prosím o kontrolu

[Márty84]

S office jsem sice nic nedelal, ale u pc je vsechno mozne

Spustte znovu OTM a kliknete na CleanUp! Program po sobe uklidi.

Spustte ADWCleaner a kliknete na Uninstall, i ten po sobe uklidi.

Jak je ted na tom pc? Je nejaky problem, nebo muzeme tema uzavrit?

[casablancass]

S OTM a ADWCleaner podle rad hotovo.

Pc je na tom o dost líp, teda co se týká rychlosti určitě. Jen mi teď před chvilkou BitDefender zahlásil, že přesunul "aeq.exe" do karantény. Jinak žádný problém nevidím.

[Márty84]

Pokud je v karantene, je to v poradku

Tak pc den dva testujte a pokud vse pobezi jak ma, tema uzavrem Kdyz se neco objevi, budem se muset podivat hloubeji.

[casablancass]

Další soubor přibyl do karantény, ale jinak se zdá, že je pc v pořádku.

Měl bych ještě jeden dotaz, kdykoliv vypínám pc, tak mi na chvilku vyskočí tabulka s nápisem "Ukončit program - Agent", program se během pár vteřin ukončí a počítač vypne. Nevíte o co se jedná?

[Márty84]

Nevim o co se jedna, agentu je hodne.


Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[casablancass]

Combofix mi před spuštěním programu vyhodil hlášku, že je rezidentní štít bitdefender stále zapnutý, i když jsem v samotém antiviru všechno zatrhnul na off a bitdefender ukončil.Firewall jsem vypnul taky. Dal jsem proto i tak ok, a Combofix se spustil.

Na disku C se vytvořila "složka" Combofix (když na ni najedu - "Zobrazí diskové jednotky a hardware připojený k tomuto počítači), ale log nikde.

Vypnul jsem i samotné připojení k internetu během scanování, tak mě napadá, že by to mohlo být způsobeno tím, protože jinak vážně nevim.

[Márty84]

Zkuste spustit CF v nouzovem rezimu s praci v siti.

[casablancass]

V nouzovém režimu s prací v síti se Combofix začne rozbalovat, ale skončí u Výstupní složka: C:\32788R22FWJFW\N_
: C:\32788R22FWJFW

A hledal jsem na netu a našel, že už tu něco podobného bylo. http://forum.viry.cz/viewtopic.php?f=13 ... 52&start=0

[Márty84]

Postupujte podle navodu kolegy

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Kliknete na volbu Change parametrs
• V okne Additional Option zakliknete vsechny moznosti
• Kliknete na OK
• Utilite prikazte, at skenuje - klik na Start Scan
• Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
• Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
• Pokud mate vsude Skip, kliknete na Continue
• Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Postupujte podle navodu kolegy

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Ulozte nejlepe na Plochu a rozbalte
• Spustte kliknutim na mbar
• Nyni postupne kliknete na Next a Update
• Po dokonceni update (aktualizace) databaze kliknete opet na Next
• Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
• Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
• Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
• Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
• PC bude restartovan
• Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

[casablancass]

TDSSKiller nejdříve nechtěl po skenu vyhodit okno, tak jsem vypnul firewall, a nakonec se podařilo.

12:41:51.0703 0x0ca8 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
12:41:55.0828 0x0ca8 ============================================================
12:41:55.0828 0x0ca8 Current date / time: 2014/10/29 12:41:55.0828
12:41:55.0828 0x0ca8 SystemInfo:
12:41:55.0828 0x0ca8
12:41:55.0828 0x0ca8 OS Version: 5.1.2600 ServicePack: 3.0
12:41:55.0828 0x0ca8 Product type: Workstation
12:41:55.0828 0x0ca8 ComputerName: USER
12:41:55.0828 0x0ca8 UserName: zakaznik
12:41:55.0828 0x0ca8 Windows directory: C:\WINDOWS
12:41:55.0828 0x0ca8 System windows directory: C:\WINDOWS
12:41:55.0828 0x0ca8 Processor architecture: Intel x86
12:41:55.0828 0x0ca8 Number of processors: 2
12:41:55.0828 0x0ca8 Page size: 0x1000
12:41:55.0828 0x0ca8 Boot type: Normal boot
12:41:55.0828 0x0ca8 ============================================================
12:41:57.0218 0x0ca8 KLMD registered as C:\WINDOWS\system32\drivers\30081702.sys
12:41:57.0375 0x0ca8 System UUID: {4751AE60-BF9B-3E45-D610-5A280D6757A6}
12:41:58.0218 0x0ca8 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:41:58.0437 0x0ca8 ============================================================
12:41:58.0437 0x0ca8 \Device\Harddisk0\DR0:
12:41:58.0437 0x0ca8 MBR partitions:
12:41:58.0437 0x0ca8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
12:41:58.0453 0x0ca8 ============================================================
12:41:58.0468 0x0ca8 C: <-> \Device\Harddisk0\DR0\Partition1
12:41:58.0468 0x0ca8 ============================================================
12:41:58.0468 0x0ca8 Initialize success
12:41:58.0468 0x0ca8 ============================================================
12:42:05.0703 0x0fec ============================================================
12:42:05.0703 0x0fec Scan started
12:42:05.0703 0x0fec Mode: Manual; SigCheck; TDLFS;
12:42:05.0703 0x0fec ============================================================
12:42:05.0703 0x0fec KSN ping started
12:42:05.0812 0x0fec KSN ping finished: true
12:42:06.0015 0x0fec ================ Scan system memory ========================
12:42:06.0015 0x0fec System memory - ok
12:42:06.0015 0x0fec ================ Scan services =============================
12:42:06.0109 0x0fec Abiosdsk - ok
12:42:06.0109 0x0fec abp480n5 - ok
12:42:06.0156 0x0fec [ 4FE34F1F3126B61FCC6B2043AA8112C9, DE370865E47A5D2A4B227EEFFB42384F67F08D622BF936A9C9CEF70CC47F324B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:42:06.0468 0x0fec ACPI - ok
12:42:06.0578 0x0fec [ AFDFF022A01F0B11C776F0860C3B282F, 135E5257B62D921B76271014301E9EA1E2383D5DBB04E475DC3A7EFFD2561F56 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:42:06.0750 0x0fec ACPIEC - ok
12:42:06.0750 0x0fec adpu160m - ok
12:42:06.0781 0x0fec [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:42:06.0953 0x0fec aec - ok
12:42:06.0984 0x0fec [ 7E775010EF291DA96AD17CA4B17137D7, E2B746D5839715432FA073378149545D51C8BEFF8621411E0FF184DE8AA83414 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:42:07.0015 0x0fec AFD - ok
12:42:07.0015 0x0fec Aha154x - ok
12:42:07.0031 0x0fec aic78u2 - ok
12:42:07.0031 0x0fec aic78xx - ok
12:42:07.0078 0x0fec [ E0A6FA244B8624D78FE5FF6F56A33BAE, 26B828FDB03AE4A4F1DC7A1792F9BAD69CF947897D47F5E567F24F4B6D5CB541 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:42:07.0234 0x0fec Alerter - ok
12:42:07.0250 0x0fec [ 88842DE939A827577BF24243699AC80A, A49C9A6A9941F3A2FBBCFE1F6DB48B632739D00670AC98ECCCBC7FD9E786B21A ] ALG C:\WINDOWS\System32\alg.exe
12:42:07.0406 0x0fec ALG - ok
12:42:07.0421 0x0fec AliIde - ok
12:42:07.0515 0x0fec [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
12:42:07.0625 0x0fec Ambfilt - ok
12:42:07.0640 0x0fec amsint - ok
12:42:07.0687 0x0fec [ 6B8E7A90E576D4FE308F97C69060A171, 6CE49BC78715737D78E05DECAC23E26A5672ACD2CF3D10154FEA9D47B318D47C ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:42:07.0843 0x0fec AppMgmt - ok
12:42:07.0875 0x0fec [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:42:08.0031 0x0fec Arp1394 - ok
12:42:08.0046 0x0fec asc - ok
12:42:08.0062 0x0fec asc3350p - ok
12:42:08.0062 0x0fec asc3550 - ok
12:42:08.0140 0x0fec [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:42:08.0171 0x0fec aspnet_state - ok
12:42:08.0187 0x0fec [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:42:08.0343 0x0fec AsyncMac - ok
12:42:08.0375 0x0fec [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:42:08.0546 0x0fec atapi - ok
12:42:08.0546 0x0fec Atdisk - ok
12:42:08.0609 0x0fec [ 2A27A3A8634FB9E29F539D6D3ED3646A, 08C5E28BB1A3DC856C6B7956F6F47EE0AEFEB82E7E9474848DDFAFD8A627A281 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
12:42:08.0671 0x0fec Ati HotKey Poller - ok
12:42:08.0718 0x0fec [ 72810C6A63076A480ABCE0E0BA0BC981, 8551F6394A64C1270A573C75BC6EF326300FBC3F8E0BCD6F8BDA58874D65C036 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
12:42:08.0765 0x0fec ATI Smart - detected UnsignedFile.Multi.Generic ( 1 )
12:42:08.0828 0x0fec Detect skipped due to KSN trusted
12:42:08.0828 0x0fec ATI Smart - ok
12:42:09.0015 0x0fec [ 8763EDE3E0CD40F5C3450571AC57F205, 8564071956609F679C511B87C0328578824A7C1ED08DE22CFC74DF589E6EEEF2 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:42:09.0218 0x0fec ati2mtag - ok
12:42:09.0265 0x0fec [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:42:09.0421 0x0fec Atmarpc - ok
12:42:09.0453 0x0fec [ DE31B88962A8645DBA5A37B993E7B0F1, CA93F25A3FD0CE68BB9B8E3AB6B813BF38DE3EDDFC990291B3957FAA59B2B274 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:42:09.0593 0x0fec AudioSrv - ok
12:42:09.0625 0x0fec [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:42:09.0765 0x0fec audstub - ok
12:42:09.0828 0x0fec [ B5B8FC2C4D520F1F1EED52A980ED5091, 31C853FAC89A145AC999DC779C3865E6DE666229085F3E963C50BD78A980B2D5 ] avc3 C:\WINDOWS\system32\DRIVERS\avc3.sys
12:42:09.0875 0x0fec avc3 - ok
12:42:09.0921 0x0fec [ 818E7E029DB594DCB8D6218A7D6FA575, A78A9C9F689C228BF49EB806CDB4EBB88F0FE6E62DF21108ED33F901C5E2A267 ] avckf C:\WINDOWS\system32\DRIVERS\avckf.sys
12:42:09.0953 0x0fec avckf - ok
12:42:10.0031 0x0fec [ 66668490AC6165FDA83089BF71511BF4, ADD6BE1B7ABC91F2B29E996BDA30A2A906E76C50D9D47B5F73A779DF593C78B6 ] bdselfpr C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys
12:42:10.0046 0x0fec bdselfpr - ok
12:42:10.0078 0x0fec [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:42:10.0234 0x0fec Beep - ok
12:42:10.0281 0x0fec [ 19395D092FD85DDC2D9C7729CF5A2AC8, 7640F36BA19698EE8A6257BF78A8C57DD9D734BED9CA6BB9B68603BAEA092412 ] BITS C:\WINDOWS\system32\qmgr.dll
12:42:10.0437 0x0fec BITS - ok
12:42:10.0468 0x0fec [ 04E84C8049EE93614A2FF6D676D1E247, 459B5C729C7CD5005121651D1594E9772C51CE90E788BC88835E2066FC12F6FD ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
12:42:10.0468 0x0fec BlueletAudio - detected UnsignedFile.Multi.Generic ( 1 )
12:42:10.0546 0x0fec Detect skipped due to KSN trusted
12:42:10.0546 0x0fec BlueletAudio - ok
12:42:10.0578 0x0fec [ 249276D3EF1E74B992299CB96099E4D7, A7E23EC13CB96C0CFD12D2D75E7115361B1F9890DB815D90F7B0A878EF7738F5 ] Browser C:\WINDOWS\System32\browser.dll
12:42:10.0734 0x0fec Browser - ok
12:42:10.0765 0x0fec [ D1813668A0117AE05BC0B81C874F91D4, 3DCA5BFB5AEC68BF95D228FF375B4FD763C3CDAE0E3C6676D5381495298C1B49 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
12:42:10.0765 0x0fec BT - detected UnsignedFile.Multi.Generic ( 1 )
12:42:10.0890 0x0fec Detect skipped due to KSN trusted
12:42:10.0890 0x0fec BT - ok
12:42:10.0906 0x0fec [ 7304ACC25455746912DE37D7DED387ED, 6B82DC834F548E9EBF833DEDF458CF5A8252E44914AD74A12B386E0B198FAE44 ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
12:42:10.0921 0x0fec Btcsrusb - detected UnsignedFile.Multi.Generic ( 1 )
12:42:10.0984 0x0fec Detect skipped due to KSN trusted
12:42:10.0984 0x0fec Btcsrusb - ok
12:42:11.0015 0x0fec [ 161969D2DD1D39CD2F1EDBC60C61FA99, 2B38B6564EA5225F4F5F57079C417E5CBD4A56184649E4CCAF291AA56658E1A4 ] BTHidEnum C:\WINDOWS\system32\DRIVERS\vbtenum.sys
12:42:11.0031 0x0fec BTHidEnum - detected UnsignedFile.Multi.Generic ( 1 )
12:42:11.0093 0x0fec Detect skipped due to KSN trusted
12:42:11.0093 0x0fec BTHidEnum - ok
12:42:11.0109 0x0fec [ A9164C2A39BD917B9F42AE087560AC3D, E650D5D089D256D19293705412DE3146BB6574C30ABBD0F20574332EDF7DF919 ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
12:42:11.0125 0x0fec BTHidMgr - detected UnsignedFile.Multi.Generic ( 1 )
12:42:11.0187 0x0fec Detect skipped due to KSN trusted
12:42:11.0187 0x0fec BTHidMgr - ok
12:42:11.0218 0x0fec [ 6B05FDC0CFC3753B520D2D4176CC32D0, A15BB0899A1A6273FFB34A57FC6B5544CCC09F2A7C56F6173A8F86E80C0DD49E ] BTNetFilter C:\WINDOWS\system32\drivers\BTNetFilter.sys
12:42:11.0218 0x0fec BTNetFilter - detected UnsignedFile.Multi.Generic ( 1 )
12:42:11.0296 0x0fec Detect skipped due to KSN trusted
12:42:11.0296 0x0fec BTNetFilter - ok
12:42:11.0359 0x0fec catchme - ok
12:42:11.0390 0x0fec [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:42:11.0562 0x0fec cbidf2k - ok
12:42:11.0625 0x0fec [ 8EF654045E518AC00E52E7A1E2D3AD70, C267AAB7CA9C6D1DD49043DE13211E25157AADECC8D302712BBBD6EB6F530ED9 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
12:42:11.0625 0x0fec CCALib8 - detected UnsignedFile.Multi.Generic ( 1 )
12:42:11.0765 0x0fec Detect skipped due to KSN trusted
12:42:11.0765 0x0fec CCALib8 - ok
12:42:11.0796 0x0fec [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:42:11.0937 0x0fec CCDECODE - ok
12:42:11.0953 0x0fec cd20xrnt - ok
12:42:11.0984 0x0fec [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:42:12.0140 0x0fec Cdaudio - ok
12:42:12.0171 0x0fec [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:42:12.0328 0x0fec Cdfs - ok
12:42:12.0343 0x0fec [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:42:12.0500 0x0fec Cdrom - ok
12:42:12.0500 0x0fec Changer - ok
12:42:12.0531 0x0fec [ E390DC1D7C461D7D56EC53402F329928, FB37F84E71353CD83FCDDD39C898C6D84C05130C5F1BEF022E3DFDE160398C0E ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:42:12.0671 0x0fec CiSvc - ok
12:42:12.0687 0x0fec [ 064507A8DFA8C5C7E2FFDDD3E6F424FA, 1725067BC759484A7185A4F1A44ED3CBE481529D187FE98EF279425B79177EB1 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:42:12.0828 0x0fec ClipSrv - ok
12:42:12.0859 0x0fec [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:42:12.0890 0x0fec clr_optimization_v2.0.50727_32 - ok
12:42:12.0937 0x0fec [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:42:12.0968 0x0fec clr_optimization_v4.0.30319_32 - ok
12:42:12.0984 0x0fec CmdIde - ok
12:42:13.0000 0x0fec COMSysApp - ok
12:42:13.0015 0x0fec Cpqarray - ok
12:42:13.0046 0x0fec [ F3AB0933CBD166D271992F411C27CCAF, 50E01F3B058F814BE914FA5050B2D972E8584A467719A5ABCF9D9EBD596A54A7 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:42:13.0187 0x0fec CryptSvc - ok
12:42:13.0203 0x0fec dac2w2k - ok
12:42:13.0203 0x0fec dac960nt - ok
12:42:13.0250 0x0fec [ BE27674D1CBC3214AEC84B4336A38BBF, 3DF5F9A9E97595A61314B2731DF4F3D3C19D1B9D2291624A63B8E1861FFC2D76 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:42:13.0296 0x0fec DcomLaunch - ok
12:42:13.0296 0x0fec dgderdrv - ok
12:42:13.0328 0x0fec [ 8C9A53E285AC5E6704844D0459EC85BE, 9E86AF4C06CEC007C9B1590B6E056319603E4D79BED0C2471C6F1BC251B380CF ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:42:13.0468 0x0fec Dhcp - ok
12:42:13.0500 0x0fec [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:42:13.0640 0x0fec Disk - ok
12:42:13.0656 0x0fec dmadmin - ok
12:42:13.0703 0x0fec [ DB5FD2BF5B07DC54BFCB3664FF05BD7C, 46074FBBC5E4A40A7B3A45636089DEDD2A619778C7DCD797571C2BB64D775F7E ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:42:13.0875 0x0fec dmboot - ok
12:42:13.0906 0x0fec [ FFF1720AF51171F32F1EAD5CF71F2810, 2E40D63DC7670C1E88A532DB8923A98ABC8481C351C4D915C2753E10BA77F36D ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:42:14.0046 0x0fec dmio - ok
12:42:14.0078 0x0fec [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:42:14.0250 0x0fec dmload - ok
12:42:14.0281 0x0fec [ 2BFEFE9E865655A76982F050450B9591, 15C7D093D638770519AA43E7D8897310F32AB1F217027F5750D799494A985C35 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:42:14.0406 0x0fec dmserver - ok
12:42:14.0437 0x0fec [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:42:14.0593 0x0fec DMusic - ok
12:42:14.0609 0x0fec [ 0634B791684B84F4A331F3D3536FEEF8, 562080C56BB92AB41657D43A4D7FA722F6134CF78CA69B58A1D64816234E768D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:42:14.0750 0x0fec Dnscache - ok
12:42:14.0781 0x0fec [ 4A3E2BD20157A0946751229E92EB8621, D8C00CC2C18C517F7262EBC3C511C062E5ABA797056AEB22AC5DEB306BA8C526 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:42:14.0921 0x0fec Dot3svc - ok
12:42:14.0937 0x0fec dpti2o - ok
12:42:15.0140 0x0fec [ 803569711F5976AD4A1469A091617946, 9FCFAE663992126B43EF9C729172A27D0B10CA758251D687430361D3A08BB4E2 ] DragonUpdater C:\Program Files\Comodo\Dragon\dragon_updater.exe
12:42:15.0250 0x0fec DragonUpdater - ok
12:42:15.0296 0x0fec [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:42:15.0421 0x0fec drmkaud - ok
12:42:15.0468 0x0fec [ 0887D9C2BE8D940778CAD1E3B85F2A41, 2E30DC06D46A5E174B7CAA2D70BDB697015495942572E90425E2EE7AC541BCF4 ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:42:15.0593 0x0fec EapHost - ok
12:42:15.0640 0x0fec [ A2A4912798F2BE706ABADD3D30800D16, CCCCA389D22525D984DE9B59E4CEBE0EEEF315F725176EB5C4DC1A5B6157234A ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:42:15.0781 0x0fec ERSvc - ok
12:42:15.0812 0x0fec [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] Eventlog C:\WINDOWS\system32\services.exe
12:42:15.0843 0x0fec Eventlog - ok
12:42:15.0875 0x0fec [ A371F11EF07653591C8DE26AFB13CE7F, 1192EDC8B146F1C27E8CD7E126DDC044F8B368C2E891A90CD81620D48C9550B6 ] EventSystem C:\WINDOWS\system32\es.dll
12:42:15.0906 0x0fec EventSystem - ok
12:42:15.0953 0x0fec [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:42:16.0109 0x0fec Fastfat - ok
12:42:16.0140 0x0fec [ B927443008910B412BEC72FC41C1BAD0, B2008DC7EBCEDA0FCCBF4BE1F3BD7F5E27E35695320236D2C9E9C0111CC44774 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:42:16.0281 0x0fec FastUserSwitchingCompatibility - ok
12:42:16.0296 0x0fec [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:42:16.0453 0x0fec Fdc - ok
12:42:16.0468 0x0fec [ E9648254056BCE81A85380C0C3647DC4, AE58F498BD1C33360FE3BB9EA22C13EA562206B68E7946B587CB5A6DF94586A1 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
12:42:16.0625 0x0fec FETNDIS - ok
12:42:16.0640 0x0fec [ AC366695A0796560AA37215AD5762AAF, 6ADC7443EA42D77199D4879AF3C33A07914116C69A34B895D8CB8444EE50077F ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:42:16.0781 0x0fec Fips - ok
12:42:16.0843 0x0fec [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:42:16.0890 0x0fec FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
12:42:27.0000 0x0fec FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:42:27.0000 0x0fec Force sending object to P2P due to detect: FLEXnet Licensing Service
12:42:29.0031 0x0fec Object send P2P result: true
12:42:29.0156 0x0fec [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:42:29.0296 0x0fec Flpydisk - ok
12:42:29.0328 0x0fec [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:42:29.0484 0x0fec FltMgr - ok
12:42:29.0578 0x0fec [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:42:29.0593 0x0fec FontCache3.0.0.0 - ok
12:42:29.0625 0x0fec [ B07663A810E861EEBFD0EAC7E82CA62D, 9FC5CDE0A0C3D15050056325AACD65B13C4C45ED0DA199ABFB93A691285A3821 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
12:42:29.0640 0x0fec FsUsbExDisk - detected UnsignedFile.Multi.Generic ( 1 )
12:42:29.0734 0x0fec Detect skipped due to KSN trusted
12:42:29.0734 0x0fec FsUsbExDisk - ok
12:42:29.0765 0x0fec [ F96C429788350DB4BA6771C3034DFD88, 07DD60F281224D5CDA14FD4F42BF6992EBDD44FD8888A7D5053E2130A47D3CDC ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
12:42:29.0781 0x0fec FsUsbExService - detected UnsignedFile.Multi.Generic ( 1 )
12:42:29.0906 0x0fec Detect skipped due to KSN trusted
12:42:29.0906 0x0fec FsUsbExService - ok
12:42:29.0921 0x0fec [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:42:30.0078 0x0fec Fs_Rec - ok
12:42:30.0093 0x0fec [ 4E664D8541DB4A66B73A24257E322E1F, 17A2140AFE2B41E579FCCAFB82532853AD90A6EDBCB13DE80741DAE0AD5B4CC9 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:42:30.0250 0x0fec Ftdisk - ok
12:42:30.0281 0x0fec [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:42:30.0421 0x0fec Gpc - ok
12:42:30.0453 0x0fec [ 46524E4F27A44A86F28772D80BC3CE02, DEDAB3CE5CE0417962D49C58F0557339EF83365372E28A485F3999411C3519AF ] gzflt C:\WINDOWS\system32\DRIVERS\gzflt.sys
12:42:30.0468 0x0fec gzflt - ok
12:42:30.0500 0x0fec [ 771676DB364B444C6333B5F30C7A1755, F77B6DD7A9DA6E06B6EFC0639E63EA6365B89C0D0904D28A5829D2F5D1A0ADEA ] gzserv C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
12:42:30.0515 0x0fec gzserv - ok
12:42:30.0546 0x0fec [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:42:30.0703 0x0fec HDAudBus - ok
12:42:30.0750 0x0fec [ FCFE31FB75F8A6295B6B0AF87A626282, 6BA385797DBC73EB29EFE3293B80C21B1B8A1E9B87A462476E73C526C9565E5F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:42:30.0890 0x0fec helpsvc - ok
12:42:30.0906 0x0fec HidServ - ok
12:42:30.0921 0x0fec [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:42:31.0078 0x0fec hidusb - ok
12:42:31.0093 0x0fec [ 7A6B320928F86BC851530D63C82965D9, 1F628759D31098DFBC05244735B5A62ACD8E45DBC5C9D236260D68EB8F1E28F5 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:42:31.0234 0x0fec hkmsvc - ok
12:42:31.0250 0x0fec hpn - ok
12:42:31.0296 0x0fec [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:42:31.0343 0x0fec HTTP - ok
12:42:31.0375 0x0fec [ 58FE2F2DA3BC5573F4A35B3760D3125F, B241ACCE426402EC64DC34C49CECB8CDC0851986D54BFCCED7040D6C43F5787A ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:42:31.0515 0x0fec HTTPFilter - ok
12:42:31.0515 0x0fec i2omgmt - ok
12:42:31.0531 0x0fec i2omp - ok
12:42:31.0546 0x0fec [ C528E27945367191E7BAE364930B6932, 1B95C7B49B4CAE734DC6C9EC22555C5356EEC856B8491C761C777479264CF854 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:42:31.0671 0x0fec i8042prt - ok
12:42:31.0781 0x0fec [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:42:31.0843 0x0fec idsvc - ok
12:42:31.0890 0x0fec [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:42:32.0031 0x0fec Imapi - ok
12:42:32.0078 0x0fec [ F7B93AAFAD33B2320954C17E26C8D361, 8CFDB11A68B59E195F280BE08B25FA59F1F70833832919B8BECCE17616999934 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:42:32.0218 0x0fec ImapiService - ok
12:42:32.0234 0x0fec ini910u - ok
12:42:32.0453 0x0fec [ 0CACDCBBC8E6F11E2865C47BFC509848, DD415DD9564BB1E99DA0DBE084CBF321DD55784F3ECC160521BFB4E06AC44523 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:42:32.0734 0x0fec IntcAzAudAddService - ok
12:42:32.0765 0x0fec IntelIde - ok
12:42:32.0796 0x0fec [ 27B290D632AF2CF3CF40BFDDB7370985, 2C266777B4A96706658B8C9A7B30D15D6E495C815FAE23A0A1FC747E9B5AE363 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:42:32.0937 0x0fec intelppm - ok
12:42:32.0968 0x0fec [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:42:33.0125 0x0fec Ip6Fw - ok
12:42:33.0156 0x0fec [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:42:33.0312 0x0fec IpFilterDriver - ok
12:42:33.0328 0x0fec [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:42:33.0484 0x0fec IpInIp - ok
12:42:33.0500 0x0fec [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:42:33.0656 0x0fec IpNat - ok
12:42:33.0687 0x0fec [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:42:33.0843 0x0fec IPSec - ok
12:42:33.0859 0x0fec [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:42:34.0000 0x0fec IRENUM - ok
12:42:34.0046 0x0fec [ CC9F8A2D60AED1A51A3AC34C59B987AE, CBF69817BE3D9A4617390B1A3306074CB8581F21562CD1357D32BC3E542F3CEE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:42:34.0187 0x0fec isapnp - ok
12:42:34.0203 0x0fec [ 1B6162FE7F66B1A71A4B70F941C4AA9B, C2EA494BAB0513A6027414FB1E75834F980A77852D0DC8559E8942FC222A075A ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:42:34.0343 0x0fec Kbdclass - ok
12:42:34.0375 0x0fec [ 2AD446E7A867C48099227415DD66FB34, 7A5C80C19B870EC2AAB448949758972AD1AE2FD7C158ECF4E17DE54A5982B58A ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
12:42:34.0390 0x0fec KL1 - ok
12:42:34.0437 0x0fec [ 2A7A628CF5F2B255A8D82BF897903B89, DB6903F820D774F67B207647C91CFAEC8034144584A13DC08FC0944775946051 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
12:42:34.0484 0x0fec KLIF - ok
12:42:34.0515 0x0fec [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:42:34.0671 0x0fec kmixer - ok
12:42:34.0703 0x0fec [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:42:34.0750 0x0fec KSecDD - ok
12:42:34.0765 0x0fec [ D8D3F1C1E82117A3776A2D320A7B3694, 9DF453421781A8AE9A012D306D047E4D43B5B6EDEA2BCA1D27EC06B555C46A84 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
12:42:34.0781 0x0fec L8042Kbd - ok
12:42:34.0828 0x0fec [ 5262222FB4A7B57B48115016CCFD1F4C, 28E9F6D73FCBB6E6F04C8D807F1CE8452903451E716BF7C1BDE9671B6718E97E ] L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
12:42:34.0843 0x0fec L8042mou - ok
12:42:34.0875 0x0fec [ 21920AC69594AB021237054FA728FE46, 01D1E231B85BF3B1979491BE6338EEE4A184AED9B8B113CB9AEFCACFAA7B73E9 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:42:35.0015 0x0fec lanmanserver - ok
12:42:35.0062 0x0fec [ 936C1D110232D23B621CB0196E4F80F0, 2DE3AF93E20F1DC7A6FF31B18054EA4D2350387E4DA91C4B16D451384F0C57E2 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:42:35.0078 0x0fec lanmanworkstation - ok
12:42:35.0093 0x0fec lbrtfdc - ok
12:42:35.0125 0x0fec [ 8B30311241F97B35167AFE68D79E8530, 1E8BA411967BE7BBC91F346DAA85093993DFDA56979E5172F933C3264FFE4348 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
12:42:35.0140 0x0fec LHidFilt - ok
12:42:35.0171 0x0fec [ 0AB159F536E3E8F7F07113702A07CCA5, 3218C553183E6697C663B6D12790E09756B50505590858DD5AC62411D37CDD7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:42:35.0312 0x0fec LmHosts - ok
12:42:35.0359 0x0fec [ 48D7422A6C4EEC886B56AC534CFA3ACF, 62D54ECA5900E15F66D03173AD81184C4DAE6F52A612FC42E75DC15737EDF36E ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
12:42:35.0375 0x0fec LMouFilt - ok
12:42:35.0406 0x0fec [ 96062EC1F26F08EBE056C026667744DD, 6BF896F45CEB591D1D445A2CF0044A3C6BF3EA5308C802221DCE330E5E5614E5 ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
12:42:35.0421 0x0fec LMouKE - ok
12:42:35.0468 0x0fec [ 0B808FF2F17C8396FB2AE202F75AED37, 9E8F62A60C502416BC8B49099148FBC7CAA57F4C79D05A110B1B1849DA2DB779 ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
12:42:35.0484 0x0fec LUsbFilt - ok
12:42:35.0515 0x0fec [ 221CD1C815B8A6B79389C3F5D1018DE8, 6D0D25D6669C4F9452F74EC72C6138A41D9408E01AF5FD01C08F27BE7BC9C905 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:42:35.0640 0x0fec Messenger - ok
12:42:35.0703 0x0fec [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:42:35.0718 0x0fec Microsoft Office Groove Audit Service - ok
12:42:35.0750 0x0fec [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:42:35.0890 0x0fec mnmdd - ok
12:42:35.0921 0x0fec [ 9A57D046F88F4B69751B11FD40088A61, 62F65433024CE411F111A88723747B8A83B31076FBAF4CFF40FD02A53D7FF7DF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:42:36.0062 0x0fec mnmsrvc - ok
12:42:36.0093 0x0fec [ 44032B0C6D9954D3FD26438330B99EE7, A49749A4C00D50F57170AA5DA9E2DEECC8C524A48B144C8B784894F2C202FBEE ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:42:36.0234 0x0fec Modem - ok
12:42:36.0296 0x0fec [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
12:42:36.0406 0x0fec Monfilt - ok
12:42:36.0437 0x0fec [ 4CB582831DBDE63CE43B45D771218374, 6D470B26197C5B388983D9213D48D2CDE934C9591572876DC7790FE4B59E0845 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:42:36.0578 0x0fec Mouclass - ok
12:42:36.0593 0x0fec [ BB269EBA740737AB749B214D568B6812, ABF41D9B521EBBE674E76981CAD31F8FD05976DE7070266C3956FDB67C83C4C2 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:42:36.0734 0x0fec mouhid - ok
12:42:36.0765 0x0fec [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:42:36.0921 0x0fec MountMgr - ok
12:42:36.0921 0x0fec mraid35x - ok
12:42:36.0953 0x0fec [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:42:37.0093 0x0fec MRxDAV - ok
12:42:37.0140 0x0fec [ F3AEFB11ABC521122B67095044169E98, A9FF6C9256FC1F08338F179FF7434AE064B5B6828F16AC8B5C8F362872E3078B ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:42:37.0187 0x0fec MRxSmb - ok
12:42:37.0234 0x0fec [ D98350792A7CE82E7459A7C36481BEDA, 7A7634F78ECF4E26F83C49A52806F2DD84158DFC0A33EDC3C87B38B3846129F2 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
12:42:37.0265 0x0fec MSCamSvc - ok
12:42:37.0296 0x0fec [ 6DB4D1521CABA9A5FFAB54ADE0AE867D, 78D63EE2C0B0852F0771071C099643242EBC9F4DA28847B93BCE9C3CC1091938 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:42:37.0437 0x0fec MSDTC - ok
12:42:37.0468 0x0fec [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:42:37.0609 0x0fec Msfs - ok
12:42:37.0640 0x0fec [ 5119FFC2A6B51089CDB0EFDC75808C97, 4027EB46F4E85991CCC5A77062C18361FDFBE764A69901C3EFAEEA602B011B21 ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys
12:42:37.0656 0x0fec MSHUSBVideo - ok
12:42:37.0671 0x0fec MSIServer - ok
12:42:37.0687 0x0fec [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:42:37.0828 0x0fec MSKSSRV - ok
12:42:37.0843 0x0fec [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:42:37.0984 0x0fec MSPCLOCK - ok
12:42:38.0015 0x0fec [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:42:38.0156 0x0fec MSPQM - ok
12:42:38.0187 0x0fec [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:42:38.0328 0x0fec mssmbios - ok
12:42:38.0343 0x0fec [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:42:38.0484 0x0fec MSTEE - ok
12:42:38.0515 0x0fec [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:42:38.0671 0x0fec Mup - ok
12:42:38.0687 0x0fec [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:42:38.0828 0x0fec NABTSFEC - ok
12:42:38.0890 0x0fec [ 6EA362E9DB03D44F6B996F4D8BE237E9, FE6B4C546D26C4A2832CF4CB280B86B1723E10E46A3C24AF6C9856FCCAE9D1FC ] napagent C:\WINDOWS\System32\qagentrt.dll
12:42:39.0031 0x0fec napagent - ok
12:42:39.0078 0x0fec [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:42:39.0234 0x0fec NDIS - ok
12:42:39.0265 0x0fec [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:42:39.0453 0x0fec NdisIP - ok
12:42:39.0468 0x0fec [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:42:39.0609 0x0fec NdisTapi - ok
12:42:39.0640 0x0fec [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:42:39.0781 0x0fec Ndisuio - ok
12:42:39.0796 0x0fec [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:42:39.0953 0x0fec NdisWan - ok
12:42:39.0968 0x0fec [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:42:40.0109 0x0fec NDProxy - ok
12:42:40.0125 0x0fec [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:42:40.0281 0x0fec NetBIOS - ok
12:42:40.0312 0x0fec [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:42:40.0468 0x0fec NetBT - ok
12:42:40.0500 0x0fec [ 933DE774986EC85E48210C44AB431DE6, B8C85085003792B8744D96585CE6F2BC474EEEEC364A100CCBCE08176D91E75C ] NetDDE C:\WINDOWS\system32\netdde.exe
12:42:40.0640 0x0fec NetDDE - ok
12:42:40.0656 0x0fec [ 933DE774986EC85E48210C44AB431DE6, B8C85085003792B8744D96585CE6F2BC474EEEEC364A100CCBCE08176D91E75C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:42:40.0796 0x0fec NetDDEdsdm - ok
12:42:40.0828 0x0fec [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:42:40.0953 0x0fec Netlogon - ok
12:42:40.0984 0x0fec [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40, 588C8BA14A7255FD36A88960CBE34341301773765ECF2A9A0F1760A509A08A5B ] Netman C:\WINDOWS\System32\netman.dll
12:42:41.0125 0x0fec Netman - ok
12:42:41.0156 0x0fec [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:42:41.0187 0x0fec NetTcpPortSharing - ok
12:42:41.0218 0x0fec [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:42:41.0375 0x0fec NIC1394 - ok
12:42:41.0406 0x0fec [ 1289B7611CCD6CB27596AE92CBF03E35, 36CE24F4C75EF8AD5A0E207597DC5F06D493D5B67EAEB3FE45F9193272866632 ] Nla C:\WINDOWS\System32\mswsock.dll
12:42:41.0437 0x0fec Nla - ok
12:42:41.0468 0x0fec [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:42:41.0609 0x0fec Npfs - ok
12:42:41.0656 0x0fec [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:42:41.0828 0x0fec Ntfs - ok
12:42:41.0859 0x0fec [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:42:42.0000 0x0fec NtLmSsp - ok
12:42:42.0046 0x0fec [ 023DD70573D644F3D9C8B1258A7BFD08, 9A1D3210ED5FD8BEDF92ED577A9B30E37035408A73EB66A8C950B75AB7539B83 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:42:42.0203 0x0fec NtmsSvc - ok
12:42:42.0234 0x0fec [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
12:42:42.0359 0x0fec Null - ok
12:42:42.0390 0x0fec [ 914650872A82198607554875459C664F, 993E603CB38C64365B7E671C89F094B6BE76A60D408F1DBE85796FB53879461D ] null_flt C:\WINDOWS\System32\Drivers\null_flt.sys
12:42:42.0390 0x0fec null_flt - detected UnsignedFile.Multi.Generic ( 1 )
12:42:43.0359 0x0fec Detect skipped due to KSN trusted
12:42:43.0359 0x0fec null_flt - ok
12:42:43.0406 0x0fec [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:42:43.0546 0x0fec NwlnkFlt - ok
12:42:43.0578 0x0fec [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:42:43.0734 0x0fec NwlnkFwd - ok
12:42:43.0796 0x0fec [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:42:43.0828 0x0fec odserv - ok
12:42:43.0859 0x0fec [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:42:44.0000 0x0fec ohci1394 - ok
12:42:44.0046 0x0fec [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:42:44.0062 0x0fec ose - ok
12:42:44.0093 0x0fec [ 46F8DB73B4A53E543F8E371DC7C75BAE, F6C5E7DE4B4AE0ED785DB075BE14EA6A0FC9050C95669B26DEF2B82D7B7D3B2C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:42:44.0234 0x0fec Parport - ok
12:42:44.0265 0x0fec [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:42:44.0406 0x0fec PartMgr - ok
12:42:44.0437 0x0fec [ 1FAE19D0457176318BBA4A8795656EBC, 5F3D6CABA203A0485D67F63A6A81151724EE200BE49ED095CFCB1EF29C19D19F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:42:44.0578 0x0fec ParVdm - ok
12:42:44.0609 0x0fec [ 6CE351D149CB4BEFC702951E471E1730, 758327683BB45F01D5AE550AF21856822B4CF55E17F2A4F452F559088D242B37 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:42:44.0750 0x0fec PCI - ok
12:42:44.0765 0x0fec PCIDump - ok
12:42:44.0796 0x0fec [ 2DA4EC85E0EA7A45C6B2A05820492D5A, A8C6BD93D3BC33A5B36EB523997EF9E0783B6E6EAFB6E7F58BCC2629009BDCF9 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:42:44.0937 0x0fec PCIIde - ok
12:42:44.0968 0x0fec [ 4FC31E6C19A5CE5198B1ABFF94CAE758, A031E21EC1F15DA5E8429269F435337FA961C3C06D535DAFD448C7355F33FD0C ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:42:45.0109 0x0fec Pcmcia - ok
12:42:45.0125 0x0fec PDCOMP - ok
12:42:45.0125 0x0fec PDFRAME - ok
12:42:45.0140 0x0fec PDRELI - ok
12:42:45.0156 0x0fec PDRFRAME - ok
12:42:45.0156 0x0fec perc2 - ok
12:42:45.0171 0x0fec perc2hib - ok
12:42:45.0218 0x0fec [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] PlugPlay C:\WINDOWS\system32\services.exe
12:42:45.0250 0x0fec PlugPlay - ok
12:42:45.0281 0x0fec [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:42:45.0406 0x0fec PolicyAgent - ok
12:42:45.0437 0x0fec [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:42:45.0593 0x0fec PptpMiniport - ok
12:42:45.0625 0x0fec [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:42:45.0765 0x0fec ProtectedStorage - ok
12:42:45.0796 0x0fec [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:42:45.0937 0x0fec PSched - ok
12:42:45.0968 0x0fec [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:42:46.0125 0x0fec Ptilink - ok
12:42:46.0140 0x0fec ql1080 - ok
12:42:46.0140 0x0fec Ql10wnt - ok
12:42:46.0156 0x0fec ql12160 - ok
12:42:46.0171 0x0fec ql1240 - ok
12:42:46.0187 0x0fec ql1280 - ok
12:42:46.0203 0x0fec [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:42:46.0359 0x0fec RasAcd - ok
12:42:46.0390 0x0fec [ 2B5E44EA009F2F374B980E1E9A70635D, 62D8FDB80C8ACBA2C42C12760B785587C43BEDFE015EC5C41B25F2BB735EFEB0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:42:46.0531 0x0fec RasAuto - ok
12:42:46.0562 0x0fec [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:42:46.0703 0x0fec Rasl2tp - ok
12:42:46.0750 0x0fec [ D57554C664B64604BD1EE13EA2C07E77, B090C05B91EA602BFF9A5E89AB1A0FFDE869611961FF749DA8B3F4D00F04E756 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:42:46.0875 0x0fec RasMan - ok
12:42:46.0906 0x0fec [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:42:47.0046 0x0fec RasPppoe - ok
12:42:47.0078 0x0fec [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:42:47.0218 0x0fec Raspti - ok
12:42:47.0250 0x0fec [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:42:47.0406 0x0fec Rdbss - ok
12:42:47.0421 0x0fec [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:42:47.0578 0x0fec RDPCDD - ok
12:42:47.0609 0x0fec [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:42:47.0765 0x0fec rdpdr - ok
12:42:47.0812 0x0fec [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:42:47.0953 0x0fec RDPWD - ok
12:42:48.0000 0x0fec [ C0D9D9711CB74EE9BC66353D8CBDAB0E, F1AF9A26910707E76BF213D8DE5C902B0088D8A29EBDFF72DE6A4D867E298CC8 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:42:48.0140 0x0fec RDSessMgr - ok
12:42:48.0171 0x0fec [ 611BFD220305BE3A85AE876EA47D4AA5, FDF87878EB3886649025E5A12F1C3FC9072D66CCD3217944710085C1F8A4512E ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:42:48.0312 0x0fec redbook - ok
12:42:48.0343 0x0fec [ 127C26B5371651043450E52542099ABA, 98AADAD8D5211CB894AA7C59B6299861B1F44B6D8F46AB5837E7D2F5B615B14A ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:42:48.0484 0x0fec RemoteAccess - ok
12:42:48.0531 0x0fec [ 8F31505484A190D5B22274708799F4EC, 170FF8193C95CEE73B9342B6FB7D83DF4E80B2CCBB27DF41F4AB5F2FB9AF60E1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:42:48.0656 0x0fec RemoteRegistry - ok
12:42:48.0687 0x0fec [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
12:42:48.0828 0x0fec ROOTMODEM - ok
12:42:48.0859 0x0fec [ 718B3BDC0BC3C2F7D065A53D26202AF9, 9E58243628F1E1396AB82A80D046FF50803A230EE07B007E0CA5D744C77B091A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:42:49.0000 0x0fec RpcLocator - ok
12:42:49.0031 0x0fec [ BE27674D1CBC3214AEC84B4336A38BBF, 3DF5F9A9E97595A61314B2731DF4F3D3C19D1B9D2291624A63B8E1861FFC2D76 ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:42:49.0078 0x0fec RpcSs - ok
12:42:49.0109 0x0fec [ 09AB2E71E58B078038E3BFDBA7FFC984, 8CA277DEEF6376B0F48C6BA5DBBC3E8AF2245983BA9AF6AB83D1A920D35FAF93 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:42:49.0265 0x0fec RSVP - ok
12:42:49.0281 0x0fec [ ED0A176354487CEED65B80A7148AB739, 71295D7D7684539DBD2924B437660960C01E073A521FE12D1519969327EC8DC4 ] SamSs C:\WINDOWS\system32\lsass.exe
12:42:49.0421 0x0fec SamSs - ok
12:42:49.0453 0x0fec [ 410046E401EB11E1E6749E9DEEA41D4A, 9507268ACD24EF51E994DC418E8EB3E10DEDE61EE892226A22A5DA7662397E25 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:42:49.0593 0x0fec SCardSvr - ok
12:42:49.0625 0x0fec [ 3FF232A7731621B8902D81D42418C93C, 2030C9A843D9555170179883BD4CC1E978D5FC5EC0D7FCA56518224E428BE421 ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:42:49.0765 0x0fec Schedule - ok
12:42:49.0812 0x0fec [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:42:49.0953 0x0fec Secdrv - ok
12:42:50.0000 0x0fec [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6, 82EEB2345AC19050FAB202DE76C2CDD93E753F5AB67789A86A1726D3040C02E5 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:42:50.0125 0x0fec seclogon - ok
12:42:50.0140 0x0fec [ A530B75C10C23C9AB28FDB6CE719E21F, 14568DF6457758E2F534A46A8E6245C364895C3993BEF2B5A889B98DBB201A27 ] SENS C:\WINDOWS\system32\sens.dll
12:42:50.0281 0x0fec SENS - ok
12:42:50.0312 0x0fec [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:42:50.0468 0x0fec Serenum - ok
12:42:50.0500 0x0fec [ B842729337C9B921615C40D3C1A1AF96, 503670A56423B996C6ED6AE95F07FB88910767C4A2041A4BE9070C57A016E7FA ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:42:50.0625 0x0fec Serial - ok
12:42:50.0671 0x0fec [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:42:50.0828 0x0fec Sfloppy - ok
12:42:50.0859 0x0fec [ F58FACA9621D2DB01BD0927D9A0A208E, 239C87E09261BC9D1DBE99DABCFC4787D42289E8769563A5EFB323BE6F177C9A ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:42:51.0015 0x0fec SharedAccess - ok
12:42:51.0046 0x0fec [ B927443008910B412BEC72FC41C1BAD0, B2008DC7EBCEDA0FCCBF4BE1F3BD7F5E27E35695320236D2C9E9C0111CC44774 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:42:51.0187 0x0fec ShellHWDetection - ok
12:42:51.0203 0x0fec Simbad - ok
12:42:51.0234 0x0fec [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:42:51.0375 0x0fec SLIP - ok
12:42:51.0406 0x0fec Sparrow - ok
12:42:51.0421 0x0fec [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:42:51.0562 0x0fec splitter - ok
12:42:51.0593 0x0fec [ CB1090BCA0E7B40D0B5B4E4D66531809, BFA487D989B4C63FB40407A4FC877B54A3104D7394316E9B8A52E77129816B3D ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:42:51.0734 0x0fec Spooler - ok
12:42:51.0796 0x0fec [ D15DA1BA189770D93EEA2D7E18F95AF9, 9B0BB676CF0CD1AACE915A624F13939CB152F136E13F58E6156984BD92F6BA2E ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
12:42:51.0796 0x0fec Suspicious file ( NoAccess ): C:\WINDOWS\system32\Drivers\sptd.sys. md5: D15DA1BA189770D93EEA2D7E18F95AF9, sha256: 9B0BB676CF0CD1AACE915A624F13939CB152F136E13F58E6156984BD92F6BA2E
12:42:51.0796 0x0fec sptd - detected LockedFile.Multi.Generic ( 1 )
12:42:51.0875 0x0fec Detect skipped due to KSN trusted
12:42:51.0875 0x0fec sptd - ok
12:42:51.0906 0x0fec [ 94610C8653635E4459316A0050D55CE7, D148D33B3D2B0757060531C526F2161504A8D7C4E5957D092C7EBDB007271339 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:42:52.0046 0x0fec sr - ok
12:42:52.0078 0x0fec [ 35B91147124F64AC8081A2EDB9EA4DEE, 1609D19156DAC6EE3C2D2350B062966B64D9CDC289E9B8FEB6D244AAEBE90BBF ] srservice C:\WINDOWS\system32\srsvc.dll
12:42:52.0234 0x0fec srservice - ok
12:42:52.0281 0x0fec [ 89220B427890AA1DFFD1A02648AE51C3, E832B62178F2991B2D006F3FD540AE955811E29EB4FDE57445A5C532F8A57C15 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:42:52.0328 0x0fec Srv - ok
12:42:52.0359 0x0fec [ BECD5271DC4E3B7C3D035F790FCBC1E5, D63B9DB81332553C963EC5057D241CE2287AF652387333C1FD79AF8C9B5F2BA7 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:42:52.0500 0x0fec SSDPSRV - ok
12:42:52.0546 0x0fec [ C1CDD9275F6A115BB0AE1D55D8D27BA6, CD0511FD7F6AD832CBEB931C605AB3AD217631C57399CB8033248D27619541E4 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:42:52.0687 0x0fec stisvc - ok
12:42:52.0718 0x0fec [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:42:52.0859 0x0fec streamip - ok
12:42:52.0890 0x0fec [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:42:53.0031 0x0fec swenum - ok
12:42:53.0046 0x0fec [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:42:53.0203 0x0fec swmidi - ok
12:42:53.0203 0x0fec SwPrv - ok
12:42:53.0234 0x0fec symc810 - ok
12:42:53.0234 0x0fec symc8xx - ok
12:42:53.0250 0x0fec sym_hi - ok
12:42:53.0265 0x0fec sym_u3 - ok
12:42:53.0296 0x0fec [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:42:53.0453 0x0fec sysaudio - ok
12:42:53.0484 0x0fec [ CE06F01B88ACE199A1BF460CAC29C110, 3CD89E5B8E53203287D889C107E4795225742DB6C6ACA2DC0611BD9728382A27 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:42:53.0609 0x0fec SysmonLog - ok
12:42:53.0656 0x0fec [ C2546CD7A398476F9DF5614B2AE160E8, 11C8435BA983553E9C0806494E9B3C7080515C0375B0604F029D89B50726161A ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:42:53.0796 0x0fec TapiSrv - ok
12:42:53.0843 0x0fec [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:42:53.0906 0x0fec Tcpip - ok
12:42:53.0953 0x0fec [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:42:54.0093 0x0fec TDPIPE - ok
12:42:54.0125 0x0fec [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:42:54.0281 0x0fec TDTCP - ok
12:42:54.0296 0x0fec [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:42:54.0437 0x0fec TermDD - ok
12:42:54.0484 0x0fec [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E, 3D2B1D899061448EAD993CDE97D1EF50DD64728E9F44D80FEAE591198A937653 ] TermService C:\WINDOWS\System32\termsrv.dll
12:42:54.0625 0x0fec TermService - ok
12:42:54.0656 0x0fec [ B927443008910B412BEC72FC41C1BAD0, B2008DC7EBCEDA0FCCBF4BE1F3BD7F5E27E35695320236D2C9E9C0111CC44774 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:42:54.0796 0x0fec Themes - ok
12:42:54.0828 0x0fec [ CD0CC7B167D78043A41C98D4921EFB54, 31AAB5D6D6BA52EBDDE1B5DEB8F9B4D9597FFBA4485F959C846F635060CCB5C0 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:42:54.0968 0x0fec TlntSvr - ok
12:42:54.0984 0x0fec TosIde - ok
12:42:55.0015 0x0fec [ 38853304CCB938D30E0C4CDE8D2C2A8A, 966E7BCC9F63A1A7777F8A12E51C2A91EC688CE96109943ADC4CB4EB58DC34A6 ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:42:55.0156 0x0fec TrkWks - ok
12:42:55.0203 0x0fec [ 88E0F99FDB8DDCB6E6A15380E164FEA2, 794C084B60DAC803E35BE933143A77EF2888D53B9EBEDAE4825C40A05A04F7E4 ] trufos C:\WINDOWS\system32\DRIVERS\trufos.sys
12:42:55.0234 0x0fec trufos - ok
12:42:55.0265 0x0fec [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:42:55.0421 0x0fec Udfs - ok
12:42:55.0437 0x0fec ultra - ok
12:42:55.0468 0x0fec [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:42:55.0640 0x0fec Update - ok
12:42:55.0687 0x0fec [ 651BD90DCEE5B7BDC74A2EB7C9266F9E, AF7662BCA0819F82CE5EE0863E47149CC127DE664CB3DC6359B63FBD71DB54F8 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:42:55.0828 0x0fec upnphost - ok
12:42:55.0843 0x0fec [ 20A0F6A11959E92908717D09E87D670D, 3DD6C99AB0F70FAA43DF470B30078B8A51B8AF735CD5C50DBB195FEA70F4C36E ] UPS C:\WINDOWS\System32\ups.exe
12:42:55.0984 0x0fec UPS - ok
12:42:56.0015 0x0fec [ E919708DB44ED8543A7C017953148330, 226D032912D396117213FC29CD0BB5A8B2F872DD91D92F254F2F1FE392481B61 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
12:42:56.0156 0x0fec usbaudio - ok
12:42:56.0218 0x0fec [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:42:56.0359 0x0fec usbccgp - ok
12:42:56.0390 0x0fec [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:42:56.0531 0x0fec usbehci - ok
12:42:56.0562 0x0fec [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:42:56.0718 0x0fec usbhub - ok
12:42:56.0750 0x0fec [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:42:56.0890 0x0fec usbscan - ok
12:42:56.0921 0x0fec [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:42:57.0078 0x0fec usbstor - ok
12:42:57.0093 0x0fec [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:42:57.0234 0x0fec usbuhci - ok
12:42:57.0281 0x0fec [ 63BBFCA7F390F4C49ED4B96BFB1633E0, AEB89CF43376709CDD715D844E8CBB8F2BE24D39795F45F7C84F21962F3A52AB ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
12:42:57.0421 0x0fec usbvideo - ok
12:42:57.0453 0x0fec [ 9EBEE4A060C5364A31AEAA04EAC2AF1E, 695332A57F65E2F5854043691C1F8FC20FF97A60BB72A90095DCB113A5AE8D33 ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
12:42:57.0468 0x0fec VComm - detected UnsignedFile.Multi.Generic ( 1 )
12:42:57.0546 0x0fec Detect skipped due to KSN trusted
12:42:57.0546 0x0fec VComm - ok
12:42:57.0578 0x0fec [ 630BBDBF5490F8F57ABE650DA63661A0, F1BFA742BA15142A8A0BD4F2A2AAFBC21B3AD7F992CF8968772756EBB5F32A54 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
12:42:57.0578 0x0fec VcommMgr - detected UnsignedFile.Multi.Generic ( 1 )
12:42:57.0656 0x0fec Detect skipped due to KSN trusted
12:42:57.0656 0x0fec VcommMgr - ok
12:42:57.0671 0x0fec [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:42:57.0828 0x0fec VgaSave - ok
12:42:57.0843 0x0fec [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
12:42:57.0984 0x0fec ViaIde - ok
12:42:58.0015 0x0fec [ 28A4B296B47782173C346E376CB374D1, FE799FE4A41752A2B47027EA88214BF3E39B317302939F4A2D0F2A4EFAAC2F13 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:42:58.0156 0x0fec VolSnap - ok
12:42:58.0203 0x0fec [ 0A3A4AA1D370E9C96A6CCEAD9DC819C3, 2BABD1A4359794ABB80F570E951B7491A1A563541BE8FE073F6440A0F36F5101 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
12:42:58.0250 0x0fec Vsdatant - ok
12:42:58.0437 0x0fec [ 21D22AC9B8B33AF6EEEBDB10D1661C37, 56C7A8E5C3084163342A433FD20DE8E9931C1C293B49C0F9CD9C8F45A56D135B ] vsmon C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
12:42:58.0609 0x0fec vsmon - ok
12:42:58.0656 0x0fec [ D6BA1A63D9E00933F1CD2A885573AFB2, 36311A060635CEC1DBB6D8A746B8A4D007706EAE97D51A5E12F9958AB16BE486 ] VSS C:\WINDOWS\System32\vssvc.exe
12:42:58.0812 0x0fec VSS - ok
12:42:58.0843 0x0fec [ FA4E1CDBA256787F2149F4AAD07BC91F, 1B5FC5248335D70094D04501AA2C30F54782B58FF8D573BE8E784A21529C7CAF ] W32Time C:\WINDOWS\system32\w32time.dll
12:42:58.0984 0x0fec W32Time - ok
12:42:59.0015 0x0fec [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:42:59.0156 0x0fec Wanarp - ok
12:42:59.0203 0x0fec [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:42:59.0234 0x0fec Wdf01000 - ok
12:42:59.0250 0x0fec WDICA - ok
12:42:59.0281 0x0fec [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:42:59.0453 0x0fec wdmaud - ok
12:42:59.0500 0x0fec [ 47AE51048A82DFA1CD6B51D369F7E169, 742F2162B8BDE00D83715093EA9743338964597ED22648B9F4F139D7278235A4 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:42:59.0625 0x0fec WebClient - ok
12:42:59.0687 0x0fec [ E488332126E3B1182D2B8A0C35408EC6, F9F60911DF0A539753B2BEF6FAD2D0AED1BC1C3F43509F79D9AF2F810CDE5D9B ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:42:59.0828 0x0fec winmgmt - ok
12:42:59.0875 0x0fec wmcmgc - ok
12:42:59.0906 0x0fec [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:42:59.0937 0x0fec WmdmPmSN - ok
12:43:00.0000 0x0fec [ 0171CFF34BBA8C5977F18C48D8AEF8C6, 0E3E04220157CCFB92F8D029805EB56D101C2A3AB3375354537FA9B5B3CAA0AD ] Wmi C:\WINDOWS\System32\advapi32.dll
12:43:00.0046 0x0fec Wmi - ok
12:43:00.0093 0x0fec [ 23F6F03272F7E5679F1F050AED5ACEE6, 87EBE773F3E8FFE2F1E1DB435BB0E8852031AA88112EB791085AD3DA918B49CC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:43:00.0234 0x0fec WmiApSrv - ok
12:43:00.0312 0x0fec [ 3739866D20ABD42F26A7B85F9E2560AF, 9DD01194A553590146A1A1D790B2F891D244C8C0EE34DA423CF2B1F7418BD3AC ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:43:00.0375 0x0fec WMPNetworkSvc - ok
12:43:00.0421 0x0fec [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:43:00.0453 0x0fec WpdUsb - ok
12:43:00.0531 0x0fec [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:43:00.0578 0x0fec WPFFontCache_v0400 - ok
12:43:00.0625 0x0fec [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:43:00.0765 0x0fec WS2IFSL - ok
12:43:00.0796 0x0fec [ 4C86D5FAF78194995AF9CC1075F65DD3, D3B23BB0971E0DBC0A51720067489C224323B603178E91149BF56F779DE352F0 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:43:00.0953 0x0fec wscsvc - ok
12:43:00.0968 0x0fec [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:43:01.0109 0x0fec WSTCODEC - ok
12:43:01.0140 0x0fec [ C1364564800EE9784192145324A23308, 5345BAE00364233594C9CF99CE2CC485E65B5D4FFBB81C86B2950EDA2427584C ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:43:01.0281 0x0fec wuauserv - ok
12:43:01.0328 0x0fec [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:43:01.0375 0x0fec WudfPf - ok
12:43:01.0390 0x0fec [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:43:01.0437 0x0fec WudfRd - ok
12:43:01.0468 0x0fec [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:43:01.0500 0x0fec WudfSvc - ok
12:43:01.0546 0x0fec [ A27D4BA7264C0BF52F32D10405BEA1D4, 5F28607CCAB15FB601BEB35FF0B1A5CD27C678C6D1CA724E842C33EED4579B8C ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:43:01.0703 0x0fec WZCSVC - ok
12:43:01.0750 0x0fec [ EAA4BB9EDB3FB10CF8979FE65E63658F, B80EB477100FD3E26513360E09DB6EBF0C8D8B0618F1F4BF1F387ABA6DEC9B64 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:43:01.0890 0x0fec xmlprov - ok
12:43:01.0937 0x0fec [ CEC8ED565F3663F0B8A862561BF08D79, FDDBEDC79C7061B20AA450BB3D09EDADEDD5F531D8EA100BBF542A63BDFCE593 ] ZAPrivacyService C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
12:43:01.0953 0x0fec ZAPrivacyService - ok
12:43:01.0968 0x0fec ================ Scan global ===============================
12:43:02.0000 0x0fec [ F36278E42C8C5DF03CE17DAC8231C91C, D012A3C8F394DF4F0BF5D5A4C10E73BBF427762B7D3DB6CF5FAB96536E082B7A ] C:\WINDOWS\system32\basesrv.dll
12:43:02.0046 0x0fec [ 77A41C497ADB0C96D1E8DF6F71D843C0, 39A425A66B127F91B9A6FB5A0832B51ACD5928645D62D09FDA0AB95D3836E479 ] C:\WINDOWS\system32\winsrv.dll
12:43:02.0062 0x0fec [ 77A41C497ADB0C96D1E8DF6F71D843C0, 39A425A66B127F91B9A6FB5A0832B51ACD5928645D62D09FDA0AB95D3836E479 ] C:\WINDOWS\system32\winsrv.dll
12:43:02.0093 0x0fec [ 9EF697AF07BB8DD82C3B02CA953A95B7, F26033E660B8FF1BDB9E88CDA205CE128C03138AF6BEC05DB3CF2D95C16D86C6 ] C:\WINDOWS\system32\services.exe
12:43:02.0093 0x0fec [ Global ] - ok
12:43:02.0093 0x0fec ================ Scan MBR ==================================
12:43:02.0109 0x0fec [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
12:43:02.0328 0x0fec \Device\Harddisk0\DR0 - ok
12:43:02.0328 0x0fec ================ Scan VBR ==================================
12:43:02.0328 0x0fec [ 24146C258BFAC9314A85D61471C17130 ] \Device\Harddisk0\DR0\Partition1
12:43:02.0328 0x0fec \Device\Harddisk0\DR0\Partition1 - ok
12:43:02.0328 0x0fec ================ Scan generic autorun ======================
12:43:03.0062 0x0fec [ 2CC9A09302592884E442C9D6D4B306CA, FEBB8BC4592266F66B83EE612A96AB2565E9B8E86CD37AE19639F35EDA35A8AC ] C:\WINDOWS\RTHDCPL.EXE
12:43:03.0890 0x0fec RTHDCPL - ok
12:43:04.0031 0x0fec [ A00F240E6B250E91536CE18BFE0A350C, 338DD25039D4BA97DF669493F6ED59D8E3448BE1F9E954E98B46B188B6359D45 ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
12:43:04.0046 0x0fec StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
12:43:04.0500 0x0fec Detect skipped due to KSN trusted
12:43:04.0500 0x0fec StartCCC - ok
12:43:04.0531 0x0fec [ 19BE5BF2FF9283894BC0F22322FDF56B, DB1B35B4D65C7BF8BC24C730899E93F10C45FC615C45129B01B76BCEAD9928E0 ] C:\Program Files\Microsoft LifeCam\LifeExp.exe
12:43:04.0546 0x0fec LifeCam - ok
12:43:04.0640 0x0fec [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:43:04.0687 0x0fec Adobe ARM - ok
12:43:04.0718 0x0fec [ BA59761B013B65B6DB008EA19A557B42, 641E5A4B836CC0FE35B836CBA6ADA79729558137C9D404BEDD221D13833E40A9 ] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
12:43:04.0750 0x0fec ZoneAlarm - ok
12:43:04.0781 0x0fec [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\system32\CTFMON.EXE
12:43:04.0906 0x0fec CTFMON.EXE - ok
12:43:04.0921 0x0fec [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\system32\ctfmon.exe
12:43:05.0062 0x0fec ctfmon.exe - ok
12:43:05.0062 0x0fec [ A756B8F0F7BAFBA6DFE39F7D169F2519, 5338DE8FCA5182A919AAADFA5D130BB93069E3675B834D96CFF68C32433B3BDE ] C:\WINDOWS\system32\CTFMON.EXE
12:43:05.0203 0x0fec CTFMON.EXE - ok
12:43:05.0203 0x0fec Waiting for KSN requests completion. In queue: 196
12:43:06.0281 0x0fec AV detected via SS1: Bitdefender Antivirus Free Edition, 1.0.21.1099, enabled, updated
12:43:06.0281 0x0fec AV detected via SS1: ZoneAlarm Antivirus, 13.3.209.0, disabled, updated
12:43:06.0296 0x0fec FW detected via SS1: , 1.0.21.1099, enabled
12:43:06.0296 0x0fec FW detected via SS1: ZoneAlarm Firewall, 13.3.209.0, disabled
12:43:06.0375 0x0fec ============================================================
12:43:06.0375 0x0fec Scan finished
12:43:06.0375 0x0fec ============================================================
12:43:06.0375 0x0d98 Detected object count: 1
12:43:06.0375 0x0d98 Actual detected object count: 1
12:43:27.0171 0x0d98 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:43:27.0171 0x0d98 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:43:37.0734 0x0498 Deinitialize success

[casablancass]

Malwarebytes Anti-Rootkit zahlásil "Scan finished: No malware found" - takže nenabídl CleanUp

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.10.29.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
zakaznik :: USER [administrator]

29.10.2014 12:49:51
mbar-log-2014-10-29 (12-49-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 346881
Time elapsed: 18 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[Márty84]

Vsechno to vypada ciste. Zkuste jeste stahnout novy ComboFix a spustit ho. Vypnete antivir, ale internet nechte zapnuty.

[casablancass]

Combofix vyhledává infikované soubory, dokončí fáze, nakonec restartuje pc, systém napíše, že byl obnoven po chybě, ale log nikde nemůžu najít. Jen znovu složku s názvem "ComboFix" ("Zobrazí diskové jednotky a hardware připojený k tomuto počítači", když na ni najedu myší)
Zkoušel jsem i nouzový režim s prací v síti, ale končí to stejně jako naposledy u výstupní složky a nic se neděje.

[Márty84]

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Kliknete na START -> Spustit -> napiste msconfig -> OK
V okne najdete zalozku Po spuštění a povypinejte vse, co nepotrebujete aby se spoustelo hned pri startu pc. Tedy to, co si muzete spustit rucne az v pripade potreby.



Zopakujte sken s MBAM

[casablancass]

Postupoval jsem podle rad.

Sken z MBAM:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.10.31.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
zakaznik :: USER [administrátor]

Ochrana: Povolena

31.10.2014 7:28:44
MBAM-log-2014-10-31 (11-43-03).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 448220
Uplynulý čas: 3 hodin, 38 minut, 16 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Documents and Settings\zakaznik\Data aplikací\GRETECH\GomPlayer\GrLauncherTempSetup.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.

(konec)

Nic jsem nemazal.