 3672 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:42:58.0156 3672 Fdc - ok
17:42:58.0218 3672 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:42:58.0593 3672 Fips - ok
17:42:58.0656 3672 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:42:58.0984 3672 Flpydisk - ok
17:42:59.0046 3672 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:42:59.0406 3672 FltMgr - ok
17:42:59.0453 3672 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:42:59.0843 3672 Fs_Rec - ok
17:42:59.0906 3672 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:43:00.0218 3672 Ftdisk - ok
17:43:00.0281 3672 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:43:00.0656 3672 Gpc - ok
17:43:00.0765 3672 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:43:00.0843 3672 gupdate - ok
17:43:00.0875 3672 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:43:00.0906 3672 gupdatem - ok
17:43:01.0000 3672 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:43:01.0343 3672 helpsvc - ok
17:43:01.0375 3672 HidServ - ok
17:43:01.0437 3672 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:43:01.0843 3672 hkmsvc - ok
17:43:01.0906 3672 [ 437BBACB1242A169D1C10555B29F5BD5 ] HPFECP13 C:\WINDOWS\System32\drivers\HPFECP13.SYS
17:43:01.0953 3672 HPFECP13 ( UnsignedFile.Multi.Generic ) - warning
17:43:01.0953 3672 HPFECP13 - detected UnsignedFile.Multi.Generic (1)
17:43:01.0984 3672 hpn - ok
17:43:02.0062 3672 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:43:02.0156 3672 HTTP - ok
17:43:02.0203 3672 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:43:02.0593 3672 HTTPFilter - ok
17:43:02.0625 3672 i2omgmt - ok
17:43:02.0656 3672 i2omp - ok
17:43:02.0734 3672 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:43:03.0109 3672 i8042prt - ok
17:43:03.0171 3672 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:43:03.0531 3672 Imapi - ok
17:43:03.0562 3672 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:43:03.0921 3672 ImapiService - ok
17:43:03.0968 3672 ini910u - ok
17:43:04.0031 3672 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:43:04.0406 3672 IntelIde - ok
17:43:04.0453 3672 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:43:04.0812 3672 intelppm - ok
17:43:04.0859 3672 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:43:05.0234 3672 Ip6Fw - ok
17:43:05.0265 3672 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:43:05.0625 3672 IpFilterDriver - ok
17:43:05.0671 3672 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:43:06.0093 3672 IpInIp - ok
17:43:06.0156 3672 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:43:06.0515 3672 IpNat - ok
17:43:06.0562 3672 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:43:06.0984 3672 IPSec - ok
17:43:07.0046 3672 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:43:07.0203 3672 IRENUM - ok
17:43:07.0250 3672 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:43:07.0562 3672 isapnp - ok
17:43:07.0640 3672 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:43:08.0046 3672 Kbdclass - ok
17:43:08.0125 3672 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:43:08.0500 3672 kmixer - ok
17:43:08.0562 3672 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:43:08.0781 3672 KSecDD - ok
17:43:08.0843 3672 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
17:43:09.0109 3672 LanmanServer - ok
17:43:09.0203 3672 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:43:09.0437 3672 lanmanworkstation - ok
17:43:09.0515 3672 lbrtfdc - ok
17:43:09.0953 3672 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:43:10.0375 3672 LmHosts - ok
17:43:10.0406 3672 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:43:10.0828 3672 Messenger - ok
17:43:10.0906 3672 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:43:11.0281 3672 mnmdd - ok
17:43:11.0328 3672 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:43:11.0734 3672 mnmsrvc - ok
17:43:11.0781 3672 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:43:12.0234 3672 Modem - ok
17:43:12.0265 3672 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:43:12.0718 3672 Mouclass - ok
17:43:12.0781 3672 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:43:13.0234 3672 MountMgr - ok
17:43:13.0312 3672 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:43:13.0437 3672 MozillaMaintenance - ok
17:43:13.0453 3672 mraid35x - ok
17:43:13.0515 3672 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:43:13.0937 3672 MRxDAV - ok
17:43:14.0187 3672 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:43:14.0328 3672 MRxSmb - ok
17:43:14.0375 3672 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:43:14.0765 3672 MSDTC - ok
17:43:14.0843 3672 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:43:15.0234 3672 Msfs - ok
17:43:15.0265 3672 MSIServer - ok
17:43:15.0328 3672 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:43:15.0671 3672 MSKSSRV - ok
17:43:15.0718 3672 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:43:16.0078 3672 MSPCLOCK - ok
17:43:16.0109 3672 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:43:16.0484 3672 MSPQM - ok
17:43:16.0531 3672 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:43:16.0875 3672 mssmbios - ok
17:43:16.0921 3672 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:43:17.0015 3672 Mup - ok
17:43:17.0078 3672 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:43:17.0468 3672 napagent - ok
17:43:17.0531 3672 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:43:17.0937 3672 NDIS - ok
17:43:18.0000 3672 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:43:18.0046 3672 NdisTapi - ok
17:43:18.0109 3672 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:43:18.0468 3672 Ndisuio - ok
17:43:18.0531 3672 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:43:18.0890 3672 NdisWan - ok
17:43:18.0937 3672 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:43:19.0046 3672 NDProxy - ok
17:43:19.0093 3672 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:43:19.0484 3672 NetBIOS - ok
17:43:19.0546 3672 [ 3097C60C5ECAE3E5C88A473D72A5D0D3 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:43:19.0562 3672 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 3097C60C5ECAE3E5C88A473D72A5D0D3, Fake md5: 74B2B2F5BEA5E9A3DC021D685551BD3D
17:43:19.0562 3672 NetBT ( Virus.Win32.ZAccess.aml ) - infected
17:43:19.0562 3672 NetBT - detected Virus.Win32.ZAccess.aml (0)
17:43:19.0609 3672 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
17:43:20.0000 3672 NetDDE - ok
17:43:20.0046 3672 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:43:20.0406 3672 NetDDEdsdm - ok
17:43:20.0453 3672 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:43:20.0828 3672 Netlogon - ok
17:43:20.0890 3672 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
17:43:21.0234 3672 Netman - ok
17:43:21.0312 3672 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:43:21.0468 3672 NetTcpPortSharing - ok
17:43:21.0531 3672 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
17:43:21.0640 3672 Nla - ok
17:43:21.0703 3672 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:43:22.0093 3672 Npfs - ok
17:43:22.0156 3672 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:43:22.0515 3672 Ntfs - ok
17:43:22.0546 3672 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:43:22.0953 3672 NtLmSsp - ok
17:43:23.0031 3672 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:43:23.0453 3672 NtmsSvc - ok
17:43:23.0515 3672 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:43:23.0937 3672 Null - ok
17:43:23.0984 3672 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:43:24.0359 3672 NwlnkFlt - ok
17:43:24.0390 3672 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:43:24.0781 3672 NwlnkFwd - ok
17:43:24.0828 3672 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:43:25.0187 3672 Parport - ok
17:43:25.0218 3672 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:43:25.0562 3672 PartMgr - ok
17:43:25.0625 3672 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:43:25.0984 3672 ParVdm - ok
17:43:26.0046 3672 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:43:26.0390 3672 PCI - ok
17:43:26.0437 3672 PCIDump - ok
17:43:26.0468 3672 PCIIde - ok
17:43:26.0531 3672 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:43:26.0906 3672 Pcmcia - ok
17:43:26.0921 3672 PDCOMP - ok
17:43:26.0953 3672 PDFRAME - ok
17:43:27.0000 3672 PDRELI - ok
17:43:27.0031 3672 PDRFRAME - ok
17:43:27.0062 3672 perc2 - ok
17:43:27.0093 3672 perc2hib - ok
17:43:27.0187 3672 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
17:43:27.0265 3672 PlugPlay - ok
17:43:27.0296 3672 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:43:27.0656 3672 PolicyAgent - ok
17:43:27.0703 3672 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:43:28.0062 3672 PptpMiniport - ok
17:43:28.0093 3672 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:43:28.0437 3672 ProtectedStorage - ok
17:43:28.0500 3672 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:43:28.0843 3672 PSched - ok
17:43:28.0890 3672 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:43:29.0281 3672 Ptilink - ok
17:43:29.0296 3672 ql1080 - ok
17:43:29.0328 3672 Ql10wnt - ok
17:43:29.0359 3672 ql12160 - ok
17:43:29.0390 3672 ql1240 - ok
17:43:29.0421 3672 ql1280 - ok
17:43:29.0515 3672 [ 583608EE65AABF971117A61AEE4BCAAE ] RalinkRegistryWriter C:\Program Files\TP-LINK\COMMON\RaRegistry.exe
17:43:29.0578 3672 RalinkRegistryWriter - ok
17:43:29.0656 3672 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:43:30.0000 3672 RasAcd - ok
17:43:30.0062 3672 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:43:30.0437 3672 RasAuto - ok
17:43:30.0500 3672 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:43:30.0843 3672 Rasl2tp - ok
17:43:30.0875 3672 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:43:31.0281 3672 RasMan - ok
17:43:31.0328 3672 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:43:31.0656 3672 RasPppoe - ok
17:43:31.0734 3672 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:43:32.0078 3672 Raspti - ok
17:43:32.0140 3672 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:43:32.0500 3672 Rdbss - ok
17:43:32.0562 3672 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:43:32.0937 3672 RDPCDD - ok
17:43:33.0000 3672 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:43:33.0343 3672 rdpdr - ok
17:43:33.0421 3672 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:43:33.0515 3672 RDPWD - ok
17:43:33.0609 3672 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:43:34.0031 3672 RDSessMgr - ok
17:43:34.0046 3672 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:43:34.0390 3672 redbook - ok
17:43:34.0437 3672 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:43:34.0812 3672 RemoteAccess - ok
17:43:34.0859 3672 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:43:35.0265 3672 RemoteRegistry - ok
17:43:35.0312 3672 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:43:35.0656 3672 RpcLocator - ok
17:43:35.0703 3672 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:43:35.0812 3672 RpcSs - ok
17:43:35.0875 3672 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:43:36.0250 3672 RSVP - ok
17:43:36.0328 3672 [ 487FC03649653349ACE757571EFC3EC9 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
17:43:36.0437 3672 rt2870 - ok
17:43:36.0484 3672 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
17:43:36.0843 3672 SamSs - ok
17:43:36.0890 3672 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:43:37.0281 3672 SCardSvr - ok
17:43:37.0343 3672 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:43:37.0703 3672 Schedule - ok
17:43:37.0750 3672 [ F34C06D1C706A6D9433570B087A18B02 ] Scutum50 C:\WINDOWS\system32\Drivers\Scutum50.sys
17:43:37.0796 3672 Scutum50 ( UnsignedFile.Multi.Generic ) - warning
17:43:37.0796 3672 Scutum50 - detected UnsignedFile.Multi.Generic (1)
17:43:37.0859 3672 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:43:38.0000 3672 Secdrv - ok
17:43:38.0046 3672 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:43:38.0406 3672 seclogon - ok
17:43:38.0453 3672 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
17:43:38.0796 3672 SENS - ok
17:43:38.0828 3672 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:43:39.0218 3672 serenum - ok
17:43:39.0250 3672 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:43:39.0609 3672 Serial - ok
17:43:39.0765 3672 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:43:40.0078 3672 Sfloppy - ok
17:43:40.0125 3672 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:43:40.0515 3672 SharedAccess - ok
17:43:40.0562 3672 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:43:40.0625 3672 ShellHWDetection - ok
17:43:40.0656 3672 Simbad - ok
17:43:40.0734 3672 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:43:40.0765 3672 SkypeUpdate - ok
17:43:40.0875 3672 [ 70B8DD8707DBF6142530C106365DF67D ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
17:43:40.0953 3672 smwdm - ok
17:43:40.0984 3672 Sparrow - ok
17:43:41.0015 3672 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:43:42.0062 3672 splitter - ok
17:43:42.0109 3672 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:43:43.0687 3672 Spooler - ok
17:43:43.0796 3672 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:43:45.0140 3672 sr - ok
17:43:45.0218 3672 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
17:43:45.0390 3672 srservice - ok
17:43:45.0468 3672 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:43:45.0578 3672 Srv - ok
17:43:45.0640 3672 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:43:45.0828 3672 SSDPSRV - ok
17:43:45.0906 3672 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:43:46.0359 3672 stisvc - ok
17:43:46.0406 3672 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:43:46.0750 3672 swenum - ok
17:43:46.0781 3672 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:43:47.0156 3672 swmidi - ok
17:43:47.0187 3672 SwPrv - ok
17:43:47.0218 3672 symc810 - ok
17:43:47.0281 3672 symc8xx - ok
17:43:47.0312 3672 sym_hi - ok
17:43:47.0343 3672 sym_u3 - ok
17:43:47.0390 3672 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:43:47.0843 3672 sysaudio - ok
17:43:47.0906 3672 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:43:48.0281 3672 SysmonLog - ok
17:43:48.0359 3672 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:43:48.0718 3672 TapiSrv - ok
17:43:48.0796 3672 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:43:48.0875 3672 Tcpip - ok
17:43:48.0937 3672 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:43:49.0328 3672 TDPIPE - ok
17:43:49.0359 3672 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:43:49.0703 3672 TDTCP - ok
17:43:50.0000 3672 [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
17:43:50.0406 3672 TeamViewer8 - ok
17:43:50.0453 3672 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:43:50.0828 3672 TermDD - ok
17:43:50.0890 3672 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
17:43:51.0234 3672 TermService - ok
17:43:51.0281 3672 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:43:51.0359 3672 Themes - ok
17:43:51.0421 3672 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:43:51.0609 3672 TlntSvr - ok
17:43:51.0640 3672 TosIde - ok
17:43:51.0703 3672 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:43:52.0031 3672 TrkWks - ok
17:43:52.0093 3672 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:43:52.0421 3672 Udfs - ok
17:43:52.0468 3672 ultra - ok
17:43:52.0531 3672 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:43:52.0921 3672 Update - ok
17:43:53.0000 3672 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
17:43:53.0187 3672 upnphost - ok
17:43:53.0250 3672 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
17:43:53.0625 3672 UPS - ok
17:43:53.0687 3672 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:43:54.0031 3672 usbhub - ok
17:43:54.0093 3672 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:43:54.0437 3672 USBSTOR - ok
17:43:54.0468 3672 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:43:54.0796 3672 usbuhci - ok
17:43:54.0843 3672 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:43:55.0203 3672 VgaSave - ok
17:43:55.0234 3672 ViaIde - ok
17:43:55.0265 3672 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:43:55.0609 3672 VolSnap - ok
17:43:55.0640 3672 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
17:43:55.0859 3672 VSS - ok
17:43:55.0921 3672 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
17:43:56.0265 3672 W32Time - ok
17:43:56.0343 3672 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:43:56.0703 3672 Wanarp - ok
17:43:56.0734 3672 WDICA - ok
17:43:56.0796 3672 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:43:57.0125 3672 wdmaud - ok
17:43:57.0203 3672 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:43:57.0546 3672 WebClient - ok
17:43:57.0609 3672 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
17:43:57.0687 3672 WinDefend - ok
17:43:57.0781 3672 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:43:58.0125 3672 winmgmt - ok
17:43:58.0187 3672 [ 6199B2AE3F9DB9CB6DB230471A1DC601 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
17:43:58.0546 3672 WmdmPmSN - ok
17:43:58.0609 3672 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:43:58.0734 3672 Wmi - ok
17:43:58.0812 3672 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:43:59.0187 3672 WmiApSrv - ok
17:43:59.0359 3672 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:43:59.0531 3672 WPFFontCache_v0400 - ok
17:43:59.0609 3672 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:44:00.0000 3672 wscsvc - ok
17:44:00.0093 3672 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:44:00.0515 3672 WZCSVC - ok
17:44:00.0562 3672 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:44:00.0921 3672 xmlprov - ok
17:44:00.0953 3672 ================ Scan global ===============================
17:44:01.0000 3672 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
17:44:01.0062 3672 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
17:44:01.0125 3672 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
17:44:01.0171 3672 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
17:44:01.0187 3672 [Global] - ok
17:44:01.0203 3672 ================ Scan MBR ==================================
17:44:01.0250 3672 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
17:44:01.0578 3672 \Device\Harddisk0\DR0 - ok
17:44:01.0718 3672 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk1\DR1
17:44:02.0609 3672 \Device\Harddisk1\DR1 - ok
17:44:02.0625 3672 ================ Scan VBR ==================================
17:44:02.0640 3672 [ FF4770AB036DAF5C2AC1814E9B25B1E1 ] \Device\Harddisk0\DR0\Partition1
17:44:02.0640 3672 \Device\Harddisk0\DR0\Partition1 - ok
17:44:02.0671 3672 [ AE02F7EF01D2D08536263C7FCA1E7743 ] \Device\Harddisk0\DR0\Partition2
17:44:02.0687 3672 \Device\Harddisk0\DR0\Partition2 - ok
17:44:02.0781 3672 [ 35DE4012487C9CDBBCCA90B0B28C2478 ] \Device\Harddisk1\DR1\Partition1
17:44:02.0781 3672 \Device\Harddisk1\DR1\Partition1 - ok
17:44:02.0796 3672 ============================================================
17:44:02.0796 3672 Scan finished
17:44:02.0796 3672 ============================================================
17:44:02.0953 0164 Detected object count: 4
17:44:02.0953 0164 Actual detected object count: 4
17:44:39.0312 0164 BlackBox ( UnsignedFile.Multi.Generic ) - skipped by user
17:44:39.0312 0164 BlackBox ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:44:39.0312 0164 HPFECP13 ( UnsignedFile.Multi.Generic ) - skipped by user
17:44:39.0312 0164 HPFECP13 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:44:39.0328 0164 NetBT ( Virus.Win32.ZAccess.aml ) - skipped by user
17:44:39.0328 0164 NetBT ( Virus.Win32.ZAccess.aml ) - User select action: Skip
17:44:39.0328 0164 Scutum50 ( UnsignedFile.Multi.Generic ) - skipped by user
17:44:39.0328 0164 Scutum50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:44:48.0375 4080 Deinitialize success

[Mamlas01]

Vkládám logy dva, jeden se zřejmě vytvořil před restartem a druhý po něm. Jinak se zdá že to zatím běží jak má, žádné okno od AVASTU nevyskakuje.

18:24:13.0234 0676 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:24:15.0234 0676 ============================================================
18:24:15.0234 0676 Current date / time: 2013/04/05 18:24:15.0234
18:24:15.0234 0676 SystemInfo:
18:24:15.0234 0676
18:24:15.0234 0676 OS Version: 5.1.2600 ServicePack: 3.0
18:24:15.0234 0676 Product type: Workstation
18:24:15.0234 0676 ComputerName: COMPUTER
18:24:15.0234 0676 UserName: Mamlas 01
18:24:15.0234 0676 Windows directory: C:\WINDOWS
18:24:15.0234 0676 System windows directory: C:\WINDOWS
18:24:15.0234 0676 Processor architecture: Intel x86
18:24:15.0234 0676 Number of processors: 1
18:24:15.0234 0676 Page size: 0x1000
18:24:15.0234 0676 Boot type: Normal boot
18:24:15.0234 0676 ============================================================
18:24:16.0531 0676 Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:24:16.0562 0676 Drive \Device\Harddisk1\DR1 - Size: 0x4A94F0000 (18.65 Gb), SectorSize: 0x200, Cylinders: 0x982, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:24:16.0593 0676 ============================================================
18:24:16.0593 0676 \Device\Harddisk0\DR0:
18:24:16.0609 0676 MBR partitions:
18:24:16.0609 0676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x445C7AF
18:24:16.0625 0676 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x50B1C94
18:24:16.0625 0676 \Device\Harddisk1\DR1:
18:24:22.0765 0676 MBR partitions:
18:24:22.0765 0676 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2546802
18:24:22.0765 0676 ============================================================
18:24:22.0859 0676 C: <-> \Device\Harddisk0\DR0\Partition1
18:24:22.0906 0676 E: <-> \Device\Harddisk0\DR0\Partition2
18:24:22.0984 0676 F: <-> \Device\Harddisk1\DR1\Partition1
18:24:22.0984 0676 ============================================================
18:24:22.0984 0676 Initialize success
18:24:22.0984 0676 ============================================================
18:24:34.0390 2976 ============================================================
18:24:34.0390 2976 Scan started
18:24:34.0390 2976 Mode: Manual; SigCheck; TDLFS;
18:24:34.0390 2976 ============================================================
18:24:34.0718 2976 ================ Scan system memory ========================
18:24:34.0718 2976 System memory - ok
18:24:34.0734 2976 ================ Scan services =============================
18:24:35.0031 2976 50073EB9 - ok
18:24:35.0078 2976 Abiosdsk - ok
18:24:35.0109 2976 abp480n5 - ok
18:24:35.0171 2976 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
18:24:36.0140 2976 ac97intc - ok
18:24:36.0218 2976 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:24:36.0562 2976 ACPI - ok
18:24:36.0609 2976 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:24:36.0953 2976 ACPIEC - ok
18:24:37.0031 2976 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:24:37.0109 2976 AdobeFlashPlayerUpdateSvc - ok
18:24:37.0125 2976 adpu160m - ok
18:24:37.0187 2976 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
18:24:37.0281 2976 aeaudio - ok
18:24:37.0343 2976 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:24:37.0671 2976 aec - ok
18:24:37.0734 2976 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:24:37.0812 2976 AFD - ok
18:24:37.0875 2976 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:24:38.0250 2976 agp440 - ok
18:24:38.0265 2976 Aha154x - ok
18:24:38.0296 2976 aic78u2 - ok
18:24:38.0328 2976 aic78xx - ok
18:24:38.0375 2976 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:24:38.0734 2976 Alerter - ok
18:24:38.0765 2976 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
18:24:38.0921 2976 ALG - ok
18:24:38.0968 2976 AliIde - ok
18:24:39.0000 2976 amsint - ok
18:24:39.0078 2976 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:24:39.0281 2976 AppMgmt - ok
18:24:39.0296 2976 asc - ok
18:24:39.0343 2976 asc3350p - ok
18:24:39.0375 2976 asc3550 - ok
18:24:39.0765 2976 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:24:39.0796 2976 aspnet_state - ok
18:24:39.0843 2976 [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:24:40.0031 2976 aswFsBlk - ok
18:24:40.0078 2976 [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
18:24:40.0125 2976 aswMonFlt - ok
18:24:40.0187 2976 [ C1A411B7CCD604554D96EFDAC2F83617 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
18:24:40.0234 2976 AswRdr - ok
18:24:40.0281 2976 [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
18:24:40.0328 2976 aswRvrt - ok
18:24:40.0390 2976 [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
18:24:40.0500 2976 aswSnx - ok
18:24:40.0562 2976 [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
18:24:40.0625 2976 aswSP - ok
18:24:40.0671 2976 [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
18:24:40.0734 2976 aswTdi - ok
18:24:40.0781 2976 [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
18:24:40.0828 2976 aswVmm - ok
18:24:40.0890 2976 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:24:41.0234 2976 AsyncMac - ok
18:24:41.0296 2976 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:24:42.0953 2976 atapi - ok
18:24:43.0000 2976 Atdisk - ok
18:24:43.0093 2976 [ 6C6416058635B6FA00263D22A1740E37 ] ati2mtaa C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
18:24:45.0343 2976 ati2mtaa - ok
18:24:45.0468 2976 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:24:48.0687 2976 Atmarpc - ok
18:24:48.0734 2976 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:24:49.0156 2976 AudioSrv - ok
18:24:49.0203 2976 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:24:49.0625 2976 audstub - ok
18:24:49.0750 2976 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:24:49.0796 2976 avast! Antivirus - ok
18:24:49.0828 2976 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:24:50.0203 2976 Beep - ok
18:24:50.0250 2976 [ 32790D68DDCF79C990622564585CA546 ] BlackBox C:\WINDOWS\system32\drivers\BlackBox.sys
18:24:50.0281 2976 BlackBox ( UnsignedFile.Multi.Generic ) - warning
18:24:50.0281 2976 BlackBox - detected UnsignedFile.Multi.Generic (1)
18:24:50.0312 2976 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
18:24:50.0375 2976 Browser - ok
18:24:50.0406 2976 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:24:50.0734 2976 cbidf2k - ok
18:24:50.0750 2976 cd20xrnt - ok
18:24:50.0781 2976 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:24:51.0156 2976 Cdaudio - ok
18:24:51.0187 2976 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:24:51.0609 2976 Cdfs - ok
18:24:51.0640 2976 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:24:52.0031 2976 Cdrom - ok
18:24:52.0046 2976 Changer - ok
18:24:52.0078 2976 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:24:52.0421 2976 CiSvc - ok
18:24:52.0453 2976 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:24:52.0843 2976 ClipSrv - ok
18:24:52.0890 2976 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:24:52.0953 2976 clr_optimization_v4.0.30319_32 - ok
18:24:52.0953 2976 CmdIde - ok
18:24:52.0968 2976 COMSysApp - ok
18:24:52.0968 2976 Cpqarray - ok
18:24:53.0015 2976 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:24:53.0375 2976 CryptSvc - ok
18:24:53.0375 2976 dac2w2k - ok
18:24:53.0390 2976 dac960nt - ok
18:24:53.0437 2976 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:24:53.0546 2976 DcomLaunch - ok
18:24:53.0593 2976 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:24:53.0937 2976 Dhcp - ok
18:24:53.0984 2976 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:24:54.0359 2976 Disk - ok
18:24:54.0375 2976 dmadmin - ok
18:24:54.0421 2976 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:24:54.0968 2976 dmboot - ok
18:24:55.0015 2976 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:24:55.0468 2976 dmio - ok
18:24:55.0515 2976 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:24:55.0906 2976 dmload - ok
18:24:55.0953 2976 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:24:56.0328 2976 dmserver - ok
18:24:56.0406 2976 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:24:56.0750 2976 DMusic - ok
18:24:56.0812 2976 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:24:56.0890 2976 Dnscache - ok
18:24:56.0937 2976 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:24:57.0296 2976 Dot3svc - ok
18:24:57.0328 2976 dpti2o - ok
18:24:57.0390 2976 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:24:57.0718 2976 drmkaud - ok
18:24:57.0781 2976 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:24:58.0187 2976 EapHost - ok
18:24:58.0250 2976 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
18:24:58.0562 2976 EL90XBC - ok
18:24:58.0609 2976 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:24:59.0015 2976 ERSvc - ok
18:24:59.0062 2976 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
18:24:59.0156 2976 Eventlog - ok
18:24:59.0234 2976 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
18:24:59.0312 2976 EventSystem - ok
18:24:59.0390 2976 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:24:59.0718 2976 Fastfat - ok
18:24:59.0781 2976 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:24:59.0859 2976 FastUserSwitchingCompatibility - ok
18:24:59.0906 2976 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:25:00.0265 2976 Fdc - ok
18:25:00.0328 2976 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:25:00.0687 2976 Fips - ok
18:25:00.0734 2976 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:25:01.0062 2976 Flpydisk - ok
18:25:01.0109 2976 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:25:01.0484 2976 FltMgr - ok
18:25:01.0531 2976 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:25:01.0859 2976 Fs_Rec - ok
18:25:01.0921 2976 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:25:02.0296 2976 Ftdisk - ok
18:25:02.0343 2976 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:25:02.0687 2976 Gpc - ok
18:25:02.0812 2976 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:25:02.0859 2976 gupdate - ok
18:25:02.0890 2976 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:25:02.0937 2976 gupdatem - ok
18:25:03.0031 2976 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:25:03.0390 2976 helpsvc - ok
18:25:03.0406 2976 HidServ - ok
18:25:03.0468 2976 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:25:03.0828 2976 hkmsvc - ok
18:25:03.0921 2976 [ 437BBACB1242A169D1C10555B29F5BD5 ] HPFECP13 C:\WINDOWS\System32\drivers\HPFECP13.SYS
18:25:03.0984 2976 HPFECP13 ( UnsignedFile.Multi.Generic ) - warning
18:25:03.0984 2976 HPFECP13 - detected UnsignedFile.Multi.Generic (1)
18:25:04.0015 2976 hpn - ok
18:25:04.0093 2976 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:25:04.0171 2976 HTTP - ok
18:25:04.0218 2976 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:25:04.0593 2976 HTTPFilter - ok
18:25:04.0640 2976 i2omgmt - ok
18:25:04.0671 2976 i2omp - ok
18:25:04.0734 2976 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:25:05.0093 2976 i8042prt - ok
18:25:05.0156 2976 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:25:05.0500 2976 Imapi - ok
18:25:05.0531 2976 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:25:05.0890 2976 ImapiService - ok
18:25:05.0921 2976 ini910u - ok
18:25:05.0984 2976 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:25:06.0375 2976 IntelIde - ok
18:25:06.0437 2976 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:25:06.0765 2976 intelppm - ok
18:25:06.0828 2976 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:25:07.0203 2976 Ip6Fw - ok
18:25:07.0265 2976 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:25:07.0656 2976 IpFilterDriver - ok
18:25:07.0703 2976 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:25:08.0000 2976 IpInIp - ok
18:25:08.0078 2976 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:25:08.0421 2976 IpNat - ok
18:25:08.0484 2976 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:25:08.0796 2976 IPSec - ok
18:25:08.0859 2976 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:25:09.0031 2976 IRENUM - ok
18:25:09.0078 2976 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:25:09.0453 2976 isapnp - ok
18:25:09.0515 2976 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:25:09.0828 2976 Kbdclass - ok
18:25:09.0875 2976 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:25:10.0234 2976 kmixer - ok
18:25:10.0296 2976 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:25:10.0375 2976 KSecDD - ok
18:25:10.0421 2976 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
18:25:10.0484 2976 LanmanServer - ok
18:25:10.0546 2976 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:25:10.0609 2976 lanmanworkstation - ok
18:25:10.0640 2976 lbrtfdc - ok
18:25:10.0718 2976 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:25:11.0093 2976 LmHosts - ok
18:25:11.0140 2976 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:25:11.0531 2976 Messenger - ok
18:25:11.0562 2976 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:25:11.0875 2976 mnmdd - ok
18:25:11.0937 2976 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:25:12.0359 2976 mnmsrvc - ok
18:25:12.0406 2976 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:25:12.0765 2976 Modem - ok
18:25:12.0796 2976 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:25:13.0187 2976 Mouclass - ok
18:25:13.0250 2976 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:25:13.0625 2976 MountMgr - ok
18:25:13.0687 2976 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:25:13.0734 2976 MozillaMaintenance - ok
18:25:13.0781 2976 mraid35x - ok
18:25:13.0843 2976 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:25:14.0187 2976 MRxDAV - ok
18:25:14.0281 2976 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:25:14.0390 2976 MRxSmb - ok
18:25:14.0453 2976 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:25:14.0828 2976 MSDTC - ok
18:25:14.0906 2976 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:25:15.0328 2976 Msfs - ok
18:25:15.0343 2976 MSIServer - ok
18:25:15.0390 2976 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:25:15.0781 2976 MSKSSRV - ok
18:25:15.0828 2976 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:25:16.0156 2976 MSPCLOCK - ok
18:25:16.0187 2976 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:25:16.0578 2976 MSPQM - ok
18:25:16.0625 2976 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:25:16.0968 2976 mssmbios - ok
18:25:17.0031 2976 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:25:17.0093 2976 Mup - ok
18:25:17.0171 2976 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:25:17.0562 2976 napagent - ok
18:25:17.0625 2976 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:25:17.0984 2976 NDIS - ok
18:25:18.0062 2976 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:25:18.0125 2976 NdisTapi - ok
18:25:18.0171 2976 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:25:18.0562 2976 Ndisuio - ok
18:25:18.0625 2976 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:25:18.0953 2976 NdisWan - ok
18:25:19.0000 2976 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:25:19.0093 2976 NDProxy - ok
18:25:19.0156 2976 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:25:19.0531 2976 NetBIOS - ok
18:25:19.0593 2976 [ 3097C60C5ECAE3E5C88A473D72A5D0D3 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:25:19.0609 2976 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 3097C60C5ECAE3E5C88A473D72A5D0D3, Fake md5: 74B2B2F5BEA5E9A3DC021D685551BD3D
18:25:19.0609 2976 NetBT ( Virus.Win32.ZAccess.aml ) - infected
18:25:19.0609 2976 NetBT - detected Virus.Win32.ZAccess.aml (0)
18:25:19.0656 2976 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
18:25:20.0000 2976 NetDDE - ok
18:25:20.0046 2976 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:25:20.0390 2976 NetDDEdsdm - ok
18:25:20.0437 2976 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:25:20.0812 2976 Netlogon - ok
18:25:20.0875 2976 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
18:25:21.0250 2976 Netman - ok
18:25:21.0328 2976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:25:21.0390 2976 NetTcpPortSharing - ok
18:25:21.0453 2976 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
18:25:21.0515 2976 Nla - ok
18:25:21.0562 2976 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:25:21.0906 2976 Npfs - ok
18:25:21.0984 2976 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:25:22.0375 2976 Ntfs - ok
18:25:22.0406 2976 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:25:22.0750 2976 NtLmSsp - ok
18:25:22.0828 2976 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:25:23.0187 2976 NtmsSvc - ok
18:25:23.0250 2976 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:25:23.0640 2976 Null - ok
18:25:23.0703 2976 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:25:24.0031 2976 NwlnkFlt - ok
18:25:24.0062 2976 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:25:24.0468 2976 NwlnkFwd - ok
18:25:24.0515 2976 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:25:24.0828 2976 Parport - ok
18:25:24.0875 2976 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:25:25.0250 2976 PartMgr - ok
18:25:25.0312 2976 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:25:25.0640 2976 ParVdm - ok
18:25:25.0703 2976 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:25:26.0015 2976 PCI - ok
18:25:26.0046 2976 PCIDump - ok
18:25:26.0078 2976 PCIIde - ok
18:25:26.0140 2976 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:25:26.0484 2976 Pcmcia - ok
18:25:26.0500 2976 PDCOMP - ok
18:25:26.0546 2976 PDFRAME - ok
18:25:26.0578 2976 PDRELI - ok
18:25:26.0609 2976 PDRFRAME - ok
18:25:26.0640 2976 perc2 - ok
18:25:26.0671 2976 perc2hib - ok
18:25:26.0781 2976 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
18:25:26.0843 2976 PlugPlay - ok
18:25:26.0890 2976 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:25:27.0265 2976 PolicyAgent - ok
18:25:27.0312 2976 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:25:27.0656 2976 PptpMiniport - ok
18:25:27.0687 2976 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:25:28.0015 2976 ProtectedStorage - ok
18:25:28.0062 2976 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:25:28.0421 2976 PSched - ok
18:25:28.0484 2976 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:25:28.0828 2976 Ptilink - ok
18:25:28.0875 2976 ql1080 - ok
18:25:28.0906 2976 Ql10wnt - ok
18:25:28.0953 2976 ql12160 - ok
18:25:28.0984 2976 ql1240 - ok
18:25:29.0015 2976 ql1280 - ok
18:25:29.0125 2976 [ 583608EE65AABF971117A61AEE4BCAAE ] RalinkRegistryWriter C:\Program Files\TP-LINK\COMMON\RaRegistry.exe
18:25:29.0171 2976 RalinkRegistryWriter - ok
18:25:29.0234 2976 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:25:29.0578 2976 RasAcd - ok
18:25:29.0625 2976 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:25:30.0015 2976 RasAuto - ok
18:25:30.0062 2976 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:25:30.0421 2976 Rasl2tp - ok
18:25:30.0468 2976 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:25:30.0812 2976 RasMan - ok
18:25:30.0859 2976 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:25:31.0250 2976 RasPppoe - ok
18:25:31.0296 2976 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:25:31.0593 2976 Raspti - ok
18:25:31.0671 2976 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:25:32.0031 2976 Rdbss - ok
18:25:32.0078 2976 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:25:33.0031 2976 RDPCDD - ok
18:25:33.0109 2976 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:25:33.0453 2976 rdpdr - ok
18:25:33.0562 2976 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:25:33.0640 2976 RDPWD - ok
18:25:33.0718 2976 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:25:34.0125 2976 RDSessMgr - ok
18:25:34.0156 2976 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:25:34.0515 2976 redbook - ok
18:25:34.0578 2976 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:25:34.0937 2976 RemoteAccess - ok
18:25:34.0984 2976 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:25:35.0375 2976 RemoteRegistry - ok
18:25:35.0421 2976 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
18:25:35.0796 2976 RpcLocator - ok
18:25:35.0859 2976 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:25:36.0000 2976 RpcSs - ok
18:25:36.0062 2976 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:25:36.0437 2976 RSVP - ok
18:25:36.0500 2976 [ 487FC03649653349ACE757571EFC3EC9 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
18:25:36.0625 2976 rt2870 - ok
18:25:36.0671 2976 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
18:25:37.0062 2976 SamSs - ok
18:25:37.0125 2976 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:25:37.0546 2976 SCardSvr - ok
18:25:37.0609 2976 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:25:37.0937 2976 Schedule - ok
18:25:38.0000 2976 [ F34C06D1C706A6D9433570B087A18B02 ] Scutum50 C:\WINDOWS\system32\Drivers\Scutum50.sys
18:25:38.0046 2976 Scutum50 ( UnsignedFile.Multi.Generic ) - warning
18:25:38.0046 2976 Scutum50 - detected UnsignedFile.Multi.Generic (1)
18:25:38.0093 2976 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:25:38.0265 2976 Secdrv - ok
18:25:38.0312 2976 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:25:38.0625 2976 seclogon - ok
18:25:38.0687 2976 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
18:25:39.0078 2976 SENS - ok
18:25:39.0109 2976 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:25:39.0453 2976 serenum - ok
18:25:39.0484 2976 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:25:39.0843 2976 Serial - ok
18:25:40.0000 2976 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:25:40.0359 2976 Sfloppy - ok
18:25:40.0421 2976 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:25:40.0781 2976 SharedAccess - ok
18:25:40.0812 2976 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:25:40.0890 2976 ShellHWDetection - ok
18:25:40.0921 2976 Simbad - ok
18:25:41.0000 2976 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:25:41.0062 2976 SkypeUpdate - ok
18:25:41.0171 2976 [ 70B8DD8707DBF6142530C106365DF67D ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
18:25:42.0171 2976 smwdm - ok
18:25:42.0187 2976 Sparrow - ok
18:25:42.0250 2976 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:25:44.0250 2976 splitter - ok
18:25:44.0312 2976 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:25:45.0203 2976 Spooler - ok
18:25:45.0265 2976 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:25:45.0421 2976 sr - ok
18:25:45.0468 2976 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
18:25:45.0625 2976 srservice - ok
18:25:45.0718 2976 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:25:45.0828 2976 Srv - ok
18:25:45.0875 2976 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:25:46.0062 2976 SSDPSRV - ok
18:25:46.0140 2976 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:25:46.0500 2976 stisvc - ok
18:25:46.0562 2976 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:25:46.0921 2976 swenum - ok
18:25:46.0968 2976 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:25:47.0296 2976 swmidi - ok
18:25:47.0328 2976 SwPrv - ok
18:25:47.0359 2976 symc810 - ok
18:25:47.0406 2976 symc8xx - ok
18:25:47.0437 2976 sym_hi - ok
18:25:47.0484 2976 sym_u3 - ok
18:25:47.0531 2976 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:25:47.0859 2976 sysaudio - ok
18:25:47.0906 2976 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:25:48.0265 2976 SysmonLog - ok
18:25:48.0328 2976 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:25:48.0656 2976 TapiSrv - ok
18:25:48.0734 2976 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:25:48.0828 2976 Tcpip - ok
18:25:48.0890 2976 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:25:49.0250 2976 TDPIPE - ok
18:25:49.0281 2976 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:25:49.0609 2976 TDTCP - ok
18:25:49.0921 2976 [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
18:25:50.0343 2976 TeamViewer8 - ok
18:25:50.0390 2976 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:25:50.0703 2976 TermDD - ok
18:25:50.0781 2976 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
18:25:51.0140 2976 TermService - ok
18:25:51.0187 2976 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
18:25:51.0234 2976 Themes - ok
18:25:51.0281 2976 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:25:51.0468 2976 TlntSvr - ok
18:25:51.0500 2976 TosIde - ok
18:25:51.0562 2976 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:25:51.0890 2976 TrkWks - ok
18:25:51.0953 2976 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:25:52.0281 2976 Udfs - ok
18:25:52.0296 2976 ultra - ok
18:25:52.0375 2976 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:25:52.0734 2976 Update - ok
18:25:52.0812 2976 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
18:25:53.0015 2976 upnphost - ok
18:25:53.0078 2976 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
18:25:53.0437 2976 UPS - ok
18:25:53.0500 2976 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:25:53.0796 2976 usbhub - ok
18:25:53.0875 2976 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:25:54.0218 2976 USBSTOR - ok
18:25:54.0265 2976 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:25:54.0578 2976 usbuhci - ok
18:25:54.0625 2976 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:25:54.0968 2976 VgaSave - ok
18:25:55.0015 2976 ViaIde - ok
18:25:55.0062 2976 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:25:55.0390 2976 VolSnap - ok
18:25:55.0437 2976 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
18:25:55.0625 2976 VSS - ok
18:25:55.0671 2976 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
18:25:56.0046 2976 W32Time - ok
18:25:56.0109 2976 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:25:56.0437 2976 Wanarp - ok
18:25:56.0484 2976 WDICA - ok
18:25:56.0531 2976 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:25:56.0843 2976 wdmaud - ok
18:25:56.0906 2976 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:25:57.0250 2976 WebClient - ok
18:25:57.0296 2976 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
18:25:57.0328 2976 WinDefend - ok
18:25:57.0437 2976 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:25:57.0734 2976 winmgmt - ok
18:25:57.0859 2976 [ 6199B2AE3F9DB9CB6DB230471A1DC601 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
18:25:58.0234 2976 WmdmPmSN - ok
18:25:58.0296 2976 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:25:58.0406 2976 Wmi - ok
18:25:58.0484 2976 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:25:58.0812 2976 WmiApSrv - ok
18:25:58.0953 2976 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:25:59.0140 2976 WPFFontCache_v0400 - ok
18:25:59.0203 2976 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:25:59.0562 2976 wscsvc - ok
18:25:59.0656 2976 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:26:00.0031 2976 WZCSVC - ok
18:26:00.0109 2976 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:26:00.0484 2976 xmlprov - ok
18:26:00.0515 2976 ================ Scan global ===============================
18:26:00.0546 2976 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
18:26:00.0625 2976 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
18:26:00.0703 2976 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
18:26:00.0750 2976 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
18:26:00.0765 2976 [Global] - ok
18:26:00.0781 2976 ================ Scan MBR ==================================
18:26:00.0812 2976 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
18:26:01.0156 2976 \Device\Harddisk0\DR0 - ok
18:26:01.0312 2976 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk1\DR1
18:26:02.0156 2976 \Device\Harddisk1\DR1 - ok
18:26:02.0156 2976 ================ Scan VBR ==================================
18:26:02.0203 2976 [ FF4770AB036DAF5C2AC1814E9B25B1E1 ] \Device\Harddisk0\DR0\Partition1
18:26:02.0203 2976 \Device\Harddisk0\DR0\Partition1 - ok
18:26:02.0265 2976 [ AE02F7EF01D2D08536263C7FCA1E7743 ] \Device\Harddisk0\DR0\Partition2
18:26:02.0265 2976 \Device\Harddisk0\DR0\Partition2 - ok
18:26:02.0328 2976 [ 35DE4012487C9CDBBCCA90B0B28C2478 ] \Device\Harddisk1\DR1\Partition1
18:26:02.0343 2976 \Device\Harddisk1\DR1\Partition1 - ok
18:26:02.0343 2976 ============================================================
18:26:02.0343 2976 Scan finished
18:26:02.0359 2976 ============================================================
18:26:02.0515 3708 Detected object count: 4
18:26:02.0515 3708 Actual detected object count: 4
18:26:14.0796 3708 BlackBox ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:14.0796 3708 BlackBox ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:14.0812 3708 HPFECP13 ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:14.0812 3708 HPFECP13 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:14.0906 3708 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
18:26:16.0468 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\@ - copied to quarantine
18:26:16.0500 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\Desktop.ini - copied to quarantine
18:26:22.0234 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\L\00000004.@ - copied to quarantine
18:26:22.0265 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\L\201d3dde - copied to quarantine
18:26:22.0296 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\L\fxmnarpw - copied to quarantine
18:26:22.0421 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\U\00000004.@ - copied to quarantine
18:26:23.0000 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\U\00000008.@ - copied to quarantine
18:26:23.0125 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\U\000000cb.@ - copied to quarantine
18:26:23.0421 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\U\80000000.@ - copied to quarantine
18:26:27.0828 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\U\80000032.@ - copied to quarantine
18:26:28.0828 3708 Backup copy found, using it..
18:26:28.0875 3708 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
18:26:29.0046 3708 C:\WINDOWS\$NtUninstallKB42273$\1870731573 - will be deleted on reboot
18:26:29.0046 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\@ - will be deleted on reboot
18:26:29.0046 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\Desktop.ini - will be deleted on reboot
18:26:29.0093 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\U\00000004.@ - will be deleted on reboot
18:26:29.0093 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\U\00000008.@ - will be deleted on reboot
18:26:29.0093 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\U\000000cb.@ - will be deleted on reboot
18:26:29.0109 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\U\80000000.@ - will be deleted on reboot
18:26:29.0109 3708 C:\WINDOWS\$NtUninstallKB42273$\4047393823\U\80000032.@ - will be deleted on reboot
18:26:29.0109 3708 NetBT ( Virus.Win32.ZAccess.aml ) - User select action: Cure
18:26:29.0125 3708 Scutum50 ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:29.0125 3708 Scutum50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:26:45.0406 3996 Deinitialize success




18:45:49.0343 2276 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:45:49.0921 2276 ============================================================
18:45:49.0921 2276 Current date / time: 2013/04/05 18:45:49.0921
18:45:49.0921 2276 SystemInfo:
18:45:49.0921 2276
18:45:49.0921 2276 OS Version: 5.1.2600 ServicePack: 3.0
18:45:49.0921 2276 Product type: Workstation
18:45:49.0921 2276 ComputerName: COMPUTER
18:45:49.0921 2276 UserName: Mamlas 01
18:45:49.0921 2276 Windows directory: C:\WINDOWS
18:45:49.0921 2276 System windows directory: C:\WINDOWS
18:45:49.0937 2276 Processor architecture: Intel x86
18:45:49.0937 2276 Number of processors: 1
18:45:49.0937 2276 Page size: 0x1000
18:45:49.0937 2276 Boot type: Normal boot
18:45:49.0937 2276 ============================================================
18:45:50.0531 2276 BG loaded
18:45:51.0125 2276 Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:45:52.0156 2276 Drive \Device\Harddisk1\DR1 - Size: 0x4A94F0000 (18.65 Gb), SectorSize: 0x200, Cylinders: 0x982, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K1', Flags 0x00000054
18:45:52.0156 2276 ============================================================
18:45:52.0156 2276 \Device\Harddisk0\DR0:
18:45:52.0171 2276 MBR partitions:
18:45:52.0171 2276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x445C7AF
18:45:52.0187 2276 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x50B1C94
18:45:52.0187 2276 \Device\Harddisk1\DR1:
18:45:52.0187 2276 MBR partitions:
18:45:52.0187 2276 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2546802
18:45:52.0187 2276 ============================================================
18:45:52.0671 2276 C: <-> \Device\Harddisk0\DR0\Partition1
18:45:52.0718 2276 E: <-> \Device\Harddisk0\DR0\Partition2
18:45:52.0812 2276 F: <-> \Device\Harddisk1\DR1\Partition1
18:45:52.0812 2276 ============================================================
18:45:52.0812 2276 Initialize success
18:45:52.0812 2276 ============================================================
18:46:14.0703 3216 ============================================================
18:46:14.0703 3216 Scan started
18:46:14.0703 3216 Mode: Manual; SigCheck; TDLFS;
18:46:14.0703 3216 ============================================================
18:46:17.0828 3216 ================ Scan system memory ========================
18:46:17.0828 3216 System memory - ok
18:46:17.0843 3216 ================ Scan services =============================
18:46:18.0796 3216 50073EB9 - ok
18:46:18.0906 3216 Abiosdsk - ok
18:46:18.0937 3216 abp480n5 - ok
18:46:19.0015 3216 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
18:46:34.0375 3216 ac97intc - ok
18:46:34.0484 3216 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:46:35.0046 3216 ACPI - ok
18:46:35.0140 3216 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:46:35.0500 3216 ACPIEC - ok
18:46:35.0625 3216 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:46:35.0734 3216 AdobeFlashPlayerUpdateSvc - ok
18:46:35.0781 3216 adpu160m - ok
18:46:35.0859 3216 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
18:46:36.0296 3216 aeaudio - ok
18:46:36.0390 3216 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:46:37.0125 3216 aec - ok
18:46:37.0203 3216 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:46:38.0421 3216 AFD - ok
18:46:38.0781 3216 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:46:39.0437 3216 agp440 - ok
18:46:39.0453 3216 Aha154x - ok
18:46:39.0500 3216 aic78u2 - ok
18:46:39.0515 3216 aic78xx - ok
18:46:39.0578 3216 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:46:39.0968 3216 Alerter - ok
18:46:40.0031 3216 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
18:46:40.0187 3216 ALG - ok
18:46:40.0218 3216 AliIde - ok
18:46:40.0250 3216 amsint - ok
18:46:40.0375 3216 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:46:40.0796 3216 AppMgmt - ok
18:46:40.0828 3216 asc - ok
18:46:40.0875 3216 asc3350p - ok
18:46:40.0890 3216 asc3550 - ok
18:46:41.0687 3216 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:46:41.0734 3216 aspnet_state - ok
18:46:41.0796 3216 [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:46:42.0171 3216 aswFsBlk - ok
18:46:42.0250 3216 [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
18:46:42.0312 3216 aswMonFlt - ok
18:46:42.0375 3216 [ C1A411B7CCD604554D96EFDAC2F83617 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
18:46:42.0687 3216 AswRdr - ok
18:46:42.0703 3216 [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
18:46:43.0109 3216 aswRvrt - ok
18:46:43.0234 3216 [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
18:46:43.0546 3216 aswSnx - ok
18:46:43.0609 3216 [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
18:46:43.0937 3216 aswSP - ok
18:46:44.0031 3216 [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
18:46:44.0375 3216 aswTdi - ok
18:46:44.0453 3216 [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
18:46:44.0640 3216 aswVmm - ok
18:46:44.0687 3216 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:46:45.0937 3216 AsyncMac - ok
18:46:46.0000 3216 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:46:47.0187 3216 atapi - ok
18:46:47.0234 3216 Atdisk - ok
18:46:47.0312 3216 [ 6C6416058635B6FA00263D22A1740E37 ] ati2mtaa C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
18:46:48.0828 3216 ati2mtaa - ok
18:46:48.0875 3216 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:46:49.0671 3216 Atmarpc - ok
18:46:49.0734 3216 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:46:50.0718 3216 AudioSrv - ok
18:46:50.0781 3216 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:46:51.0187 3216 audstub - ok
18:46:51.0578 3216 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:46:51.0625 3216 avast! Antivirus - ok
18:46:51.0718 3216 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:46:52.0125 3216 Beep - ok
18:46:52.0203 3216 [ 32790D68DDCF79C990622564585CA546 ] BlackBox C:\WINDOWS\system32\drivers\BlackBox.sys
18:46:52.0343 3216 BlackBox ( UnsignedFile.Multi.Generic ) - warning
18:46:52.0343 3216 BlackBox - detected UnsignedFile.Multi.Generic (1)
18:46:52.0421 3216 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
18:46:52.0593 3216 Browser - ok
18:46:52.0703 3216 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:46:53.0125 3216 cbidf2k - ok
18:46:53.0156 3216 cd20xrnt - ok
18:46:53.0218 3216 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:46:53.0562 3216 Cdaudio - ok
18:46:53.0609 3216 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:46:54.0000 3216 Cdfs - ok
18:46:54.0062 3216 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:46:54.0531 3216 Cdrom - ok
18:46:54.0562 3216 Changer - ok
18:46:54.0625 3216 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:46:55.0000 3216 CiSvc - ok
18:46:55.0062 3216 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:46:55.0437 3216 ClipSrv - ok
18:46:55.0484 3216 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:46:55.0593 3216 clr_optimization_v4.0.30319_32 - ok
18:46:55.0609 3216 CmdIde - ok
18:46:55.0640 3216 COMSysApp - ok
18:46:55.0703 3216 Cpqarray - ok
18:46:55.0765 3216 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:46:56.0093 3216 CryptSvc - ok
18:46:56.0125 3216 dac2w2k - ok
18:46:56.0156 3216 dac960nt - ok
18:46:56.0234 3216 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:46:56.0375 3216 DcomLaunch - ok
18:46:56.0437 3216 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:46:56.0812 3216 Dhcp - ok
18:46:56.0859 3216 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:46:57.0187 3216 Disk - ok
18:46:57.0234 3216 dmadmin - ok
18:46:57.0312 3216 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:46:58.0203 3216 dmboot - ok
18:46:58.0265 3216 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:46:58.0625 3216 dmio - ok
18:46:58.0687 3216 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:46:59.0000 3216 dmload - ok
18:46:59.0062 3216 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:46:59.0421 3216 dmserver - ok
18:46:59.0453 3216 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:46:59.0828 3216 DMusic - ok
18:46:59.0875 3216 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:46:59.0937 3216 Dnscache - ok
18:46:59.0984 3216 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:47:00.0375 3216 Dot3svc - ok
18:47:00.0406 3216 dpti2o - ok
18:47:00.0468 3216 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:47:00.0796 3216 drmkaud - ok
18:47:00.0875 3216 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:47:01.0218 3216 EapHost - ok
18:47:01.0250 3216 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
18:47:01.0625 3216 EL90XBC - ok
18:47:01.0671 3216 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:47:02.0015 3216 ERSvc - ok
18:47:02.0093 3216 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
18:47:02.0171 3216 Eventlog - ok
18:47:02.0250 3216 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
18:47:02.0312 3216 EventSystem - ok
18:47:02.0390 3216 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:47:02.0734 3216 Fastfat - ok
18:47:02.0812 3216 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:47:02.0921 3216 FastUserSwitchingCompatibility - ok
18:47:02.0984 3216 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:47:03.0343 3216 Fdc - ok
18:47:03.0406 3216 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:47:03.0781 3216 Fips - ok
18:47:03.0828 3216 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:47:04.0187 3216 Flpydisk - ok
18:47:04.0265 3216 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:47:04.0625 3216 FltMgr - ok
18:47:04.0687 3216 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:47:05.0015 3216 Fs_Rec - ok
18:47:05.0062 3216 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:47:05.0390 3216 Ftdisk - ok
18:47:05.0453 3216 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:47:05.0843 3216 Gpc - ok
18:47:05.0937 3216 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:47:05.0984 3216 gupdate - ok
18:47:06.0015 3216 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:47:06.0078 3216 gupdatem - ok
18:47:06.0171 3216 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:47:06.0484 3216 helpsvc - ok
18:47:06.0515 3216 HidServ - ok
18:47:06.0562 3216 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:47:06.0968 3216 hkmsvc - ok
18:47:07.0046 3216 [ 437BBACB1242A169D1C10555B29F5BD5 ] HPFECP13 C:\WINDOWS\System32\drivers\HPFECP13.SYS
18:47:07.0109 3216 HPFECP13 ( UnsignedFile.Multi.Generic ) - warning
18:47:07.0109 3216 HPFECP13 - detected UnsignedFile.Multi.Generic (1)
18:47:07.0140 3216 hpn - ok
18:47:07.0203 3216 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:47:07.0265 3216 HTTP - ok
18:47:07.0328 3216 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:47:07.0703 3216 HTTPFilter - ok
18:47:07.0734 3216 i2omgmt - ok
18:47:07.0765 3216 i2omp - ok
18:47:07.0843 3216 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:47:08.0234 3216 i8042prt - ok
18:47:08.0265 3216 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:47:08.0609 3216 Imapi - ok
18:47:08.0656 3216 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:47:09.0000 3216 ImapiService - ok
18:47:09.0046 3216 ini910u - ok
18:47:09.0109 3216 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:47:09.0468 3216 IntelIde - ok
18:47:09.0531 3216 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:47:09.0906 3216 intelppm - ok
18:47:09.0953 3216 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:47:10.0281 3216 Ip6Fw - ok
18:47:10.0375 3216 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:47:10.0750 3216 IpFilterDriver - ok
18:47:10.0796 3216 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:47:11.0125 3216 IpInIp - ok
18:47:11.0171 3216 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:47:11.0500 3216 IpNat - ok
18:47:11.0531 3216 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:47:11.0890 3216 IPSec - ok
18:47:11.0921 3216 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:47:12.0078 3216 IRENUM - ok
18:47:12.0125 3216 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:47:12.0500 3216 isapnp - ok
18:47:12.0562 3216 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:47:12.0953 3216 Kbdclass - ok
18:47:13.0000 3216 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:47:13.0328 3216 kmixer - ok
18:47:13.0390 3216 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:47:13.0453 3216 KSecDD - ok
18:47:13.0515 3216 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
18:47:13.0593 3216 LanmanServer - ok
18:47:13.0656 3216 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:47:13.0734 3216 lanmanworkstation - ok
18:47:13.0750 3216 lbrtfdc - ok
18:47:13.0859 3216 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:47:14.0187 3216 LmHosts - ok
18:47:14.0234 3216 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:47:14.0609 3216 Messenger - ok
18:47:14.0656 3216 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:47:15.0000 3216 mnmdd - ok
18:47:15.0046 3216 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:47:15.0437 3216 mnmsrvc - ok
18:47:15.0484 3216 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:47:15.0843 3216 Modem - ok
18:47:15.0890 3216 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:47:16.0265 3216 Mouclass - ok
18:47:16.0343 3216 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:47:16.0703 3216 MountMgr - ok
18:47:16.0781 3216 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:47:16.0828 3216 MozillaMaintenance - ok
18:47:16.0875 3216 mraid35x - ok
18:47:16.0937 3216 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:47:17.0281 3216 MRxDAV - ok
18:47:17.0390 3216 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:47:17.0515 3216 MRxSmb - ok
18:47:17.0562 3216 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:47:17.0921 3216 MSDTC - ok
18:47:18.0015 3216 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:47:18.0375 3216 Msfs - ok
18:47:18.0406 3216 MSIServer - ok
18:47:18.0453 3216 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:47:18.0796 3216 MSKSSRV - ok
18:47:18.0843 3216 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:47:19.0203 3216 MSPCLOCK - ok
18:47:19.0250 3216 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:47:19.0609 3216 MSPQM - ok
18:47:19.0656 3216 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:47:19.0984 3216 mssmbios - ok
18:47:20.0046 3216 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:47:20.0109 3216 Mup - ok
18:47:20.0187 3216 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:47:20.0593 3216 napagent - ok
18:47:20.0625 3216 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:47:21.0000 3216 NDIS - ok
18:47:21.0078 3216 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:47:21.0156 3216 NdisTapi - ok
18:47:21.0218 3216 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:47:21.0578 3216 Ndisuio - ok
18:47:21.0625 3216 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:47:21.0984 3216 NdisWan - ok
18:47:22.0062 3216 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:47:22.0140 3216 NDProxy - ok
18:47:22.0218 3216 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:47:22.0578 3216 NetBIOS - ok
18:47:22.0625 3216 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:47:22.0984 3216 NetBT - ok
18:47:23.0015 3216 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
18:47:23.0421 3216 NetDDE - ok
18:47:23.0468 3216 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:47:23.0796 3216 NetDDEdsdm - ok
18:47:23.0859 3216 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:47:24.0250 3216 Netlogon - ok
18:47:24.0296 3216 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
18:47:24.0687 3216 Netman - ok
18:47:24.0750 3216 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:47:24.0906 3216 NetTcpPortSharing - ok
18:47:24.0953 3216 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
18:47:25.0031 3216 Nla - ok
18:47:25.0093 3216 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:47:25.0468 3216 Npfs - ok
18:47:25.0546 3216 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:47:25.0953 3216 Ntfs - ok
18:47:25.0984 3216 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:47:26.0328 3216 NtLmSsp - ok
18:47:26.0375 3216 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:47:26.0796 3216 NtmsSvc - ok
18:47:26.0859 3216 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:47:27.0171 3216 Null - ok
18:47:27.0250 3216 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:47:27.0578 3216 NwlnkFlt - ok
18:47:27.0671 3216 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:47:28.0015 3216 NwlnkFwd - ok
18:47:28.0078 3216 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:47:28.0390 3216 Parport - ok
18:47:28.0437 3216 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:47:28.0812 3216 PartMgr - ok
18:47:28.0859 3216 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:47:29.0187 3216 ParVdm - ok
18:47:29.0265 3216 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:47:29.0609 3216 PCI - ok
18:47:29.0640 3216 PCIDump - ok
18:47:29.0671 3216 PCIIde - ok
18:47:29.0718 3216 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:47:30.0093 3216 Pcmcia - ok
18:47:30.0125 3216 PDCOMP - ok
18:47:30.0171 3216 PDFRAME - ok
18:47:30.0203 3216 PDRELI - ok
18:47:30.0234 3216 PDRFRAME - ok
18:47:30.0281 3216 perc2 - ok
18:47:30.0312 3216 perc2hib - ok
18:47:30.0421 3216 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
18:47:30.0515 3216 PlugPlay - ok
18:47:30.0562 3216 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:47:30.0921 3216 PolicyAgent - ok
18:47:30.0968 3216 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:47:31.0312 3216 PptpMiniport - ok
18:47:31.0343 3216 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:47:31.0671 3216 ProtectedStorage - ok
18:47:31.0718 3216 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:47:32.0078 3216 PSched - ok
18:47:32.0140 3216 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:47:32.0484 3216 Ptilink - ok
18:47:32.0515 3216 ql1080 - ok
18:47:32.0546 3216 Ql10wnt - ok
18:47:32.0562 3216 ql12160 - ok
18:47:32.0593 3216 ql1240 - ok
18:47:32.0625 3216 ql1280 - ok
18:47:32.0718 3216 [ 583608EE65AABF971117A61AEE4BCAAE ] RalinkRegistryWriter C:\Program Files\TP-LINK\COMMON\RaRegistry.exe
18:47:32.0765 3216 RalinkRegistryWriter - ok
18:47:32.0812 3216 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:47:33.0140 3216 RasAcd - ok
18:47:33.0218 3216 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:47:33.0578 3216 RasAuto - ok
18:47:33.0625 3216 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:47:33.0984 3216 Rasl2tp - ok
18:47:34.0031 3216 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:47:34.0390 3216 RasMan - ok
18:47:34.0437 3216 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:47:34.0828 3216 RasPppoe - ok
18:47:34.0875 3216 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:47:35.0187 3216 Raspti - ok
18:47:35.0250 3216 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:47:35.0609 3216 Rdbss - ok
18:47:35.0656 3216 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:47:35.0968 3216 RDPCDD - ok
18:47:36.0062 3216 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:47:36.0437 3216 rdpdr - ok
18:47:36.0515 3216 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:47:37.0250 3216 RDPWD - ok
18:47:37.0343 3216 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:47:39.0531 3216 RDSessMgr - ok
18:47:39.0578 3216 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:47:40.0484 3216 redbook - ok
18:47:40.0531 3216 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:47:40.0875 3216 RemoteAccess - ok
18:47:40.0937 3216 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:47:41.0281 3216 RemoteRegistry - ok
18:47:41.0343 3216 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
18:47:41.0703 3216 RpcLocator - ok
18:47:41.0765 3216 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:47:41.0875 3216 RpcSs - ok
18:47:41.0937 3216 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:47:42.0312 3216 RSVP - ok
18:47:42.0390 3216 [ 487FC03649653349ACE757571EFC3EC9 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
18:47:42.0500 3216 rt2870 - ok
18:47:42.0546 3216 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
18:47:42.0890 3216 SamSs - ok
18:47:42.0953 3216 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:47:43.0281 3216 SCardSvr - ok
18:47:43.0359 3216 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:47:43.0734 3216 Schedule - ok
18:47:43.0781 3216 [ F34C06D1C706A6D9433570B087A18B02 ] Scutum50 C:\WINDOWS\system32\Drivers\Scutum50.sys
18:47:43.0812 3216 Scutum50 ( UnsignedFile.Multi.Generic ) - warning
18:47:43.0812 3216 Scutum50 - detected UnsignedFile.Multi.Generic (1)
18:47:43.0875 3216 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:47:44.0031 3216 Secdrv - ok
18:47:44.0078 3216 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:47:44.0390 3216 seclogon - ok
18:47:44.0437 3216 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
18:47:44.0796 3216 SENS - ok
18:47:44.0843 3216 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:47:45.0171 3216 serenum - ok
18:47:45.0218 3216 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:47:45.0578 3216 Serial - ok
18:47:45.0734 3216 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:47:46.0062 3216 Sfloppy - ok
18:47:46.0109 3216 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:47:46.0468 3216 SharedAccess - ok
18:47:46.0546 3216 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:47:46.0609 3216 ShellHWDetection - ok
18:47:46.0656 3216 Simbad - ok
18:47:46.0703 3216 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:47:46.0750 3216 SkypeUpdate - ok
18:47:46.0859 3216 [ 70B8DD8707DBF6142530C106365DF67D ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
18:47:46.0968 3216 smwdm - ok
18:47:46.0984 3216 Sparrow - ok
18:47:47.0031 3216 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:47:47.0375 3216 splitter - ok
18:47:47.0437 3216 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:47:47.0500 3216 Spooler - ok
18:47:47.0562 3216 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:47:47.0734 3216 sr - ok
18:47:47.0781 3216 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
18:47:47.0953 3216 srservice - ok
18:47:48.0078 3216 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:47:48.0265 3216 Srv - ok
18:47:48.0328 3216 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:47:48.0515 3216 SSDPSRV - ok
18:47:48.0593 3216 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:47:48.0968 3216 stisvc - ok
18:47:49.0031 3216 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:47:49.0375 3216 swenum - ok
18:47:49.0421 3216 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:47:49.0750 3216 swmidi - ok
18:47:49.0781 3216 SwPrv - ok
18:47:49.0812 3216 symc810 - ok
18:47:49.0859 3216 symc8xx - ok
18:47:49.0906 3216 sym_hi - ok
18:47:49.0937 3216 sym_u3 - ok
18:47:49.0984 3216 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:47:50.0296 3216 sysaudio - ok
18:47:50.0375 3216 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:47:50.0734 3216 SysmonLog - ok
18:47:50.0796 3216 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:47:51.0125 3216 TapiSrv - ok
18:47:51.0203 3216 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:47:51.0296 3216 Tcpip - ok
18:47:51.0343 3216 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:47:51.0703 3216 TDPIPE - ok
18:47:51.0750 3216 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:47:52.0093 3216 TDTCP - ok
18:47:52.0406 3216 [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
18:47:52.0640 3216 TeamViewer8 - ok
18:47:52.0687 3216 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:47:53.0062 3216 TermDD - ok
18:47:53.0125 3216 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
18:47:53.0437 3216 TermService - ok
18:47:53.0515 3216 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
18:47:53.0562 3216 Themes - ok
18:47:53.0609 3216 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:47:53.0812 3216 TlntSvr - ok
18:47:53.0859 3216 TosIde - ok
18:47:53.0921 3216 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:47:54.0265 3216 TrkWks - ok
18:47:54.0328 3216 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:47:54.0640 3216 Udfs - ok
18:47:54.0671 3216 ultra - ok
18:47:54.0750 3216 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:47:55.0125 3216 Update - ok
18:47:55.0171 3216 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
18:47:55.0359 3216 upnphost - ok
18:47:55.0421 3216 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
18:47:55.0765 3216 UPS - ok
18:47:55.0828 3216 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:47:56.0156 3216 usbhub - ok
18:47:56.0203 3216 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:47:56.0515 3216 USBSTOR - ok
18:47:56.0578 3216 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:47:56.0890 3216 usbuhci - ok
18:47:56.0937 3216 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:47:57.0281 3216 VgaSave - ok
18:47:57.0296 3216 ViaIde - ok
18:47:57.0343 3216 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:47:57.0671 3216 VolSnap - ok
18:47:57.0703 3216 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
18:47:57.0890 3216 VSS - ok
18:47:57.0937 3216 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
18:47:58.0250 3216 W32Time - ok
18:47:58.0343 3216 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:47:58.0671 3216 Wanarp - ok
18:47:58.0703 3216 WDICA - ok
18:47:58.0750 3216 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:47:59.0046 3216 wdmaud - ok
18:47:59.0125 3216 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:47:59.0468 3216 WebClient - ok
18:47:59.0515 3216 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
18:47:59.0546 3216 WinDefend - ok
18:47:59.0671 3216 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:47:59.0968 3216 winmgmt - ok
18:48:00.0062 3216 [ 6199B2AE3F9DB9CB6DB230471A1DC601 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
18:48:00.0421 3216 WmdmPmSN - ok
18:48:00.0484 3216 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:48:00.0593 3216 Wmi - ok
18:48:00.0656 3216 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:48:01.0000 3216 WmiApSrv - ok
18:48:01.0156 3216 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:48:01.0281 3216 WPFFontCache_v0400 - ok
18:48:01.0359 3216 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:48:01.0718 3216 wscsvc - ok
18:48:01.0781 3216 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:48:02.0171 3216 WZCSVC - ok
18:48:02.0234 3216 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:48:02.0625 3216 xmlprov - ok
18:48:02.0687 3216 ================ Scan global ===============================
18:48:02.0734 3216 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
18:48:02.0796 3216 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
18:48:02.0859 3216 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
18:48:02.0906 3216 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
18:48:02.0937 3216 [Global] - ok
18:48:02.0953 3216 ================ Scan MBR ==================================
18:48:02.0984 3216 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
18:48:03.0328 3216 \Device\Harddisk0\DR0 - ok
18:48:03.0484 3216 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk1\DR1
18:48:04.0375 3216 \Device\Harddisk1\DR1 - ok
18:48:04.0390 3216 ================ Scan VBR ==================================
18:48:04.0406 3216 [ FF4770AB036DAF5C2AC1814E9B25B1E1 ] \Device\Harddisk0\DR0\Partition1
18:48:04.0406 3216 \Device\Harddisk0\DR0\Partition1 - ok
18:48:04.0437 3216 [ AE02F7EF01D2D08536263C7FCA1E7743 ] \Device\Harddisk0\DR0\Partition2
18:48:04.0437 3216 \Device\Harddisk0\DR0\Partition2 - ok
18:48:04.0546 3216 [ 35DE4012487C9CDBBCCA90B0B28C2478 ] \Device\Harddisk1\DR1\Partition1
18:48:04.0546 3216 \Device\Harddisk1\DR1\Partition1 - ok
18:48:04.0562 3216 ============================================================
18:48:04.0562 3216 Scan finished
18:48:04.0562 3216 ============================================================
18:48:04.0703 3208 Detected object count: 3
18:48:04.0703 3208 Actual detected object count: 3
18:51:17.0343 3208 BlackBox ( UnsignedFile.Multi.Generic ) - skipped by user
18:51:17.0343 3208 BlackBox ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:51:17.0343 3208 HPFECP13 ( UnsignedFile.Multi.Generic ) - skipped by user
18:51:17.0343 3208 HPFECP13 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:51:17.0359 3208 Scutum50 ( UnsignedFile.Multi.Generic ) - skipped by user
18:51:17.0359 3208 Scutum50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:51:21.0265 2180 Deinitialize success

[Mamlas01]

Díky moc vše pracuje jak má.