100% vytíženost, iexplorer.exe

Zpráva

troubler · #1 Příspěvek od **troubler** » 09 pro 2014 23:57

Ahoj, mohl by mi prosím někdo poradit? Cca 15 min. po zapnutí počítače mi neustále ve správci úloh běží několik uloh pod názvem iexplorer. Nejde na PC normálně pracovat. Zkoušel jsem antiviry AVAST, ESET, AVG nic nenešli., ale na ten který jsem spoléhal a to malwarebyte, mi po instalci nejde z plochy ani spustit

.
Na PC nemůžu ani provádět platby přes internetové bankovnictví GE Money Bank, jelikož ta jejich stránka se chová do poslední chvíle jako jejich ale po zadání přihl.údajů to po mě chce stažení aplikace do mobilu. Na info lince mi bylo sděleno, že se jedná o vir v mém PC ať žádnou takovou aplikaci do chytreho telefonu nestahuji.
Co dělat a čím začít? Do přeinstalovaní OS se mi nechce.

Děkuji

#2 Příspěvek od **altrok** » 10 pro 2014 00:04

Dobry vecer

Zadnou aplikaci do telefonu opravdu neinstalujte, protoze se jedna o zpusob obchazeni dvoufaktorove autentizace a utocnik ma velikou sanci s Vasim uctem operovat, ne-li uplnou

Zacneme standardne, tj. logem z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=130786

troubler · #3 Příspěvek od **troubler** » 10 pro 2014 07:49

Dobrý den,
děkuji za rychlou reakci a ochotu. Tak PC dnes pracuje jak má. Ale to je vždy zdánlivé...Jednou tak pak zase jinak.
------------------------------------------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrator at 2014-12-10 07:42:21
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 26 GB (67%) free of 38 GB
Total RAM: 510 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:42:40, on 10.12.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

--
End of file - 4358 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job - C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe --scan=full
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-583907252-527237240-500Core.job - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-583907252-527237240-500UA.job - C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll [2008-11-10 452088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-02-10 118784]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-01-11 577536]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IS360tray.exe [2010-06-11 1280344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2012-06-12 116648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"Run"="C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Windows\IEUpdate\scardsvr.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ActionVoip.com\ActionVoip\ActionVoip.exe"="C:\Program Files\ActionVoip.com\ActionVoip\ActionVoip.exe:*:Enabled:ActionVoip"
"C:\Program Files\Software602\602SQL11\602gcli11.exe"="C:\Program Files\Software602\602SQL11\602gcli11.exe:*:Enabled:602SQL Management and Development Client"
"C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\AVG\AVG2015\avgmfapx.exe"="C:\Program Files\AVG\AVG2015\avgmfapx.exe:*:Enabled:Instalátor AVG"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.inf - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
.ini - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
.js - open - "%SystemRoot%\System32\WScript.exe" "%1" %*
.txt - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1

======List of files/folders created in the last 1 month======

2014-12-10 07:42:22 ----D---- C:\Program Files\trend micro
2014-12-10 07:42:21 ----D---- C:\rsit
2014-12-09 10:28:05 ----D---- C:\Documents and Settings\Administrator\Data aplikací\IObit
2014-12-09 09:08:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2014-12-09 09:08:24 ----D---- C:\Program Files\IObit
2014-12-05 11:58:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\BitDefender
2014-12-05 11:20:17 ----D---- C:\Documents and Settings\Administrator\Data aplikací\LavasoftStatistics
2014-12-05 11:02:45 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2014-12-05 10:49:31 ----D---- C:\Program Files\Lavasoft

======List of files/folders modified in the last 1 month======

2014-12-10 07:42:33 ----D---- C:\WINDOWS\Prefetch
2014-12-10 07:42:22 ----RD---- C:\Program Files
2014-12-09 15:43:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-12-09 15:19:18 ----D---- C:\WINDOWS\Temp
2014-12-09 15:10:53 ----A---- C:\WINDOWS\Hrbitov.INI
2014-12-09 11:40:40 ----D---- C:\WINDOWS\system32
2014-12-09 07:04:49 ----D---- C:\WINDOWS
2014-12-08 08:41:49 ----D---- C:\Config.Msi
2014-12-08 08:41:44 ----SHD---- C:\WINDOWS\Installer
2014-12-08 08:38:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2014-12-08 08:38:29 ----D---- C:\Program Files\Common Files
2014-12-08 08:36:34 ----D---- C:\WINDOWS\system32\drivers
2014-12-08 07:39:32 ----D---- C:\WINDOWS\system32\CatRoot2
2014-12-05 11:13:49 ----HD---- C:\WINDOWS\inf
2014-12-05 10:20:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-11-18 07:51:40 ----SD---- C:\WINDOWS\Tasks
2014-11-13 07:18:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-11-13 07:00:36 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-02-08 3846016]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 mvusbews;USB EWS Device; C:\WINDOWS\System32\Drivers\mvusbews.sys [2009-12-04 17408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S1 athmtbkd;athmtbkd; \??\C:\WINDOWS\system32\drivers\athmtbkd.sys []
S1 dzbsovcr;dzbsovcr; \??\C:\WINDOWS\system32\drivers\dzbsovcr.sys []
S1 fbtzwefb;fbtzwefb; \??\C:\WINDOWS\system32\drivers\fbtzwefb.sys []
S1 kxevnznq;kxevnznq; \??\C:\WINDOWS\system32\drivers\kxevnznq.sys []
S1 ovfjjeoh;ovfjjeoh; \??\C:\WINDOWS\system32\drivers\ovfjjeoh.sys []
S1 qqtvtdpv;qqtvtdpv; \??\C:\WINDOWS\system32\drivers\qqtvtdpv.sys []
S1 ulxvdwgj;ulxvdwgj; \??\C:\WINDOWS\system32\drivers\ulxvdwgj.sys []
S1 vborbcek;vborbcek; \??\C:\WINDOWS\system32\drivers\vborbcek.sys []
S1 wojizubl;wojizubl; \??\C:\WINDOWS\system32\drivers\wojizubl.sys []
S1 wwozxqiu;wwozxqiu; \??\C:\WINDOWS\system32\drivers\wwozxqiu.sys []
S3 andnetadb;ADB Interface DriverNet; C:\WINDOWS\System32\Drivers\lgandnetadb.sys [2013-04-18 25856]
S3 avchv;avchv Function Driver; C:\WINDOWS\system32\DRIVERS\avchv.sys []
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WinUSB;Sony Ericsson USB Device sa0101 Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 HPSIService;HP SI Service; C:\WINDOWS\system32\HPSIsvc.exe [2009-12-03 99896]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#4 Příspěvek od **altrok** » 10 pro 2014 10:38

Pocitac zdrave opravdu jen vypada...

Ulozte na plochu OTM - http://oldtimer.geekstogo.com/OTM.exe
ukoncete vsechny programy
kliknete pravym na ikonu OTM.exe a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
obsah bileho pole zkopirujte do leveho okna OTM a kliknete na MoveIt!
po restartu vlozte log, ktery bude v C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log

Kód: Vybrat vše

:commands
[Purity]
[EmptyTemp]
[EmptyFlash]
[EmptyJava]
[CreateRestorePoint]

:services
athmtbkd
dzbsovcr
fbtzwefb
kxevnznq
ovfjjeoh
qqtvtdpv
ulxvdwgj
vborbcek
wojizubl
wwozxqiu

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\WINDOWS\system32\drivers\athmtbkd.sys
C:\WINDOWS\system32\drivers\dzbsovcr.sys
C:\WINDOWS\system32\drivers\fbtzwefb.sys
C:\WINDOWS\system32\drivers\kxevnznq.sys
C:\WINDOWS\system32\drivers\ovfjjeoh.sys
C:\WINDOWS\system32\drivers\qqtvtdpv.sys
C:\WINDOWS\system32\drivers\ulxvdwgj.sys
C:\WINDOWS\system32\drivers\vborbcek.sys
C:\WINDOWS\system32\drivers\wojizubl.sys
C:\WINDOWS\system32\drivers\wwozxqiu.sys

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-

troubler · #5 Příspěvek od **troubler** » 10 pro 2014 11:49

Zde je:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 98396916 bytes
->Temporary Internet Files folder emptied: 3834777 bytes
->Java cache emptied: 801085 bytes
->Flash cache emptied: 1012 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33983 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6197748 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7970559 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 237760494 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 339,00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb

Restore point Set: OTM Restore Point
========== SERVICES/DRIVERS ==========
Service athmtbkd stopped successfully!
Service athmtbkd deleted successfully!
Service dzbsovcr stopped successfully!
Service dzbsovcr deleted successfully!
Service fbtzwefb stopped successfully!
Service fbtzwefb deleted successfully!
Service kxevnznq stopped successfully!
Service kxevnznq deleted successfully!
Service ovfjjeoh stopped successfully!
Service ovfjjeoh deleted successfully!
Service qqtvtdpv stopped successfully!
Service qqtvtdpv deleted successfully!
Service ulxvdwgj stopped successfully!
Service ulxvdwgj deleted successfully!
Service vborbcek stopped successfully!
Service vborbcek deleted successfully!
Service wojizubl stopped successfully!
Service wojizubl deleted successfully!
Service wwozxqiu stopped successfully!
Service wwozxqiu deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP105.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP114.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1C7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP244.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3B1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP491.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4B7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4D1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5AD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5BC.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5D6.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6C5.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6D7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6F1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP70A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7ED.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8CE.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8E2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP911.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP921.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA07.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEA.tmp folder moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\Installer\MSI70.tmp moved successfully.
C:\WINDOWS\Installer\MSI72.tmp moved successfully.
C:\WINDOWS\Installer\MSI79.tmp moved successfully.
File/Folder C:\WINDOWS\system32\drivers\athmtbkd.sys not found.
File/Folder C:\WINDOWS\system32\drivers\dzbsovcr.sys not found.
File/Folder C:\WINDOWS\system32\drivers\fbtzwefb.sys not found.
File/Folder C:\WINDOWS\system32\drivers\kxevnznq.sys not found.
File/Folder C:\WINDOWS\system32\drivers\ovfjjeoh.sys not found.
File/Folder C:\WINDOWS\system32\drivers\qqtvtdpv.sys not found.
File/Folder C:\WINDOWS\system32\drivers\ulxvdwgj.sys not found.
File/Folder C:\WINDOWS\system32\drivers\vborbcek.sys not found.
File/Folder C:\WINDOWS\system32\drivers\wojizubl.sys not found.
File/Folder C:\WINDOWS\system32\drivers\wwozxqiu.sys not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 12102014_114018

Files moved on Reboot...

Registry entries deleted on Reboot...

#6 Příspěvek od **altrok** » 10 pro 2014 13:48

Odinstalujte vse od IObit (cinske smejdy, karieru zacaly kradezi databaze jine renomovane spolecnosti, i v soucasnosti utility teto firmy hledaji neexistujici problemy, ktere "opravi" takovym zpusobem, ze system skonci reinstalem) a Ad-Aware

Nainstalujte nejaky overeny antivir. Z free reseni se dlouhodobe dobrymi vysledky prezentuji avast! Free nebo Avira.

Pouzijte utilitu dle navodu kolegy

vyosek píše: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
Ulozte nejlepe na Plochu a rozbalte

Spustte kliknutim na mbar

Nyni postupne kliknete na Next a Update

Po dokonceni update (aktualizace) databaze kliknete opet na Next

Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC

Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko

Tez zkontrolujte, jetsli je zatrzitko u Create Restore point

Nyni kliknete na CleanUp cimz nalezenou infekci odstranime

PC bude restartovan

Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

troubler · #7 Příspěvek od **troubler** » 13 pro 2014 15:16

Děkuji, posílám další log.
Akorát jsem chtěl smazat IObit a nejde mi to. Při pokliku ve složce IObit na unins000.exe Píše mi, že chybí soubor unins000.msg k odinstalovaní, nevíte jak ho smazat? Zkousel jsem i Ovladací panely ->pridat nebo odebrat tam ten program ani nevidím.

---------------------------------------------------------------------------------

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: HRBITOV-PC [administrator]

12.12.2014 16:51:33
mbar-log-2014-12-12 (16-51-33).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 289424
Time elapsed: 1 hour(s), 43 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKU\S-1-5-21-1614895754-583907252-527237240-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|Run (Trojan.Agent) -> Data: "C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Windows\IEUpdate\scardsvr.exe" -> Delete on reboot. [4aaa253cb5c73303084715441ce731cf]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 1
Physical Sector #63 on Drive #0 (Rootkit.Cidox.H.VBR) -> Replace on reboot. [7d1de99e2e6369ae220a794104ef4e75]

(end)

#8 Příspěvek od **altrok** » 13 pro 2014 15:40

O IObit se ted nemusite starat... odstrelim ho pak rucne

Soubor C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Windows\IEUpdate\scardsvr.exe zabalte (.zip/.rar) a nahrejte napr. na leteckaposta.cz nebo ulozto... za zadnych okolnosti tento soubor nespoustejte

Pouzijte pak tuto utilitu

vyosek píše: Stahnete si TDSSKiller http://media.kaspersky.com/utilities/Vi ... killer.exe
Po spusteni odsouhlaste licencni podminky (klik na Accept)

Kliknete na volbu Change parametrs

V okne Additional Option zakliknete vsechny moznosti

Kliknete na OK

Utilite prikazte, at skenuje - klik na Start Scan

Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip

Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip

Pokud mate vsude Skip, kliknete na Continue

Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

troubler · #9 Příspěvek od **troubler** » 15 pro 2014 13:51

Soubor byl uložený jinde než jste psal, našel jsem ho na C:Windows/system32 zabalil jsem ho odeslal na uloz.to. Original s připonou .exe jsem tam nechal v té složce. Zabalený .rar jsem přetáhl na plochu.

Zde posílám log
13:33:09.0187 0x0f78 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
13:33:20.0046 0x0f78 ============================================================
13:33:20.0046 0x0f78 Current date / time: 2014/12/15 13:33:20.0046
13:33:20.0046 0x0f78 SystemInfo:
13:33:20.0046 0x0f78
13:33:20.0046 0x0f78 OS Version: 5.1.2600 ServicePack: 3.0
13:33:20.0046 0x0f78 Product type: Workstation
13:33:20.0046 0x0f78 ComputerName: HRBITOV-PC
13:33:20.0046 0x0f78 UserName: Administrator
13:33:20.0046 0x0f78 Windows directory: C:\WINDOWS
13:33:20.0046 0x0f78 System windows directory: C:\WINDOWS
13:33:20.0046 0x0f78 Processor architecture: Intel x86
13:33:20.0046 0x0f78 Number of processors: 1
13:33:20.0046 0x0f78 Page size: 0x1000
13:33:20.0046 0x0f78 Boot type: Normal boot
13:33:20.0046 0x0f78 ============================================================
13:33:31.0375 0x0f78 KLMD registered as C:\WINDOWS\system32\drivers\50747823.sys
13:33:33.0765 0x0f78 System UUID: {6D8327FE-731B-F83C-D82A-46C466EBF9EE}
13:33:41.0546 0x0f78 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 ( 37.27 Gb ), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:33:42.0031 0x0f78 ============================================================
13:33:42.0031 0x0f78 \Device\Harddisk0\DR0:
13:33:42.0078 0x0f78 MBR partitions:
13:33:42.0093 0x0f78 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
13:33:42.0093 0x0f78 ============================================================
13:33:42.0218 0x0f78 C: <-> \Device\Harddisk0\DR0\Partition1
13:33:42.0625 0x0f78 ============================================================
13:33:42.0625 0x0f78 Initialize success
13:33:42.0625 0x0f78 ============================================================
13:34:54.0609 0x0ea0 ============================================================
13:34:54.0609 0x0ea0 Scan started
13:34:54.0609 0x0ea0 Mode: Manual; SigCheck; TDLFS;
13:34:54.0609 0x0ea0 ============================================================
13:34:54.0609 0x0ea0 KSN ping started
13:34:58.0625 0x0ea0 KSN ping finished: true
13:35:03.0031 0x0ea0 ================ Scan system memory ========================
13:35:03.0046 0x0ea0 System memory - ok
13:35:03.0046 0x0ea0 ================ Scan services =============================
13:35:03.0968 0x0ea0 [ D76E9F5A991458A9F7E28395479B3150, 57289AB6B63595406B2EE9A053E6B7FB83FE340A573D81C7543565207175FB64 ] 6to4 C:\WINDOWS\System32\6to4svc.dll
13:35:18.0562 0x0ea0 6to4 - ok
13:35:18.0953 0x0ea0 Abiosdsk - ok
13:35:19.0000 0x0ea0 abp480n5 - ok
13:35:19.0218 0x0ea0 [ 4FE34F1F3126B61FCC6B2043AA8112C9, DE370865E47A5D2A4B227EEFFB42384F67F08D622BF936A9C9CEF70CC47F324B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:35:24.0937 0x0ea0 ACPI - ok
13:35:24.0984 0x0ea0 [ AFDFF022A01F0B11C776F0860C3B282F, 135E5257B62D921B76271014301E9EA1E2383D5DBB04E475DC3A7EFFD2561F56 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:35:25.0562 0x0ea0 ACPIEC - ok
13:35:25.0593 0x0ea0 adpu160m - ok
13:35:25.0812 0x0ea0 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:35:26.0843 0x0ea0 aec - ok
13:35:26.0953 0x0ea0 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:35:27.0375 0x0ea0 AFD - ok
13:35:27.0468 0x0ea0 Aha154x - ok
13:35:27.0484 0x0ea0 aic78u2 - ok
13:35:27.0515 0x0ea0 aic78xx - ok
13:35:29.0890 0x0ea0 [ 6D3077C3346DE5B13835FB859C69A2EA, 2C0FFB8B96CB8627D0F7B8CF49B488B76D5E2DD9E129BADFA8CFDA691579BAD1 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:35:34.0031 0x0ea0 ALCXWDM - ok
13:35:34.0125 0x0ea0 [ E0A6FA244B8624D78FE5FF6F56A33BAE, 26B828FDB03AE4A4F1DC7A1792F9BAD69CF947897D47F5E567F24F4B6D5CB541 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:35:34.0515 0x0ea0 Alerter - ok
13:35:34.0578 0x0ea0 [ 88842DE939A827577BF24243699AC80A, A49C9A6A9941F3A2FBBCFE1F6DB48B632739D00670AC98ECCCBC7FD9E786B21A ] ALG C:\WINDOWS\System32\alg.exe
13:35:34.0812 0x0ea0 ALG - ok
13:35:34.0828 0x0ea0 AliIde - ok
13:35:34.0859 0x0ea0 amsint - ok
13:35:34.0875 0x0ea0 andnetadb - ok
13:35:35.0015 0x0ea0 [ 6B8E7A90E576D4FE308F97C69060A171, 6CE49BC78715737D78E05DECAC23E26A5672ACD2CF3D10154FEA9D47B318D47C ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:35:35.0406 0x0ea0 AppMgmt - ok
13:35:35.0437 0x0ea0 asc - ok
13:35:35.0453 0x0ea0 asc3350p - ok
13:35:35.0484 0x0ea0 asc3550 - ok
13:35:35.0671 0x0ea0 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:35:35.0765 0x0ea0 aspnet_state - ok
13:35:35.0859 0x0ea0 [ 9D23DE88C3B18BA87CD4587177CA6CEA, 46DBB867FC73E30320852F744F38B66906DD5B96C4EBB03F504CF33E867A8470 ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys
13:35:36.0453 0x0ea0 aswHwid - ok
13:35:36.0562 0x0ea0 [ 73A9014A9C4B19AA093DA05ED4246E27, F03C8433EB00229490BCD293CC97EF72452E156212D56C24BBA95C8E1B207D1A ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
13:35:36.0828 0x0ea0 aswMonFlt - ok
13:35:36.0875 0x0ea0 [ 0926775B8C3B32EE99921CCB0F85378E, 21A46B124B3E9F2569030E2DF591858B85AA640DDBB5C994B5C00A1E78C9EF67 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
13:35:37.0015 0x0ea0 aswRdr - ok
13:35:37.0062 0x0ea0 [ 6544697080421E62E97AAFBD0A8AA391, BB3F492BF828A147B82FDD1FC9EB9867D96DE0481554A59745D41C6BAB551700 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
13:35:37.0250 0x0ea0 aswRvrt - ok
13:35:37.0687 0x0ea0 [ E73CBE3420ECFA8FF7D0467E170E335D, B994342C92AE9167908B8CA3D03DC278E919C7073512461AFFD4C25E8D2D8D66 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
13:35:38.0406 0x0ea0 aswSnx - ok
13:35:38.0656 0x0ea0 [ 1624D5AD126B8AFE2B2E85E5B8364EB6, AB97A74C1CA9921F7753D98516D7E11750D5D3ACD143C83273B0B295625440A0 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
13:35:39.0015 0x0ea0 aswSP - ok
13:35:39.0125 0x0ea0 [ 4C0ECF1AFA6992904814C74B99DD36F9, AA0D9BA7FE829888C636EC9D72E8E2D987A1C3FF092F95A38EC607CEE25A91F8 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
13:35:39.0218 0x0ea0 aswTdi - ok
13:35:39.0312 0x0ea0 [ 0EFBC2962B156E8AC267F96D4D93EF06, 8A69672CE8B68A0A683D583287473BFAB7CF8B9771C22E398607CF2A151C7124 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
13:35:39.0484 0x0ea0 aswVmm - ok
13:35:39.0562 0x0ea0 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:35:39.0968 0x0ea0 AsyncMac - ok
13:35:40.0046 0x0ea0 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:35:40.0500 0x0ea0 atapi - ok
13:35:40.0515 0x0ea0 Atdisk - ok
13:35:40.0593 0x0ea0 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:35:41.0796 0x0ea0 Atmarpc - ok
13:35:41.0859 0x0ea0 [ DE31B88962A8645DBA5A37B993E7B0F1, CA93F25A3FD0CE68BB9B8E3AB6B813BF38DE3EDDFC990291B3957FAA59B2B274 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:35:42.0484 0x0ea0 AudioSrv - ok
13:35:42.0531 0x0ea0 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:35:43.0187 0x0ea0 audstub - ok
13:35:43.0343 0x0ea0 [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:35:43.0562 0x0ea0 avast! Antivirus - ok
13:35:43.0578 0x0ea0 avchv - ok
13:35:43.0656 0x0ea0 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:35:44.0515 0x0ea0 Beep - ok
13:35:44.0781 0x0ea0 [ 19395D092FD85DDC2D9C7729CF5A2AC8, 7640F36BA19698EE8A6257BF78A8C57DD9D734BED9CA6BB9B68603BAEA092412 ] BITS C:\WINDOWS\system32\qmgr.dll
13:35:45.0843 0x0ea0 BITS - ok
13:35:45.0953 0x0ea0 [ 89E739BBA5F636297EA5B5F811189E06, 151B32B12F5DD0D388134DA2471FE9741CF22B9C408DA58FEF8019D3C4EC836B ] Browser C:\WINDOWS\System32\browser.dll
13:35:46.0312 0x0ea0 Browser - ok
13:35:46.0359 0x0ea0 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:35:46.0906 0x0ea0 cbidf2k - ok
13:35:46.0968 0x0ea0 cd20xrnt - ok
13:35:47.0187 0x0ea0 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:35:47.0671 0x0ea0 Cdaudio - ok
13:35:47.0750 0x0ea0 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:35:48.0218 0x0ea0 Cdfs - ok
13:35:48.0296 0x0ea0 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:35:48.0812 0x0ea0 Cdrom - ok
13:35:48.0843 0x0ea0 Changer - ok
13:35:48.0906 0x0ea0 [ E390DC1D7C461D7D56EC53402F329928, FB37F84E71353CD83FCDDD39C898C6D84C05130C5F1BEF022E3DFDE160398C0E ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:35:49.0312 0x0ea0 CiSvc - ok
13:35:49.0453 0x0ea0 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA, 1725067BC759484A7185A4F1A44ED3CBE481529D187FE98EF279425B79177EB1 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:35:49.0875 0x0ea0 ClipSrv - ok
13:35:49.0968 0x0ea0 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:35:50.0078 0x0ea0 clr_optimization_v2.0.50727_32 - ok
13:35:50.0093 0x0ea0 CmdIde - ok
13:35:50.0140 0x0ea0 COMSysApp - ok
13:35:50.0203 0x0ea0 Cpqarray - ok
13:35:50.0265 0x0ea0 [ F3AB0933CBD166D271992F411C27CCAF, 50E01F3B058F814BE914FA5050B2D972E8584A467719A5ABCF9D9EBD596A54A7 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:35:50.0781 0x0ea0 CryptSvc - ok
13:35:50.0796 0x0ea0 dac2w2k - ok
13:35:50.0828 0x0ea0 dac960nt - ok
13:35:51.0046 0x0ea0 [ BE27674D1CBC3214AEC84B4336A38BBF, 3DF5F9A9E97595A61314B2731DF4F3D3C19D1B9D2291624A63B8E1861FFC2D76 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:35:51.0609 0x0ea0 DcomLaunch - ok
13:35:51.0734 0x0ea0 [ 8C9A53E285AC5E6704844D0459EC85BE, 9E86AF4C06CEC007C9B1590B6E056319603E4D79BED0C2471C6F1BC251B380CF ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:35:52.0250 0x0ea0 Dhcp - ok
13:35:52.0296 0x0ea0 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:35:52.0859 0x0ea0 Disk - ok
13:35:52.0875 0x0ea0 dmadmin - ok
13:35:53.0250 0x0ea0 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C, 46074FBBC5E4A40A7B3A45636089DEDD2A619778C7DCD797571C2BB64D775F7E ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:35:54.0312 0x0ea0 dmboot - ok
13:35:54.0437 0x0ea0 [ FFF1720AF51171F32F1EAD5CF71F2810, 2E40D63DC7670C1E88A532DB8923A98ABC8481C351C4D915C2753E10BA77F36D ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:35:54.0968 0x0ea0 dmio - ok
13:35:55.0015 0x0ea0 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:35:55.0640 0x0ea0 dmload - ok
13:35:55.0687 0x0ea0 [ 2BFEFE9E865655A76982F050450B9591, 15C7D093D638770519AA43E7D8897310F32AB1F217027F5750D799494A985C35 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:35:56.0218 0x0ea0 dmserver - ok
13:35:56.0296 0x0ea0 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:35:57.0062 0x0ea0 DMusic - ok
13:35:57.0125 0x0ea0 [ DFAA406BF19F4EE806A6F8D4342137F7, EE2C11B3E37565FC009E323607B2F5F148F9219012EDF848CEFC1B273DAA98A9 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:35:57.0312 0x0ea0 Dnscache - ok
13:35:57.0437 0x0ea0 [ 4A3E2BD20157A0946751229E92EB8621, D8C00CC2C18C517F7262EBC3C511C062E5ABA797056AEB22AC5DEB306BA8C526 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:35:57.0953 0x0ea0 Dot3svc - ok
13:35:57.0968 0x0ea0 dpti2o - ok
13:35:58.0015 0x0ea0 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:35:58.0531 0x0ea0 drmkaud - ok
13:35:58.0593 0x0ea0 [ 0887D9C2BE8D940778CAD1E3B85F2A41, 2E30DC06D46A5E174B7CAA2D70BDB697015495942572E90425E2EE7AC541BCF4 ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:35:59.0078 0x0ea0 EapHost - ok
13:35:59.0171 0x0ea0 [ A2A4912798F2BE706ABADD3D30800D16, CCCCA389D22525D984DE9B59E4CEBE0EEEF315F725176EB5C4DC1A5B6157234A ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:35:59.0781 0x0ea0 ERSvc - ok
13:35:59.0890 0x0ea0 [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] Eventlog C:\WINDOWS\system32\services.exe
13:36:00.0062 0x0ea0 Eventlog - ok
13:36:00.0250 0x0ea0 [ A371F11EF07653591C8DE26AFB13CE7F, 1192EDC8B146F1C27E8CD7E126DDC044F8B368C2E891A90CD81620D48C9550B6 ] EventSystem C:\WINDOWS\system32\es.dll
13:36:00.0656 0x0ea0 EventSystem - ok
13:36:00.0796 0x0ea0 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:36:01.0500 0x0ea0 Fastfat - ok
13:36:01.0640 0x0ea0 [ EE9A2B9EA968A792A053C9D1A86BF870, 39798179F2EA42216CBE98F08ADA3675A87BD0C31A66534367B96CB129AF36BA ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:36:01.0875 0x0ea0 FastUserSwitchingCompatibility - ok
13:36:01.0937 0x0ea0 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:36:02.0687 0x0ea0 Fdc - ok
13:36:02.0734 0x0ea0 [ AC366695A0796560AA37215AD5762AAF, 6ADC7443EA42D77199D4879AF3C33A07914116C69A34B895D8CB8444EE50077F ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:36:03.0546 0x0ea0 Fips - ok
13:36:03.0609 0x0ea0 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:36:04.0375 0x0ea0 Flpydisk - ok
13:36:04.0546 0x0ea0 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:36:05.0062 0x0ea0 FltMgr - ok
13:36:05.0187 0x0ea0 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:36:05.0265 0x0ea0 FontCache3.0.0.0 - ok
13:36:05.0296 0x0ea0 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:36:05.0703 0x0ea0 Fs_Rec - ok
13:36:05.0796 0x0ea0 [ 4E664D8541DB4A66B73A24257E322E1F, 17A2140AFE2B41E579FCCAFB82532853AD90A6EDBCB13DE80741DAE0AD5B4CC9 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:36:06.0281 0x0ea0 Ftdisk - ok
13:36:06.0359 0x0ea0 [ 065639773D8B03F33577F6CDAEA21063, F20D0F3256F5F894CCA48755B23679619B5D02A0F64A142FC6CB619FC0952067 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:36:06.0953 0x0ea0 gameenum - ok
13:36:07.0062 0x0ea0 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:36:07.0703 0x0ea0 Gpc - ok
13:36:07.0843 0x0ea0 [ FCFE31FB75F8A6295B6B0AF87A626282, 6BA385797DBC73EB29EFE3293B80C21B1B8A1E9B87A462476E73C526C9565E5F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:36:08.0593 0x0ea0 helpsvc - ok
13:36:08.0625 0x0ea0 HidServ - ok
13:36:08.0734 0x0ea0 [ 7A6B320928F86BC851530D63C82965D9, 1F628759D31098DFBC05244735B5A62ACD8E45DBC5C9D236260D68EB8F1E28F5 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:36:09.0484 0x0ea0 hkmsvc - ok
13:36:09.0500 0x0ea0 hpn - ok
13:36:09.0671 0x0ea0 [ 61BFFBF840EB7285F630B5B4F1CCBC08, 012D9BA08F04A52537939B698EB66106456FB218A7A5AAAB236BF8FC2BF0D9CE ] HPSIService C:\WINDOWS\system32\HPSIsvc.exe
13:36:09.0890 0x0ea0 HPSIService - ok
13:36:10.0078 0x0ea0 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:36:10.0578 0x0ea0 HTTP - ok
13:36:10.0734 0x0ea0 [ 58FE2F2DA3BC5573F4A35B3760D3125F, B241ACCE426402EC64DC34C49CECB8CDC0851986D54BFCCED7040D6C43F5787A ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:36:11.0187 0x0ea0 HTTPFilter - ok
13:36:11.0203 0x0ea0 i2omgmt - ok
13:36:11.0234 0x0ea0 i2omp - ok
13:36:11.0328 0x0ea0 [ C528E27945367191E7BAE364930B6932, 1B95C7B49B4CAE734DC6C9EC22555C5356EEC856B8491C761C777479264CF854 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:36:11.0875 0x0ea0 i8042prt - ok
13:36:12.0234 0x0ea0 [ DA58A8BE6A445835F603720C4BC8837E, 3B73ECB8A4E3BCD15822F8FB794F0F2D3D6F118C7C59B68C82E1CCDC5D242F2E ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:36:13.0796 0x0ea0 ialm - ok
13:36:14.0468 0x0ea0 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:36:15.0515 0x0ea0 idsvc - ok
13:36:15.0640 0x0ea0 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:36:16.0062 0x0ea0 Imapi - ok
13:36:16.0187 0x0ea0 [ F7B93AAFAD33B2320954C17E26C8D361, 8CFDB11A68B59E195F280BE08B25FA59F1F70833832919B8BECCE17616999934 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:36:16.0921 0x0ea0 ImapiService - ok
13:36:16.0953 0x0ea0 ini910u - ok
13:36:17.0031 0x0ea0 [ 57D928E548B38502ABBA7A77A6EB7312, AD26B8096D918269BD7D9D454BB93850BCE595CE9E2A396F45777E7312396B33 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
13:36:17.0718 0x0ea0 IntelIde - ok
13:36:17.0796 0x0ea0 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:36:18.0796 0x0ea0 Ip6Fw - ok
13:36:19.0015 0x0ea0 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:36:19.0890 0x0ea0 IpFilterDriver - ok
13:36:19.0921 0x0ea0 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:36:21.0296 0x0ea0 IpInIp - ok
13:36:21.0406 0x0ea0 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:36:22.0296 0x0ea0 IpNat - ok
13:36:22.0406 0x0ea0 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:36:23.0218 0x0ea0 IPSec - ok
13:36:23.0265 0x0ea0 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:36:23.0593 0x0ea0 IRENUM - ok
13:36:23.0843 0x0ea0 [ F5CF53D41F5A6B9D66B8C49C2DE43064, E1A0812E7898EC9C766D83EBCC492EC72830F061BA96E274A980922018F2EC8D ] IS360service C:\Program Files\IObit\IObit Security 360\IS360srv.exe
13:36:24.0109 0x0ea0 IS360service - ok
13:36:24.0171 0x0ea0 [ CC9F8A2D60AED1A51A3AC34C59B987AE, CBF69817BE3D9A4617390B1A3306074CB8581F21562CD1357D32BC3E542F3CEE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:36:24.0796 0x0ea0 isapnp - ok
13:36:24.0859 0x0ea0 [ 1B6162FE7F66B1A71A4B70F941C4AA9B, C2EA494BAB0513A6027414FB1E75834F980A77852D0DC8559E8942FC222A075A ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:36:25.0328 0x0ea0 Kbdclass - ok
13:36:25.0484 0x0ea0 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:36:26.0390 0x0ea0 kmixer - ok
13:36:26.0531 0x0ea0 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:36:26.0796 0x0ea0 KSecDD - ok
13:36:26.0937 0x0ea0 [ 3428E8F86F8ADD36B42FB23542C7B3E4, 9CF643D1A70AF08407ACD5FD6FE4B8777521DDF41B5E63C2E6E1E4CAAC69A403 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
13:36:27.0500 0x0ea0 LanmanServer - ok
13:36:27.0656 0x0ea0 [ 936C1D110232D23B621CB0196E4F80F0, 2DE3AF93E20F1DC7A6FF31B18054EA4D2350387E4DA91C4B16D451384F0C57E2 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:36:28.0390 0x0ea0 lanmanworkstation - ok
13:36:28.0406 0x0ea0 lbrtfdc - ok
13:36:28.0500 0x0ea0 [ 0AB159F536E3E8F7F07113702A07CCA5, 3218C553183E6697C663B6D12790E09756B50505590858DD5AC62411D37CDD7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:36:29.0046 0x0ea0 LmHosts - ok
13:36:29.0312 0x0ea0 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
13:36:29.0750 0x0ea0 MDM - detected UnsignedFile.Multi.Generic ( 1 )
13:36:32.0484 0x0ea0 Detect skipped due to KSN trusted
13:36:32.0484 0x0ea0 MDM - ok
13:36:32.0593 0x0ea0 [ 221CD1C815B8A6B79389C3F5D1018DE8, 6D0D25D6669C4F9452F74EC72C6138A41D9408E01AF5FD01C08F27BE7BC9C905 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:36:33.0406 0x0ea0 Messenger - ok
13:36:33.0453 0x0ea0 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:36:34.0046 0x0ea0 mnmdd - ok
13:36:34.0140 0x0ea0 [ 9A57D046F88F4B69751B11FD40088A61, 62F65433024CE411F111A88723747B8A83B31076FBAF4CFF40FD02A53D7FF7DF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:36:35.0687 0x0ea0 mnmsrvc - ok
13:36:35.0734 0x0ea0 [ 44032B0C6D9954D3FD26438330B99EE7, A49749A4C00D50F57170AA5DA9E2DEECC8C524A48B144C8B784894F2C202FBEE ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:36:36.0140 0x0ea0 Modem - ok
13:36:36.0187 0x0ea0 [ 4CB582831DBDE63CE43B45D771218374, 6D470B26197C5B388983D9213D48D2CDE934C9591572876DC7790FE4B59E0845 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:36:36.0593 0x0ea0 Mouclass - ok
13:36:36.0656 0x0ea0 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:36:37.0062 0x0ea0 MountMgr - ok
13:36:37.0078 0x0ea0 mraid35x - ok
13:36:37.0187 0x0ea0 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:36:37.0687 0x0ea0 MRxDAV - ok
13:36:37.0953 0x0ea0 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:36:38.0421 0x0ea0 MRxSmb - ok
13:36:38.0500 0x0ea0 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D, 78D63EE2C0B0852F0771071C099643242EBC9F4DA28847B93BCE9C3CC1091938 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:36:38.0968 0x0ea0 MSDTC - ok
13:36:39.0031 0x0ea0 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:36:39.0500 0x0ea0 Msfs - ok
13:36:39.0515 0x0ea0 MSIServer - ok
13:36:39.0562 0x0ea0 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:36:39.0890 0x0ea0 MSKSSRV - ok
13:36:39.0921 0x0ea0 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:36:40.0312 0x0ea0 MSPCLOCK - ok
13:36:40.0343 0x0ea0 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:36:40.0781 0x0ea0 MSPQM - ok
13:36:40.0828 0x0ea0 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:36:41.0187 0x0ea0 mssmbios - ok
13:36:41.0234 0x0ea0 [ CA3E22598F411199ADC2DFEE76CD0AE0, 73ACE780A198467657CD2AF6019F0FC753B4FC6D26A9D6477C88C5396273F77C ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
13:36:41.0718 0x0ea0 ms_mpu401 - ok
13:36:41.0812 0x0ea0 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:36:42.0078 0x0ea0 Mup - ok
13:36:42.0171 0x0ea0 [ F0CF56D0DD02D33A34998F87541B2A50, 75011605504A8A02763C64638FD9E516AAFBFD22BD1D89EEF3AE3EF9D21B5694 ] mvusbews C:\WINDOWS\system32\Drivers\mvusbews.sys
13:36:42.0593 0x0ea0 mvusbews - ok
13:36:42.0796 0x0ea0 [ 6EA362E9DB03D44F6B996F4D8BE237E9, FE6B4C546D26C4A2832CF4CB280B86B1723E10E46A3C24AF6C9856FCCAE9D1FC ] napagent C:\WINDOWS\System32\qagentrt.dll
13:36:43.0828 0x0ea0 napagent - ok
13:36:43.0937 0x0ea0 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:36:44.0625 0x0ea0 NDIS - ok
13:36:44.0671 0x0ea0 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:36:45.0046 0x0ea0 NdisTapi - ok
13:36:45.0093 0x0ea0 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:36:45.0812 0x0ea0 Ndisuio - ok
13:36:45.0906 0x0ea0 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:36:46.0328 0x0ea0 NdisWan - ok
13:36:46.0390 0x0ea0 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:36:46.0578 0x0ea0 NDProxy - ok
13:36:46.0625 0x0ea0 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:36:47.0046 0x0ea0 NetBIOS - ok
13:36:47.0171 0x0ea0 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:36:47.0656 0x0ea0 NetBT - ok
13:36:47.0750 0x0ea0 [ 933DE774986EC85E48210C44AB431DE6, B8C85085003792B8744D96585CE6F2BC474EEEEC364A100CCBCE08176D91E75C ] NetDDE C:\WINDOWS\system32\netdde.exe
13:36:48.0156 0x0ea0 NetDDE - ok
13:36:48.0234 0x0ea0 [ 933DE774986EC85E48210C44AB431DE6, B8C85085003792B8744D96585CE6F2BC474EEEEC364A100CCBCE08176D91E75C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:36:48.0593 0x0ea0 NetDDEdsdm - ok
13:36:48.0656 0x0ea0 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:36:48.0953 0x0ea0 Netlogon - ok
13:36:49.0078 0x0ea0 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40, 588C8BA14A7255FD36A88960CBE34341301773765ECF2A9A0F1760A509A08A5B ] Netman C:\WINDOWS\System32\netman.dll
13:36:49.0562 0x0ea0 Netman - ok
13:36:49.0906 0x0ea0 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:36:50.0031 0x0ea0 NetTcpPortSharing - ok
13:36:50.0171 0x0ea0 [ 39EE7C3BFBC64BA87CC8CF67386E814C, B93CCB625CE370D9A49C9374D24C939D7C9FEF81401F4F822C51E12677D77E01 ] Nla C:\WINDOWS\System32\mswsock.dll
13:36:50.0375 0x0ea0 Nla - ok
13:36:50.0468 0x0ea0 [ 1E421A6BCF2203CC61B821ADA9DE878B, C658F1D5DCE7525CF929C65C46AB2881C99D89BF8F0F61C1D440C9D9BFB2F89F ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
13:36:50.0843 0x0ea0 nm - ok
13:36:50.0906 0x0ea0 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:36:51.0296 0x0ea0 Npfs - ok
13:36:51.0718 0x0ea0 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:36:52.0546 0x0ea0 Ntfs - ok
13:36:52.0593 0x0ea0 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:36:52.0937 0x0ea0 NtLmSsp - ok
13:36:53.0171 0x0ea0 [ 023DD70573D644F3D9C8B1258A7BFD08, 9A1D3210ED5FD8BEDF92ED577A9B30E37035408A73EB66A8C950B75AB7539B83 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:36:53.0812 0x0ea0 NtmsSvc - ok
13:36:53.0859 0x0ea0 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
13:36:54.0187 0x0ea0 Null - ok
13:36:54.0234 0x0ea0 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:36:54.0609 0x0ea0 NwlnkFlt - ok
13:36:54.0656 0x0ea0 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:36:55.0046 0x0ea0 NwlnkFwd - ok
13:36:55.0140 0x0ea0 [ 8B8B1BE2DBA4025DA6786C645F77F123, E47D5EED2F3AF85E2332C325DA80AEF2C4EC989E38A175194EBBFA967BA8BF81 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
13:36:55.0546 0x0ea0 NwlnkIpx - ok
13:36:55.0640 0x0ea0 [ 56D34A67C05E94E16377C60609741FF8, ABE48D3E7D38DB20E9D4884FC6FE42FAE0C5FAFD3AC86F1E585A4BB17C6F09C5 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
13:36:56.0031 0x0ea0 NwlnkNb - ok
13:36:56.0078 0x0ea0 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0, 899905C0EB182ABCDAE0D0D749C0BC39CD231B9FAEE733D5DFDAE86EB8BC755B ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
13:36:56.0421 0x0ea0 NwlnkSpx - ok
13:36:56.0750 0x0ea0 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:36:57.0171 0x0ea0 odserv - ok
13:36:57.0296 0x0ea0 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:36:57.0406 0x0ea0 ose - ok
13:36:57.0515 0x0ea0 [ 46F8DB73B4A53E543F8E371DC7C75BAE, F6C5E7DE4B4AE0ED785DB075BE14EA6A0FC9050C95669B26DEF2B82D7B7D3B2C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:36:57.0906 0x0ea0 Parport - ok
13:36:57.0953 0x0ea0 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:36:58.0250 0x0ea0 PartMgr - ok
13:36:58.0312 0x0ea0 [ 1FAE19D0457176318BBA4A8795656EBC, 5F3D6CABA203A0485D67F63A6A81151724EE200BE49ED095CFCB1EF29C19D19F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:36:58.0625 0x0ea0 ParVdm - ok
13:36:58.0687 0x0ea0 [ 6CE351D149CB4BEFC702951E471E1730, 758327683BB45F01D5AE550AF21856822B4CF55E17F2A4F452F559088D242B37 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:36:59.0015 0x0ea0 PCI - ok
13:36:59.0031 0x0ea0 PCIDump - ok
13:36:59.0062 0x0ea0 [ 2DA4EC85E0EA7A45C6B2A05820492D5A, A8C6BD93D3BC33A5B36EB523997EF9E0783B6E6EAFB6E7F58BCC2629009BDCF9 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
13:36:59.0343 0x0ea0 PCIIde - ok
13:36:59.0453 0x0ea0 [ 4FC31E6C19A5CE5198B1ABFF94CAE758, A031E21EC1F15DA5E8429269F435337FA961C3C06D535DAFD448C7355F33FD0C ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:36:59.0828 0x0ea0 Pcmcia - ok
13:36:59.0859 0x0ea0 PDCOMP - ok
13:36:59.0875 0x0ea0 PDFRAME - ok
13:36:59.0906 0x0ea0 PDRELI - ok
13:36:59.0921 0x0ea0 PDRFRAME - ok
13:36:59.0937 0x0ea0 perc2 - ok
13:36:59.0968 0x0ea0 perc2hib - ok
13:37:00.0093 0x0ea0 [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] PlugPlay C:\WINDOWS\system32\services.exe
13:37:00.0203 0x0ea0 PlugPlay - ok
13:37:00.0218 0x0ea0 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:37:00.0562 0x0ea0 PolicyAgent - ok
13:37:00.0625 0x0ea0 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:37:01.0046 0x0ea0 PptpMiniport - ok
13:37:01.0109 0x0ea0 [ 7EB15DCE4EC3A0220BD796A15C18186E, E06C572F3FE4F3377D8AF74E8EF15478E71B4C61F944E48E8C35534BEF086110 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:37:01.0437 0x0ea0 Processor - ok
13:37:01.0468 0x0ea0 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:37:01.0765 0x0ea0 ProtectedStorage - ok
13:37:01.0828 0x0ea0 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:37:02.0234 0x0ea0 PSched - ok
13:37:02.0265 0x0ea0 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:37:02.0593 0x0ea0 Ptilink - ok
13:37:02.0609 0x0ea0 ql1080 - ok
13:37:02.0625 0x0ea0 Ql10wnt - ok
13:37:02.0656 0x0ea0 ql12160 - ok
13:37:02.0671 0x0ea0 ql1240 - ok
13:37:02.0703 0x0ea0 ql1280 - ok
13:37:02.0750 0x0ea0 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:37:03.0078 0x0ea0 RasAcd - ok
13:37:03.0156 0x0ea0 [ 2B5E44EA009F2F374B980E1E9A70635D, 62D8FDB80C8ACBA2C42C12760B785587C43BEDFE015EC5C41B25F2BB735EFEB0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:37:03.0531 0x0ea0 RasAuto - ok
13:37:03.0609 0x0ea0 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:37:03.0890 0x0ea0 Rasl2tp - ok
13:37:04.0031 0x0ea0 [ D57554C664B64604BD1EE13EA2C07E77, B090C05B91EA602BFF9A5E89AB1A0FFDE869611961FF749DA8B3F4D00F04E756 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:37:04.0437 0x0ea0 RasMan - ok
13:37:04.0484 0x0ea0 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:37:04.0859 0x0ea0 RasPppoe - ok
13:37:04.0906 0x0ea0 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:37:05.0203 0x0ea0 Raspti - ok
13:37:05.0312 0x0ea0 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:37:05.0750 0x0ea0 Rdbss - ok
13:37:05.0781 0x0ea0 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:37:06.0125 0x0ea0 RDPCDD - ok
13:37:06.0250 0x0ea0 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:37:06.0671 0x0ea0 rdpdr - ok
13:37:06.0781 0x0ea0 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:37:06.0953 0x0ea0 RDPWD - ok
13:37:07.0062 0x0ea0 [ C0D9D9711CB74EE9BC66353D8CBDAB0E, F1AF9A26910707E76BF213D8DE5C902B0088D8A29EBDFF72DE6A4D867E298CC8 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:37:07.0453 0x0ea0 RDSessMgr - ok
13:37:07.0515 0x0ea0 [ 611BFD220305BE3A85AE876EA47D4AA5, FDF87878EB3886649025E5A12F1C3FC9072D66CCD3217944710085C1F8A4512E ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:37:07.0828 0x0ea0 redbook - ok
13:37:07.0890 0x0ea0 [ 127C26B5371651043450E52542099ABA, 98AADAD8D5211CB894AA7C59B6299861B1F44B6D8F46AB5837E7D2F5B615B14A ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:37:08.0265 0x0ea0 RemoteAccess - ok
13:37:08.0328 0x0ea0 [ 8F31505484A190D5B22274708799F4EC, 170FF8193C95CEE73B9342B6FB7D83DF4E80B2CCBB27DF41F4AB5F2FB9AF60E1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:37:08.0703 0x0ea0 RemoteRegistry - ok
13:37:08.0781 0x0ea0 [ 718B3BDC0BC3C2F7D065A53D26202AF9, 9E58243628F1E1396AB82A80D046FF50803A230EE07B007E0CA5D744C77B091A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:37:09.0156 0x0ea0 RpcLocator - ok
13:37:09.0359 0x0ea0 [ BE27674D1CBC3214AEC84B4336A38BBF, 3DF5F9A9E97595A61314B2731DF4F3D3C19D1B9D2291624A63B8E1861FFC2D76 ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:37:09.0625 0x0ea0 RpcSs - ok
13:37:09.0750 0x0ea0 [ 09AB2E71E58B078038E3BFDBA7FFC984, 8CA277DEEF6376B0F48C6BA5DBBC3E8AF2245983BA9AF6AB83D1A920D35FAF93 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:37:10.0156 0x0ea0 RSVP - ok
13:37:10.0203 0x0ea0 [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:37:10.0593 0x0ea0 rtl8139 - ok
13:37:10.0625 0x0ea0 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] SamSs C:\WINDOWS\system32\lsass.exe
13:37:10.0953 0x0ea0 SamSs - ok
13:37:11.0046 0x0ea0 [ 410046E401EB11E1E6749E9DEEA41D4A, 9507268ACD24EF51E994DC418E8EB3E10DEDE61EE892226A22A5DA7662397E25 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:37:11.0421 0x0ea0 SCardSvr - ok
13:37:11.0593 0x0ea0 [ 3FF232A7731621B8902D81D42418C93C, 2030C9A843D9555170179883BD4CC1E978D5FC5EC0D7FCA56518224E428BE421 ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:37:12.0000 0x0ea0 Schedule - ok
13:37:12.0062 0x0ea0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:37:12.0281 0x0ea0 Secdrv - ok
13:37:12.0328 0x0ea0 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6, 82EEB2345AC19050FAB202DE76C2CDD93E753F5AB67789A86A1726D3040C02E5 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:37:12.0703 0x0ea0 seclogon - ok
13:37:12.0750 0x0ea0 [ A530B75C10C23C9AB28FDB6CE719E21F, 14568DF6457758E2F534A46A8E6245C364895C3993BEF2B5A889B98DBB201A27 ] SENS C:\WINDOWS\system32\sens.dll
13:37:13.0093 0x0ea0 SENS - ok
13:37:13.0140 0x0ea0 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:37:13.0468 0x0ea0 serenum - ok
13:37:13.0515 0x0ea0 [ B842729337C9B921615C40D3C1A1AF96, 503670A56423B996C6ED6AE95F07FB88910767C4A2041A4BE9070C57A016E7FA ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:37:13.0875 0x0ea0 Serial - ok
13:37:13.0937 0x0ea0 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:37:14.0265 0x0ea0 Sfloppy - ok
13:37:14.0437 0x0ea0 [ F58FACA9621D2DB01BD0927D9A0A208E, 239C87E09261BC9D1DBE99DABCFC4787D42289E8769563A5EFB323BE6F177C9A ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:37:15.0015 0x0ea0 SharedAccess - ok
13:37:15.0109 0x0ea0 [ EE9A2B9EA968A792A053C9D1A86BF870, 39798179F2EA42216CBE98F08ADA3675A87BD0C31A66534367B96CB129AF36BA ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:37:15.0203 0x0ea0 ShellHWDetection - ok
13:37:15.0234 0x0ea0 Simbad - ok
13:37:15.0265 0x0ea0 Sparrow - ok
13:37:15.0296 0x0ea0 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:37:15.0609 0x0ea0 splitter - ok
13:37:15.0671 0x0ea0 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:37:15.0828 0x0ea0 Spooler - ok
13:37:15.0906 0x0ea0 [ 94610C8653635E4459316A0050D55CE7, D148D33B3D2B0757060531C526F2161504A8D7C4E5957D092C7EBDB007271339 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:37:16.0109 0x0ea0 sr - ok
13:37:16.0234 0x0ea0 [ 35B91147124F64AC8081A2EDB9EA4DEE, 1609D19156DAC6EE3C2D2350B062966B64D9CDC289E9B8FEB6D244AAEBE90BBF ] srservice C:\WINDOWS\system32\srsvc.dll
13:37:16.0515 0x0ea0 srservice - ok
13:37:16.0718 0x0ea0 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:37:17.0109 0x0ea0 Srv - ok
13:37:17.0187 0x0ea0 [ BECD5271DC4E3B7C3D035F790FCBC1E5, D63B9DB81332553C963EC5057D241CE2287AF652387333C1FD79AF8C9B5F2BA7 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:37:17.0406 0x0ea0 SSDPSRV - ok
13:37:17.0593 0x0ea0 [ C1CDD9275F6A115BB0AE1D55D8D27BA6, CD0511FD7F6AD832CBEB931C605AB3AD217631C57399CB8033248D27619541E4 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:37:18.0171 0x0ea0 stisvc - ok
13:37:18.0203 0x0ea0 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:37:18.0515 0x0ea0 swenum - ok
13:37:18.0625 0x0ea0 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:37:18.0968 0x0ea0 swmidi - ok
13:37:18.0984 0x0ea0 SwPrv - ok
13:37:19.0000 0x0ea0 symc810 - ok
13:37:19.0015 0x0ea0 symc8xx - ok
13:37:19.0046 0x0ea0 sym_hi - ok
13:37:19.0062 0x0ea0 sym_u3 - ok
13:37:19.0125 0x0ea0 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:37:19.0453 0x0ea0 sysaudio - ok
13:37:19.0531 0x0ea0 [ CE06F01B88ACE199A1BF460CAC29C110, 3CD89E5B8E53203287D889C107E4795225742DB6C6ACA2DC0611BD9728382A27 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:37:19.0890 0x0ea0 SysmonLog - ok
13:37:20.0015 0x0ea0 [ C2546CD7A398476F9DF5614B2AE160E8, 11C8435BA983553E9C0806494E9B3C7080515C0375B0604F029D89B50726161A ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:37:20.0500 0x0ea0 TapiSrv - ok
13:37:20.0734 0x0ea0 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:37:21.0093 0x0ea0 Tcpip - ok
13:37:21.0234 0x0ea0 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7, D084EFE07AC200672A1CE7BB8AE736612B3E353271188D26E29EC973E26E1F5F ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
13:37:21.0453 0x0ea0 Tcpip6 - ok
13:37:21.0500 0x0ea0 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:37:21.0812 0x0ea0 TDPIPE - ok
13:37:21.0859 0x0ea0 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:37:22.0156 0x0ea0 TDTCP - ok
13:37:22.0203 0x0ea0 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:37:22.0515 0x0ea0 TermDD - ok
13:37:22.0750 0x0ea0 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E, 3D2B1D899061448EAD993CDE97D1EF50DD64728E9F44D80FEAE591198A937653 ] TermService C:\WINDOWS\System32\termsrv.dll
13:37:23.0203 0x0ea0 TermService - ok
13:37:23.0296 0x0ea0 [ EE9A2B9EA968A792A053C9D1A86BF870, 39798179F2EA42216CBE98F08ADA3675A87BD0C31A66534367B96CB129AF36BA ] Themes C:\WINDOWS\System32\shsvcs.dll
13:37:23.0390 0x0ea0 Themes - ok
13:37:23.0468 0x0ea0 [ CD0CC7B167D78043A41C98D4921EFB54, 31AAB5D6D6BA52EBDDE1B5DEB8F9B4D9597FFBA4485F959C846F635060CCB5C0 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:37:23.0765 0x0ea0 TlntSvr - ok
13:37:23.0796 0x0ea0 TosIde - ok
13:37:23.0875 0x0ea0 [ 38853304CCB938D30E0C4CDE8D2C2A8A, 966E7BCC9F63A1A7777F8A12E51C2A91EC688CE96109943ADC4CB4EB58DC34A6 ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:37:24.0281 0x0ea0 TrkWks - ok
13:37:24.0375 0x0ea0 [ 8F861EDA21C05857EB8197300A92501C, 374FF9464F273610A051B9220C8D20F01FD4DD029095A7BE37244E20C5C8B5BB ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
13:37:24.0796 0x0ea0 tunmp - ok
13:37:24.0859 0x0ea0 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:37:25.0187 0x0ea0 Udfs - ok
13:37:25.0218 0x0ea0 ultra - ok
13:37:25.0437 0x0ea0 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:37:26.0046 0x0ea0 Update - ok
13:37:26.0171 0x0ea0 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E, AF7662BCA0819F82CE5EE0863E47149CC127DE664CB3DC6359B63FBD71DB54F8 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:37:26.0453 0x0ea0 upnphost - ok
13:37:26.0484 0x0ea0 [ 20A0F6A11959E92908717D09E87D670D, 3DD6C99AB0F70FAA43DF470B30078B8A51B8AF735CD5C50DBB195FEA70F4C36E ] UPS C:\WINDOWS\System32\ups.exe
13:37:26.0812 0x0ea0 UPS - ok
13:37:26.0875 0x0ea0 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:37:27.0000 0x0ea0 usbccgp - ok
13:37:27.0031 0x0ea0 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:37:27.0140 0x0ea0 usbehci - ok
13:37:27.0203 0x0ea0 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:37:27.0500 0x0ea0 usbhub - ok
13:37:27.0546 0x0ea0 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:37:27.0890 0x0ea0 usbprint - ok
13:37:27.0953 0x0ea0 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:37:28.0046 0x0ea0 usbscan - ok
13:37:28.0093 0x0ea0 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:37:28.0421 0x0ea0 usbstor - ok
13:37:28.0468 0x0ea0 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:37:28.0812 0x0ea0 usbuhci - ok
13:37:28.0875 0x0ea0 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:37:29.0187 0x0ea0 VgaSave - ok
13:37:29.0203 0x0ea0 ViaIde - ok
13:37:29.0265 0x0ea0 [ 28A4B296B47782173C346E376CB374D1, FE799FE4A41752A2B47027EA88214BF3E39B317302939F4A2D0F2A4EFAAC2F13 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:37:29.0609 0x0ea0 VolSnap - ok
13:37:29.0796 0x0ea0 [ D6BA1A63D9E00933F1CD2A885573AFB2, 36311A060635CEC1DBB6D8A746B8A4D007706EAE97D51A5E12F9958AB16BE486 ] VSS C:\WINDOWS\System32\vssvc.exe
13:37:30.0125 0x0ea0 VSS - ok
13:37:30.0234 0x0ea0 [ FA4E1CDBA256787F2149F4AAD07BC91F, 1B5FC5248335D70094D04501AA2C30F54782B58FF8D573BE8E784A21529C7CAF ] W32Time C:\WINDOWS\system32\w32time.dll
13:37:30.0656 0x0ea0 W32Time - ok
13:37:30.0734 0x0ea0 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:37:31.0046 0x0ea0 Wanarp - ok
13:37:31.0281 0x0ea0 [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
13:37:31.0671 0x0ea0 Wdf01000 - ok
13:37:31.0687 0x0ea0 WDICA - ok
13:37:31.0796 0x0ea0 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:37:32.0156 0x0ea0 wdmaud - ok
13:37:32.0218 0x0ea0 [ 47AE51048A82DFA1CD6B51D369F7E169, 742F2162B8BDE00D83715093EA9743338964597ED22648B9F4F139D7278235A4 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:37:32.0656 0x0ea0 WebClient - ok
13:37:32.0843 0x0ea0 [ E488332126E3B1182D2B8A0C35408EC6, F9F60911DF0A539753B2BEF6FAD2D0AED1BC1C3F43509F79D9AF2F810CDE5D9B ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:37:33.0250 0x0ea0 winmgmt - ok
13:37:33.0343 0x0ea0 [ FD600B032E741EB6AAB509FC630F7C42, 2AF671D0648A5C2D2C4A7D0FDE803F07CC079CF1FA4E237DB912A8C77D9EC1F6 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
13:37:33.0437 0x0ea0 WinUSB - ok
13:37:33.0484 0x0ea0 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:37:33.0671 0x0ea0 WmdmPmSN - ok
13:37:33.0984 0x0ea0 [ 0171CFF34BBA8C5977F18C48D8AEF8C6, 0E3E04220157CCFB92F8D029805EB56D101C2A3AB3375354537FA9B5B3CAA0AD ] Wmi C:\WINDOWS\System32\advapi32.dll
13:37:34.0671 0x0ea0 Wmi - ok
13:37:34.0796 0x0ea0 [ 23F6F03272F7E5679F1F050AED5ACEE6, 87EBE773F3E8FFE2F1E1DB435BB0E8852031AA88112EB791085AD3DA918B49CC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:37:35.0187 0x0ea0 WmiApSrv - ok
13:37:35.0234 0x0ea0 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:37:35.0343 0x0ea0 WpdUsb - ok
13:37:35.0437 0x0ea0 [ 4C86D5FAF78194995AF9CC1075F65DD3, D3B23BB0971E0DBC0A51720067489C224323B603178E91149BF56F779DE352F0 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:37:35.0906 0x0ea0 wscsvc - ok
13:37:35.0968 0x0ea0 [ C1364564800EE9784192145324A23308, 5345BAE00364233594C9CF99CE2CC485E65B5D4FFBB81C86B2950EDA2427584C ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:37:36.0312 0x0ea0 wuauserv - ok
13:37:36.0406 0x0ea0 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:37:36.0562 0x0ea0 WudfPf - ok
13:37:36.0687 0x0ea0 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:37:36.0828 0x0ea0 WudfRd - ok
13:37:36.0906 0x0ea0 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:37:37.0015 0x0ea0 WudfSvc - ok
13:37:37.0281 0x0ea0 [ A27D4BA7264C0BF52F32D10405BEA1D4, 5F28607CCAB15FB601BEB35FF0B1A5CD27C678C6D1CA724E842C33EED4579B8C ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:37:38.0093 0x0ea0 WZCSVC - ok
13:37:38.0187 0x0ea0 [ EAA4BB9EDB3FB10CF8979FE65E63658F, B80EB477100FD3E26513360E09DB6EBF0C8D8B0618F1F4BF1F387ABA6DEC9B64 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:37:38.0562 0x0ea0 xmlprov - ok
13:37:38.0625 0x0ea0 ================ Scan global ===============================
13:37:38.0687 0x0ea0 [ F36278E42C8C5DF03CE17DAC8231C91C, D012A3C8F394DF4F0BF5D5A4C10E73BBF427762B7D3DB6CF5FAB96536E082B7A ] C:\WINDOWS\system32\basesrv.dll
13:37:38.0875 0x0ea0 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6, FAC6B8E2698D0EB12A0ACE62EA398AD05AB6AC5C39740A1E8BDAAF0BFDD5B4A3 ] C:\WINDOWS\system32\winsrv.dll
13:37:39.0156 0x0ea0 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6, FAC6B8E2698D0EB12A0ACE62EA398AD05AB6AC5C39740A1E8BDAAF0BFDD5B4A3 ] C:\WINDOWS\system32\winsrv.dll
13:37:39.0281 0x0ea0 [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] C:\WINDOWS\system32\services.exe
13:37:39.0312 0x0ea0 [ Global ] - ok
13:37:39.0328 0x0ea0 ================ Scan MBR ==================================
13:37:39.0359 0x0ea0 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
13:37:40.0125 0x0ea0 \Device\Harddisk0\DR0 - ok
13:37:40.0140 0x0ea0 ================ Scan VBR ==================================
13:37:40.0140 0x0ea0 [ E03D7E61AE66682479392846AE2EF134 ] \Device\Harddisk0\DR0\Partition1
13:37:40.0156 0x0ea0 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
13:37:40.0156 0x0ea0 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
13:37:42.0812 0x0ea0 ================ Scan generic autorun ======================
13:37:42.0921 0x0ea0 [ D24B9B36C06CA0ACF7CA2C69D9BB25B5, 1806B073EEB5E6B0D2B966AE60B1018B00E88B2DEDF520BDF14743B16E92D3A0 ] C:\WINDOWS\system32\igfxtray.exe
13:37:43.0234 0x0ea0 IgfxTray - ok
13:37:43.0312 0x0ea0 [ 66A5047DF0C0CEC911B95B5B1E24CEBC, 58B7691FB8FD9816950409CA17BD71E97E4707630C98A6516D815041B2CA1E56 ] C:\WINDOWS\system32\hkcmd.exe
13:37:43.0718 0x0ea0 HotKeysCmds - ok
13:37:44.0062 0x0ea0 [ 92819CB628F57930CA6341DC8B0D9CB4, E9B7FD467448EB21340F628E3D0107BF9D0FF0D4CEA9E3F6BD779FCBAE07FD81 ] C:\WINDOWS\SOUNDMAN.EXE
13:37:45.0843 0x0ea0 SoundMan - ok
13:37:46.0015 0x0ea0 [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
13:37:46.0203 0x0ea0 SunJavaUpdateSched - ok
13:37:46.0750 0x0ea0 [ 4126904E21735EF4C7FFFE01ED795872, 998C198AB997CCABE9F7AB456B7068BA4C49D1F2A2C3806BA9A951186BFBEC20 ] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
13:37:47.0781 0x0ea0 IObit Security 360 - ok
13:37:50.0859 0x0ea0 [ 312C7978F0A42DB0475CE31D884DCE88, 53DBEF2473F39754BB1BC352DB9A32607FD3A2E2DC5E7AA6AE821CABEC00CCD1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:37:55.0296 0x0ea0 AvastUI.exe - ok
13:37:55.0390 0x0ea0 [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\system32\CTFMON.EXE
13:37:56.0015 0x0ea0 CTFMON.EXE - ok
13:37:56.0062 0x0ea0 [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\system32\CTFMON.EXE
13:37:56.0468 0x0ea0 CTFMON.EXE - ok
13:37:56.0484 0x0ea0 [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\system32\CTFMON.EXE
13:37:56.0859 0x0ea0 CTFMON.EXE - ok
13:37:56.0890 0x0ea0 [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\system32\ctfmon.exe
13:37:57.0250 0x0ea0 CTFMON.EXE - ok
13:37:57.0250 0x0ea0 Waiting for KSN requests completion. In queue: 5
13:37:58.0250 0x0ea0 Waiting for KSN requests completion. In queue: 5
13:37:59.0250 0x0ea0 Waiting for KSN requests completion. In queue: 5
13:38:02.0296 0x0ea0 AV detected via SS1: avast! Antivirus, 5.0.167774368, disabled, updated
13:38:02.0421 0x0ea0 Win FW state via NFM: enabled
13:38:04.0765 0x0ea0 ============================================================
13:38:04.0765 0x0ea0 Scan finished
13:38:04.0765 0x0ea0 ============================================================
13:38:04.0796 0x0f58 Detected object count: 1
13:38:04.0796 0x0f58 Actual detected object count: 1
13:38:25.0234 0x0f58 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - skipped by user
13:38:25.0234 0x0f58 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Skip

#10 Příspěvek od **altrok** » 15 pro 2014 14:31

Aplikujte znovu TDSSKiller, pokud tam bude nalez Rootkit.Boot.Cidox.b, pouzijte u nej volbu Cure, log pak vlozte sem.

Postupujte naprosto presne dle navodu kolegy.

vyosek píše: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe

Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)

Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost

RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet

Na plose vznikne log Rkill.txt ten mi sem vlozte

Ted nerestartujte PC - prisli byste o ucinek RKillu
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.

Pokud mate Win XP spustte pod uctem Spravce\Administratora

Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce

Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano

Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste

Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna

Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit

Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte

Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

troubler · #11 Příspěvek od **troubler** » 16 pro 2014 08:03

Posílám 2 logy. Počítač jsem nerestartoval, mám pokračovat nyní v Comfix?

07:33:20.0968 0x0b10 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
07:33:33.0890 0x0b10 ============================================================
07:33:33.0890 0x0b10 Current date / time: 2014/12/16 07:33:33.0890
07:33:33.0890 0x0b10 SystemInfo:
07:33:33.0937 0x0b10
07:33:33.0937 0x0b10 OS Version: 5.1.2600 ServicePack: 3.0
07:33:33.0937 0x0b10 Product type: Workstation
07:33:33.0937 0x0b10 ComputerName: HRBITOV-PC
07:33:33.0937 0x0b10 UserName: Administrator
07:33:33.0937 0x0b10 Windows directory: C:\WINDOWS
07:33:33.0937 0x0b10 System windows directory: C:\WINDOWS
07:33:33.0937 0x0b10 Processor architecture: Intel x86
07:33:33.0968 0x0b10 Number of processors: 1
07:33:34.0000 0x0b10 Page size: 0x1000
07:33:34.0000 0x0b10 Boot type: Normal boot
07:33:34.0000 0x0b10 ============================================================
07:33:48.0781 0x0b10 KLMD registered as C:\WINDOWS\system32\drivers\87789882.sys
07:33:52.0484 0x0b10 System UUID: {6D8327FE-731B-F83C-D82A-46C466EBF9EE}
07:34:03.0218 0x0b10 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 ( 37.27 Gb ), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:34:03.0312 0x0b10 ============================================================
07:34:03.0312 0x0b10 \Device\Harddisk0\DR0:
07:34:03.0328 0x0b10 MBR partitions:
07:34:03.0328 0x0b10 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
07:34:03.0328 0x0b10 ============================================================
07:34:03.0359 0x0b10 C: <-> \Device\Harddisk0\DR0\Partition1
07:34:03.0406 0x0b10 ============================================================
07:34:03.0406 0x0b10 Initialize success
07:34:03.0406 0x0b10 ============================================================
07:37:51.0843 0x0e34 ============================================================
07:37:51.0890 0x0e34 Scan started
07:37:51.0890 0x0e34 Mode: Manual; SigCheck; TDLFS;
07:37:52.0015 0x0e34 ============================================================
07:37:52.0015 0x0e34 KSN ping started
07:38:07.0843 0x0e34 KSN ping finished: true
07:38:21.0218 0x0e34 ================ Scan system memory ========================
07:38:21.0296 0x0e34 System memory - ok
07:38:21.0296 0x0e34 ================ Scan services =============================
07:38:22.0203 0x0e34 [ D76E9F5A991458A9F7E28395479B3150, 57289AB6B63595406B2EE9A053E6B7FB83FE340A573D81C7543565207175FB64 ] 6to4 C:\WINDOWS\System32\6to4svc.dll
07:38:49.0343 0x0e34 6to4 - ok
07:38:51.0593 0x0e34 Abiosdsk - ok
07:38:51.0625 0x0e34 abp480n5 - ok
07:38:51.0796 0x0e34 [ 4FE34F1F3126B61FCC6B2043AA8112C9, DE370865E47A5D2A4B227EEFFB42384F67F08D622BF936A9C9CEF70CC47F324B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:39:04.0656 0x0e34 ACPI - ok
07:39:05.0578 0x0e34 [ AFDFF022A01F0B11C776F0860C3B282F, 135E5257B62D921B76271014301E9EA1E2383D5DBB04E475DC3A7EFFD2561F56 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
07:39:07.0484 0x0e34 ACPIEC - ok
07:39:07.0500 0x0e34 adpu160m - ok
07:39:07.0687 0x0e34 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:39:11.0750 0x0e34 aec - ok
07:39:12.0000 0x0e34 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:39:14.0859 0x0e34 AFD - ok
07:39:14.0906 0x0e34 Aha154x - ok
07:39:14.0968 0x0e34 aic78u2 - ok
07:39:15.0015 0x0e34 aic78xx - ok
07:39:17.0531 0x0e34 [ 6D3077C3346DE5B13835FB859C69A2EA, 2C0FFB8B96CB8627D0F7B8CF49B488B76D5E2DD9E129BADFA8CFDA691579BAD1 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
07:39:24.0234 0x0e34 ALCXWDM - ok
07:39:24.0343 0x0e34 [ E0A6FA244B8624D78FE5FF6F56A33BAE, 26B828FDB03AE4A4F1DC7A1792F9BAD69CF947897D47F5E567F24F4B6D5CB541 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:39:25.0531 0x0e34 Alerter - ok
07:39:25.0781 0x0e34 [ 88842DE939A827577BF24243699AC80A, A49C9A6A9941F3A2FBBCFE1F6DB48B632739D00670AC98ECCCBC7FD9E786B21A ] ALG C:\WINDOWS\System32\alg.exe
07:39:26.0453 0x0e34 ALG - ok
07:39:26.0718 0x0e34 AliIde - ok
07:39:26.0812 0x0e34 amsint - ok
07:39:26.0890 0x0e34 andnetadb - ok
07:39:27.0046 0x0e34 [ 6B8E7A90E576D4FE308F97C69060A171, 6CE49BC78715737D78E05DECAC23E26A5672ACD2CF3D10154FEA9D47B318D47C ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
07:39:27.0546 0x0e34 AppMgmt - ok
07:39:27.0562 0x0e34 asc - ok
07:39:27.0578 0x0e34 asc3350p - ok
07:39:27.0765 0x0e34 asc3550 - ok
07:39:27.0968 0x0e34 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:39:28.0109 0x0e34 aspnet_state - ok
07:39:28.0234 0x0e34 [ 9D23DE88C3B18BA87CD4587177CA6CEA, 46DBB867FC73E30320852F744F38B66906DD5B96C4EBB03F504CF33E867A8470 ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys
07:39:30.0437 0x0e34 aswHwid - ok
07:39:31.0625 0x0e34 [ 73A9014A9C4B19AA093DA05ED4246E27, F03C8433EB00229490BCD293CC97EF72452E156212D56C24BBA95C8E1B207D1A ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
07:39:32.0093 0x0e34 aswMonFlt - ok
07:39:32.0156 0x0e34 [ 0926775B8C3B32EE99921CCB0F85378E, 21A46B124B3E9F2569030E2DF591858B85AA640DDBB5C994B5C00A1E78C9EF67 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
07:39:32.0265 0x0e34 aswRdr - ok
07:39:32.0406 0x0e34 [ 6544697080421E62E97AAFBD0A8AA391, BB3F492BF828A147B82FDD1FC9EB9867D96DE0481554A59745D41C6BAB551700 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
07:39:32.0703 0x0e34 aswRvrt - ok
07:39:33.0625 0x0e34 [ E73CBE3420ECFA8FF7D0467E170E335D, B994342C92AE9167908B8CA3D03DC278E919C7073512461AFFD4C25E8D2D8D66 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
07:39:35.0609 0x0e34 aswSnx - ok
07:39:35.0921 0x0e34 [ 1624D5AD126B8AFE2B2E85E5B8364EB6, AB97A74C1CA9921F7753D98516D7E11750D5D3ACD143C83273B0B295625440A0 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
07:39:36.0812 0x0e34 aswSP - ok
07:39:36.0937 0x0e34 [ 4C0ECF1AFA6992904814C74B99DD36F9, AA0D9BA7FE829888C636EC9D72E8E2D987A1C3FF092F95A38EC607CEE25A91F8 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
07:39:37.0265 0x0e34 aswTdi - ok
07:39:37.0656 0x0e34 [ 0EFBC2962B156E8AC267F96D4D93EF06, 8A69672CE8B68A0A683D583287473BFAB7CF8B9771C22E398607CF2A151C7124 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
07:39:38.0062 0x0e34 aswVmm - ok
07:39:38.0187 0x0e34 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:39:39.0687 0x0e34 AsyncMac - ok
07:39:39.0812 0x0e34 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:39:41.0531 0x0e34 atapi - ok
07:39:41.0578 0x0e34 Atdisk - ok
07:39:41.0859 0x0e34 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:39:43.0421 0x0e34 Atmarpc - ok
07:39:43.0937 0x0e34 [ DE31B88962A8645DBA5A37B993E7B0F1, CA93F25A3FD0CE68BB9B8E3AB6B813BF38DE3EDDFC990291B3957FAA59B2B274 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:39:47.0031 0x0e34 AudioSrv - ok
07:39:47.0687 0x0e34 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:39:49.0281 0x0e34 audstub - ok
07:39:49.0937 0x0e34 [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:39:50.0125 0x0e34 avast! Antivirus - ok
07:39:50.0203 0x0e34 avchv - ok
07:39:50.0296 0x0e34 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:39:51.0390 0x0e34 Beep - ok
07:39:52.0328 0x0e34 [ 19395D092FD85DDC2D9C7729CF5A2AC8, 7640F36BA19698EE8A6257BF78A8C57DD9D734BED9CA6BB9B68603BAEA092412 ] BITS C:\WINDOWS\system32\qmgr.dll
07:39:53.0656 0x0e34 BITS - ok
07:39:53.0796 0x0e34 [ 89E739BBA5F636297EA5B5F811189E06, 151B32B12F5DD0D388134DA2471FE9741CF22B9C408DA58FEF8019D3C4EC836B ] Browser C:\WINDOWS\System32\browser.dll
07:39:54.0406 0x0e34 Browser - ok
07:39:54.0500 0x0e34 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:39:55.0484 0x0e34 cbidf2k - ok
07:39:55.0531 0x0e34 cd20xrnt - ok
07:39:55.0609 0x0e34 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:39:56.0390 0x0e34 Cdaudio - ok
07:39:56.0484 0x0e34 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:39:57.0281 0x0e34 Cdfs - ok
07:39:57.0421 0x0e34 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:39:58.0000 0x0e34 Cdrom - ok
07:39:58.0031 0x0e34 Changer - ok
07:39:58.0140 0x0e34 [ E390DC1D7C461D7D56EC53402F329928, FB37F84E71353CD83FCDDD39C898C6D84C05130C5F1BEF022E3DFDE160398C0E ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:39:58.0906 0x0e34 CiSvc - ok
07:39:59.0000 0x0e34 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA, 1725067BC759484A7185A4F1A44ED3CBE481529D187FE98EF279425B79177EB1 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:39:59.0812 0x0e34 ClipSrv - ok
07:40:00.0031 0x0e34 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:40:00.0390 0x0e34 clr_optimization_v2.0.50727_32 - ok
07:40:00.0421 0x0e34 CmdIde - ok
07:40:00.0437 0x0e34 COMSysApp - ok
07:40:00.0578 0x0e34 Cpqarray - ok
07:40:00.0671 0x0e34 [ F3AB0933CBD166D271992F411C27CCAF, 50E01F3B058F814BE914FA5050B2D972E8584A467719A5ABCF9D9EBD596A54A7 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:40:01.0796 0x0e34 CryptSvc - ok
07:40:01.0843 0x0e34 dac2w2k - ok
07:40:01.0859 0x0e34 dac960nt - ok
07:40:02.0109 0x0e34 [ BE27674D1CBC3214AEC84B4336A38BBF, 3DF5F9A9E97595A61314B2731DF4F3D3C19D1B9D2291624A63B8E1861FFC2D76 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:40:03.0156 0x0e34 DcomLaunch - ok
07:40:03.0296 0x0e34 [ 8C9A53E285AC5E6704844D0459EC85BE, 9E86AF4C06CEC007C9B1590B6E056319603E4D79BED0C2471C6F1BC251B380CF ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:40:04.0140 0x0e34 Dhcp - ok
07:40:04.0218 0x0e34 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:40:04.0921 0x0e34 Disk - ok
07:40:04.0937 0x0e34 dmadmin - ok
07:40:05.0343 0x0e34 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C, 46074FBBC5E4A40A7B3A45636089DEDD2A619778C7DCD797571C2BB64D775F7E ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:40:07.0734 0x0e34 dmboot - ok
07:40:07.0906 0x0e34 [ FFF1720AF51171F32F1EAD5CF71F2810, 2E40D63DC7670C1E88A532DB8923A98ABC8481C351C4D915C2753E10BA77F36D ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:40:08.0828 0x0e34 dmio - ok
07:40:08.0953 0x0e34 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:40:10.0625 0x0e34 dmload - ok
07:40:10.0718 0x0e34 [ 2BFEFE9E865655A76982F050450B9591, 15C7D093D638770519AA43E7D8897310F32AB1F217027F5750D799494A985C35 ] dmserver C:\WINDOWS\System32\dmserver.dll
07:40:11.0531 0x0e34 dmserver - ok
07:40:11.0656 0x0e34 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:40:12.0625 0x0e34 DMusic - ok
07:40:12.0750 0x0e34 [ DFAA406BF19F4EE806A6F8D4342137F7, EE2C11B3E37565FC009E323607B2F5F148F9219012EDF848CEFC1B273DAA98A9 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:40:13.0062 0x0e34 Dnscache - ok
07:40:13.0171 0x0e34 [ 4A3E2BD20157A0946751229E92EB8621, D8C00CC2C18C517F7262EBC3C511C062E5ABA797056AEB22AC5DEB306BA8C526 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:40:14.0312 0x0e34 Dot3svc - ok
07:40:14.0375 0x0e34 dpti2o - ok
07:40:14.0406 0x0e34 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:40:15.0281 0x0e34 drmkaud - ok
07:40:15.0343 0x0e34 [ 0887D9C2BE8D940778CAD1E3B85F2A41, 2E30DC06D46A5E174B7CAA2D70BDB697015495942572E90425E2EE7AC541BCF4 ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:40:16.0015 0x0e34 EapHost - ok
07:40:16.0093 0x0e34 [ A2A4912798F2BE706ABADD3D30800D16, CCCCA389D22525D984DE9B59E4CEBE0EEEF315F725176EB5C4DC1A5B6157234A ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:40:16.0968 0x0e34 ERSvc - ok
07:40:17.0078 0x0e34 [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] Eventlog C:\WINDOWS\system32\services.exe
07:40:17.0468 0x0e34 Eventlog - ok
07:40:17.0671 0x0e34 [ A371F11EF07653591C8DE26AFB13CE7F, 1192EDC8B146F1C27E8CD7E126DDC044F8B368C2E891A90CD81620D48C9550B6 ] EventSystem C:\WINDOWS\system32\es.dll
07:40:18.0203 0x0e34 EventSystem - ok
07:40:18.0343 0x0e34 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:40:19.0375 0x0e34 Fastfat - ok
07:40:19.0515 0x0e34 [ EE9A2B9EA968A792A053C9D1A86BF870, 39798179F2EA42216CBE98F08ADA3675A87BD0C31A66534367B96CB129AF36BA ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:40:20.0312 0x0e34 FastUserSwitchingCompatibility - ok
07:40:20.0390 0x0e34 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
07:40:21.0703 0x0e34 Fdc - ok
07:40:21.0781 0x0e34 [ AC366695A0796560AA37215AD5762AAF, 6ADC7443EA42D77199D4879AF3C33A07914116C69A34B895D8CB8444EE50077F ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:40:23.0203 0x0e34 Fips - ok
07:40:23.0265 0x0e34 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:40:24.0781 0x0e34 Flpydisk - ok
07:40:25.0765 0x0e34 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:40:26.0828 0x0e34 FltMgr - ok
07:40:27.0015 0x0e34 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:40:27.0343 0x0e34 FontCache3.0.0.0 - ok
07:40:27.0359 0x0e34 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:40:28.0109 0x0e34 Fs_Rec - ok
07:40:28.0187 0x0e34 [ 4E664D8541DB4A66B73A24257E322E1F, 17A2140AFE2B41E579FCCAFB82532853AD90A6EDBCB13DE80741DAE0AD5B4CC9 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:40:29.0468 0x0e34 Ftdisk - ok
07:40:29.0531 0x0e34 [ 065639773D8B03F33577F6CDAEA21063, F20D0F3256F5F894CCA48755B23679619B5D02A0F64A142FC6CB619FC0952067 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
07:40:30.0328 0x0e34 gameenum - ok
07:40:30.0437 0x0e34 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:40:31.0734 0x0e34 Gpc - ok
07:40:31.0984 0x0e34 [ FCFE31FB75F8A6295B6B0AF87A626282, 6BA385797DBC73EB29EFE3293B80C21B1B8A1E9B87A462476E73C526C9565E5F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:40:32.0765 0x0e34 helpsvc - ok
07:40:32.0796 0x0e34 HidServ - ok
07:40:32.0906 0x0e34 [ 7A6B320928F86BC851530D63C82965D9, 1F628759D31098DFBC05244735B5A62ACD8E45DBC5C9D236260D68EB8F1E28F5 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:40:33.0546 0x0e34 hkmsvc - ok
07:40:33.0593 0x0e34 hpn - ok
07:40:33.0703 0x0e34 [ 61BFFBF840EB7285F630B5B4F1CCBC08, 012D9BA08F04A52537939B698EB66106456FB218A7A5AAAB236BF8FC2BF0D9CE ] HPSIService C:\WINDOWS\system32\HPSIsvc.exe
07:40:34.0125 0x0e34 HPSIService - ok
07:40:34.0328 0x0e34 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:40:34.0968 0x0e34 HTTP - ok
07:40:35.0093 0x0e34 [ 58FE2F2DA3BC5573F4A35B3760D3125F, B241ACCE426402EC64DC34C49CECB8CDC0851986D54BFCCED7040D6C43F5787A ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:40:36.0296 0x0e34 HTTPFilter - ok
07:40:36.0312 0x0e34 i2omgmt - ok
07:40:36.0359 0x0e34 i2omp - ok
07:40:36.0421 0x0e34 [ C528E27945367191E7BAE364930B6932, 1B95C7B49B4CAE734DC6C9EC22555C5356EEC856B8491C761C777479264CF854 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:40:37.0390 0x0e34 i8042prt - ok
07:40:37.0796 0x0e34 [ DA58A8BE6A445835F603720C4BC8837E, 3B73ECB8A4E3BCD15822F8FB794F0F2D3D6F118C7C59B68C82E1CCDC5D242F2E ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:40:39.0375 0x0e34 ialm - ok
07:40:39.0906 0x0e34 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:40:41.0500 0x0e34 idsvc - ok
07:40:41.0578 0x0e34 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:40:42.0812 0x0e34 Imapi - ok
07:40:42.0968 0x0e34 [ F7B93AAFAD33B2320954C17E26C8D361, 8CFDB11A68B59E195F280BE08B25FA59F1F70833832919B8BECCE17616999934 ] ImapiService C:\WINDOWS\system32\imapi.exe
07:40:44.0109 0x0e34 ImapiService - ok
07:40:44.0187 0x0e34 ini910u - ok
07:40:44.0250 0x0e34 [ 57D928E548B38502ABBA7A77A6EB7312, AD26B8096D918269BD7D9D454BB93850BCE595CE9E2A396F45777E7312396B33 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
07:40:44.0859 0x0e34 IntelIde - ok
07:40:44.0921 0x0e34 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:40:46.0015 0x0e34 Ip6Fw - ok
07:40:46.0125 0x0e34 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:40:47.0359 0x0e34 IpFilterDriver - ok
07:40:47.0406 0x0e34 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:40:48.0296 0x0e34 IpInIp - ok
07:40:48.0406 0x0e34 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:40:49.0421 0x0e34 IpNat - ok
07:40:49.0515 0x0e34 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:40:50.0625 0x0e34 IPSec - ok
07:40:50.0734 0x0e34 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:40:52.0468 0x0e34 IRENUM - ok
07:40:52.0765 0x0e34 [ F5CF53D41F5A6B9D66B8C49C2DE43064, E1A0812E7898EC9C766D83EBCC492EC72830F061BA96E274A980922018F2EC8D ] IS360service C:\Program Files\IObit\IObit Security 360\IS360srv.exe
07:40:54.0250 0x0e34 IS360service - ok
07:40:54.0406 0x0e34 [ CC9F8A2D60AED1A51A3AC34C59B987AE, CBF69817BE3D9A4617390B1A3306074CB8581F21562CD1357D32BC3E542F3CEE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:40:55.0531 0x0e34 isapnp - ok
07:40:55.0609 0x0e34 [ 1B6162FE7F66B1A71A4B70F941C4AA9B, C2EA494BAB0513A6027414FB1E75834F980A77852D0DC8559E8942FC222A075A ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:40:56.0937 0x0e34 Kbdclass - ok
07:40:57.0187 0x0e34 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:40:58.0187 0x0e34 kmixer - ok
07:40:58.0265 0x0e34 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:40:58.0859 0x0e34 KSecDD - ok
07:40:58.0968 0x0e34 [ 3428E8F86F8ADD36B42FB23542C7B3E4, 9CF643D1A70AF08407ACD5FD6FE4B8777521DDF41B5E63C2E6E1E4CAAC69A403 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
07:40:59.0703 0x0e34 LanmanServer - ok
07:40:59.0828 0x0e34 [ 936C1D110232D23B621CB0196E4F80F0, 2DE3AF93E20F1DC7A6FF31B18054EA4D2350387E4DA91C4B16D451384F0C57E2 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:41:00.0421 0x0e34 lanmanworkstation - ok
07:41:00.0500 0x0e34 lbrtfdc - ok
07:41:00.0718 0x0e34 [ 0AB159F536E3E8F7F07113702A07CCA5, 3218C553183E6697C663B6D12790E09756B50505590858DD5AC62411D37CDD7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:41:01.0765 0x0e34 LmHosts - ok
07:41:02.0187 0x0e34 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
07:41:02.0843 0x0e34 MDM - detected UnsignedFile.Multi.Generic ( 1 )
07:41:06.0734 0x0e34 Detect skipped due to KSN trusted
07:41:06.0734 0x0e34 MDM - ok
07:41:06.0812 0x0e34 [ 221CD1C815B8A6B79389C3F5D1018DE8, 6D0D25D6669C4F9452F74EC72C6138A41D9408E01AF5FD01C08F27BE7BC9C905 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:41:08.0000 0x0e34 Messenger - ok
07:41:08.0109 0x0e34 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:41:09.0250 0x0e34 mnmdd - ok
07:41:09.0312 0x0e34 [ 9A57D046F88F4B69751B11FD40088A61, 62F65433024CE411F111A88723747B8A83B31076FBAF4CFF40FD02A53D7FF7DF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:41:10.0343 0x0e34 mnmsrvc - ok
07:41:10.0437 0x0e34 [ 44032B0C6D9954D3FD26438330B99EE7, A49749A4C00D50F57170AA5DA9E2DEECC8C524A48B144C8B784894F2C202FBEE ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:41:11.0468 0x0e34 Modem - ok
07:41:11.0562 0x0e34 [ 4CB582831DBDE63CE43B45D771218374, 6D470B26197C5B388983D9213D48D2CDE934C9591572876DC7790FE4B59E0845 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:41:12.0593 0x0e34 Mouclass - ok
07:41:12.0640 0x0e34 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:41:14.0000 0x0e34 MountMgr - ok
07:41:14.0031 0x0e34 mraid35x - ok
07:41:14.0218 0x0e34 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:41:15.0656 0x0e34 MRxDAV - ok
07:41:15.0921 0x0e34 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:41:17.0203 0x0e34 MRxSmb - ok
07:41:17.0250 0x0e34 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D, 78D63EE2C0B0852F0771071C099643242EBC9F4DA28847B93BCE9C3CC1091938 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:41:19.0062 0x0e34 MSDTC - ok
07:41:19.0140 0x0e34 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:41:20.0703 0x0e34 Msfs - ok
07:41:20.0750 0x0e34 MSIServer - ok
07:41:20.0859 0x0e34 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:41:21.0937 0x0e34 MSKSSRV - ok
07:41:22.0093 0x0e34 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:41:23.0125 0x0e34 MSPCLOCK - ok
07:41:23.0156 0x0e34 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:41:25.0187 0x0e34 MSPQM - ok
07:41:25.0328 0x0e34 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:41:26.0578 0x0e34 mssmbios - ok
07:41:26.0609 0x0e34 [ CA3E22598F411199ADC2DFEE76CD0AE0, 73ACE780A198467657CD2AF6019F0FC753B4FC6D26A9D6477C88C5396273F77C ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
07:41:27.0687 0x0e34 ms_mpu401 - ok
07:41:27.0812 0x0e34 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:41:28.0531 0x0e34 Mup - ok
07:41:28.0578 0x0e34 [ F0CF56D0DD02D33A34998F87541B2A50, 75011605504A8A02763C64638FD9E516AAFBFD22BD1D89EEF3AE3EF9D21B5694 ] mvusbews C:\WINDOWS\system32\Drivers\mvusbews.sys
07:41:29.0468 0x0e34 mvusbews - ok
07:41:29.0656 0x0e34 [ 6EA362E9DB03D44F6B996F4D8BE237E9, FE6B4C546D26C4A2832CF4CB280B86B1723E10E46A3C24AF6C9856FCCAE9D1FC ] napagent C:\WINDOWS\System32\qagentrt.dll
07:41:30.0828 0x0e34 napagent - ok
07:41:31.0015 0x0e34 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:41:32.0984 0x0e34 NDIS - ok
07:41:33.0093 0x0e34 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:41:33.0515 0x0e34 NdisTapi - ok
07:41:33.0578 0x0e34 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:41:34.0140 0x0e34 Ndisuio - ok
07:41:34.0234 0x0e34 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:41:35.0000 0x0e34 NdisWan - ok
07:41:35.0078 0x0e34 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:41:35.0718 0x0e34 NDProxy - ok
07:41:35.0765 0x0e34 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:41:36.0453 0x0e34 NetBIOS - ok
07:41:36.0562 0x0e34 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:41:37.0281 0x0e34 NetBT - ok
07:41:37.0406 0x0e34 [ 933DE774986EC85E48210C44AB431DE6, B8C85085003792B8744D96585CE6F2BC474EEEEC364A100CCBCE08176D91E75C ] NetDDE C:\WINDOWS\system32\netdde.exe
07:41:38.0218 0x0e34 NetDDE - ok
07:41:38.0281 0x0e34 [ 933DE774986EC85E48210C44AB431DE6, B8C85085003792B8744D96585CE6F2BC474EEEEC364A100CCBCE08176D91E75C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:41:40.0046 0x0e34 NetDDEdsdm - ok
07:41:40.0140 0x0e34 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:41:41.0281 0x0e34 Netlogon - ok
07:41:41.0390 0x0e34 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40, 588C8BA14A7255FD36A88960CBE34341301773765ECF2A9A0F1760A509A08A5B ] Netman C:\WINDOWS\System32\netman.dll
07:41:42.0437 0x0e34 Netman - ok
07:41:42.0562 0x0e34 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:41:42.0734 0x0e34 NetTcpPortSharing - ok
07:41:42.0890 0x0e34 [ 39EE7C3BFBC64BA87CC8CF67386E814C, B93CCB625CE370D9A49C9374D24C939D7C9FEF81401F4F822C51E12677D77E01 ] Nla C:\WINDOWS\System32\mswsock.dll
07:41:43.0359 0x0e34 Nla - ok
07:41:43.0468 0x0e34 [ 1E421A6BCF2203CC61B821ADA9DE878B, C658F1D5DCE7525CF929C65C46AB2881C99D89BF8F0F61C1D440C9D9BFB2F89F ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
07:41:44.0031 0x0e34 nm - ok
07:41:44.0093 0x0e34 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:41:44.0671 0x0e34 Npfs - ok
07:41:44.0953 0x0e34 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:41:46.0484 0x0e34 Ntfs - ok
07:41:46.0531 0x0e34 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:41:47.0375 0x0e34 NtLmSsp - ok
07:41:47.0765 0x0e34 [ 023DD70573D644F3D9C8B1258A7BFD08, 9A1D3210ED5FD8BEDF92ED577A9B30E37035408A73EB66A8C950B75AB7539B83 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:41:49.0437 0x0e34 NtmsSvc - ok
07:41:49.0531 0x0e34 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
07:41:50.0390 0x0e34 Null - ok
07:41:50.0484 0x0e34 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:41:51.0765 0x0e34 NwlnkFlt - ok
07:41:51.0859 0x0e34 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:41:52.0828 0x0e34 NwlnkFwd - ok
07:41:52.0906 0x0e34 [ 8B8B1BE2DBA4025DA6786C645F77F123, E47D5EED2F3AF85E2332C325DA80AEF2C4EC989E38A175194EBBFA967BA8BF81 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
07:41:54.0093 0x0e34 NwlnkIpx - ok
07:41:54.0562 0x0e34 [ 56D34A67C05E94E16377C60609741FF8, ABE48D3E7D38DB20E9D4884FC6FE42FAE0C5FAFD3AC86F1E585A4BB17C6F09C5 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
07:41:55.0843 0x0e34 NwlnkNb - ok
07:41:55.0937 0x0e34 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0, 899905C0EB182ABCDAE0D0D749C0BC39CD231B9FAEE733D5DFDAE86EB8BC755B ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
07:41:57.0968 0x0e34 NwlnkSpx - ok
07:41:58.0437 0x0e34 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:41:59.0500 0x0e34 odserv - ok
07:41:59.0609 0x0e34 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:42:00.0187 0x0e34 ose - ok
07:42:00.0625 0x0e34 [ 46F8DB73B4A53E543F8E371DC7C75BAE, F6C5E7DE4B4AE0ED785DB075BE14EA6A0FC9050C95669B26DEF2B82D7B7D3B2C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
07:42:02.0281 0x0e34 Parport - ok
07:42:02.0515 0x0e34 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:42:03.0843 0x0e34 PartMgr - ok
07:42:03.0890 0x0e34 [ 1FAE19D0457176318BBA4A8795656EBC, 5F3D6CABA203A0485D67F63A6A81151724EE200BE49ED095CFCB1EF29C19D19F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:42:05.0265 0x0e34 ParVdm - ok
07:42:05.0312 0x0e34 [ 6CE351D149CB4BEFC702951E471E1730, 758327683BB45F01D5AE550AF21856822B4CF55E17F2A4F452F559088D242B37 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:42:06.0281 0x0e34 PCI - ok
07:42:06.0328 0x0e34 PCIDump - ok
07:42:06.0421 0x0e34 [ 2DA4EC85E0EA7A45C6B2A05820492D5A, A8C6BD93D3BC33A5B36EB523997EF9E0783B6E6EAFB6E7F58BCC2629009BDCF9 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
07:42:07.0031 0x0e34 PCIIde - ok
07:42:07.0125 0x0e34 [ 4FC31E6C19A5CE5198B1ABFF94CAE758, A031E21EC1F15DA5E8429269F435337FA961C3C06D535DAFD448C7355F33FD0C ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:42:08.0281 0x0e34 Pcmcia - ok
07:42:08.0296 0x0e34 PDCOMP - ok
07:42:08.0390 0x0e34 PDFRAME - ok
07:42:08.0468 0x0e34 PDRELI - ok
07:42:08.0578 0x0e34 PDRFRAME - ok
07:42:08.0703 0x0e34 perc2 - ok
07:42:08.0765 0x0e34 perc2hib - ok
07:42:09.0156 0x0e34 [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] PlugPlay C:\WINDOWS\system32\services.exe
07:42:09.0515 0x0e34 PlugPlay - ok
07:42:09.0625 0x0e34 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:42:10.0578 0x0e34 PolicyAgent - ok
07:42:10.0687 0x0e34 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:42:11.0703 0x0e34 PptpMiniport - ok
07:42:11.0890 0x0e34 [ 7EB15DCE4EC3A0220BD796A15C18186E, E06C572F3FE4F3377D8AF74E8EF15478E71B4C61F944E48E8C35534BEF086110 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
07:42:12.0781 0x0e34 Processor - ok
07:42:12.0843 0x0e34 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:42:14.0171 0x0e34 ProtectedStorage - ok
07:42:14.0406 0x0e34 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:42:15.0687 0x0e34 PSched - ok
07:42:15.0734 0x0e34 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:42:16.0875 0x0e34 Ptilink - ok
07:42:16.0953 0x0e34 ql1080 - ok
07:42:17.0015 0x0e34 Ql10wnt - ok
07:42:17.0046 0x0e34 ql12160 - ok
07:42:17.0093 0x0e34 ql1240 - ok
07:42:17.0125 0x0e34 ql1280 - ok
07:42:17.0187 0x0e34 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:42:18.0281 0x0e34 RasAcd - ok
07:42:18.0453 0x0e34 [ 2B5E44EA009F2F374B980E1E9A70635D, 62D8FDB80C8ACBA2C42C12760B785587C43BEDFE015EC5C41B25F2BB735EFEB0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:42:19.0718 0x0e34 RasAuto - ok
07:42:19.0812 0x0e34 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:42:20.0656 0x0e34 Rasl2tp - ok
07:42:20.0812 0x0e34 [ D57554C664B64604BD1EE13EA2C07E77, B090C05B91EA602BFF9A5E89AB1A0FFDE869611961FF749DA8B3F4D00F04E756 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:42:22.0015 0x0e34 RasMan - ok
07:42:22.0062 0x0e34 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:42:23.0140 0x0e34 RasPppoe - ok
07:42:23.0187 0x0e34 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:42:24.0125 0x0e34 Raspti - ok
07:42:24.0265 0x0e34 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:42:25.0859 0x0e34 Rdbss - ok
07:42:25.0890 0x0e34 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:42:27.0187 0x0e34 RDPCDD - ok
07:42:27.0406 0x0e34 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:42:28.0500 0x0e34 rdpdr - ok
07:42:28.0687 0x0e34 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:42:29.0281 0x0e34 RDPWD - ok
07:42:29.0406 0x0e34 [ C0D9D9711CB74EE9BC66353D8CBDAB0E, F1AF9A26910707E76BF213D8DE5C902B0088D8A29EBDFF72DE6A4D867E298CC8 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:42:30.0250 0x0e34 RDSessMgr - ok
07:42:30.0328 0x0e34 [ 611BFD220305BE3A85AE876EA47D4AA5, FDF87878EB3886649025E5A12F1C3FC9072D66CCD3217944710085C1F8A4512E ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:42:31.0328 0x0e34 redbook - ok
07:42:31.0421 0x0e34 [ 127C26B5371651043450E52542099ABA, 98AADAD8D5211CB894AA7C59B6299861B1F44B6D8F46AB5837E7D2F5B615B14A ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:42:32.0437 0x0e34 RemoteAccess - ok
07:42:32.0593 0x0e34 [ 8F31505484A190D5B22274708799F4EC, 170FF8193C95CEE73B9342B6FB7D83DF4E80B2CCBB27DF41F4AB5F2FB9AF60E1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
07:42:33.0546 0x0e34 RemoteRegistry - ok
07:42:33.0734 0x0e34 [ 718B3BDC0BC3C2F7D065A53D26202AF9, 9E58243628F1E1396AB82A80D046FF50803A230EE07B007E0CA5D744C77B091A ] RpcLocator C:\WINDOWS\system32\locator.exe
07:42:34.0812 0x0e34 RpcLocator - ok
07:42:35.0015 0x0e34 [ BE27674D1CBC3214AEC84B4336A38BBF, 3DF5F9A9E97595A61314B2731DF4F3D3C19D1B9D2291624A63B8E1861FFC2D76 ] RpcSs C:\WINDOWS\system32\rpcss.dll
07:42:35.0890 0x0e34 RpcSs - ok
07:42:36.0031 0x0e34 [ 09AB2E71E58B078038E3BFDBA7FFC984, 8CA277DEEF6376B0F48C6BA5DBBC3E8AF2245983BA9AF6AB83D1A920D35FAF93 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:42:37.0062 0x0e34 RSVP - ok
07:42:37.0125 0x0e34 [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
07:42:37.0953 0x0e34 rtl8139 - ok
07:42:38.0000 0x0e34 [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] SamSs C:\WINDOWS\system32\lsass.exe
07:42:38.0906 0x0e34 SamSs - ok
07:42:39.0406 0x0e34 [ 410046E401EB11E1E6749E9DEEA41D4A, 9507268ACD24EF51E994DC418E8EB3E10DEDE61EE892226A22A5DA7662397E25 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:42:40.0515 0x0e34 SCardSvr - ok
07:42:40.0671 0x0e34 [ 3FF232A7731621B8902D81D42418C93C, 2030C9A843D9555170179883BD4CC1E978D5FC5EC0D7FCA56518224E428BE421 ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:42:41.0765 0x0e34 Schedule - ok
07:42:41.0953 0x0e34 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:42:43.0234 0x0e34 Secdrv - ok
07:42:43.0296 0x0e34 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6, 82EEB2345AC19050FAB202DE76C2CDD93E753F5AB67789A86A1726D3040C02E5 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:42:44.0687 0x0e34 seclogon - ok
07:42:44.0765 0x0e34 [ A530B75C10C23C9AB28FDB6CE719E21F, 14568DF6457758E2F534A46A8E6245C364895C3993BEF2B5A889B98DBB201A27 ] SENS C:\WINDOWS\system32\sens.dll
07:42:45.0656 0x0e34 SENS - ok
07:42:45.0703 0x0e34 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
07:42:46.0375 0x0e34 serenum - ok
07:42:46.0593 0x0e34 [ B842729337C9B921615C40D3C1A1AF96, 503670A56423B996C6ED6AE95F07FB88910767C4A2041A4BE9070C57A016E7FA ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
07:42:47.0343 0x0e34 Serial - ok
07:42:47.0500 0x0e34 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:42:48.0156 0x0e34 Sfloppy - ok
07:42:48.0343 0x0e34 [ F58FACA9621D2DB01BD0927D9A0A208E, 239C87E09261BC9D1DBE99DABCFC4787D42289E8769563A5EFB323BE6F177C9A ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:42:49.0281 0x0e34 SharedAccess - ok
07:42:49.0375 0x0e34 [ EE9A2B9EA968A792A053C9D1A86BF870, 39798179F2EA42216CBE98F08ADA3675A87BD0C31A66534367B96CB129AF36BA ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:42:50.0000 0x0e34 ShellHWDetection - ok
07:42:50.0093 0x0e34 Simbad - ok
07:42:50.0125 0x0e34 Sparrow - ok
07:42:50.0218 0x0e34 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:42:52.0046 0x0e34 splitter - ok
07:42:52.0140 0x0e34 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:42:52.0812 0x0e34 Spooler - ok
07:42:52.0890 0x0e34 [ 94610C8653635E4459316A0050D55CE7, D148D33B3D2B0757060531C526F2161504A8D7C4E5957D092C7EBDB007271339 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:42:53.0515 0x0e34 sr - ok
07:42:53.0656 0x0e34 [ 35B91147124F64AC8081A2EDB9EA4DEE, 1609D19156DAC6EE3C2D2350B062966B64D9CDC289E9B8FEB6D244AAEBE90BBF ] srservice C:\WINDOWS\system32\srsvc.dll
07:42:54.0734 0x0e34 srservice - ok
07:42:55.0000 0x0e34 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:42:55.0796 0x0e34 Srv - ok
07:42:55.0859 0x0e34 [ BECD5271DC4E3B7C3D035F790FCBC1E5, D63B9DB81332553C963EC5057D241CE2287AF652387333C1FD79AF8C9B5F2BA7 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:42:56.0687 0x0e34 SSDPSRV - ok
07:42:56.0921 0x0e34 [ C1CDD9275F6A115BB0AE1D55D8D27BA6, CD0511FD7F6AD832CBEB931C605AB3AD217631C57399CB8033248D27619541E4 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:42:58.0734 0x0e34 stisvc - ok
07:42:58.0781 0x0e34 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:42:59.0437 0x0e34 swenum - ok
07:42:59.0546 0x0e34 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:43:00.0281 0x0e34 swmidi - ok
07:43:00.0328 0x0e34 SwPrv - ok
07:43:00.0359 0x0e34 symc810 - ok
07:43:00.0375 0x0e34 symc8xx - ok
07:43:00.0421 0x0e34 sym_hi - ok
07:43:00.0437 0x0e34 sym_u3 - ok
07:43:00.0546 0x0e34 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:43:01.0203 0x0e34 sysaudio - ok
07:43:01.0312 0x0e34 [ CE06F01B88ACE199A1BF460CAC29C110, 3CD89E5B8E53203287D889C107E4795225742DB6C6ACA2DC0611BD9728382A27 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:43:02.0203 0x0e34 SysmonLog - ok
07:43:02.0343 0x0e34 [ C2546CD7A398476F9DF5614B2AE160E8, 11C8435BA983553E9C0806494E9B3C7080515C0375B0604F029D89B50726161A ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:43:04.0234 0x0e34 TapiSrv - ok
07:43:04.0453 0x0e34 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:43:05.0453 0x0e34 Tcpip - ok
07:43:05.0671 0x0e34 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7, D084EFE07AC200672A1CE7BB8AE736612B3E353271188D26E29EC973E26E1F5F ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
07:43:06.0234 0x0e34 Tcpip6 - ok
07:43:06.0296 0x0e34 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:43:07.0125 0x0e34 TDPIPE - ok
07:43:07.0187 0x0e34 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:43:08.0109 0x0e34 TDTCP - ok
07:43:08.0234 0x0e34 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:43:09.0156 0x0e34 TermDD - ok
07:43:09.0421 0x0e34 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E, 3D2B1D899061448EAD993CDE97D1EF50DD64728E9F44D80FEAE591198A937653 ] TermService C:\WINDOWS\System32\termsrv.dll
07:43:10.0828 0x0e34 TermService - ok
07:43:10.0984 0x0e34 [ EE9A2B9EA968A792A053C9D1A86BF870, 39798179F2EA42216CBE98F08ADA3675A87BD0C31A66534367B96CB129AF36BA ] Themes C:\WINDOWS\System32\shsvcs.dll
07:43:11.0937 0x0e34 Themes - ok
07:43:12.0140 0x0e34 [ CD0CC7B167D78043A41C98D4921EFB54, 31AAB5D6D6BA52EBDDE1B5DEB8F9B4D9597FFBA4485F959C846F635060CCB5C0 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
07:43:13.0515 0x0e34 TlntSvr - ok
07:43:13.0656 0x0e34 TosIde - ok
07:43:13.0750 0x0e34 [ 38853304CCB938D30E0C4CDE8D2C2A8A, 966E7BCC9F63A1A7777F8A12E51C2A91EC688CE96109943ADC4CB4EB58DC34A6 ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:43:15.0187 0x0e34 TrkWks - ok
07:43:15.0359 0x0e34 [ 8F861EDA21C05857EB8197300A92501C, 374FF9464F273610A051B9220C8D20F01FD4DD029095A7BE37244E20C5C8B5BB ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
07:43:16.0125 0x0e34 tunmp - ok
07:43:16.0437 0x0e34 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:43:17.0765 0x0e34 Udfs - ok
07:43:17.0812 0x0e34 ultra - ok
07:43:18.0187 0x0e34 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:43:19.0750 0x0e34 Update - ok
07:43:19.0921 0x0e34 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E, AF7662BCA0819F82CE5EE0863E47149CC127DE664CB3DC6359B63FBD71DB54F8 ] upnphost C:\WINDOWS\System32\upnphost.dll
07:43:21.0234 0x0e34 upnphost - ok
07:43:21.0328 0x0e34 [ 20A0F6A11959E92908717D09E87D670D, 3DD6C99AB0F70FAA43DF470B30078B8A51B8AF735CD5C50DBB195FEA70F4C36E ] UPS C:\WINDOWS\System32\ups.exe
07:43:22.0468 0x0e34 UPS - ok
07:43:22.0718 0x0e34 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:43:23.0671 0x0e34 usbccgp - ok
07:43:23.0875 0x0e34 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:43:24.0203 0x0e34 usbehci - ok
07:43:24.0312 0x0e34 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:43:25.0437 0x0e34 usbhub - ok
07:43:25.0578 0x0e34 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:43:26.0718 0x0e34 usbprint - ok
07:43:26.0984 0x0e34 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:43:27.0515 0x0e34 usbscan - ok
07:43:27.0640 0x0e34 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:43:28.0796 0x0e34 usbstor - ok
07:43:28.0906 0x0e34 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:43:30.0296 0x0e34 usbuhci - ok
07:43:30.0406 0x0e34 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:43:31.0437 0x0e34 VgaSave - ok
07:43:31.0453 0x0e34 ViaIde - ok
07:43:31.0515 0x0e34 [ 28A4B296B47782173C346E376CB374D1, FE799FE4A41752A2B47027EA88214BF3E39B317302939F4A2D0F2A4EFAAC2F13 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:43:32.0765 0x0e34 VolSnap - ok
07:43:33.0078 0x0e34 [ D6BA1A63D9E00933F1CD2A885573AFB2, 36311A060635CEC1DBB6D8A746B8A4D007706EAE97D51A5E12F9958AB16BE486 ] VSS C:\WINDOWS\System32\vssvc.exe
07:43:34.0203 0x0e34 VSS - ok
07:43:34.0484 0x0e34 [ FA4E1CDBA256787F2149F4AAD07BC91F, 1B5FC5248335D70094D04501AA2C30F54782B58FF8D573BE8E784A21529C7CAF ] W32Time C:\WINDOWS\system32\w32time.dll
07:43:35.0843 0x0e34 W32Time - ok
07:43:35.0906 0x0e34 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:43:37.0156 0x0e34 Wanarp - ok
07:43:37.0453 0x0e34 [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
07:43:38.0109 0x0e34 Wdf01000 - ok
07:43:38.0187 0x0e34 WDICA - ok
07:43:38.0265 0x0e34 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:43:39.0078 0x0e34 wdmaud - ok
07:43:39.0203 0x0e34 [ 47AE51048A82DFA1CD6B51D369F7E169, 742F2162B8BDE00D83715093EA9743338964597ED22648B9F4F139D7278235A4 ] WebClient C:\WINDOWS\System32\webclnt.dll
07:43:40.0796 0x0e34 WebClient - ok
07:43:41.0406 0x0e34 [ E488332126E3B1182D2B8A0C35408EC6, F9F60911DF0A539753B2BEF6FAD2D0AED1BC1C3F43509F79D9AF2F810CDE5D9B ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:43:42.0921 0x0e34 winmgmt - ok
07:43:43.0890 0x0e34 [ FD600B032E741EB6AAB509FC630F7C42, 2AF671D0648A5C2D2C4A7D0FDE803F07CC079CF1FA4E237DB912A8C77D9EC1F6 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
07:43:45.0140 0x0e34 WinUSB - ok
07:43:45.0390 0x0e34 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
07:43:47.0015 0x0e34 WmdmPmSN - ok
07:43:47.0609 0x0e34 [ 0171CFF34BBA8C5977F18C48D8AEF8C6, 0E3E04220157CCFB92F8D029805EB56D101C2A3AB3375354537FA9B5B3CAA0AD ] Wmi C:\WINDOWS\System32\advapi32.dll
07:43:50.0234 0x0e34 Wmi - ok
07:43:50.0984 0x0e34 [ 23F6F03272F7E5679F1F050AED5ACEE6, 87EBE773F3E8FFE2F1E1DB435BB0E8852031AA88112EB791085AD3DA918B49CC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:43:52.0343 0x0e34 WmiApSrv - ok
07:43:52.0437 0x0e34 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
07:43:53.0156 0x0e34 WpdUsb - ok
07:43:53.0500 0x0e34 [ 4C86D5FAF78194995AF9CC1075F65DD3, D3B23BB0971E0DBC0A51720067489C224323B603178E91149BF56F779DE352F0 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:43:54.0750 0x0e34 wscsvc - ok
07:43:54.0859 0x0e34 [ C1364564800EE9784192145324A23308, 5345BAE00364233594C9CF99CE2CC485E65B5D4FFBB81C86B2950EDA2427584C ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:43:55.0984 0x0e34 wuauserv - ok
07:43:56.0109 0x0e34 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:43:56.0796 0x0e34 WudfPf - ok
07:43:56.0906 0x0e34 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:43:58.0218 0x0e34 WudfRd - ok
07:43:58.0328 0x0e34 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
07:44:01.0343 0x0e34 WudfSvc - ok
07:44:01.0781 0x0e34 [ A27D4BA7264C0BF52F32D10405BEA1D4, 5F28607CCAB15FB601BEB35FF0B1A5CD27C678C6D1CA724E842C33EED4579B8C ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:44:03.0578 0x0e34 WZCSVC - ok
07:44:03.0687 0x0e34 [ EAA4BB9EDB3FB10CF8979FE65E63658F, B80EB477100FD3E26513360E09DB6EBF0C8D8B0618F1F4BF1F387ABA6DEC9B64 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:44:04.0796 0x0e34 xmlprov - ok
07:44:04.0875 0x0e34 ================ Scan global ===============================
07:44:05.0218 0x0e34 [ F36278E42C8C5DF03CE17DAC8231C91C, D012A3C8F394DF4F0BF5D5A4C10E73BBF427762B7D3DB6CF5FAB96536E082B7A ] C:\WINDOWS\system32\basesrv.dll
07:44:05.0562 0x0e34 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6, FAC6B8E2698D0EB12A0ACE62EA398AD05AB6AC5C39740A1E8BDAAF0BFDD5B4A3 ] C:\WINDOWS\system32\winsrv.dll
07:44:06.0328 0x0e34 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6, FAC6B8E2698D0EB12A0ACE62EA398AD05AB6AC5C39740A1E8BDAAF0BFDD5B4A3 ] C:\WINDOWS\system32\winsrv.dll
07:44:06.0531 0x0e34 [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] C:\WINDOWS\system32\services.exe
07:44:06.0718 0x0e34 [ Global ] - ok
07:44:06.0734 0x0e34 ================ Scan MBR ==================================
07:44:06.0781 0x0e34 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
07:44:09.0593 0x0e34 \Device\Harddisk0\DR0 - ok
07:44:09.0593 0x0e34 ================ Scan VBR ==================================
07:44:09.0609 0x0e34 [ E03D7E61AE66682479392846AE2EF134 ] \Device\Harddisk0\DR0\Partition1
07:44:09.0625 0x0e34 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
07:44:09.0656 0x0e34 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
07:44:13.0328 0x0e34 ================ Scan generic autorun ======================
07:44:13.0453 0x0e34 [ D24B9B36C06CA0ACF7CA2C69D9BB25B5, 1806B073EEB5E6B0D2B966AE60B1018B00E88B2DEDF520BDF14743B16E92D3A0 ] C:\WINDOWS\system32\igfxtray.exe
07:44:14.0546 0x0e34 IgfxTray - ok
07:44:14.0703 0x0e34 [ 66A5047DF0C0CEC911B95B5B1E24CEBC, 58B7691FB8FD9816950409CA17BD71E97E4707630C98A6516D815041B2CA1E56 ] C:\WINDOWS\system32\hkcmd.exe
07:44:15.0593 0x0e34 HotKeysCmds - ok
07:44:16.0000 0x0e34 [ 92819CB628F57930CA6341DC8B0D9CB4, E9B7FD467448EB21340F628E3D0107BF9D0FF0D4CEA9E3F6BD779FCBAE07FD81 ] C:\WINDOWS\SOUNDMAN.EXE
07:44:21.0609 0x0e34 SoundMan - ok
07:44:21.0890 0x0e34 [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
07:44:22.0625 0x0e34 SunJavaUpdateSched - ok
07:44:23.0625 0x0e34 [ 4126904E21735EF4C7FFFE01ED795872, 998C198AB997CCABE9F7AB456B7068BA4C49D1F2A2C3806BA9A951186BFBEC20 ] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
07:44:25.0250 0x0e34 IObit Security 360 - ok
07:44:28.0781 0x0e34 [ 312C7978F0A42DB0475CE31D884DCE88, 53DBEF2473F39754BB1BC352DB9A32607FD3A2E2DC5E7AA6AE821CABEC00CCD1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
07:44:35.0500 0x0e34 AvastUI.exe - ok
07:44:35.0578 0x0e34 [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\system32\CTFMON.EXE
07:44:47.0531 0x0e34 CTFMON.EXE - ok
07:44:47.0656 0x0e34 [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\system32\CTFMON.EXE
07:44:49.0046 0x0e34 CTFMON.EXE - ok
07:44:49.0078 0x0e34 [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\system32\CTFMON.EXE
07:44:50.0171 0x0e34 CTFMON.EXE - ok
07:44:50.0203 0x0e34 [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\system32\ctfmon.exe
07:44:53.0375 0x0e34 CTFMON.EXE - ok
07:44:53.0453 0x0e34 Waiting for KSN requests completion. In queue: 4
07:44:54.0453 0x0e34 Waiting for KSN requests completion. In queue: 4
07:44:55.0453 0x0e34 Waiting for KSN requests completion. In queue: 4
07:45:09.0515 0x0e34 AV detected via SS1: avast! Antivirus, 5.0.167774368, disabled, updated
07:45:10.0343 0x0e34 Win FW state via NFM: enabled
07:45:14.0000 0x0e34 ============================================================
07:45:14.0000 0x0e34 Scan finished
07:45:14.0000 0x0e34 ============================================================
07:45:14.0921 0x0b90 Detected object count: 1
07:45:14.0921 0x0b90 Actual detected object count: 1
07:45:38.0812 0x0b90 \Device\Harddisk0\DR0\Partition1 - copied to quarantine
07:45:38.0859 0x0b90 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
07:45:38.0859 0x0b90 \Device\Harddisk0\DR0\Partition1 - ok
07:45:38.0859 0x0b90 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
07:45:42.0109 0x0b90 KLMD registered as C:\WINDOWS\system32\drivers\35723118.sys
07:53:24.0796 0x0fdc Deinitialize success

-------------------------------------------------------------------------------------------------------------
Rkill 2.6.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/16/2014 07:51:00 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\dsound.dll : 367 616 : 04/14/2008 01:00 PM : e78c9d500ea9769046075b0e954714b7 [NoSig]
+-> C:\WINDOWS\system32\dllcache\dsound.dll : 367 616 : 04/14/2008 01:00 PM : 8e009e7ac012823845d5f39a77f4a27f [Pos Repl]

* C:\WINDOWS\System32\ipsecsvc.dll : 183 808 : 04/14/2008 01:00 PM : 07a452d903d4f45c7875cff7ccb20d82 [NoSig]
+-> C:\WINDOWS\system32\dllcache\ipsecsvc.dll : 183 808 : 04/14/2008 01:00 PM : d76d39056ef8b8c09bc544754448e48f [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/16/2014 07:56:38 AM
Execution time: 0 hours(s), 5 minute(s), and 37 seconds(s)

#12 Příspěvek od **altrok** » 16 pro 2014 11:31

Ano, ComboFix pustte hned po pouziti rkillu, tzn. ted.

troubler · #13 Příspěvek od **troubler** » 16 pro 2014 14:17

ComboFix 14-12-14.01 - Administrator 16.12.2014 13:46:17.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.510.294 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\drivers\etc\hosts.ics
.
c:\windows\system32\dsound.dll . . . je infikován!!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-16 do 2014-12-16 )))))))))))))))))))))))))))))))
.
.
2014-12-16 06:45 . 2014-12-16 06:45 213192 ----a-w- c:\windows\system32\drivers\35723118.sys
2014-12-16 06:45 . 2014-12-16 06:45 -------- d-----w- C:\TDSSKiller_Quarantine
2014-12-12 15:49 . 2014-12-15 11:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2014-12-12 15:49 . 2014-12-12 15:49 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-12 15:46 . 2014-12-12 15:46 55000 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-11 05:57 . 2014-12-11 05:57 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\AVAST Software
2014-12-11 05:53 . 2014-12-11 05:53 -------- d-----w- c:\windows\jumpshot.com
2014-12-10 15:08 . 2014-12-10 15:07 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-12-10 15:08 . 2014-12-12 05:57 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-12-10 15:08 . 2014-12-10 15:07 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-10 15:08 . 2014-12-10 15:07 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-10 15:08 . 2014-12-10 15:07 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-10 15:08 . 2014-12-10 15:07 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-10 15:08 . 2014-12-10 15:07 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-12-10 15:08 . 2014-12-12 05:57 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-10 15:08 . 2014-12-10 15:07 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-10 15:07 . 2014-12-10 15:07 43152 ----a-w- c:\windows\avastSS.scr
2014-12-10 14:55 . 2014-12-10 14:55 -------- d-----w- c:\program files\AVAST Software
2014-12-10 14:54 . 2014-12-10 14:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2014-12-10 10:40 . 2014-12-10 10:40 -------- d-----w- C:\_OTM
2014-12-10 06:42 . 2014-12-10 06:42 -------- d-----w- c:\program files\trend micro
2014-12-10 06:42 . 2014-12-10 06:42 -------- d-----w- C:\rsit
2014-12-09 09:28 . 2014-12-09 10:12 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\IObit
2014-12-09 08:08 . 2014-12-09 08:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2014-12-09 08:08 . 2014-12-09 09:27 -------- d-----w- c:\program files\IObit
2014-12-05 10:58 . 2014-12-05 10:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BitDefender
2014-12-05 10:20 . 2014-12-05 10:20 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\LavasoftStatistics
2014-12-05 09:49 . 2014-12-05 09:49 -------- d-----w- c:\program files\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-15 12:18 . 2014-12-15 12:18 43217 ----a-w- c:\windows\system32\scardsvr.zip
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . E78C9D500EA9769046075B0E954714B7 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[7] 2008-04-14 . 8E009E7AC012823845D5F39A77F4A27F . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-10 15:06 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-12 5227112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"{A3AE7312-D4DF-4BF1-A493-7E2E1EFF1D7C}"="start" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Software602\\602SQL11\\602gcli11.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10.12.2014 16:08 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10.12.2014 16:08 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [10.12.2014 16:08 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [10.12.2014 16:08 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [10.12.2014 16:08 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10.12.2014 16:08 70384]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [11.6.2012 12:01 99896]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [11.6.2012 11:59 17408]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [9.12.2014 9:08 312152]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys --> c:\windows\system32\Drivers\lgandnetadb.sys [?]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys --> c:\windows\system32\DRIVERS\avchv.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 46726515
*Deregistered* - 46726515
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2010-03-19 23:28]
.
2014-12-16 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2010-03-19 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 78.156.32.2
.
.
------- Asociace souborů -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-70161483.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-16 14:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2014-12-16 14:13:59
ComboFix-quarantined-files.txt 2014-12-16 13:13
.
Před spuštěním: Volných bajtů: 26 612 916 224
Po spuštění: Volných bajtů: 26 701 955 072
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2FAA3C5BECE093478C36404E79F9AB35
413FC2A0C716421B3158746D63736515

#14 Příspěvek od **altrok** » 16 pro 2014 20:41

Nez sepisu opravny skript, otestujte na virustotal.com soubor c:\windows\system32\dsound.dll - link (odkaz) s vysledky analyzy vlozte do dalsi odpovedi.

troubler · #15 Příspěvek od **troubler** » 17 pro 2014 16:27

Tak jsem najel na stránku virustotal.com soubor jsem chtěl nahrát, šel vybarat ale při ukončení scanu mi vždy skočí prázdná stránka exploreru, Stránka nelze zobrazit (zkoušel jsem několikrát). U Chromu se tento soubor nepodaří ani nahrát, prostě to vůbec nic nedělá.

VIRY.CZ

100% vytíženost, iexplorer.exe

100% vytíženost, iexplorer.exe

Re: 100% vytíženost, iexplorer.exe

Re: 100% vytíženost, iexplorer.exe

Re: 100% vytíženost, iexplorer.exe

Re: 100% vytíženost, iexplorer.exe

Re: 100% vytíženost, iexplorer.exe

Re: 100% vytíženost, iexplorer.exe

Re: 100% vytíženost, iexplorer.exe

Re: 100% vytíženost, iexplorer.exe

Re: 100% vytíženost, iexplorer.exe

Re: 100% vytíženost, iexplorer.exe

Re: 100% vytíženost, iexplorer.exe

Re: 100% vytíženost, iexplorer.exe

Re: 100% vytíženost, iexplorer.exe

Re: 100% vytíženost, iexplorer.exe