VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Abnow.com

https://forum.viry.cz:443/viewtopic.php?t=120223

Stránka 5 z 5

Re: Abnow.com

Napsal: 09 bře 2012 18:34
od MartiN182
Hotovo! Vyzerá že to prebehlo bez problémov :)

Toto je log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\csc.sys|C:\Windows\System32\drivers\csc.sys" completed successfully.

Error: could not move file "c:\csc2.sys"
File move operation "c:\csc2.sys|C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_9e1e9f0abd3adf87\csc.sys" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished! Terminate.

Re: Abnow.com

Napsal: 09 bře 2012 18:39
od vyosek
Prvni jo, druhy ne :?:

Zkusime to pres ComboFix

:arrow: Stahnete si jej tedy odsud http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte primo na disk c:\ ale nespoustejte

:arrow: Stahnete ten prvni nahradni soubor opet primo na disk c:\

:arrow: Dame si skript pro ComboFix

Kód: Vybrat vše

KillAll::

FCopy::
c:\csc.sys | C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_9e1e9f0abd3adf87\csc.sys

Reboot::

Re: Abnow.com

Napsal: 10 bře 2012 16:26
od MartiN182
Pardon, mal som nejaké povinnosti takže až teraz som sa k tomu dostal :)

Tu je výpis z combofixu:

ComboFix 12-03-09.05 - miso 03/10/2012 16:03:28.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.991.413 [GMT 1:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 15:12 . 2012-03-10 15:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-09 19:37 . 2012-03-01 12:34 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E51CDA81-600B-48BE-BB3B-9D443B7A472C}\mpengine.dll
2012-03-09 17:48 . 2012-03-09 17:48 387584 ------w- C:\csc.sys
2012-03-09 17:27 . 2012-03-09 17:27 387584 ----a-w- C:\csc2.sys
2012-03-09 12:14 . 2012-03-09 12:14 -------- d-----w- c:\windows\system32\Wat
2012-03-09 02:33 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2012-03-09 02:27 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-03-09 02:27 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-09 02:27 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-03-09 02:27 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-03-09 02:27 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-03-09 02:13 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-03-08 22:27 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-03-08 22:27 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-03-08 22:27 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll
2012-03-08 22:27 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-03-08 22:27 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2012-03-08 22:27 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2012-03-08 22:27 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-03-08 22:27 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-08 21:32 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2012-03-08 21:31 . 2012-03-08 21:31 -------- d-----w- c:\program files\MSXML 4.0
2012-03-08 21:31 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2012-03-08 21:17 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2012-03-08 21:17 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-03-08 21:16 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2012-03-08 21:16 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
2012-03-08 21:16 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-08 21:16 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2012-03-08 21:16 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-03-08 21:16 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-03-08 21:16 . 2011-09-29 15:43 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-08 21:16 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2012-03-08 21:16 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-03-08 21:16 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-03-08 21:14 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
2012-03-08 21:13 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-08 21:12 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-08 21:11 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-03-08 20:44 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-08 20:44 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-03-08 20:44 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2012-03-08 20:42 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2012-03-08 20:42 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-03-08 20:26 . 2012-03-08 20:26 -------- d-----w- c:\users\miso\AppData\Roaming\FixZeroAccess
2012-03-08 18:53 . 2012-03-08 18:53 -------- d-----w- C:\rsit
2012-03-08 18:44 . 2012-03-08 18:44 -------- d-----w- c:\program files\CCleaner
2012-03-08 15:51 . 2012-03-10 15:14 -------- d-----w- c:\users\miso\AppData\Local\temp
2012-03-08 14:28 . 2012-03-08 14:49 -------- d-----w- C:\beruska.com
2012-03-07 18:57 . 2012-03-07 18:57 -------- d-----w- c:\users\miso\AppData\Roaming\Citrix
2012-03-07 17:21 . 2012-03-08 18:53 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 17:27 . 2009-07-13 23:15 387584 ----a-w- c:\windows\system32\drivers\csc.sys
2012-03-05 18:17 . 2011-08-05 10:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-04-30 04:28 237072 ------w- c:\windows\system32\MpSigStub.exe
2008-08-16 16:42 . 2008-08-16 16:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 16:42 . 2008-08-16 16:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 16:42 . 2008-08-16 16:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 16:42 . 2008-08-16 16:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 16:43 . 2008-08-16 16:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 16:42 . 2008-08-16 16:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 16:42 . 2008-08-16 16:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 07:41 . 2008-05-21 07:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 07:41 . 2008-05-21 07:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 07:41 . 2008-05-21 07:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 12:58 . 2008-06-05 12:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 16:42 . 2008-08-16 16:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-02-20 13:06 . 2011-05-06 22:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Citrix XenApp.lnk - c:\windows\Installer\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2010-11-16 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^miso^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\miso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-08 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-16 436792]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2010-03-17 132464]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2011-04-06 2560]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 PRESLICSER;PReS License Service;c:\windows\SYSTEM32\preslicser.exe [2007-03-05 143360]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
.
------- Supplementary Scan -------
.
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ie_banner_deny.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} - hxxp://www.o2c.de/download/o2cplayerac.cab
FF - ProfilePath - c:\users\miso\AppData\Roaming\Mozilla\Firefox\Profiles\pcqdyuwm.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MpsSvc]
"ImagePath"="."
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3736)
c:\program files\HappyFoto\HfAsistentSlk\FotoSync.dll
c:\program files\HappyFoto\HfAsistentSlk\xerc2701.dll
c:\program files\HappyFoto\HfAsistentSlk\fotosynr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\sppsvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\conhost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-03-10 16:19:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-10 15:19
.
Pre-Run: 1,842,167,808 bytes free
Post-Run: 1,094,356,992 bytes free
.
- - End Of File - - 37AA62E28CB8B922F2A62A9EC598B401

Re: Abnow.com

Napsal: 10 bře 2012 17:58
od vyosek
:arrow: Skript pro CF

Kód: Vybrat vše

KillAll::

FCopy::
C:\csc2.sys | C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_9e1e9f0abd3adf87\csc.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"=-
"Malwarebytes' Anti-Malware"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BFE]
"ImagePath"=hex(2):25,73,79,73,74,65,6D,72,6F,6F,74,25,5C,73,\
  79,73,74,65,6D,33,32,5C,73,76,63,68,6F,73,74,2E,65,78,65,20,2D,6B,20,\
  4C,6F,63,61,6C,53,65,72,76,69,63,65,4E,6F,4E,65,74,77,6F,72,6B,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MpsSvc]
"ImagePath"=hex(2):25,53,79,73,74,65,6D,52,6F,6F,74,25,5C,73,\
  79,73,74,65,6D,33,32,5C,73,76,63,68,6F,73,74,2E,65,78,65,20,2D,6B,20,\
  4C,6F,63,61,6C,53,65,72,76,69,63,65,4E,6F,4E,65,74,77,6F,72,6B,00

Reboot::
:arrow: Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
  • Kliknete na volbu Change parametrs
  • V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
  • Kliknete na OK
  • Utilite prikazte, at skenuje - klik na Start Scan
  • Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
  • Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
  • Pokud mate vsude Skip, kliknete na Continue
  • Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Re: Abnow.com

Napsal: 10 bře 2012 18:51
od MartiN182
Hotovo :) ak bude treba môžem pridať aj log z combofixu..

18:48:41.0865 3524 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
18:48:42.0114 3524 ============================================================
18:48:42.0114 3524 Current date / time: 2012/03/10 18:48:42.0114
18:48:42.0114 3524 SystemInfo:
18:48:42.0114 3524
18:48:42.0237 3524 OS Version: 6.1.7600 ServicePack: 0.0
18:48:42.0237 3524 Product type: Workstation
18:48:42.0237 3524 ComputerName: STOLEN-ONE
18:48:42.0237 3524 UserName: miso
18:48:42.0237 3524 Windows directory: C:\Windows
18:48:42.0237 3524 System windows directory: C:\Windows
18:48:42.0237 3524 Processor architecture: Intel x86
18:48:42.0237 3524 Number of processors: 2
18:48:42.0237 3524 Page size: 0x1000
18:48:42.0237 3524 Boot type: Normal boot
18:48:42.0237 3524 ============================================================
18:48:45.0044 3524 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:48:45.0054 3524 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:48:45.0072 3524 \Device\Harddisk0\DR0:
18:48:45.0077 3524 MBR used
18:48:45.0077 3524 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
18:48:45.0089 3524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0x2711637
18:48:45.0098 3524 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0x2711637
18:48:45.0110 3524 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x88B901B, BlocksNum 0x2711637
18:48:45.0110 3524 \Device\Harddisk1\DR1:
18:48:45.0110 3524 MBR used
18:48:45.0110 3524 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x639D9A7
18:48:45.0117 3524 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x639DA25, BlocksNum 0xC6771DB
18:48:45.0324 3524 Initialize success
18:48:45.0324 3524 ============================================================
18:49:27.0467 2176 ============================================================
18:49:27.0467 2176 Scan started
18:49:27.0467 2176 Mode: Manual; SigCheck; TDLFS;
18:49:27.0467 2176 ============================================================
18:49:29.0534 2176 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
18:49:29.0679 2176 1394ohci - ok
18:49:29.0833 2176 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
18:49:29.0855 2176 ACPI - ok
18:49:29.0882 2176 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
18:49:29.0936 2176 AcpiPmi - ok
18:49:30.0070 2176 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:49:30.0093 2176 adp94xx - ok
18:49:30.0114 2176 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:49:30.0135 2176 adpahci - ok
18:49:30.0153 2176 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:49:30.0172 2176 adpu320 - ok
18:49:30.0349 2176 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
18:49:30.0424 2176 AFD - ok
18:49:30.0465 2176 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
18:49:30.0481 2176 agp440 - ok
18:49:30.0571 2176 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:49:30.0586 2176 aic78xx - ok
18:49:30.0614 2176 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
18:49:30.0628 2176 aliide - ok
18:49:30.0643 2176 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
18:49:30.0659 2176 amdagp - ok
18:49:30.0677 2176 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
18:49:30.0693 2176 amdide - ok
18:49:30.0791 2176 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:49:30.0833 2176 AmdK8 - ok
18:49:30.0865 2176 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:49:30.0898 2176 AmdPPM - ok
18:49:31.0003 2176 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
18:49:31.0031 2176 amdsata - ok
18:49:31.0066 2176 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:49:31.0083 2176 amdsbs - ok
18:49:31.0098 2176 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
18:49:31.0112 2176 amdxata - ok
18:49:31.0133 2176 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
18:49:31.0162 2176 AppID - ok
18:49:31.0268 2176 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:49:31.0282 2176 arc - ok
18:49:31.0300 2176 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:49:31.0315 2176 arcsas - ok
18:49:31.0354 2176 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:49:31.0442 2176 AsyncMac - ok
18:49:31.0565 2176 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
18:49:31.0578 2176 atapi - ok
18:49:31.0762 2176 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:49:31.0823 2176 b06bdrv - ok
18:49:31.0951 2176 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:49:31.0992 2176 b57nd60x - ok
18:49:32.0143 2176 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:49:32.0197 2176 Beep - ok
18:49:32.0525 2176 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:49:32.0567 2176 blbdrive - ok
18:49:32.0708 2176 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
18:49:32.0766 2176 bowser - ok
18:49:32.0791 2176 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:49:32.0822 2176 BrFiltLo - ok
18:49:32.0922 2176 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:49:32.0961 2176 BrFiltUp - ok
18:49:33.0106 2176 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
18:49:33.0184 2176 BridgeMP - ok
18:49:33.0298 2176 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:49:33.0331 2176 Brserid - ok
18:49:33.0396 2176 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:49:33.0440 2176 BrSerWdm - ok
18:49:33.0490 2176 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:49:33.0520 2176 BrUsbMdm - ok
18:49:33.0538 2176 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:49:33.0578 2176 BrUsbSer - ok
18:49:33.0715 2176 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
18:49:33.0742 2176 BthEnum - ok
18:49:33.0798 2176 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:49:33.0829 2176 BTHMODEM - ok
18:49:33.0940 2176 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
18:49:33.0977 2176 BthPan - ok
18:49:34.0018 2176 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
18:49:34.0066 2176 BTHPORT - ok
18:49:34.0187 2176 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
18:49:34.0224 2176 BTHUSB - ok
18:49:34.0319 2176 catchme - ok
18:49:34.0446 2176 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:49:34.0496 2176 cdfs - ok
18:49:34.0543 2176 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
18:49:34.0590 2176 cdrom - ok
18:49:34.0811 2176 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:49:34.0859 2176 circlass - ok
18:49:35.0148 2176 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:49:35.0169 2176 CLFS - ok
18:49:35.0331 2176 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:49:35.0373 2176 CmBatt - ok
18:49:35.0532 2176 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
18:49:35.0551 2176 cmdide - ok
18:49:35.0642 2176 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
18:49:35.0724 2176 CNG - ok
18:49:35.0813 2176 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:49:35.0827 2176 Compbatt - ok
18:49:35.0869 2176 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:49:35.0897 2176 CompositeBus - ok
18:49:36.0055 2176 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:49:36.0069 2176 crcdisk - ok
18:49:36.0260 2176 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
18:49:36.0308 2176 CSC - ok
18:49:36.0451 2176 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
18:49:36.0503 2176 DfsC - ok
18:49:36.0549 2176 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:49:36.0592 2176 discache - ok
18:49:36.0725 2176 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:49:36.0742 2176 Disk - ok
18:49:36.0803 2176 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:49:36.0837 2176 drmkaud - ok
18:49:36.0961 2176 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
18:49:36.0991 2176 DXGKrnl - ok
18:49:37.0412 2176 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:49:37.0495 2176 ebdrv - ok
18:49:37.0737 2176 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:49:37.0763 2176 elxstor - ok
18:49:37.0959 2176 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
18:49:37.0982 2176 ErrDev - ok
18:49:38.0245 2176 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:49:38.0284 2176 exfat - ok
18:49:38.0484 2176 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:49:38.0526 2176 fastfat - ok
18:49:38.0660 2176 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:49:38.0695 2176 fdc - ok
18:49:38.0765 2176 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:49:38.0780 2176 FileInfo - ok
18:49:38.0852 2176 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:49:38.0894 2176 Filetrace - ok
18:49:38.0910 2176 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:49:38.0936 2176 flpydisk - ok
18:49:39.0098 2176 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:49:39.0116 2176 FltMgr - ok
18:49:39.0136 2176 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:49:39.0152 2176 FsDepends - ok
18:49:39.0282 2176 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:49:39.0296 2176 Fs_Rec - ok
18:49:39.0344 2176 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
18:49:39.0366 2176 fvevol - ok
18:49:39.0452 2176 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:49:39.0477 2176 gagp30kx - ok
18:49:39.0503 2176 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:49:39.0527 2176 hcw85cir - ok
18:49:39.0633 2176 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
18:49:39.0665 2176 HdAudAddService - ok
18:49:39.0706 2176 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:49:39.0740 2176 HDAudBus - ok
18:49:39.0834 2176 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:49:39.0866 2176 HidBatt - ok
18:49:39.0895 2176 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:49:39.0928 2176 HidBth - ok
18:49:40.0009 2176 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:49:40.0045 2176 HidIr - ok
18:49:40.0070 2176 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
18:49:40.0111 2176 HidUsb - ok
18:49:40.0150 2176 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:49:40.0164 2176 HpSAMD - ok
18:49:40.0279 2176 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
18:49:40.0328 2176 HTTP - ok
18:49:40.0350 2176 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
18:49:40.0363 2176 hwpolicy - ok
18:49:40.0567 2176 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
18:49:40.0611 2176 i8042prt - ok
18:49:40.0993 2176 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
18:49:41.0023 2176 iaStorV - ok
18:49:41.0348 2176 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:49:41.0362 2176 iirsp - ok
18:49:41.0550 2176 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
18:49:41.0577 2176 intelide - ok
18:49:41.0758 2176 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:49:41.0776 2176 intelppm - ok
18:49:41.0941 2176 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:49:42.0005 2176 IpFilterDriver - ok
18:49:42.0425 2176 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:49:42.0457 2176 IPMIDRV - ok
18:49:42.0637 2176 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:49:42.0699 2176 IPNAT - ok
18:49:43.0184 2176 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:49:43.0220 2176 IRENUM - ok
18:49:43.0576 2176 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
18:49:43.0608 2176 isapnp - ok
18:49:44.0123 2176 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
18:49:44.0153 2176 iScsiPrt - ok
18:49:44.0478 2176 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:49:44.0502 2176 kbdclass - ok
18:49:44.0758 2176 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
18:49:44.0816 2176 kbdhid - ok
18:49:45.0178 2176 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
18:49:45.0880 2176 KL1 - ok
18:49:46.0468 2176 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
18:49:46.0572 2176 kl2 - ok
18:49:46.0925 2176 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
18:49:46.0958 2176 KLIF - ok
18:49:47.0127 2176 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
18:49:47.0141 2176 KLIM6 - ok
18:49:47.0213 2176 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
18:49:47.0228 2176 klmouflt - ok
18:49:47.0384 2176 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
18:49:47.0434 2176 KSecDD - ok
18:49:47.0520 2176 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
18:49:47.0552 2176 KSecPkg - ok
18:49:47.0634 2176 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:49:47.0685 2176 lltdio - ok
18:49:47.0838 2176 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:49:47.0854 2176 LSI_FC - ok
18:49:47.0874 2176 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:49:47.0895 2176 LSI_SAS - ok
18:49:48.0191 2176 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:49:48.0206 2176 LSI_SAS2 - ok
18:49:48.0336 2176 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:49:48.0352 2176 LSI_SCSI - ok
18:49:48.0421 2176 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:49:48.0475 2176 luafv - ok
18:49:48.0573 2176 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:49:48.0587 2176 MBAMProtector - ok
18:49:48.0815 2176 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:49:48.0835 2176 megasas - ok
18:49:49.0036 2176 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:49:49.0082 2176 MegaSR - ok
18:49:49.0279 2176 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:49:49.0371 2176 Modem - ok
18:49:49.0627 2176 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:49:49.0695 2176 monitor - ok
18:49:49.0859 2176 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:49:49.0873 2176 mouclass - ok
18:49:49.0901 2176 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:49:49.0945 2176 mouhid - ok
18:49:49.0970 2176 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
18:49:49.0985 2176 mountmgr - ok
18:49:50.0197 2176 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
18:49:50.0226 2176 mpio - ok
18:49:50.0403 2176 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:49:50.0457 2176 mpsdrv - ok
18:49:50.0623 2176 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
18:49:50.0656 2176 MRxDAV - ok
18:49:50.0745 2176 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:49:50.0789 2176 mrxsmb - ok
18:49:50.0874 2176 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:49:50.0906 2176 mrxsmb10 - ok
18:49:51.0095 2176 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:49:51.0124 2176 mrxsmb20 - ok
18:49:51.0166 2176 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
18:49:51.0180 2176 msahci - ok
18:49:51.0201 2176 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
18:49:51.0219 2176 msdsm - ok
18:49:51.0314 2176 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:49:51.0373 2176 Msfs - ok
18:49:51.0417 2176 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:49:51.0464 2176 mshidkmdf - ok
18:49:51.0502 2176 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
18:49:51.0515 2176 msisadrv - ok
18:49:51.0571 2176 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:49:51.0620 2176 MSKSSRV - ok
18:49:51.0651 2176 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:49:51.0695 2176 MSPCLOCK - ok
18:49:51.0783 2176 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:49:51.0837 2176 MSPQM - ok
18:49:51.0879 2176 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:49:51.0897 2176 MsRPC - ok
18:49:51.0981 2176 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
18:49:51.0996 2176 mssmbios - ok
18:49:52.0020 2176 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:49:52.0060 2176 MSTEE - ok
18:49:52.0079 2176 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:49:52.0119 2176 MTConfig - ok
18:49:52.0174 2176 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
18:49:52.0211 2176 MTsensor - ok
18:49:52.0301 2176 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:49:52.0317 2176 Mup - ok
18:49:52.0367 2176 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:49:52.0403 2176 NativeWifiP - ok
18:49:52.0505 2176 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
18:49:52.0534 2176 NDIS - ok
18:49:52.0597 2176 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:49:52.0647 2176 NdisCap - ok
18:49:52.0743 2176 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:49:52.0788 2176 NdisTapi - ok
18:49:52.0841 2176 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
18:49:52.0888 2176 Ndisuio - ok
18:49:52.0972 2176 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
18:49:53.0009 2176 NdisWan - ok
18:49:53.0064 2176 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
18:49:53.0126 2176 NDProxy - ok
18:49:53.0168 2176 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:49:53.0214 2176 NetBIOS - ok
18:49:53.0288 2176 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
18:49:53.0340 2176 NetBT - ok
18:49:53.0442 2176 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:49:53.0456 2176 nfrd960 - ok
18:49:53.0522 2176 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:49:53.0564 2176 Npfs - ok
18:49:53.0635 2176 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:49:53.0696 2176 nsiproxy - ok
18:49:53.0787 2176 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
18:49:53.0829 2176 Ntfs - ok
18:49:53.0940 2176 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:49:53.0999 2176 Null - ok
18:49:54.0244 2176 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
18:49:54.0281 2176 NVENETFD - ok
18:49:54.0642 2176 nvlddmkm (712d98d35e68d0006b121f4a3b8ee814) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:49:55.0063 2176 nvlddmkm - ok
18:49:55.0171 2176 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
18:49:55.0199 2176 nvraid - ok
18:49:55.0236 2176 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
18:49:55.0251 2176 nvstor - ok
18:49:55.0374 2176 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
18:49:55.0391 2176 nv_agp - ok
18:49:55.0414 2176 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
18:49:55.0447 2176 ohci1394 - ok
18:49:55.0564 2176 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:49:55.0595 2176 Parport - ok
18:49:55.0621 2176 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
18:49:55.0635 2176 partmgr - ok
18:49:55.0703 2176 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:49:55.0736 2176 Parvdm - ok
18:49:55.0835 2176 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
18:49:55.0857 2176 pci - ok
18:49:55.0896 2176 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
18:49:55.0910 2176 pciide - ok
18:49:55.0935 2176 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:49:55.0953 2176 pcmcia - ok
18:49:56.0041 2176 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:49:56.0056 2176 pcw - ok
18:49:56.0349 2176 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:49:56.0411 2176 PEAUTH - ok
18:49:56.0593 2176 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:49:56.0645 2176 PptpMiniport - ok
18:49:56.0867 2176 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:49:56.0910 2176 Processor - ok
18:49:57.0140 2176 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:49:57.0181 2176 Psched - ok
18:49:57.0316 2176 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:49:57.0371 2176 ql2300 - ok
18:49:57.0415 2176 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:49:57.0432 2176 ql40xx - ok
18:49:57.0509 2176 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:49:57.0532 2176 QWAVEdrv - ok
18:49:57.0550 2176 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:49:57.0597 2176 RasAcd - ok
18:49:57.0643 2176 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:49:57.0701 2176 RasAgileVpn - ok
18:49:57.0784 2176 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:49:57.0831 2176 Rasl2tp - ok
18:49:57.0876 2176 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:49:57.0923 2176 RasPppoe - ok
18:49:58.0004 2176 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:49:58.0037 2176 RasSstp - ok
18:49:58.0075 2176 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
18:49:58.0118 2176 rdbss - ok
18:49:58.0141 2176 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:49:58.0168 2176 rdpbus - ok
18:49:58.0249 2176 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:49:58.0283 2176 RDPCDD - ok
18:49:58.0332 2176 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
18:49:58.0362 2176 RDPDR - ok
18:49:58.0387 2176 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:49:58.0429 2176 RDPENCDD - ok
18:49:58.0506 2176 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:49:58.0553 2176 RDPREFMP - ok
18:49:58.0585 2176 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
18:49:58.0634 2176 RDPWD - ok
18:49:58.0684 2176 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
18:49:58.0701 2176 rdyboost - ok
18:49:58.0793 2176 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
18:49:58.0826 2176 RFCOMM - ok
18:49:58.0935 2176 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:49:58.0984 2176 rspndr - ok
18:49:59.0061 2176 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
18:49:59.0086 2176 s3cap - ok
18:49:59.0217 2176 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
18:49:59.0232 2176 sbp2port - ok
18:49:59.0309 2176 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
18:49:59.0370 2176 scfilter - ok
18:49:59.0547 2176 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:49:59.0591 2176 secdrv - ok
18:49:59.0740 2176 Sentinel (7e5c2c58fc4e3862e7bf88bfb809a9b0) C:\Windows\System32\Drivers\SENTINEL.SYS
18:49:59.0755 2176 Sentinel - ok
18:49:59.0862 2176 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:49:59.0881 2176 Serenum - ok
18:50:00.0216 2176 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:50:00.0268 2176 Serial - ok
18:50:00.0457 2176 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:50:00.0485 2176 sermouse - ok
18:50:00.0582 2176 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
18:50:00.0603 2176 sffdisk - ok
18:50:00.0650 2176 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:50:00.0744 2176 sffp_mmc - ok
18:50:00.0755 2176 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:50:00.0780 2176 sffp_sd - ok
18:50:00.0801 2176 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:50:00.0828 2176 sfloppy - ok
18:50:00.0967 2176 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
18:50:00.0982 2176 sisagp - ok
18:50:01.0025 2176 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:50:01.0039 2176 SiSRaid2 - ok
18:50:01.0130 2176 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:50:01.0147 2176 SiSRaid4 - ok
18:50:01.0167 2176 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:50:01.0215 2176 Smb - ok
18:50:01.0317 2176 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:50:01.0331 2176 spldr - ok
18:50:01.0404 2176 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
18:50:01.0404 2176 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
18:50:01.0407 2176 sptd ( LockedFile.Multi.Generic ) - warning
18:50:01.0407 2176 sptd - detected LockedFile.Multi.Generic (1)
18:50:01.0455 2176 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
18:50:01.0487 2176 srv - ok
18:50:01.0576 2176 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
18:50:01.0606 2176 srv2 - ok
18:50:01.0639 2176 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
18:50:01.0680 2176 srvnet - ok
18:50:01.0815 2176 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:50:01.0830 2176 stexstor - ok
18:50:01.0867 2176 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
18:50:01.0882 2176 storflt - ok
18:50:01.0896 2176 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
18:50:01.0912 2176 storvsc - ok
18:50:02.0009 2176 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
18:50:02.0023 2176 swenum - ok
18:50:02.0125 2176 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
18:50:02.0137 2176 taphss - ok
18:50:02.0235 2176 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
18:50:02.0278 2176 Tcpip - ok
18:50:02.0323 2176 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
18:50:02.0360 2176 TCPIP6 - ok
18:50:02.0485 2176 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
18:50:02.0529 2176 tcpipreg - ok
18:50:02.0563 2176 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
18:50:02.0617 2176 TDPIPE - ok
18:50:02.0697 2176 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
18:50:02.0741 2176 TDTCP - ok
18:50:02.0798 2176 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
18:50:02.0855 2176 tdx - ok
18:50:02.0939 2176 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
18:50:02.0954 2176 TermDD - ok
18:50:03.0037 2176 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:50:03.0093 2176 tssecsrv - ok
18:50:03.0221 2176 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
18:50:03.0270 2176 tunnel - ok
18:50:03.0300 2176 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:50:03.0315 2176 uagp35 - ok
18:50:03.0429 2176 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
18:50:03.0476 2176 udfs - ok
18:50:03.0513 2176 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:50:03.0528 2176 uliagpkx - ok
18:50:03.0596 2176 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
18:50:03.0629 2176 umbus - ok
18:50:03.0696 2176 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:50:03.0745 2176 UmPass - ok
18:50:03.0839 2176 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\drivers\usbccgp.sys
18:50:03.0863 2176 usbccgp - ok
18:50:03.0933 2176 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
18:50:03.0955 2176 usbcir - ok
18:50:04.0035 2176 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
18:50:04.0075 2176 usbehci - ok
18:50:04.0166 2176 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
18:50:04.0188 2176 usbhub - ok
18:50:04.0279 2176 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
18:50:04.0307 2176 usbohci - ok
18:50:04.0361 2176 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:50:04.0419 2176 usbprint - ok
18:50:04.0515 2176 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS
18:50:04.0535 2176 USBSTOR - ok
18:50:04.0596 2176 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
18:50:04.0628 2176 usbuhci - ok
18:50:04.0716 2176 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:50:04.0731 2176 vdrvroot - ok
18:50:04.0784 2176 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:50:04.0815 2176 vga - ok
18:50:04.0835 2176 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:50:04.0878 2176 VgaSave - ok
18:50:04.0943 2176 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
18:50:04.0961 2176 vhdmp - ok
18:50:04.0995 2176 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
18:50:05.0011 2176 viaagp - ok
18:50:05.0061 2176 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:50:05.0095 2176 ViaC7 - ok
18:50:05.0166 2176 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
18:50:05.0181 2176 viaide - ok
18:50:05.0342 2176 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
18:50:05.0407 2176 vmbus - ok
18:50:05.0462 2176 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
18:50:05.0480 2176 VMBusHID - ok
18:50:05.0534 2176 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
18:50:05.0549 2176 volmgr - ok
18:50:05.0632 2176 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:50:05.0653 2176 volmgrx - ok
18:50:05.0720 2176 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
18:50:05.0740 2176 volsnap - ok
18:50:05.0797 2176 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:50:05.0815 2176 vsmraid - ok
18:50:05.0837 2176 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:50:05.0865 2176 vwifibus - ok
18:50:05.0930 2176 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:50:05.0960 2176 WacomPen - ok
18:50:06.0037 2176 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:50:06.0084 2176 WANARP - ok
18:50:06.0090 2176 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:50:06.0126 2176 Wanarpv6 - ok
18:50:06.0262 2176 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:50:06.0276 2176 Wd - ok
18:50:06.0332 2176 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:50:06.0369 2176 Wdf01000 - ok
18:50:06.0440 2176 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:50:06.0475 2176 WfpLwf - ok
18:50:06.0554 2176 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:50:06.0569 2176 WIMMount - ok
18:50:06.0664 2176 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
18:50:06.0686 2176 WinUsb - ok
18:50:06.0751 2176 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:50:06.0778 2176 WmiAcpi - ok
18:50:06.0876 2176 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:50:06.0921 2176 ws2ifsl - ok
18:50:07.0013 2176 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
18:50:07.0062 2176 WudfPf - ok
18:50:07.0135 2176 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:50:07.0180 2176 WUDFRd - ok
18:50:07.0251 2176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:50:07.0359 2176 \Device\Harddisk0\DR0 - ok
18:50:07.0379 2176 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:50:07.0570 2176 \Device\Harddisk1\DR1 - ok
18:50:07.0579 2176 Boot (0x1200) (54ec8eb9e79e6cf36d2e2ae6f4694f2f) \Device\Harddisk0\DR0\Partition0
18:50:07.0580 2176 \Device\Harddisk0\DR0\Partition0 - ok
18:50:07.0611 2176 Boot (0x1200) (e597917f4b7f0cce5a62842819a9ddb6) \Device\Harddisk0\DR0\Partition1
18:50:07.0615 2176 \Device\Harddisk0\DR0\Partition1 - ok
18:50:07.0630 2176 Boot (0x1200) (3775bdb24ef2159996026617304d6606) \Device\Harddisk0\DR0\Partition2
18:50:07.0631 2176 \Device\Harddisk0\DR0\Partition2 - ok
18:50:07.0647 2176 Boot (0x1200) (54e6b4cae5572425b573af22f5fbf235) \Device\Harddisk0\DR0\Partition3
18:50:07.0648 2176 \Device\Harddisk0\DR0\Partition3 - ok
18:50:07.0655 2176 Boot (0x1200) (8bab1da16e06722fb75ed5d2d0ac6d84) \Device\Harddisk1\DR1\Partition0
18:50:07.0656 2176 \Device\Harddisk1\DR1\Partition0 - ok
18:50:07.0684 2176 Boot (0x1200) (56cde52336759ed333a5d45c01ab92df) \Device\Harddisk1\DR1\Partition1
18:50:07.0686 2176 \Device\Harddisk1\DR1\Partition1 - ok
18:50:07.0686 2176 ============================================================
18:50:07.0686 2176 Scan finished
18:50:07.0686 2176 ============================================================
18:50:07.0720 1116 Detected object count: 1
18:50:07.0720 1116 Actual detected object count: 1
18:50:20.0733 1116 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:50:20.0733 1116 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:50:26.0929 0456 Deinitialize success

Re: Abnow.com

Napsal: 10 bře 2012 18:59
od vyosek
JJ CF mi sem hodte :)

Re: Abnow.com

Napsal: 10 bře 2012 19:08
od MartiN182
Nech sa páči :)

ComboFix 12-03-09.05 - miso 03/10/2012 18:27:34.6.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.991.304 [GMT 1:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 17:37 . 2012-03-10 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-09 19:37 . 2012-03-01 12:34 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E51CDA81-600B-48BE-BB3B-9D443B7A472C}\mpengine.dll
2012-03-09 17:48 . 2012-03-09 17:48 387584 ------w- C:\csc.sys
2012-03-09 17:27 . 2012-03-09 17:27 387584 ------w- C:\csc2.sys
2012-03-09 12:14 . 2012-03-09 12:14 -------- d-----w- c:\windows\system32\Wat
2012-03-09 02:33 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2012-03-09 02:27 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-03-09 02:27 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-09 02:27 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-03-09 02:27 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-03-09 02:27 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-03-09 02:13 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-03-08 22:27 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-03-08 22:27 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-03-08 22:27 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll
2012-03-08 22:27 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-03-08 22:27 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2012-03-08 22:27 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2012-03-08 22:27 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-03-08 22:27 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-08 21:32 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2012-03-08 21:31 . 2012-03-08 21:31 -------- d-----w- c:\program files\MSXML 4.0
2012-03-08 21:31 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2012-03-08 21:17 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2012-03-08 21:17 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-03-08 21:16 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2012-03-08 21:16 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
2012-03-08 21:16 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-08 21:16 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2012-03-08 21:16 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-03-08 21:16 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-03-08 21:16 . 2011-09-29 15:43 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-08 21:16 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2012-03-08 21:16 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-03-08 21:16 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-03-08 21:14 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
2012-03-08 21:13 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-08 21:12 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-08 21:11 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-03-08 20:44 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-08 20:44 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-03-08 20:44 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2012-03-08 20:42 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2012-03-08 20:42 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-03-08 20:26 . 2012-03-08 20:26 -------- d-----w- c:\users\miso\AppData\Roaming\FixZeroAccess
2012-03-08 18:53 . 2012-03-08 18:53 -------- d-----w- C:\rsit
2012-03-08 18:44 . 2012-03-08 18:44 -------- d-----w- c:\program files\CCleaner
2012-03-08 15:51 . 2012-03-10 17:39 -------- d-----w- c:\users\miso\AppData\Local\temp
2012-03-08 14:28 . 2012-03-08 14:49 -------- d-----w- C:\beruska.com
2012-03-07 18:57 . 2012-03-07 18:57 -------- d-----w- c:\users\miso\AppData\Roaming\Citrix
2012-03-07 17:21 . 2012-03-08 18:53 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 17:27 . 2009-07-13 23:15 387584 ----a-w- c:\windows\system32\drivers\csc.sys
2012-03-05 18:17 . 2011-08-05 10:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-04-30 04:28 237072 ------w- c:\windows\system32\MpSigStub.exe
2008-08-16 16:42 . 2008-08-16 16:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 16:42 . 2008-08-16 16:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 16:42 . 2008-08-16 16:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 16:42 . 2008-08-16 16:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 16:43 . 2008-08-16 16:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 16:42 . 2008-08-16 16:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 16:42 . 2008-08-16 16:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 07:41 . 2008-05-21 07:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 07:41 . 2008-05-21 07:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 07:41 . 2008-05-21 07:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 12:58 . 2008-06-05 12:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 16:42 . 2008-08-16 16:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-02-20 13:06 . 2011-05-06 22:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^miso^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\miso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-08 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-16 436792]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2010-03-17 132464]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2011-04-06 2560]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 PRESLICSER;PReS License Service;c:\windows\SYSTEM32\preslicser.exe [2007-03-05 143360]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
.
------- Supplementary Scan -------
.
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ie_banner_deny.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} - hxxp://www.o2c.de/download/o2cplayerac.cab
FF - ProfilePath - c:\users\miso\AppData\Roaming\Mozilla\Firefox\Profiles\pcqdyuwm.default\
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2768)
c:\program files\HappyFoto\HfAsistentSlk\FotoSync.dll
c:\program files\HappyFoto\HfAsistentSlk\xerc2701.dll
c:\program files\HappyFoto\HfAsistentSlk\fotosynr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\conhost.exe
c:\program files\Citrix\ICA Client\PNAMain.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-03-10 18:44:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-10 17:44
ComboFix2.txt 2012-03-10 15:19
.
Pre-Run: 839,073,792 bytes free
Post-Run: 1,818,279,936 bytes free
.
- - End Of File - - 702A2C3DDB23D16A6EEA50D5546F210C

Re: Abnow.com

Napsal: 10 bře 2012 23:38
od vyosek
Udelejte prosim sken Kasperskym, zda-li neco najde

Re: Abnow.com

Napsal: 11 bře 2012 21:30
od MartiN182
Je čistý! :) Akurát mi to našlo ten csc.sys v nejakej zálohe od FixZeroAcces, ale to by už malo byť snáď neškodné..

Re: Abnow.com

Napsal: 12 bře 2012 08:04
od vyosek
Tam je neskodny...

Udelejte znovu ten ulid od utilit - odinstalce CF + TCleaner + OTC a snad hotovo

Re: Abnow.com

Napsal: 12 bře 2012 15:32
od MartiN182
Jasné, idem do toho, jarné upratovanie začína..

Tak ešte raz ďakujem pekne za pomoc! Veľmi ste mi pomohli :worship:
(dokonca som sa niečomu aj priučil :) )

Re: Abnow.com

Napsal: 12 bře 2012 19:41
od vyosek
Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek
Všechny časy jsou v UTC+01:00
Stránka 5 z 5

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz