VIRY.CZ

Zdravim zdejsi doktory, po nekolika mesicich jsem opet nucen poprosit o Vase sluzby - dnes se mi zpomalil pocitac, zejmena pri praci s internetem - odezva prohlizece (MSIE8) se zpomalila na nekolik sekund a dale prestal fungovat tablet (po nabehnuti windows zahlasi chybu tablet service), reinstalace ani uplne odebrani a znovu nainstalovani ovladace tabletu (Wacom) nepomaha, a konecne - windows samotne nabihaji stale stejne rychle, ale po jejich nabehnuti trva priblizne 20 - 30 vterin, nez se u hodin objevi ikonka site. Antivir (McAfee) nic nehlasi a nic nenachazi ani MBAM.
Dekuji.

EDITOVANO 12:05------
na konec prispevku pridan log z RogueKilleru (jen skan, nic neodstraneno) - detekovana infekce Sinowalem

Logfile of random's system information tool 1.09 (written by random/random)
Run by David at 2012-08-29 10:54:06
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 67 GB (67%) free of 100 GB
Total RAM: 3327 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:11, on 29.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Razer\DeathAdder\vdDaemon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
F:\David\paleni\RSIT.exe
C:\Program Files\trend micro\David.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8102 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll [2011-04-26 67120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-01-04 59272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03 349640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2008-05-14 29831168]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-10-08 16744256]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2011-10-08 203072]
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2011-10-08 1632360]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\udaterui.exe [2009-08-25 136512]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2011-04-26 124224]
"openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe [2005-08-18 99328]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5.5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]
"DeathAdder"=C:\Program Files\Razer\DeathAdder\razerhid.exe [2012-01-14 248832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-08-27 20:56:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\GARMIN
2012-08-26 01:02:26 ----D---- C:\Program Files\Giants
2012-08-22 09:11:50 ----D---- C:\Program Files\7-Zip
2012-08-21 13:25:46 ----D---- C:\Documents and Settings\David\Data aplikací\WTablet
2012-08-21 13:23:44 ----D---- C:\Program Files\Tablet
2012-08-16 20:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2012-08-16 20:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2731847$
2012-08-16 20:59:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219$
2012-08-16 20:59:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2723135$
2012-08-11 11:39:14 ----D---- C:\Documents and Settings\David\Data aplikací\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

======List of files/folders modified in the last 1 month======

2012-08-29 10:54:10 ----D---- C:\Program Files\trend micro
2012-08-29 10:53:27 ----D---- C:\WINDOWS\Temp
2012-08-29 10:53:07 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-29 10:50:13 ----D---- C:\WINDOWS\system32\drivers
2012-08-29 10:44:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-29 10:37:24 ----D---- C:\WINDOWS\Prefetch
2012-08-29 10:35:16 ----D---- C:\Documents and Settings\David\Data aplikací\EditPlus 3
2012-08-29 10:33:25 ----A---- C:\WINDOWS\wincmd.ini
2012-08-29 10:32:59 ----D---- C:\WINDOWS\system32
2012-08-29 10:32:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-08-29 10:24:08 ----RD---- C:\Program Files
2012-08-29 10:23:55 ----HD---- C:\WINDOWS\inf
2012-08-29 10:13:04 ----AD---- C:\WINDOWS
2012-08-29 10:02:44 ----D---- C:\QUARANTINE
2012-08-28 08:11:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-08-28 08:11:06 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-08-27 21:00:07 ----SHD---- C:\WINDOWS\Installer
2012-08-27 21:00:04 ----D---- C:\WINDOWS\WinSxS
2012-08-27 20:59:59 ----D---- C:\Program Files\Garmin
2012-08-26 01:02:26 ----HD---- C:\Program Files\InstallShield Installation Information
2012-08-25 19:51:22 ----D---- C:\Program Files\The KMPlayer
2012-08-22 13:32:54 ----A---- C:\WINDOWS\win.ini
2012-08-21 07:45:46 ----SD---- C:\WINDOWS\Tasks
2012-08-16 20:59:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-16 20:59:28 ----A---- C:\WINDOWS\imsins.BAK
2012-08-16 20:59:25 ----HD---- C:\WINDOWS\$hf_mig$
2012-08-16 20:59:04 ----D---- C:\Program Files\Internet Explorer
2012-08-16 20:58:56 ----D---- C:\WINDOWS\ie8updates
2012-08-11 11:25:19 ----D---- C:\Program Files\Adobe
2012-08-11 10:57:13 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-07-30 17:56:36 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2011-04-26 337560]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-05-16 46080]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 286720]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 81920]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2011-04-26 65960]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 danewFltr;NewDeathAdder Mouse; C:\WINDOWS\system32\drivers\danew.sys [2009-04-21 11136]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidkmdf;KMDF Driver; C:\WINDOWS\system32\DRIVERS\hidkmdf.sys [2012-06-21 11680]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2011-04-26 76088]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2011-04-26 91992]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-15 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-10-08 12791488]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2012-01-04 9856]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 23552]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2008-05-08 238080]
R3 VKbms;Razer Gaming Device; C:\WINDOWS\system32\DRIVERS\VKbms.sys [2010-10-01 10240]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 xcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\drivers\xcpip.sys []
R3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []
S3 ae3g.sys;ae3g.sys; \??\C:\WINDOWS\system32\drivers\ae3g.sys []
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2011-04-26 43224]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2011-04-26 67240]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WacHidRouter;Wacom Hid Router; C:\WINDOWS\system32\DRIVERS\wachidrouter.sys []
S3 wacomrouterfilter;Wacom Router Filter Driver; C:\WINDOWS\system32\DRIVERS\wacomrouterfilter.sys []
S3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 astcc;AST Service; C:\WINDOWS\system32\astsrv.exe [2010-11-01 57344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-01-03 655624]
R2 KPF4;Kerio Personal Firewall 4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2005-10-10 1617920]
R2 McAfeeEngineService;McAfee Engine Service; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [2011-04-26 22816]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2009-08-25 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2011-04-26 147984]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-04-26 66880]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2011-04-26 69192]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-10-08 298304]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2005-08-25 16384]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : David [Práva správce]
Mód : Kontrola -- Datum : 08/29/2012 11:56:38

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[Faked.Drv][FILE] atapi.sys : C:\WINDOWS\system32\drivers\atapi.sys --> NELZE OPRAVIT

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB0168435)
SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB0167C5C)
SSDT[41] : NtCreateKey @ 0x80623FD6 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB01640B0)
SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB0167031)
SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB0166EAE)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB0167693)
SSDT[62] : NtDeleteFile @ 0x80576C4A -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB01684B5)
SSDT[63] : NtDeleteKey @ 0x80624472 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB01644E1)
SSDT[65] : NtDeleteValueKey @ 0x80624642 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB0164574)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (\SystemRoot\system32\drivers\khips.sys @ 0xAFF908B0)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (\SystemRoot\system32\drivers\khips.sys @ 0xAFF90A20)
SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB0167F27)
SSDT[119] : NtOpenKey @ 0x806253B4 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB0164307)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB016771F)
SSDT[224] : NtSetInformationFile @ 0x8057B02E -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB0168229)
SSDT[247] : NtSetValueKey @ 0x80622548 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB016467D)
SSDT[274] : NtWriteFile @ 0x8057CF10 -> HOOKED (\SystemRoot\system32\drivers\fwdrv.sys @ 0xB0168186)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([INLINE] Unknown @ 0x8A699000)

¤¤¤ Nákaza : Root.MBR ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502IJ +++++
--- User ---
[MBR] 6e031a596155cbab2bc280c8e50c591e
[BSP] d95faf2b0f8bb5cdb2ca53665ecd2741 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 376931 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 9cc70c8c611d4d3ca3f3c56b74ec1749
[BSP] eec7e11e0ccea4debe3c232189026f6a : Whistler/Sinowal MBR Code!
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 376931 Mo

+++++ PhysicalDrive1: ST3802110A +++++
--- User ---
[MBR] bd4c3c3fc3c9e51bd8b99af086547340
[BSP] e92cde90035fe2dc01689485b709e95b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 35000 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 71682030 | Size: 41307 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 25d0522d039be31a3c5c1c00ed5cddcb
[BSP] b31fa0752e364c66ed63e77412d5b86e : Whistler/Sinowal MBR Code!
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 35000 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 71682030 | Size: 41307 Mo

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

Zdravim a pekny den preji

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 15 Model 107 Stepping 2, AuthenticAMD
BOOT           : Normal Boot
DATE           : 2012/08/29 (ISO 8601) at 13:07:46
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __SAMSUNG HD502IJ (1AA01113)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR1 __ST3802110A (3.AAE)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	465.8 Go  [Fixed] ==> Unknown MBR Code

MBR_MD5   : 9CC70C8C611D4D3CA3F3C56B74EC1749
MBR_SHA1  : CC13CB68E1E3E0F4F3BF79BB5A22EDEF71DEC296

Device\Harddisk0\Partition1	97.65 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	97.65 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition3	270.4 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk1\DR1	74.53 Go  [Fixed] ==> Unknown MBR Code

MBR_MD5   : 25D0522D039BE31A3C5C1C00ED5CDDCB
MBR_SHA1  : 8ECD70E6AAF78A297CB439637FD5CA92C1075CE0

Device\Harddisk1\Partition1	34.18 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk1\Partition2	40.34 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xAFEAE000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xB8652000
SIZE    : 8.0 Ko

DRIVER  : C:\WINDOWS\system32\drivers\xpsec.sys => Invisible on the disk
ADDRESS : 0xAFE9B000
SIZE    : 76.0 Ko

DRIVER  : C:\WINDOWS\system32\drivers\xcpip.sys => Invisible on the disk
ADDRESS : 0xAFC42000
SIZE    : 356.0 Ko

DRIVER  : C:\DOCUME~1\David\LOCALS~1\Temp\pxldapod.sys => Invisible on the disk
ADDRESS : 0xAD8F0000
SIZE    : 100.0 Ko

SystemStartOptions : FASTDETECT  NOEXECUTE=OPTIN  USEPMTIMER

________________________________________________________________________________

_____FAKED   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D8 8E C0 8E D0 BC 00 7C BE 1A 7C BF 00   3À.Ø.À.Ð¼.|¾.|¿.
0x00000010   06 B9 E6 01 50 57 FC F3 A4 CB BE A4 07 B1 04 90   .¹æ.PWüó¤Ë¾¤.±..
0x00000020   80 3C 80 74 0D 38 2C 0F 85 C0 00 83 C6 10 E2 F0   .<.t.8,..À..Æ.âð
0x00000030   CD 18 66 8B 44 08 8B 14 89 E3 B9 01 00 E8 64 00   Í.f.D....ã¹..èd.
0x00000040   73 0C 8B 4C 02 B8 01 02 CD 13 0F 82 B8 00 B9 55   s..L.¸..Í...¸.¹U
0x00000050   AA 2B 0E FE 7D 0F 85 CF 00 66 B8 00 00 00 00 66   ª+.þ}..Ï.f¸....f
0x00000060   39 44 08 72 08 66 8B 44 08 66 03 44 0C 83 C6 10   9D.r.f.D.f.D..Æ.
0x00000070   81 FE E4 07 72 E9 66 09 C0 74 1E B9 09 00 81 C3   .þä.réf.Àt.¹...Ã
0x00000080   00 02 E8 1F 00 72 12 89 DE 81 C6 0C 02 8D 54 F4   ..è..r..Þ.Æ...Tô
0x00000090   66 81 3C 75 2F F3 A4 74 05 EA 00 7C 00 00 89 DE   f.<u/ó¤t.ê.|...Þ
0x000000A0   FF D2 EB F5 66 60 B2 80 BB AA 55 B4 41 CD 13 73   .Òëõf`².»ªU´AÍ.s
0x000000B0   04 F9 66 61 C3 81 FB 55 AA 75 F6 F6 C1 01 74 F1   .ùfaÃ.ûUªuööÁ.tñ
0x000000C0   66 61 66 60 6A 00 6A 00 66 50 06 53 51 6A 10 B4   faf`j.j.fP.SQj.´
0x000000D0   42 89 E6 CD 13 61 66 61 C3 5E AC 08 C0 74 FC 56   B.æÍ.afaÃ^¬.ÀtüV
0x000000E0   1E BB 07 00 B4 0E CD 10 1F EB EE E8 EB FF 49 6E   .»..´.Í..ëîèë.In
0x000000F0   76 61 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20   valid partition 
0x00000100   74 61 62 6C 65 00 E8 D0 FF 45 72 72 6F 72 20 6C   table.èÐ.Error l
0x00000110   6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E 67   oading operating
0x00000120   20 73 79 73 74 65 6D 00 E8 AE FF 4D 69 73 73 69    system.è®.Missi
0x00000130   6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73   ng operating sys
0x00000140   74 65 6D 00 00 00 00 00 00 00 00 00 00 00 00 00   tem.............
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A 2C 0F 2D 0F 00 00 80 01   .....,Dj,.-.....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 8D F2 34 0C 00 00   ...þ..?....ò4...
0x000001D0   C1 FF 0F FE FF FF CC F2 34 0C B4 1A 03 2E 00 00   Á..þ..Ìò4.´.....
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__ORIGINAL   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C   2ä.V.Í.ëÖaùÃNepl
0x00000130   61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64   atn. tabulka odd
0x00000140   A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61   ¡l..Chyba pýi na
0x00000150   9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68   .¡t.n¡ opera.n¡h
0x00000160   6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F   o syst.mu.Opera.
0x00000170   6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65   n¡ syst.m nenale
0x00000180   7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00   zen.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A 2C 0F 2D 0F 00 00 80 01   .....,Dj,.-.....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 8D F2 34 0C 00 00   ...þ..?....ò4...
0x000001D0   C1 FF 0F FE FF FF CC F2 34 0C B4 1A 03 2E 00 00   Á..þ..Ìò4.´.....
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

_____FAKED   \Device\Harddisk1\DR1  

0x00000000   33 C0 8E D8 8E C0 8E D0 BC 00 7C BE 1A 7C BF 00   3À.Ø.À.Ð¼.|¾.|¿.
0x00000010   06 B9 E6 01 50 57 FC F3 A4 CB BE A4 07 B1 04 90   .¹æ.PWüó¤Ë¾¤.±..
0x00000020   80 3C 80 74 0D 38 2C 0F 85 C0 00 83 C6 10 E2 F0   .<.t.8,..À..Æ.âð
0x00000030   CD 18 66 8B 44 08 8B 14 89 E3 B9 01 00 E8 64 00   Í.f.D....ã¹..èd.
0x00000040   73 0C 8B 4C 02 B8 01 02 CD 13 0F 82 B8 00 B9 55   s..L.¸..Í...¸.¹U
0x00000050   AA 2B 0E FE 7D 0F 85 CF 00 66 B8 00 00 00 00 66   ª+.þ}..Ï.f¸....f
0x00000060   39 44 08 72 08 66 8B 44 08 66 03 44 0C 83 C6 10   9D.r.f.D.f.D..Æ.
0x00000070   81 FE E4 07 72 E9 66 09 C0 74 1E B9 09 00 81 C3   .þä.réf.Àt.¹...Ã
0x00000080   00 02 E8 1F 00 72 12 89 DE 81 C6 0C 02 8D 54 F4   ..è..r..Þ.Æ...Tô
0x00000090   66 81 3C 75 2F F3 A4 74 05 EA 00 7C 00 00 89 DE   f.<u/ó¤t.ê.|...Þ
0x000000A0   FF D2 EB F5 66 60 B2 80 BB AA 55 B4 41 CD 13 73   .Òëõf`².»ªU´AÍ.s
0x000000B0   04 F9 66 61 C3 81 FB 55 AA 75 F6 F6 C1 01 74 F1   .ùfaÃ.ûUªuööÁ.tñ
0x000000C0   66 61 66 60 6A 00 6A 00 66 50 06 53 51 6A 10 B4   faf`j.j.fP.SQj.´
0x000000D0   42 89 E6 CD 13 61 66 61 C3 5E AC 08 C0 74 FC 56   B.æÍ.afaÃ^¬.ÀtüV
0x000000E0   1E BB 07 00 B4 0E CD 10 1F EB EE E8 EB FF 49 6E   .»..´.Í..ëîèë.In
0x000000F0   76 61 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20   valid partition 
0x00000100   74 61 62 6C 65 00 E8 D0 FF 45 72 72 6F 72 20 6C   table.èÐ.Error l
0x00000110   6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E 67   oading operating
0x00000120   20 73 79 73 74 65 6D 00 E8 AE FF 4D 69 73 73 69    system.è®.Missi
0x00000130   6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73   ng operating sys
0x00000140   74 65 6D 00 00 00 00 00 00 00 00 00 00 00 00 00   tem.............
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A 7F 84 7F 84 00 00 80 01   .....,Dj........
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 AF C7 45 04 00 00   ...þ..?...¯ÇE...
0x000001D0   C1 FF 0F FE FF FF EE C7 45 04 12 DE 0A 05 00 00   Á..þ..îÇE..Þ....
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__ORIGINAL   \Device\Harddisk1\DR1  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C   2ä.V.Í.ëÖaùÃNepl
0x00000130   61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64   atn. tabulka odd
0x00000140   A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61   ¡l..Chyba pýi na
0x00000150   9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68   .¡t.n¡ opera.n¡h
0x00000160   6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F   o syst.mu.Opera.
0x00000170   6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65   n¡ syst.m nenale
0x00000180   7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00   zen.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A 7F 84 7F 84 00 00 80 01   .....,Dj........
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 AF C7 45 04 00 00   ...þ..?...¯ÇE...
0x000001D0   C1 FF 0F FE FF FF EE C7 45 04 12 DE 0A 05 00 00   Á..þ..îÇE..Þ....
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

13:11:26.0640 0596 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:11:27.0078 0596 ============================================================
13:11:27.0078 0596 Current date / time: 2012/08/29 13:11:27.0078
13:11:27.0078 0596 SystemInfo:
13:11:27.0078 0596
13:11:27.0078 0596 OS Version: 5.1.2600 ServicePack: 3.0
13:11:27.0078 0596 Product type: Workstation
13:11:27.0078 0596 ComputerName: DAVIDOS
13:11:27.0078 0596 UserName: David
13:11:27.0078 0596 Windows directory: C:\WINDOWS
13:11:27.0078 0596 System windows directory: C:\WINDOWS
13:11:27.0078 0596 Processor architecture: Intel x86
13:11:27.0078 0596 Number of processors: 2
13:11:27.0078 0596 Page size: 0x1000
13:11:27.0078 0596 Boot type: Normal boot
13:11:27.0078 0596 ============================================================
13:11:28.0812 0596 BG loaded
13:11:29.0109 0596 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x000000A4
13:11:29.0140 0596 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x000000A4
13:11:29.0140 0596 ============================================================
13:11:29.0140 0596 \Device\Harddisk0\DR0:
13:11:29.0140 0596 MBR partitions:
13:11:29.0140 0596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
13:11:29.0156 0596 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0xC34F28D
13:11:29.0171 0596 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x21CE27A9
13:11:29.0171 0596 \Device\Harddisk1\DR1:
13:11:29.0171 0596 MBR partitions:
13:11:29.0171 0596 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x445C7AF
13:11:29.0171 0596 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x50ADDD3
13:11:29.0171 0596 ============================================================
13:11:29.0218 0596 C: <-> \Device\Harddisk0\DR0\Partition1
13:11:29.0234 0596 D: <-> \Device\Harddisk1\DR1\Partition1
13:11:37.0750 0596 E: <-> \Device\Harddisk0\DR0\Partition2
13:11:39.0078 0596 F: <-> \Device\Harddisk0\DR0\Partition3
13:11:39.0125 0596 G: <-> \Device\Harddisk1\DR1\Partition2
13:11:39.0156 0596 ============================================================
13:11:39.0156 0596 Initialize success
13:11:39.0156 0596 ============================================================
13:12:47.0640 2524 ============================================================
13:12:47.0640 2524 Scan started
13:12:47.0640 2524 Mode: Manual; SigCheck; TDLFS;
13:12:47.0640 2524 ============================================================
13:12:48.0406 2524 ================ Scan system memory ========================
13:12:49.0468 2524 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - infected
13:12:49.0468 2524 System memory - detected MEM:Backdoor.Win32.Sinowal.d (0)
13:12:49.0468 2524 ================ Scan services =============================
13:12:49.0546 2524 Abiosdsk - ok
13:12:49.0546 2524 abp480n5 - ok
13:12:49.0562 2524 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:13:32.0984 2524 ACPI - ok
13:13:33.0109 2524 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:13:33.0421 2524 ACPIEC - ok
13:13:33.0421 2524 adpu160m - ok
13:13:33.0421 2524 ae3g.sys - ok
13:13:33.0687 2524 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:13:33.0796 2524 aec - ok
13:13:33.0828 2524 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:13:34.0015 2524 AFD - ok
13:13:34.0015 2524 Aha154x - ok
13:13:34.0015 2524 aic78u2 - ok
13:13:34.0031 2524 aic78xx - ok
13:13:34.0125 2524 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:13:34.0421 2524 Alerter - ok
13:13:34.0453 2524 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
13:13:34.0609 2524 ALG - ok
13:13:34.0609 2524 AliIde - ok
13:13:34.0671 2524 [ FCFFA85CFD4BF7A4711012847048DCA3 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:13:35.0093 2524 AmdK8 - ok
13:13:35.0093 2524 amsint - ok
13:13:35.0359 2524 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:13:35.0687 2524 AppMgmt - ok
13:13:35.0687 2524 asc - ok
13:13:35.0703 2524 asc3350p - ok
13:13:35.0703 2524 asc3550 - ok
13:13:35.0984 2524 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:13:36.0375 2524 aspnet_state - ok
13:13:36.0390 2524 [ 0C83FC56707BF68DB04947052A8188B1 ] astcc C:\WINDOWS\system32\astsrv.exe
13:13:36.0593 2524 astcc ( UnsignedFile.Multi.Generic ) - warning
13:13:36.0593 2524 astcc - detected UnsignedFile.Multi.Generic (1)
13:13:36.0656 2524 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:13:36.0890 2524 AsyncMac - ok
13:13:37.0031 2524 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:13:37.0218 2524 atapi - ok
13:13:37.0218 2524 Atdisk - ok
13:13:37.0250 2524 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:13:37.0359 2524 Atmarpc - ok
13:13:37.0406 2524 [ 523CA82A8810F4354E6425406AFBC130 ] ATMsrvc C:\WINDOWS\System32\ATMsrvc.exe
13:13:37.0578 2524 ATMsrvc ( UnsignedFile.Multi.Generic ) - warning
13:13:37.0578 2524 ATMsrvc - detected UnsignedFile.Multi.Generic (1)
13:13:37.0609 2524 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:13:37.0812 2524 AudioSrv - ok
13:13:37.0843 2524 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:13:37.0968 2524 audstub - ok
13:13:38.0000 2524 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:13:38.0156 2524 Beep - ok
13:13:38.0234 2524 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\System32\qmgr.dll
13:13:38.0546 2524 BITS - ok
13:13:38.0609 2524 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:13:38.0734 2524 Bonjour Service - ok
13:13:38.0796 2524 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
13:13:38.0937 2524 Browser - ok
13:13:38.0953 2524 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:13:39.0078 2524 cbidf2k - ok
13:13:39.0078 2524 cd20xrnt - ok
13:13:39.0093 2524 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:13:39.0234 2524 Cdaudio - ok
13:13:39.0250 2524 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:13:39.0343 2524 Cdfs - ok
13:13:39.0359 2524 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:13:39.0468 2524 Cdrom - ok
13:13:39.0468 2524 Changer - ok
13:13:39.0500 2524 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:13:39.0671 2524 CiSvc - ok
13:13:39.0703 2524 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:13:39.0921 2524 ClipSrv - ok
13:13:39.0953 2524 [ 234B1BC2796483E1F5C3F26649FB3388 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:13:39.0984 2524 clr_optimization_v2.0.50727_32 - ok
13:13:40.0015 2524 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:13:40.0109 2524 clr_optimization_v4.0.30319_32 - ok
13:13:40.0125 2524 CmdIde - ok
13:13:40.0125 2524 COMSysApp - ok
13:13:40.0140 2524 Cpqarray - ok
13:13:40.0140 2524 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:13:40.0296 2524 CryptSvc - ok
13:13:40.0296 2524 dac2w2k - ok
13:13:40.0296 2524 dac960nt - ok
13:13:40.0312 2524 [ C512B618D0E19339572AD125E26B9CB5 ] danewFltr C:\WINDOWS\system32\drivers\danew.sys
13:13:40.0421 2524 danewFltr - ok
13:13:40.0500 2524 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:13:40.0609 2524 DcomLaunch - ok
13:13:40.0640 2524 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:13:40.0765 2524 Dhcp - ok
13:13:40.0796 2524 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:13:41.0046 2524 Disk - ok
13:13:41.0062 2524 dmadmin - ok
13:13:41.0187 2524 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:13:41.0500 2524 dmboot - ok
13:13:41.0546 2524 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:13:41.0796 2524 dmio - ok
13:13:41.0812 2524 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:13:41.0953 2524 dmload - ok
13:13:41.0968 2524 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:13:42.0109 2524 dmserver - ok
13:13:42.0125 2524 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:13:42.0218 2524 DMusic - ok
13:13:42.0250 2524 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:13:42.0328 2524 Dnscache - ok
13:13:42.0359 2524 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:13:42.0546 2524 Dot3svc - ok
13:13:42.0546 2524 dpti2o - ok
13:13:42.0546 2524 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:13:42.0640 2524 drmkaud - ok
13:13:42.0671 2524 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:13:42.0828 2524 EapHost - ok
13:13:42.0859 2524 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:13:43.0015 2524 ERSvc - ok
13:13:43.0046 2524 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
13:13:43.0156 2524 Eventlog - ok
13:13:43.0203 2524 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\System32\es.dll
13:13:43.0281 2524 EventSystem - ok
13:13:43.0312 2524 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:13:43.0453 2524 Fastfat - ok
13:13:43.0531 2524 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:13:43.0656 2524 FastUserSwitchingCompatibility - ok
13:13:43.0687 2524 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:13:43.0781 2524 Fdc - ok
13:13:43.0812 2524 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:13:44.0062 2524 Fips - ok
13:13:44.0109 2524 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:13:44.0218 2524 FLEXnet Licensing Service - ok
13:13:44.0234 2524 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:13:44.0328 2524 Flpydisk - ok
13:13:44.0359 2524 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:13:44.0453 2524 FltMgr - ok
13:13:44.0515 2524 [ 993883524AA9CF1C90E1545411A9AC9C ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:13:44.0578 2524 FontCache3.0.0.0 - ok
13:13:44.0578 2524 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:13:44.0687 2524 Fs_Rec - ok
13:13:44.0703 2524 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:13:44.0875 2524 Ftdisk - ok
13:13:44.0906 2524 [ BEAE63CA06345E0714A3CAE6232482EA ] fwdrv C:\WINDOWS\system32\drivers\fwdrv.sys
13:13:44.0984 2524 fwdrv ( UnsignedFile.Multi.Generic ) - warning
13:13:44.0984 2524 fwdrv - detected UnsignedFile.Multi.Generic (1)
13:13:45.0000 2524 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:13:45.0125 2524 Gpc - ok
13:13:45.0140 2524 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:13:45.0250 2524 HDAudBus - ok
13:13:45.0296 2524 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:13:45.0437 2524 helpsvc - ok
13:13:45.0468 2524 [ 887F5CF01755D3087E4E9DEC22101567 ] hidkmdf C:\WINDOWS\system32\DRIVERS\hidkmdf.sys
13:13:45.0531 2524 hidkmdf - ok
13:13:45.0546 2524 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:13:45.0718 2524 HidServ - ok
13:13:45.0734 2524 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:13:45.0828 2524 hidusb - ok
13:13:45.0859 2524 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:13:46.0000 2524 hkmsvc - ok
13:13:46.0000 2524 hpn - ok
13:13:46.0031 2524 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:13:46.0062 2524 HTTP - ok
13:13:46.0093 2524 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:13:46.0250 2524 HTTPFilter - ok
13:13:46.0250 2524 i2omgmt - ok
13:13:46.0265 2524 i2omp - ok
13:13:46.0281 2524 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
13:13:46.0421 2524 i8042prt - ok
13:13:46.0468 2524 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:13:46.0562 2524 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:13:46.0562 2524 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:13:46.0625 2524 [ E7CC3AEAED9893A88876744CD439F76C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:13:46.0671 2524 idsvc ( UnsignedFile.Multi.Generic ) - warning
13:13:46.0671 2524 idsvc - detected UnsignedFile.Multi.Generic (1)
13:13:46.0718 2524 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:13:46.0812 2524 Imapi - ok
13:13:46.0843 2524 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\System32\imapi.exe
13:13:46.0984 2524 ImapiService - ok
13:13:47.0000 2524 ini910u - ok
13:13:47.0000 2524 IntelIde - ok
13:13:47.0031 2524 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:13:47.0140 2524 ip6fw - ok
13:13:47.0156 2524 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:13:47.0250 2524 IpFilterDriver - ok
13:13:47.0265 2524 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:13:47.0375 2524 IpInIp - ok
13:13:47.0390 2524 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:13:47.0500 2524 IpNat - ok
13:13:47.0515 2524 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:13:47.0609 2524 IPSec - ok
13:13:47.0625 2524 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:13:47.0734 2524 IRENUM - ok
13:13:47.0750 2524 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:13:47.0906 2524 isapnp - ok
13:13:47.0921 2524 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:13:49.0687 2524 Kbdclass - ok
13:13:49.0703 2524 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:13:49.0875 2524 kbdhid - ok
13:13:49.0890 2524 [ F1B81D62EA598047D28DD12E1F417976 ] khips C:\WINDOWS\system32\drivers\khips.sys
13:13:49.0953 2524 khips ( UnsignedFile.Multi.Generic ) - warning
13:13:49.0953 2524 khips - detected UnsignedFile.Multi.Generic (1)
13:13:49.0968 2524 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:13:50.0062 2524 kmixer - ok
13:13:50.0156 2524 [ F3CA4A37CD2144DFF7E28A75B30B0FD0 ] KPF4 C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
13:13:50.0265 2524 KPF4 ( UnsignedFile.Multi.Generic ) - warning
13:13:50.0265 2524 KPF4 - detected UnsignedFile.Multi.Generic (1)
13:13:50.0296 2524 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:13:50.0328 2524 KSecDD - ok
13:13:50.0375 2524 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:13:50.0484 2524 lanmanserver - ok
13:13:50.0500 2524 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:13:50.0593 2524 lanmanworkstation - ok
13:13:50.0609 2524 lbrtfdc - ok
13:13:50.0640 2524 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:13:50.0765 2524 LmHosts - ok
13:13:50.0812 2524 [ E3BCE3C975BA95B0500E4B7F8D61E432 ] McAfeeEngineService C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
13:13:50.0921 2524 McAfeeEngineService - ok
13:13:50.0953 2524 [ 1B963D79740B187795407CD03E2F7B4D ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
13:13:51.0046 2524 McAfeeFramework - ok
13:13:51.0062 2524 [ 6F4D3480C42EC33BB56613DC7C787720 ] McShield C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
13:13:51.0187 2524 McShield - ok
13:13:51.0203 2524 [ 6C6AA104272198495D51CC606677DA39 ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
13:13:51.0296 2524 McTaskManager - ok
13:13:51.0312 2524 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:13:51.0500 2524 Messenger - ok
13:13:51.0515 2524 [ AF3BAF4CDED14D5FD7B8D94B78AE3F0A ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
13:13:51.0593 2524 mfeapfk - ok
13:13:51.0609 2524 [ 2EBF8D78F99E2F667FA5F65312A489AB ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
13:13:51.0687 2524 mfeavfk - ok
13:13:51.0718 2524 [ 188324D4412103ED3B086B69D5D210E2 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
13:13:51.0812 2524 mfebopk - ok
13:13:51.0859 2524 [ 51897A0530EA0531898ABBE566A9DD8A ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
13:13:51.0953 2524 mfehidk - ok
13:13:51.0984 2524 [ 192C71EA9990426372E1B803DBAD2C59 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
13:13:52.0062 2524 mferkdet - ok
13:13:52.0078 2524 [ 61FC4DBE4A3E95973509DA6B920E83AA ] mfetdik C:\WINDOWS\system32\drivers\mfetdik.sys
13:13:52.0234 2524 mfetdik - ok
13:13:52.0250 2524 [ 5C2C7AC2ABB73251D67F09182AE6B30F ] mfevtp C:\WINDOWS\system32\mfevtps.exe
13:13:52.0359 2524 mfevtp - ok
13:13:52.0375 2524 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:13:52.0484 2524 mnmdd - ok
13:13:52.0515 2524 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
13:13:52.0703 2524 mnmsrvc - ok
13:13:52.0718 2524 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:13:52.0890 2524 Modem - ok
13:13:52.0953 2524 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys
13:13:53.0109 2524 monfilt - ok
13:13:53.0156 2524 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:13:53.0359 2524 Mouclass - ok
13:13:53.0390 2524 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:13:53.0593 2524 mouhid - ok
13:13:53.0609 2524 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:13:53.0703 2524 MountMgr - ok
13:13:53.0703 2524 mraid35x - ok
13:13:53.0750 2524 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:13:53.0875 2524 MRxDAV - ok
13:13:54.0031 2524 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:13:54.0296 2524 MRxSmb - ok
13:13:54.0328 2524 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\System32\msdtc.exe
13:13:54.0500 2524 MSDTC - ok
13:13:54.0531 2524 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:13:54.0718 2524 Msfs - ok
13:13:54.0718 2524 MSIServer - ok
13:13:54.0765 2524 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:13:54.0890 2524 MSKSSRV - ok
13:13:54.0906 2524 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:13:55.0046 2524 MSPCLOCK - ok
13:13:55.0093 2524 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:13:55.0234 2524 MSPQM - ok
13:13:55.0421 2524 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:13:55.0546 2524 mssmbios - ok
13:13:55.0640 2524 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
13:13:55.0671 2524 MTsensor - ok
13:13:55.0734 2524 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:13:55.0875 2524 Mup - ok
13:13:55.0906 2524 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:13:56.0078 2524 napagent - ok
13:13:56.0093 2524 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:13:56.0203 2524 NDIS - ok
13:13:56.0218 2524 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:13:56.0312 2524 NdisTapi - ok
13:13:56.0343 2524 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:13:56.0437 2524 Ndisuio - ok
13:13:56.0437 2524 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:13:56.0531 2524 NdisWan - ok
13:13:56.0562 2524 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:13:56.0656 2524 NDProxy - ok
13:13:56.0671 2524 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:13:56.0750 2524 NetBIOS - ok
13:13:56.0781 2524 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:13:56.0875 2524 NetBT - ok
13:13:56.0906 2524 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
13:13:57.0000 2524 NetDDE - ok
13:13:57.0000 2524 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:13:57.0093 2524 NetDDEdsdm - ok
13:13:57.0125 2524 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\System32\lsass.exe
13:13:57.0203 2524 Netlogon - ok
13:13:57.0234 2524 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
13:13:57.0328 2524 Netman - ok
13:13:57.0343 2524 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:13:57.0375 2524 NetTcpPortSharing - ok
13:13:57.0406 2524 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
13:13:57.0421 2524 Nla - ok
13:13:57.0484 2524 [ 433049770B810D7C83C5C94CDB3E09D2 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
13:13:57.0515 2524 NMIndexingService - ok
13:13:57.0515 2524 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:13:57.0609 2524 Npfs - ok
13:13:57.0937 2524 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:13:58.0062 2524 Ntfs - ok
13:13:58.0078 2524 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\System32\lsass.exe

13:13:58.0171 2524 NtLmSsp - ok
13:13:58.0203 2524 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:13:58.0296 2524 NtmsSvc - ok
13:13:58.0328 2524 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:13:58.0421 2524 Null - ok
13:13:58.0703 2524 [ 4B54DCD6ADEE535DF80F07C59DDD8F14 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:13:59.0031 2524 nv - ok
13:13:59.0062 2524 [ 0573C75A2895D973EA6EF2495620BA49 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
13:13:59.0078 2524 NVSvc - ok
13:13:59.0109 2524 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:13:59.0281 2524 NwlnkFlt - ok
13:13:59.0281 2524 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:13:59.0390 2524 NwlnkFwd - ok
13:13:59.0453 2524 [ 126A11FA2401AC42FE2D9C2705EC27BC ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe
13:13:59.0453 2524 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
13:13:59.0453 2524 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
13:13:59.0484 2524 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:13:59.0500 2524 ose - ok
13:13:59.0515 2524 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:13:59.0593 2524 Parport - ok
13:13:59.0625 2524 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:13:59.0718 2524 PartMgr - ok
13:13:59.0734 2524 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:13:59.0906 2524 ParVdm - ok
13:13:59.0906 2524 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:14:00.0000 2524 PCI - ok
13:14:00.0000 2524 PCIDump - ok
13:14:00.0015 2524 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:14:00.0125 2524 PCIIde - ok
13:14:00.0156 2524 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:14:00.0296 2524 Pcmcia - ok
13:14:00.0312 2524 PDCOMP - ok
13:14:00.0312 2524 PDFRAME - ok
13:14:00.0312 2524 PDRELI - ok
13:14:00.0328 2524 PDRFRAME - ok
13:14:00.0328 2524 perc2 - ok
13:14:00.0328 2524 perc2hib - ok
13:14:00.0359 2524 [ 5903FA75200807AD739286BBF40C4904 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
13:14:00.0375 2524 pfc ( UnsignedFile.Multi.Generic ) - warning
13:14:00.0375 2524 pfc - detected UnsignedFile.Multi.Generic (1)
13:14:00.0390 2524 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
13:14:00.0406 2524 PlugPlay - ok
13:14:00.0421 2524 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
13:14:00.0500 2524 PolicyAgent - ok
13:14:00.0500 2524 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:14:00.0578 2524 PptpMiniport - ok
13:14:00.0609 2524 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:14:00.0687 2524 Processor - ok
13:14:00.0687 2524 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:14:00.0765 2524 ProtectedStorage - ok
13:14:00.0781 2524 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:14:00.0859 2524 PSched - ok
13:14:00.0875 2524 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:14:00.0968 2524 Ptilink - ok
13:14:01.0000 2524 [ 0C8DA0A8B0D227319C285E0EAE65DEFD ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:14:01.0000 2524 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
13:14:01.0000 2524 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
13:14:01.0000 2524 ql1080 - ok
13:14:01.0015 2524 Ql10wnt - ok
13:14:01.0015 2524 ql12160 - ok
13:14:01.0031 2524 ql1240 - ok
13:14:01.0031 2524 ql1280 - ok
13:14:01.0046 2524 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:14:01.0156 2524 RasAcd - ok
13:14:01.0187 2524 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:14:01.0265 2524 RasAuto - ok
13:14:01.0281 2524 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:14:01.0375 2524 Rasl2tp - ok
13:14:01.0406 2524 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:14:01.0484 2524 RasMan - ok
13:14:01.0484 2524 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:14:01.0578 2524 RasPppoe - ok
13:14:01.0578 2524 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:14:01.0687 2524 Raspti - ok
13:14:01.0703 2524 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:14:01.0781 2524 Rdbss - ok
13:14:01.0796 2524 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:14:01.0906 2524 RDPCDD - ok
13:14:01.0921 2524 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:14:02.0000 2524 rdpdr - ok
13:14:02.0031 2524 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:14:02.0250 2524 RDPWD - ok
13:14:02.0281 2524 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:14:02.0359 2524 RDSessMgr - ok
13:14:02.0390 2524 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:14:02.0468 2524 redbook - ok
13:14:02.0484 2524 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:14:02.0578 2524 RemoteAccess - ok
13:14:02.0593 2524 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:14:02.0687 2524 RemoteRegistry - ok
13:14:02.0687 2524 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\System32\locator.exe
13:14:02.0781 2524 RpcLocator - ok
13:14:02.0843 2524 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:14:02.0890 2524 RpcSs - ok
13:14:02.0906 2524 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\System32\rsvp.exe
13:14:03.0015 2524 RSVP - ok
13:14:03.0046 2524 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:14:03.0062 2524 RTLE8023xp - ok
13:14:03.0078 2524 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
13:14:03.0171 2524 SamSs - ok
13:14:03.0187 2524 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:14:03.0281 2524 SCardSvr - ok
13:14:03.0328 2524 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:14:03.0421 2524 Schedule - ok
13:14:03.0437 2524 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:14:03.0531 2524 Secdrv - ok
13:14:03.0562 2524 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:14:03.0640 2524 seclogon - ok
13:14:03.0656 2524 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
13:14:03.0750 2524 SENS - ok
13:14:03.0781 2524 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:14:03.0859 2524 serenum - ok
13:14:03.0875 2524 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:14:03.0968 2524 Serial - ok
13:14:04.0000 2524 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:14:04.0093 2524 Sfloppy - ok
13:14:04.0171 2524 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:14:04.0250 2524 SharedAccess - ok
13:14:04.0281 2524 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:14:04.0296 2524 ShellHWDetection - ok
13:14:04.0296 2524 Simbad - ok
13:14:04.0328 2524 Sparrow - ok
13:14:04.0359 2524 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:14:04.0453 2524 splitter - ok
13:14:04.0484 2524 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:14:04.0531 2524 Spooler - ok
13:14:04.0546 2524 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\System32\DRIVERS\sr.sys
13:14:04.0828 2524 sr - ok
13:14:04.0843 2524 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\System32\srsvc.dll
13:14:04.0937 2524 srservice - ok
13:14:04.0968 2524 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:14:05.0000 2524 Srv - ok
13:14:05.0015 2524 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:14:05.0093 2524 SSDPSRV - ok
13:14:05.0125 2524 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:14:05.0234 2524 stisvc - ok
13:14:05.0250 2524 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:14:05.0343 2524 swenum - ok
13:14:05.0453 2524 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:14:05.0546 2524 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
13:14:05.0546 2524 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
13:14:05.0562 2524 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:14:05.0656 2524 swmidi - ok
13:14:05.0671 2524 SwPrv - ok
13:14:05.0671 2524 symc810 - ok
13:14:05.0687 2524 symc8xx - ok
13:14:05.0687 2524 sym_hi - ok
13:14:05.0703 2524 sym_u3 - ok
13:14:05.0718 2524 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:14:05.0796 2524 sysaudio - ok
13:14:05.0828 2524 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:14:05.0921 2524 SysmonLog - ok
13:14:05.0937 2524 [ 846B7C0E3F6370CDCCE157A5B36E70CD ] tap0801 C:\WINDOWS\system32\DRIVERS\tap0801.sys
13:14:05.0953 2524 tap0801 ( UnsignedFile.Multi.Generic ) - warning
13:14:05.0953 2524 tap0801 - detected UnsignedFile.Multi.Generic (1)
13:14:05.0984 2524 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:14:06.0078 2524 TapiSrv - ok
13:14:06.0093 2524 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:14:06.0125 2524 Tcpip - ok
13:14:06.0140 2524 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:14:06.0296 2524 TDPIPE - ok
13:14:06.0328 2524 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:14:06.0500 2524 TDTCP - ok
13:14:06.0531 2524 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:14:06.0718 2524 TermDD - ok
13:14:06.0781 2524 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
13:14:06.0937 2524 TermService - ok
13:14:06.0968 2524 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
13:14:06.0984 2524 Themes - ok
13:14:07.0015 2524 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
13:14:07.0109 2524 TlntSvr - ok
13:14:07.0109 2524 TosIde - ok
13:14:07.0140 2524 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:14:07.0218 2524 TrkWks - ok
13:14:07.0250 2524 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:14:07.0343 2524 Udfs - ok
13:14:07.0359 2524 ultra - ok
13:14:07.0375 2524 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
13:14:07.0390 2524 UMWdf - ok
13:14:07.0468 2524 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:14:07.0578 2524 Update - ok
13:14:07.0609 2524 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
13:14:07.0703 2524 upnphost - ok
13:14:07.0734 2524 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
13:14:07.0812 2524 UPS - ok
13:14:07.0828 2524 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:14:07.0921 2524 usbccgp - ok
13:14:07.0921 2524 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:14:08.0015 2524 usbehci - ok
13:14:08.0031 2524 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:14:08.0125 2524 usbhub - ok
13:14:08.0125 2524 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:14:08.0218 2524 usbohci - ok
13:14:08.0234 2524 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:14:08.0328 2524 usbprint - ok
13:14:08.0343 2524 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:14:08.0437 2524 usbscan - ok
13:14:08.0515 2524 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:14:08.0640 2524 USBSTOR - ok
13:14:08.0671 2524 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:14:08.0765 2524 VgaSave - ok
13:14:08.0781 2524 [ 80ED26C12AF05779A3F897B9BADF6F28 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
13:14:08.0828 2524 VIAHdAudAddService - ok
13:14:08.0828 2524 ViaIde - ok
13:14:08.0843 2524 [ 07C20E596A0838809BC5FF5DE5A65973 ] VKbms C:\WINDOWS\system32\DRIVERS\VKbms.sys
13:14:08.0875 2524 VKbms - ok
13:14:08.0890 2524 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:14:09.0062 2524 VolSnap - ok
13:14:09.0109 2524 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
13:14:09.0203 2524 VSS - ok
13:14:09.0250 2524 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\System32\w32time.dll
13:14:09.0328 2524 W32Time - ok
13:14:09.0343 2524 WacHidRouter - ok
13:14:09.0343 2524 wacomrouterfilter - ok
13:14:09.0343 2524 wacomvhid - ok
13:14:09.0375 2524 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:14:09.0468 2524 Wanarp - ok
13:14:09.0484 2524 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
13:14:09.0531 2524 Wdf01000 - ok
13:14:09.0531 2524 WDICA - ok
13:14:09.0562 2524 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:14:09.0656 2524 wdmaud - ok
13:14:09.0687 2524 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:14:09.0781 2524 WebClient - ok
13:14:09.0859 2524 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:14:09.0937 2524 winmgmt - ok
13:14:09.0984 2524 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:14:10.0015 2524 WmdmPmSN - ok
13:14:10.0062 2524 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:14:10.0109 2524 Wmi - ok
13:14:10.0125 2524 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:14:10.0203 2524 WmiAcpi - ok
13:14:10.0250 2524 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:14:10.0343 2524 WmiApSrv - ok
13:14:10.0421 2524 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:14:10.0484 2524 WPFFontCache_v0400 - ok
13:14:10.0515 2524 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:14:10.0609 2524 wscsvc - ok
13:14:10.0609 2524 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:14:10.0718 2524 wuauserv - ok
13:14:10.0750 2524 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:14:10.0843 2524 WZCSVC - ok
13:14:10.0843 2524 xcpip - ok
13:14:10.0875 2524 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:14:10.0968 2524 xmlprov - ok
13:14:10.0968 2524 xpsec - ok
13:14:10.0984 2524 ================ Scan global ===============================
13:14:11.0000 2524 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
13:14:11.0062 2524 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
13:14:11.0109 2524 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
13:14:11.0125 2524 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
13:14:11.0125 2524 [Global] - ok
13:14:11.0125 2524 ================ Scan MBR ==================================
13:14:11.0140 2524 [ 2EE71BF0EED0EA80EA06D295A1A50104 ] \Device\Harddisk0\DR0
13:14:11.0140 2524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
13:14:11.0140 2524 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
13:14:11.0296 2524 [ 2EE71BF0EED0EA80EA06D295A1A50104 ] \Device\Harddisk1\DR1
13:14:11.0296 2524 \Device\Harddisk1\DR1 ( Rootkit.Boot.Sinowal.b ) - infected
13:14:11.0296 2524 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Sinowal.b (0)
13:14:11.0390 2524 ================ Scan VBR ==================================
13:14:11.0390 2524 [ AE331AF67184E5DD2B5FBB5A23D10390 ] \Device\Harddisk0\DR0\Partition1
13:14:11.0406 2524 \Device\Harddisk0\DR0\Partition1 - ok
13:14:11.0406 2524 [ 01AEB818E16400AD3C570C3D15E2791D ] \Device\Harddisk0\DR0\Partition2
13:14:11.0406 2524 \Device\Harddisk0\DR0\Partition2 - ok
13:14:11.0421 2524 [ 23B80275C549C090131D5AE936FBD907 ] \Device\Harddisk0\DR0\Partition3
13:14:11.0421 2524 \Device\Harddisk0\DR0\Partition3 - ok
13:14:11.0421 2524 [ 64A514648C21AAB3CCFAF7A5E6033056 ] \Device\Harddisk1\DR1\Partition1
13:14:11.0421 2524 \Device\Harddisk1\DR1\Partition1 - ok
13:14:11.0453 2524 [ 098BE6F2D22AB4004A840F7C76F4C4D5 ] \Device\Harddisk1\DR1\Partition2
13:14:11.0453 2524 \Device\Harddisk1\DR1\Partition2 - ok
13:14:11.0453 2524 ================ Scan active images ========================
13:14:11.0453 2524 [ FCFFA85CFD4BF7A4711012847048DCA3 ] C:\WINDOWS\system32\drivers\AmdK8.sys
13:14:11.0453 2524 C:\WINDOWS\system32\drivers\AmdK8.sys - ok
13:14:11.0453 2524 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
13:14:11.0453 2524 C:\WINDOWS\system32\drivers\videoprt.sys - ok
13:14:11.0453 2524 [ 4B54DCD6ADEE535DF80F07C59DDD8F14 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
13:14:11.0453 2524 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
13:14:11.0468 2524 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
13:14:11.0468 2524 C:\WINDOWS\system32\drivers\cdrom.sys - ok
13:14:11.0468 2524 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
13:14:11.0468 2524 C:\WINDOWS\system32\drivers\imapi.sys - ok
13:14:11.0468 2524 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
13:14:11.0468 2524 C:\WINDOWS\system32\drivers\ks.sys - ok
13:14:11.0468 2524 [ 5903FA75200807AD739286BBF40C4904 ] C:\WINDOWS\system32\drivers\pfc.sys
13:14:11.0468 2524 C:\WINDOWS\system32\drivers\pfc.sys - ok
13:14:11.0484 2524 [ 89619EF503F949FAE09252A8B883EE11 ] C:\WINDOWS\system32\drivers\Rtenicxp.sys
13:14:11.0484 2524 C:\WINDOWS\system32\drivers\Rtenicxp.sys - ok
13:14:11.0484 2524 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
13:14:11.0484 2524 C:\WINDOWS\system32\drivers\usbehci.sys - ok
13:14:11.0484 2524 [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys
13:14:11.0484 2524 C:\WINDOWS\system32\drivers\usbohci.sys - ok
13:14:11.0484 2524 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
13:14:11.0484 2524 C:\WINDOWS\system32\drivers\usbport.sys - ok
13:14:11.0484 2524 [ D48659BB24C48345D926ECB45C1EBDF5 ] C:\WINDOWS\system32\drivers\ASACPI.sys
13:14:11.0484 2524 C:\WINDOWS\system32\drivers\ASACPI.sys - ok
13:14:11.0500 2524 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
13:14:11.0500 2524 C:\WINDOWS\system32\drivers\fdc.sys - ok
13:14:11.0500 2524 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
13:14:11.0500 2524 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
13:14:11.0500 2524 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] C:\WINDOWS\system32\drivers\parport.sys
13:14:11.0500 2524 C:\WINDOWS\system32\drivers\parport.sys - ok
13:14:11.0500 2524 [ 611BFD220305BE3A85AE876EA47D4AA5 ] C:\WINDOWS\system32\drivers\redbook.sys
13:14:11.0500 2524 C:\WINDOWS\system32\drivers\redbook.sys - ok
13:14:11.0515 2524 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
13:14:11.0515 2524 C:\WINDOWS\system32\drivers\serenum.sys - ok
13:14:11.0515 2524 [ B842729337C9B921615C40D3C1A1AF96 ] C:\WINDOWS\system32\drivers\serial.sys
13:14:11.0515 2524 C:\WINDOWS\system32\drivers\serial.sys - ok
13:14:11.0515 2524 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
13:14:11.0515 2524 C:\WINDOWS\system32\drivers\audstub.sys - ok
13:14:11.0515 2524 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
13:14:11.0515 2524 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
13:14:11.0531 2524 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
13:14:11.0531 2524 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
13:14:11.0531 2524 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
13:14:11.0531 2524 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
13:14:11.0531 2524 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
13:14:11.0531 2524 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
13:14:11.0531 2524 [ C42584FD66CE9E17403AEBCA199F7BDB ] C:\WINDOWS\system32\drivers\wmiacpi.sys
13:14:11.0531 2524 C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
13:14:11.0546 2524 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
13:14:11.0546 2524 C:\WINDOWS\system32\drivers\msgpc.sys - ok
13:14:11.0546 2524 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
13:14:11.0546 2524 C:\WINDOWS\system32\drivers\psched.sys - ok
13:14:11.0546 2524 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
13:14:11.0546 2524 C:\WINDOWS\system32\drivers\raspptp.sys - ok
13:14:11.0546 2524 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
13:14:11.0546 2524 C:\WINDOWS\system32\drivers\tdi.sys - ok
13:14:11.0562 2524 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
13:14:11.0562 2524 C:\WINDOWS\system32\drivers\ptilink.sys - ok
13:14:11.0562 2524 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
13:14:11.0562 2524 C:\WINDOWS\system32\drivers\raspti.sys - ok
13:14:11.0562 2524 [ 846B7C0E3F6370CDCCE157A5B36E70CD ] C:\WINDOWS\system32\drivers\tap0801.sys
13:14:11.0562 2524 C:\WINDOWS\system32\drivers\tap0801.sys - ok
13:14:11.0562 2524 [ 07C20E596A0838809BC5FF5DE5A65973 ] C:\WINDOWS\system32\drivers\VKbms.sys
13:14:11.0562 2524 C:\WINDOWS\system32\drivers\VKbms.sys - ok
13:14:11.0562 2524 [ D918617B46457B9AC28027722E30F647 ] C:\WINDOWS\system32\drivers\wdf01000.sys
13:14:11.0562 2524 C:\WINDOWS\system32\drivers\wdf01000.sys - ok
13:14:11.0578 2524 [ 399C974DDA25FD3E59F22BAB787F662B ] C:\WINDOWS\system32\drivers\wdfldr.sys
13:14:11.0578 2524 C:\WINDOWS\system32\drivers\wdfldr.sys - ok
13:14:11.0578 2524 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
13:14:11.0578 2524 C:\WINDOWS\system32\drivers\hidclass.sys - ok
13:14:11.0578 2524 [ 887F5CF01755D3087E4E9DEC22101567 ] C:\WINDOWS\system32\drivers\hidkmdf.sys
13:14:11.0578 2524 C:\WINDOWS\system32\drivers\hidkmdf.sys - ok
13:14:11.0578 2524 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
13:14:11.0578 2524 C:\WINDOWS\system32\drivers\hidparse.sys - ok
13:14:11.0593 2524 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] C:\WINDOWS\system32\drivers\kbdclass.sys
13:14:11.0593 2524 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
13:14:11.0593 2524 [ 4CB582831DBDE63CE43B45D771218374 ] C:\WINDOWS\system32\drivers\mouclass.sys
13:14:11.0593 2524 C:\WINDOWS\system32\drivers\mouclass.sys - ok
13:14:11.0593 2524 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
13:14:11.0593 2524 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
13:14:11.0593 2524 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
13:14:11.0593 2524 C:\WINDOWS\system32\drivers\swenum.sys - ok
13:14:11.0609 2524 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
13:14:11.0609 2524 C:\WINDOWS\system32\drivers\termdd.sys - ok
13:14:11.0609 2524 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
13:14:11.0609 2524 C:\WINDOWS\system32\drivers\update.sys - ok
13:14:11.0609 2524 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
13:14:11.0609 2524 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
13:14:11.0609 2524 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
13:14:11.0609 2524 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
13:14:11.0625 2524 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
13:14:11.0625 2524 C:\WINDOWS\system32\drivers\usbd.sys - ok
13:14:11.0625 2524 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
13:14:11.0625 2524 C:\WINDOWS\system32\drivers\usbhub.sys - ok
13:14:11.0625 2524 [ BB269EBA740737AB749B214D568B6812 ] C:\WINDOWS\system32\drivers\mouhid.sys
13:14:11.0625 2524 C:\WINDOWS\system32\drivers\mouhid.sys - ok
13:14:11.0625 2524 [ 86C8F23616C6C6E5B2776901C17B945B ] C:\WINDOWS\system32\drivers\kbdhid.sys
13:14:11.0625 2524 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
13:14:11.0640 2524 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
13:14:11.0640 2524 C:\WINDOWS\system32\drivers\drmk.sys - ok
13:14:11.0640 2524 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] C:\WINDOWS\system32\drivers\monfilt.sys
13:14:11.0640 2524 C:\WINDOWS\system32\drivers\monfilt.sys - ok
13:14:11.0640 2524 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
13:14:11.0640 2524 C:\WINDOWS\system32\drivers\portcls.sys - ok
13:14:11.0640 2524 [ 80ED26C12AF05779A3F897B9BADF6F28 ] C:\WINDOWS\system32\drivers\viahduaa.sys
13:14:11.0640 2524 C:\WINDOWS\system32\drivers\viahduaa.sys - ok
13:14:11.0656 2524 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
13:14:11.0656 2524 C:\WINDOWS\system32\drivers\beep.sys - ok
13:14:11.0656 2524 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
13:14:11.0656 2524 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
13:14:11.0656 2524 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
13:14:11.0656 2524 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
13:14:11.0656 2524 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
13:14:11.0656 2524 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
13:14:11.0671 2524 [ C528E27945367191E7BAE364930B6932 ] C:\WINDOWS\system32\drivers\i8042prt.sys
13:14:11.0671 2524 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
13:14:11.0671 2524 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
13:14:11.0671 2524 C:\WINDOWS\system32\drivers\null.sys - ok
13:14:11.0671 2524 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
13:14:11.0671 2524 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
13:14:11.0671 2524 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
13:14:11.0671 2524 C:\WINDOWS\system32\drivers\vga.sys - ok
13:14:11.0687 2524 [ BEAE63CA06345E0714A3CAE6232482EA ] C:\WINDOWS\system32\drivers\fwdrv.sys
13:14:11.0687 2524 C:\WINDOWS\system32\drivers\fwdrv.sys - ok
13:14:11.0687 2524 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
13:14:11.0687 2524 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
13:14:11.0687 2524 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
13:14:11.0687 2524 C:\WINDOWS\system32\drivers\msfs.sys - ok
13:14:11.0703 2524 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
13:14:11.0703 2524 C:\WINDOWS\system32\drivers\npfs.sys - ok
13:14:11.0703 2524 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
13:14:11.0703 2524 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
13:14:11.0703 2524 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
13:14:11.0703 2524 C:\WINDOWS\system32\drivers\ipnat.sys - ok
13:14:11.0703 2524 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
13:14:11.0703 2524 C:\WINDOWS\system32\drivers\ipsec.sys - ok
13:14:11.0718 2524 [ 61FC4DBE4A3E95973509DA6B920E83AA ] C:\WINDOWS\system32\drivers\mfetdik.sys
13:14:11.0718 2524 C:\WINDOWS\system32\drivers\mfetdik.sys - ok
13:14:11.0718 2524 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
13:14:11.0718 2524 C:\WINDOWS\system32\drivers\netbt.sys - ok
13:14:11.0718 2524 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
13:14:11.0718 2524 C:\WINDOWS\system32\drivers\rasacd.sys - ok
13:14:11.0718 2524 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
13:14:11.0718 2524 C:\WINDOWS\system32\drivers\tcpip.sys - ok
13:14:11.0734 2524 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
13:14:11.0734 2524 C:\WINDOWS\system32\drivers\afd.sys - ok
13:14:11.0734 2524 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
13:14:11.0734 2524 C:\WINDOWS\system32\drivers\netbios.sys - ok
13:14:11.0734 2524 [ 7EB15DCE4EC3A0220BD796A15C18186E ] C:\WINDOWS\system32\drivers\processr.sys
13:14:11.0734 2524 C:\WINDOWS\system32\drivers\processr.sys - ok
13:14:11.0734 2524 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
13:14:11.0734 2524 C:\WINDOWS\system32\drivers\rdbss.sys - ok
13:14:11.0750 2524 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
13:14:11.0750 2524 C:\WINDOWS\system32\drivers\wanarp.sys - ok
13:14:11.0750 2524 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
13:14:11.0750 2524 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
13:14:11.0750 2524 [ AC366695A0796560AA37215AD5762AAF ] C:\WINDOWS\system32\drivers\fips.sys
13:14:11.0750 2524 C:\WINDOWS\system32\drivers\fips.sys - ok
13:14:11.0750 2524 [ F1B81D62EA598047D28DD12E1F417976 ] C:\WINDOWS\system32\drivers\khips.sys
13:14:11.0750 2524 C:\WINDOWS\system32\drivers\khips.sys - ok
13:14:11.0765 2524 [ C512B618D0E19339572AD125E26B9CB5 ] C:\WINDOWS\system32\drivers\danew.sys
13:14:11.0765 2524 C:\WINDOWS\system32\drivers\danew.sys - ok
13:14:11.0765 2524 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
13:14:11.0765 2524 C:\WINDOWS\system32\drivers\hidusb.sys - ok
13:14:11.0765 2524 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
13:14:11.0765 2524 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
13:14:11.0765 2524 [ 0A12141F94F9C7A478AF490454320E97 ] C:\WINDOWS\system32\ntdll.dll
13:14:11.0765 2524 C:\WINDOWS\system32\ntdll.dll - ok
13:14:11.0781 2524 [ 9B08A8C6331C2DA9C30377BCB4262721 ] C:\WINDOWS\system32\smss.exe
13:14:11.0781 2524 C:\WINDOWS\system32\smss.exe - ok
13:14:11.0781 2524 [ C7A9FF12C63E2E448722B02C71A8C431 ] C:\WINDOWS\system32\autochk.exe
13:14:11.0781 2524 C:\WINDOWS\system32\autochk.exe - ok
13:14:11.0796 2524 [ 56A6034E7764E23D9114223EB3523925 ] C:\WINDOWS\system32\sfcfiles.dll
13:14:11.0796 2524 C:\WINDOWS\system32\sfcfiles.dll - ok
13:14:11.0796 2524 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
13:14:11.0796 2524 C:\WINDOWS\system32\drivers\cdfs.sys - ok
13:14:11.0796 2524 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
13:14:11.0796 2524 C:\WINDOWS\system32\drivers\atapi.sys - ok
13:14:11.0812 2524 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
13:14:11.0812 2524 C:\WINDOWS\system32\drivers\wmilib.sys - ok
13:14:11.0812 2524 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
13:14:11.0812 2524 C:\WINDOWS\system32\drivers\dxapi.sys - ok
13:14:11.0812 2524 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
13:14:11.0812 2524 C:\WINDOWS\system32\basesrv.dll - ok
13:14:11.0828 2524 [ CE440A5DEB0861CC621A6A704EBB1E71 ] C:\WINDOWS\system32\csrsrv.dll
13:14:11.0828 2524 C:\WINDOWS\system32\csrsrv.dll - ok
13:14:11.0828 2524 [ 628CE66E3FD35BFC7969DBAC245DC069 ] C:\WINDOWS\system32\csrss.exe
13:14:11.0828 2524 C:\WINDOWS\system32\csrss.exe - ok
13:14:11.0828 2524 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
13:14:11.0828 2524 C:\WINDOWS\system32\watchdog.sys - ok
13:14:11.0828 2524 [ 89B9C5051E815C943C3A9EBB2619DF6A ] C:\WINDOWS\system32\win32k.sys
13:14:11.0828 2524 C:\WINDOWS\system32\win32k.sys - ok
13:14:11.0828 2524 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
13:14:11.0828 2524 C:\WINDOWS\system32\winsrv.dll - ok
13:14:11.0843 2524 [ 90C925765E695AB984BE2E8A21B62AE9 ] C:\WINDOWS\system32\gdi32.dll
13:14:11.0843 2524 C:\WINDOWS\system32\gdi32.dll - ok
13:14:11.0843 2524 [ 545C653E8FE241CA6200798AA94FE5C7 ] C:\WINDOWS\system32\kernel32.dll
13:14:11.0843 2524 C:\WINDOWS\system32\kernel32.dll - ok
13:14:11.0843 2524 [ E16E0990967374E76F3E40CACAFD3D53 ] C:\WINDOWS\system32\user32.dll
13:14:11.0843 2524 C:\WINDOWS\system32\user32.dll - ok
13:14:11.0843 2524 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
13:14:11.0843 2524 C:\WINDOWS\system32\drivers\dxg.sys - ok
13:14:11.0859 2524 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
13:14:11.0859 2524 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
13:14:11.0859 2524 [ 8A067CC459AA9CF7597CEEFE05B35F3B ] C:\WINDOWS\system32\nv4_disp.dll
13:14:11.0859 2524 C:\WINDOWS\system32\nv4_disp.dll - ok
13:14:11.0859 2524 [ 1BD2076C717CB48967D5078EC9650891 ] C:\WINDOWS\system32\vga.dll
13:14:11.0859 2524 C:\WINDOWS\system32\vga.dll - ok
13:14:11.0859 2524 [ CDDB1F8E1AEA356F3AD106F2CF9B7FEA ] C:\WINDOWS\system32\winlogon.exe
13:14:11.0859 2524 C:\WINDOWS\system32\winlogon.exe - ok
13:14:11.0875 2524 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] C:\WINDOWS\system32\advapi32.dll
13:14:11.0875 2524 C:\WINDOWS\system32\advapi32.dll - ok
13:14:11.0875 2524 [ DD2A19C756A3992416C00CEEE55A3337 ] C:\WINDOWS\system32\rpcrt4.dll
13:14:11.0875 2524 C:\WINDOWS\system32\rpcrt4.dll - ok
13:14:11.0875 2524 [ 69DF78F490C85052C7AF6C8ABE4AF1C5 ] C:\WINDOWS\system32\secur32.dll
13:14:11.0875 2524 C:\WINDOWS\system32\secur32.dll - ok
13:14:11.0875 2524 [ DEA06DA25BB393E0A69C6E71BE5681DC ] C:\WINDOWS\system32\authz.dll
13:14:11.0875 2524 C:\WINDOWS\system32\authz.dll - ok
13:14:11.0875 2524 [ D405267A0CAB7A2F9A97F8BE0E8C7A1D ] C:\WINDOWS\system32\crypt32.dll
13:14:11.0875 2524 C:\WINDOWS\system32\crypt32.dll - ok
13:14:11.0890 2524 [ D165DFCB4EA452510E53416F573018BB ] C:\WINDOWS\system32\msvcrt.dll
13:14:11.0890 2524 C:\WINDOWS\system32\msvcrt.dll - ok
13:14:11.0890 2524 [ 052B3C1DADDE0D267987E8DA3BBE1AFB ] C:\WINDOWS\system32\msasn1.dll
13:14:11.0890 2524 C:\WINDOWS\system32\msasn1.dll - ok
13:14:11.0890 2524 [ 4D0C43A5446E4CA079D783CD70E9D543 ] C:\WINDOWS\system32\nddeapi.dll
13:14:11.0890 2524 C:\WINDOWS\system32\nddeapi.dll - ok
13:14:11.0890 2524 [ 8F43DFAF8B01F5775B931145E0FBB4B1 ] C:\WINDOWS\system32\netapi32.dll
13:14:11.0890 2524 C:\WINDOWS\system32\netapi32.dll - ok
13:14:11.0906 2524 [ ABBAF72B2E4D7C8D238D1AA8424244B4 ] C:\WINDOWS\system32\profmap.dll
13:14:11.0906 2524 C:\WINDOWS\system32\profmap.dll - ok
13:14:11.0906 2524 [ 7625B324EE90A716E447115A4B7F7364 ] C:\WINDOWS\system32\userenv.dll
13:14:11.0906 2524 C:\WINDOWS\system32\userenv.dll - ok
13:14:11.0906 2524 [ F9631D6681944F2CC0824FCEE52E8526 ] C:\WINDOWS\system32\psapi.dll
13:14:11.0906 2524 C:\WINDOWS\system32\psapi.dll - ok
13:14:11.0906 2524 [ FAE69704BB5FF6F8E7C60B21048CD1C3 ] C:\WINDOWS\system32\regapi.dll
13:14:11.0906 2524 C:\WINDOWS\system32\regapi.dll - ok
13:14:11.0921 2524 [ 0E93A7F2BE83AF906D9EAFB370300CAA ] C:\WINDOWS\system32\setupapi.dll
13:14:11.0921 2524 C:\WINDOWS\system32\setupapi.dll - ok
13:14:11.0921 2524 [ 614F8186BDAB926E3B1D8927A4161B54 ] C:\WINDOWS\system32\version.dll
13:14:11.0921 2524 C:\WINDOWS\system32\version.dll - ok
13:14:11.0921 2524 [ EF42EA58F8BF96753BE84B3227AD119E ] C:\WINDOWS\system32\winsta.dll
13:14:11.0921 2524 C:\WINDOWS\system32\winsta.dll - ok
13:14:11.0921 2524 [ D21DBAA97839B1786E278FDD2F3444AC ] C:\WINDOWS\system32\imagehlp.dll
13:14:11.0921 2524 C:\WINDOWS\system32\imagehlp.dll - ok
13:14:11.0937 2524 [ FCD15D33AD9D7BD371F00651A23947CE ] C:\WINDOWS\system32\wintrust.dll
13:14:11.0937 2524 C:\WINDOWS\system32\wintrust.dll - ok
13:14:11.0937 2524 [ 951D473917C51F21496D914CF6E5DDD1 ] C:\WINDOWS\system32\ws2_32.dll
13:14:11.0937 2524 C:\WINDOWS\system32\ws2_32.dll - ok
13:14:11.0937 2524 [ 6C60CA8AC7470AC01CFD3D24C7283CD1 ] C:\WINDOWS\system32\imm32.dll
13:14:11.0937 2524 C:\WINDOWS\system32\imm32.dll - ok
13:14:11.0937 2524 [ 36E68E02AF2206FC4A8C73CAEABE1FB0 ] C:\WINDOWS\system32\kbdcz.dll
13:14:11.0937 2524 C:\WINDOWS\system32\kbdcz.dll - ok
13:14:11.0953 2524 [ 859F7735F199C90403340183A3DDFB78 ] C:\WINDOWS\system32\ws2help.dll
13:14:11.0953 2524 C:\WINDOWS\system32\ws2help.dll - ok
13:14:11.0953 2524 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll
13:14:11.0953 2524 C:\WINDOWS\system32\atmfd.dll - ok
13:14:11.0953 2524 [ B8282F0D8CD2D99CC9C1811553FC4151 ] C:\WINDOWS\system32\drivers\xpsec.sys
13:14:11.0953 2524 C:\WINDOWS\system32\drivers\xpsec.sys - ok
13:14:11.0953 2524 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
13:14:11.0953 2524 C:\WINDOWS\system32\kbdus.dll - ok
13:14:11.0953 2524 [ C1367E52DDAB839B8A21E412519E5FB5 ] C:\WINDOWS\system32\msgina.dll
13:14:11.0953 2524 C:\WINDOWS\system32\msgina.dll - ok
13:14:11.0968 2524 [ E145ADD7DAEF759C4F5FB80A180A9C30 ] C:\WINDOWS\system32\comctl32.dll
13:14:11.0968 2524 C:\WINDOWS\system32\comctl32.dll - ok
13:14:11.0968 2524 [ 338AF4C42116A09278D2477E94E0A01A ] C:\WINDOWS\system32\drivers\xcpip.sys
13:14:11.0968 2524 C:\WINDOWS\system32\drivers\xcpip.sys - ok
13:14:11.0968 2524 [ D6F092E2D661AD284D34189B78FE08E6 ] C:\WINDOWS\system32\comdlg32.dll
13:14:11.0968 2524 C:\WINDOWS\system32\comdlg32.dll - ok
13:14:11.0968 2524 [ ED180CFF554C5797E983501823E78613 ] C:\WINDOWS\system32\odbc32.dll
13:14:11.0968 2524 C:\WINDOWS\system32\odbc32.dll - ok
13:14:11.0984 2524 [ 639A1D31DCB23068087B1F781EDCD4A9 ] C:\WINDOWS\system32\shell32.dll
13:14:11.0984 2524 C:\WINDOWS\system32\shell32.dll - ok
13:14:11.0984 2524 [ 5553738BD481C5456BB4E22B6F4D99EB ] C:\WINDOWS\system32\shlwapi.dll
13:14:11.0984 2524 C:\WINDOWS\system32\shlwapi.dll - ok
13:14:11.0984 2524 [ E139BB65A83049154EE40B46A42B9BAC ] C:\WINDOWS\system32\sxs.dll
13:14:11.0984 2524 C:\WINDOWS\system32\sxs.dll - ok
13:14:11.0984 2524 [ 8A72A30FDC803DC06755D3B36D966F31 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
13:14:11.0984 2524 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
13:14:12.0000 2524 [ 62D35D5F2D6ACE259DF6226D7079A661 ] C:\WINDOWS\system32\odbcint.dll
13:14:12.0000 2524 C:\WINDOWS\system32\odbcint.dll - ok
13:14:12.0000 2524 [ EE9A2B9EA968A792A053C9D1A86BF870 ] C:\WINDOWS\system32\shsvcs.dll
13:14:12.0000 2524 C:\WINDOWS\system32\shsvcs.dll - ok
13:14:12.0000 2524 [ 5EE949255BABC0B17C09DDB2E59E3878 ] C:\WINDOWS\system32\sfc.dll
13:14:12.0000 2524 C:\WINDOWS\system32\sfc.dll - ok
13:14:12.0000 2524 [ 83451053EAD9F92B697C1BCBA91987FC ] C:\WINDOWS\system32\sfc_os.dll
13:14:12.0000 2524 C:\WINDOWS\system32\sfc_os.dll - ok
13:14:12.0015 2524 [ ED9B683C7A8BBAAAB9B377197D20832C ] C:\WINDOWS\system32\ole32.dll
13:14:12.0015 2524 C:\WINDOWS\system32\ole32.dll - ok
13:14:12.0015 2524 [ 11882C729C6B2E2E045F8B93BDB69295 ] C:\WINDOWS\system32\apphelp.dll
13:14:12.0015 2524 C:\WINDOWS\system32\apphelp.dll - ok
13:14:12.0015 2524 [ ED0A176354487CEED65B80A7148AB739 ] C:\WINDOWS\system32\lsass.exe
13:14:12.0015 2524 C:\WINDOWS\system32\lsass.exe - ok
13:14:12.0015 2524 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
13:14:12.0015 2524 C:\WINDOWS\system32\services.exe - ok
13:14:12.0031 2524 [ C8F04C22EB595DBC0624CB4484DCF6D4 ] C:\WINDOWS\system32\lsasrv.dll
13:14:12.0031 2524 C:\WINDOWS\system32\lsasrv.dll - ok
13:14:12.0031 2524 [ 1B7A9C069457EC6E37E1F1D79B58AE87 ] C:\WINDOWS\system32\ncobjapi.dll
13:14:12.0031 2524 C:\WINDOWS\system32\ncobjapi.dll - ok
13:14:12.0031 2524 [ A46994F7DF0F6FFFA9FBD52C57DFF15C ] C:\WINDOWS\system32\msvcp60.dll
13:14:12.0031 2524 C:\WINDOWS\system32\msvcp60.dll - ok
13:14:12.0031 2524 [ 3FE1BBF9A6865275464D38B0A2B4A93D ] C:\WINDOWS\system32\mpr.dll
13:14:12.0031 2524 C:\WINDOWS\system32\mpr.dll - ok
13:14:12.0046 2524 [ EE43B67C08B2DF9F529A75EAB8877D19 ] C:\WINDOWS\system32\scesrv.dll
13:14:12.0046 2524 C:\WINDOWS\system32\scesrv.dll - ok
13:14:12.0046 2524 [ 2FFDE877A4584FF839458B7500B53C54 ] C:\WINDOWS\system32\ntdsapi.dll
13:14:12.0046 2524 C:\WINDOWS\system32\ntdsapi.dll - ok
13:14:12.0046 2524 [ CBE9EE6C6A5FD587CE6A4607C3B8B7C6 ] C:\WINDOWS\system32\umpnpmgr.dll
13:14:12.0046 2524 C:\WINDOWS\system32\umpnpmgr.dll - ok
13:14:12.0046 2524 [ 443FA2B9D23DAA57077A670E7B14052A ] C:\WINDOWS\system32\dnsapi.dll
13:14:12.0046 2524 C:\WINDOWS\system32\dnsapi.dll - ok
13:14:12.0062 2524 [ 2E14E691EFA7847A603612A80889D6A0 ] C:\WINDOWS\system32\shimeng.dll
13:14:12.0062 2524 C:\WINDOWS\system32\shimeng.dll - ok
13:14:12.0062 2524 [ 5E5489C1D9AC8ED236EA8C6E54A997B9 ] C:\WINDOWS\AppPatch\acadproc.dll
13:14:12.0062 2524 C:\WINDOWS\AppPatch\acadproc.dll - ok
13:14:12.0062 2524 [ 2F1DE43508B086C7A6117A35FE17BA0D ] C:\WINDOWS\system32\samlib.dll
13:14:12.0062 2524 C:\WINDOWS\system32\samlib.dll - ok
13:14:12.0062 2524 [ AD68FEF8C99D87611F5617E46766E055 ] C:\WINDOWS\system32\wldap32.dll
13:14:12.0062 2524 C:\WINDOWS\system32\wldap32.dll - ok
13:14:12.0062 2524 [ 923122A0B25850462C2BD576EABD60AF ] C:\WINDOWS\system32\samsrv.dll
13:14:12.0062 2524 C:\WINDOWS\system32\samsrv.dll - ok
13:14:12.0078 2524 [ 2C677B499B36B7991643B04BB8AA7AEA ] C:\WINDOWS\AppPatch\acgenral.dll
13:14:12.0078 2524 C:\WINDOWS\AppPatch\acgenral.dll - ok
13:14:12.0078 2524 [ 6A9BDF7029BD29FBF3BE6EE6CD768013 ] C:\WINDOWS\system32\cryptdll.dll
13:14:12.0078 2524 C:\WINDOWS\system32\cryptdll.dll - ok
13:14:12.0078 2524 [ 865E2815C3597A952F13ECF463B52D7E ] C:\WINDOWS\system32\oleaut32.dll
13:14:12.0078 2524 C:\WINDOWS\system32\oleaut32.dll - ok
13:14:12.0078 2524 [ D61C4E13A776DC9D29EF22B44EB0AB7F ] C:\WINDOWS\system32\winmm.dll
13:14:12.0078 2524 C:\WINDOWS\system32\winmm.dll - ok
13:14:12.0093 2524 [ 4B2068CB18F72E78ACD07BD94F743F94 ] C:\WINDOWS\system32\msacm32.dll
13:14:12.0093 2524 C:\WINDOWS\system32\msacm32.dll - ok
13:14:12.0093 2524 [ 0B3077EC67D9509B6B8A1FA3006E717B ] C:\WINDOWS\system32\rasapi32.dll
13:14:12.0093 2524 C:\WINDOWS\system32\rasapi32.dll - ok
13:14:12.0093 2524 [ B5E0985B9D9B809D57A4999B29CB4A3D ] C:\WINDOWS\system32\uxtheme.dll
13:14:12.0093 2524 C:\WINDOWS\system32\uxtheme.dll - ok
13:14:12.0093 2524 [ 79D7A4B85ED05818604678E84746C176 ] C:\WINDOWS\system32\msapsspc.dll
13:14:12.0093 2524 C:\WINDOWS\system32\msapsspc.dll - ok
13:14:12.0109 2524 [ A4F20BF76D85B92FE6E0C6B3884E8718 ] C:\WINDOWS\system32\rasman.dll
13:14:12.0109 2524 C:\WINDOWS\system32\rasman.dll - ok
13:14:12.0109 2524 [ A8B1342EE63C191258460EFE5D30D6A1 ] C:\WINDOWS\system32\tapi32.dll
13:14:12.0109 2524 C:\WINDOWS\system32\tapi32.dll - ok
13:14:12.0109 2524 [ 50EAEE3F7F79A3206311AD09CB6EE2F1 ] C:\WINDOWS\system32\digest.dll
13:14:12.0109 2524 C:\WINDOWS\system32\digest.dll - ok
13:14:12.0109 2524 [ 7A943FB5D0260595A7DA43246F070D2D ] C:\WINDOWS\system32\iphlpapi.dll
13:14:12.0109 2524 C:\WINDOWS\system32\iphlpapi.dll - ok
13:14:12.0125 2524 [ F987BA178D3D2AC5A448906AA74244A6 ] C:\WINDOWS\system32\msnsspc.dll
13:14:12.0125 2524 C:\WINDOWS\system32\msnsspc.dll - ok
13:14:12.0125 2524 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
13:14:12.0125 2524 C:\WINDOWS\system32\msvcrt40.dll - ok
13:14:12.0125 2524 [ 043FD4E92FE9BA70BFB8AC49848887CB ] C:\WINDOWS\system32\rtutils.dll
13:14:12.0125 2524 C:\WINDOWS\system32\rtutils.dll - ok
13:14:12.0125 2524 [ A639E2A83CD57882B6D0F6F203BA73AF ] C:\WINDOWS\system32\schannel.dll
13:14:12.0125 2524 C:\WINDOWS\system32\schannel.dll - ok
13:14:12.0125 2524 [ A579E4FFF919F9A892F9E0BDA82A65BD ] C:\WINDOWS\system32\wininet.dll
13:14:12.0125 2524 C:\WINDOWS\system32\wininet.dll - ok
13:14:12.0140 2524 [ DAE17E35517159E5852B1712878D9702 ] C:\WINDOWS\system32\kerberos.dll
13:14:12.0140 2524 C:\WINDOWS\system32\kerberos.dll - ok
13:14:12.0140 2524 [ 26AE5F5ADF4A30C8BCEA736343170201 ] C:\WINDOWS\system32\msctfime.ime
13:14:12.0140 2524 C:\WINDOWS\system32\msctfime.ime - ok
13:14:12.0140 2524 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
13:14:12.0140 2524 C:\WINDOWS\system32\msprivs.dll - ok
13:14:12.0140 2524 [ E1E17EB9523D54F3A43C3DBB709D61A9 ] C:\WINDOWS\system32\msv1_0.dll
13:14:12.0140 2524 C:\WINDOWS\system32\msv1_0.dll - ok
13:14:12.0156 2524 [ C2ED0E3408F50BBC149D4F0936E67832 ] C:\WINDOWS\system32\netlogon.dll
13:14:12.0156 2524 C:\WINDOWS\system32\netlogon.dll - ok
13:14:12.0156 2524 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
13:14:12.0156 2524 C:\WINDOWS\system32\normaliz.dll - ok
13:14:12.0156 2524 [ 8F541317DF26B3686B3B6F4CF7A39401 ] C:\WINDOWS\system32\urlmon.dll
13:14:12.0156 2524 C:\WINDOWS\system32\urlmon.dll - ok
13:14:12.0156 2524 [ FA4E1CDBA256787F2149F4AAD07BC91F ] C:\WINDOWS\system32\w32time.dll
13:14:12.0156 2524 C:\WINDOWS\system32\w32time.dll - ok
13:14:12.0171 2524 [ DC9155CBB3E68868E4F1170C528D6DA1 ] C:\WINDOWS\system32\iertutil.dll
13:14:12.0171 2524 C:\WINDOWS\system32\iertutil.dll - ok
13:14:12.0171 2524 [ A06D566DF5918E78DCF80596B17D2C9A ] C:\WINDOWS\system32\wdigest.dll
13:14:12.0171 2524 C:\WINDOWS\system32\wdigest.dll - ok
13:14:12.0171 2524 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
13:14:12.0171 2524 C:\WINDOWS\system32\rsaenh.dll - ok
13:14:12.0171 2524 [ 7D7B90E9DA5263804D9C6ADEADAC9D6E ] C:\WINDOWS\system32\winscard.dll
13:14:12.0171 2524 C:\WINDOWS\system32\winscard.dll - ok
13:14:12.0187 2524 [ 190E67B026EDB080440BD2F735654E0C ] C:\WINDOWS\system32\wtsapi32.dll
13:14:12.0187 2524 C:\WINDOWS\system32\wtsapi32.dll - ok
13:14:12.0187 2524 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
13:14:12.0187 2524 C:\WINDOWS\system32\oleacc.dll - ok
13:14:12.0187 2524 [ 830CE8951C71F361D7D2F38416CC8BC1 ] C:\WINDOWS\system32\scecli.dll
13:14:12.0187 2524 C:\WINDOWS\system32\scecli.dll - ok
13:14:12.0187 2524 [ BE4A520E29B6391F49E79CCC52044D93 ] C:\WINDOWS\system32\svchost.exe
13:14:12.0187 2524 C:\WINDOWS\system32\svchost.exe - ok
13:14:12.0203 2524 [ EB25940843AB2EBD333107CF064B8787 ] C:\WINDOWS\system32\ntmarta.dll
13:14:12.0203 2524 C:\WINDOWS\system32\ntmarta.dll - ok
13:14:12.0203 2524 [ BE27674D1CBC3214AEC84B4336A38BBF ] C:\WINDOWS\system32\rpcss.dll
13:14:12.0203 2524 C:\WINDOWS\system32\rpcss.dll - ok
13:14:12.0203 2524 [ 61AAE581F5DC8B393C93EE0DF32F38B2 ] C:\WINDOWS\system32\xpsp2res.dll
13:14:12.0203 2524 C:\WINDOWS\system32\xpsp2res.dll - ok
13:14:12.0203 2524 [ 2EE99F67C930931EB404DADCE57E976E ] C:\WINDOWS\system32\eventlog.dll
13:14:12.0203 2524 C:\WINDOWS\system32\eventlog.dll - ok
13:14:12.0218 2524 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] C:\WINDOWS\system32\mswsock.dll
13:14:12.0218 2524 C:\WINDOWS\system32\mswsock.dll - ok
13:14:12.0218 2524 [ E19A4040E79BE0AACA971117378F7F2B ] C:\Program Files\Bonjour\mdnsNSP.dll
13:14:12.0218 2524 C:\Program Files\Bonjour\mdnsNSP.dll - ok
13:14:12.0218 2524 [ ED18ADEE4AA21EB26977260152D7241A ] C:\WINDOWS\system32\hnetcfg.dll
13:14:12.0218 2524 C:\WINDOWS\system32\hnetcfg.dll - ok
13:14:12.0218 2524 [ DF2F39569BF7F223AF3CCBC23D07BF6E ] C:\WINDOWS\system32\winrnr.dll
13:14:12.0218 2524 C:\WINDOWS\system32\winrnr.dll - ok
13:14:12.0234 2524 [ 8DBCEA7B495024A29FEF59B5FE709DAC ] C:\WINDOWS\system32\wshtcpip.dll
13:14:12.0234 2524 C:\WINDOWS\system32\wshtcpip.dll - ok
13:14:12.0234 2524 [ B26098F3DC08D841DE3D79C38ACCB807 ] C:\WINDOWS\system32\rasadhlp.dll
13:14:12.0234 2524 C:\WINDOWS\system32\rasadhlp.dll - ok
13:14:12.0234 2524 [ 8C9A53E285AC5E6704844D0459EC85BE ] C:\WINDOWS\system32\dhcpcsvc.dll
13:14:12.0234 2524 C:\WINDOWS\system32\dhcpcsvc.dll - ok
13:14:12.0234 2524 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
13:14:12.0234 2524 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
13:14:12.0234 2524 [ DFAA406BF19F4EE806A6F8D4342137F7 ] C:\WINDOWS\system32\dnsrslvr.dll
13:14:12.0234 2524 C:\WINDOWS\system32\dnsrslvr.dll - ok
13:14:12.0250 2524 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] C:\WINDOWS\system32\termsrv.dll
13:14:12.0250 2524 C:\WINDOWS\system32\termsrv.dll - ok
13:14:12.0250 2524 [ 0AB159F536E3E8F7F07113702A07CCA5 ] C:\WINDOWS\system32\lmhsvc.dll
13:14:12.0250 2524 C:\WINDOWS\system32\lmhsvc.dll - ok
13:14:12.0250 2524 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] C:\WINDOWS\system32\wzcsvc.dll
13:14:12.0250 2524 C:\WINDOWS\system32\wzcsvc.dll - ok
13:14:12.0250 2524 [ 72C1FF5AE0330CCF9C35BCBBAD267F3B ] C:\WINDOWS\system32\icaapi.dll
13:14:12.0250 2524 C:\WINDOWS\system32\icaapi.dll - ok
13:14:12.0265 2524 [ 6E0F6ABF57F2E3A73456450A1501D9B3 ] C:\WINDOWS\system32\mstlsapi.dll
13:14:12.0265 2524 C:\WINDOWS\system32\mstlsapi.dll - ok
13:14:12.0265 2524 [ ACDB4C56ADCAD6913371C2B38BC016E2 ] C:\WINDOWS\system32\wmi.dll
13:14:12.0265 2524 C:\WINDOWS\system32\wmi.dll - ok
13:14:12.0265 2524 [ 6E4DFC1D92AD235FC76E8C7EE5544A00 ] C:\WINDOWS\system32\eapolqec.dll
13:14:12.0265 2524 C:\WINDOWS\system32\eapolqec.dll - ok
13:14:12.0265 2524 [ AC531D7E51B7B5FB52D7585935222DE6 ] C:\WINDOWS\system32\atl.dll
13:14:12.0265 2524 C:\WINDOWS\system32\atl.dll - ok
13:14:12.0281 2524 [ 28217BEA16EC1790ADF5495BDCD03B35 ] C:\WINDOWS\system32\activeds.dll
13:14:12.0281 2524 C:\WINDOWS\system32\activeds.dll - ok
13:14:12.0281 2524 [ B88893C7FB9671C84DBF6400CD2170CD ] C:\WINDOWS\system32\adsldpc.dll
13:14:12.0281 2524 C:\WINDOWS\system32\adsldpc.dll - ok
13:14:12.0281 2524 [ 6011D2787CD0CE16CE6E40C30F13F6F8 ] C:\WINDOWS\system32\dot3api.dll
13:14:12.0281 2524 C:\WINDOWS\system32\dot3api.dll - ok
13:14:12.0281 2524 [ 39026490EF6992293A38AA13204BA6F3 ] C:\WINDOWS\system32\esent.dll
13:14:12.0281 2524 C:\WINDOWS\system32\esent.dll - ok
13:14:12.0296 2524 [ 9D221D3CBB4DFA1FD225B2769009F99B ] C:\WINDOWS\system32\qutil.dll
13:14:12.0296 2524 C:\WINDOWS\system32\qutil.dll - ok
13:14:12.0296 2524 [ 66DF63A7BAE72033C2E7E9B60A20E05C ] C:\WINDOWS\system32\clbcatq.dll
13:14:12.0296 2524 C:\WINDOWS\system32\clbcatq.dll - ok
13:14:12.0296 2524 [ E7B375DFFB68A16659CA66474A280C47 ] C:\WINDOWS\system32\comres.dll
13:14:12.0296 2524 C:\WINDOWS\system32\comres.dll - ok
13:14:12.0296 2524 [ 616A0CC9DA2BAA008306EEA895F8BC0F ] C:\WINDOWS\system32\cscdll.dll
13:14:12.0296 2524 C:\WINDOWS\system32\cscdll.dll - ok
13:14:12.0312 2524 [ 8CC571653F6741481F6B9BBEAF8F362F ] C:\WINDOWS\system32\logonui.exe
13:14:12.0312 2524 C:\WINDOWS\system32\logonui.exe - ok
13:14:12.0312 2524 [ 0B1AA4B12FC08CCB7EAB6AAA1E25AC16 ] C:\WINDOWS\system32\rastls.dll
13:14:12.0312 2524 C:\WINDOWS\system32\rastls.dll - ok
13:14:12.0312 2524 [ F37A3D11450C4BA9BD862DFF7451728C ] C:\WINDOWS\system32\cryptui.dll
13:14:12.0312 2524 C:\WINDOWS\system32\cryptui.dll - ok
13:14:12.0312 2524 [ 883E504885373DCC08DFEF30A10E4F12 ] C:\WINDOWS\system32\dimsntfy.dll
13:14:12.0312 2524 C:\WINDOWS\system32\dimsntfy.dll - ok
13:14:12.0328 2524 [ 0F1F2827B4FDF4401E0B9D60C63CE0D8 ] C:\WINDOWS\system32\winspool.drv
13:14:12.0328 2524 C:\WINDOWS\system32\winspool.drv - ok
13:14:12.0328 2524 [ 4807A2D624C4D3643B29AE2BA3FAA13D ] C:\WINDOWS\system32\wlnotify.dll
13:14:12.0328 2524 C:\WINDOWS\system32\wlnotify.dll - ok
13:14:12.0328 2524 [ 01DEFAA24704069BDB1A559A9C6EBC88 ] C:\WINDOWS\system32\duser.dll
13:14:12.0328 2524 C:\WINDOWS\system32\duser.dll - ok
13:14:12.0328 2524 [ AC992C58B28038A43E63DE07361B9732 ] C:\WINDOWS\system32\mprapi.dll
13:14:12.0328 2524 C:\WINDOWS\system32\mprapi.dll - ok
13:14:12.0343 2524 [ D1995A48DCC77C8C3DE97BF89C1F8232 ] C:\WINDOWS\system32\riched20.dll
13:14:12.0343 2524 C:\WINDOWS\system32\riched20.dll - ok
13:14:12.0343 2524 [ 627551A1011199BCE013D0F4B6CACECF ] C:\WINDOWS\system32\msimg32.dll
13:14:12.0343 2524 C:\WINDOWS\system32\msimg32.dll - ok
13:14:12.0343 2524 [ BF5A61ED318A04CE683374069EA42CA6 ] C:\WINDOWS\system32\raschap.dll
13:14:12.0343 2524 C:\WINDOWS\system32\raschap.dll - ok
13:14:12.0343 2524 [ 3FF232A7731621B8902D81D42418C93C ] C:\WINDOWS\system32\schedsvc.dll
13:14:12.0343 2524 C:\WINDOWS\system32\schedsvc.dll - ok
13:14:12.0343 2524 [ 98CA2F18D988D7EA7D0183CE1FE83461 ] C:\WINDOWS\system32\shgina.dll
13:14:12.0343 2524 C:\WINDOWS\system32\shgina.dll - ok
13:14:12.0359 2524 [ F6226D2AF6E3ACF5889F33E9E53602AC ] C:\WINDOWS\system32\msidle.dll
13:14:12.0359 2524 C:\WINDOWS\system32\msidle.dll - ok
13:14:12.0359 2524 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
13:14:12.0359 2524 C:\WINDOWS\system32\spoolsv.exe - ok
13:14:12.0359 2524 [ DE31B88962A8645DBA5A37B993E7B0F1 ] C:\WINDOWS\system32\audiosrv.dll
13:14:12.0359 2524 C:\WINDOWS\system32\audiosrv.dll - ok
13:14:12.0359 2524 [ 936C1D110232D23B621CB0196E4F80F0 ] C:\WINDOWS\system32\wkssvc.dll
13:14:12.0359 2524 C:\WINDOWS\system32\wkssvc.dll - ok
13:14:12.0375 2524 [ 65DDCE6C4F63C6AAC3D99EFBA4C1E9C4 ] C:\WINDOWS\system32\cscui.dll
13:14:12.0375 2524 C:\WINDOWS\system32\cscui.dll - ok
13:14:12.0375 2524 [ 14E87D5268FFA7F6BF6DC33B40A37866 ] C:\WINDOWS\system32\dpcdll.dll
13:14:12.0375 2524 C:\WINDOWS\system32\dpcdll.dll - ok
13:14:12.0375 2524 [ 9FA69781CAA7A1DA981A24F240A61A60 ] C:\WINDOWS\system32\powrprof.dll
13:14:12.0375 2524 C:\WINDOWS\system32\powrprof.dll - ok
13:14:12.0375 2524 [ 653B038066D1FD5962BB88796ED7CFC0 ] C:\WINDOWS\system32\wdmaud.drv
13:14:12.0375 2524 C:\WINDOWS\system32\wdmaud.drv - ok
13:14:12.0390 2524 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
13:14:12.0390 2524 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
13:14:12.0390 2524 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
13:14:12.0390 2524 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
13:14:12.0390 2524 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
13:14:12.0390 2524 C:\WINDOWS\system32\drivers\aec.sys - ok
13:14:12.0390 2524 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
13:14:12.0390 2524 C:\WINDOWS\system32\drivers\splitter.sys - ok
13:14:12.0390 2524 [ 7DC1830F22E7D275B438127B68030239 ] C:\WINDOWS\system32\userinit.exe
13:14:12.0390 2524 C:\WINDOWS\system32\userinit.exe - ok
13:14:12.0406 2524 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
13:14:12.0406 2524 C:\WINDOWS\system32\drivers\swmidi.sys - ok
13:14:12.0406 2524 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
13:14:12.0406 2524 C:\WINDOWS\system32\drivers\dmusic.sys - ok
13:14:12.0406 2524 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
13:14:12.0406 2524 C:\WINDOWS\system32\drivers\kmixer.sys - ok
13:14:12.0406 2524 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
13:14:12.0406 2524 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
13:14:12.0421 2524 [ 58A0D4A0DB5FB76438A38F30E666B212 ] C:\WINDOWS\system32\msacm32.drv
13:14:12.0421 2524 C:\WINDOWS\system32\msacm32.drv - ok
13:14:12.0421 2524 [ 160A1500DDBE42F8793E3AD341E4BEC4 ] C:\WINDOWS\system32\midimap.dll
13:14:12.0421 2524 C:\WINDOWS\system32\midimap.dll - ok
13:14:12.0421 2524 [ 27AFD587C462E280EE046B8CCA3C2CD1 ] C:\WINDOWS\explorer.exe
13:14:12.0421 2524 C:\WINDOWS\explorer.exe - ok
13:14:12.0421 2524 [ E45ECB5A023F77F813CD0DFF92699B76 ] C:\WINDOWS\system32\browseui.dll
13:14:12.0421 2524 C:\WINDOWS\system32\browseui.dll - ok
13:14:12.0437 2524 [ 6D4084D7ACF7A369C802116A9128F2F5 ] C:\WINDOWS\system32\shdocvw.dll
13:14:12.0437 2524 C:\WINDOWS\system32\shdocvw.dll - ok
13:14:12.0437 2524 [ DC9EFCC8827EB2C0D17A7E4B2DE77E63 ] C:\WINDOWS\system32\desk.cpl
13:14:12.0437 2524 C:\WINDOWS\system32\desk.cpl - ok
13:14:12.0437 2524 [ 42FC2993518A71372BE7B8176CAAC8CF ] C:\WINDOWS\system32\themeui.dll
13:14:12.0437 2524 C:\WINDOWS\system32\themeui.dll - ok
13:14:12.0437 2524 [ 508B8A0B72953469B3282A495CA6D482 ] C:\WINDOWS\system32\actxprxy.dll
13:14:12.0437 2524 C:\WINDOWS\system32\actxprxy.dll - ok
13:14:12.0453 2524 [ 58A4129B7AB2CF2E7F00256F7EDAEAC2 ] C:\WINDOWS\system32\cmd.exe
13:14:12.0453 2524 C:\WINDOWS\system32\cmd.exe - ok
13:14:12.0453 2524 [ B9D1F1606B3A4EA30E2141FDEDCA4342 ] C:\WINDOWS\system32\ieframe.dll
13:14:12.0453 2524 C:\WINDOWS\system32\ieframe.dll - ok
13:14:12.0453 2524 [ 47E827EB2C26A383AD16BF80C0FCA8FA ] C:\WINDOWS\system32\cryptnet.dll
13:14:12.0453 2524 C:\WINDOWS\system32\cryptnet.dll - ok
13:14:12.0453 2524 [ C77D916102E469F130A504CB9DACB930 ] C:\WINDOWS\system32\sensapi.dll
13:14:12.0453 2524 C:\WINDOWS\system32\sensapi.dll - ok
13:14:12.0468 2524 [ 84963584AEEF0562B632FC85B108B654 ] C:\WINDOWS\system32\winhttp.dll
13:14:12.0468 2524 C:\WINDOWS\system32\winhttp.dll - ok
13:14:12.0468 2524 [ 8702CD069DE8F6B527E92CF55F78D5D2 ] C:\WINDOWS\system32\cabinet.dll
13:14:12.0468 2524 C:\WINDOWS\system32\cabinet.dll - ok
13:14:12.0468 2524 [ 03853A3540EC3F64EBDEFFB2ECE757D4 ] C:\WINDOWS\system32\wbem\wbemprox.dll
13:14:12.0468 2524 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
13:14:12.0468 2524 [ 5D1D9D1AC352D82C815EDF67E6EE5C97 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
13:14:12.0468 2524 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
13:14:12.0468 2524 [ CD78F171ACF966E4F83302C4192E881F ] C:\WINDOWS\system32\spoolss.dll
13:14:12.0468 2524 C:\WINDOWS\system32\spoolss.dll - ok
13:14:12.0484 2524 [ 32BAAEAEC3ED1536ED6EA387C4AA85A5 ] C:\WINDOWS\system32\localspl.dll
13:14:12.0484 2524 C:\WINDOWS\system32\localspl.dll - ok
13:14:12.0484 2524 [ C0D44791C969D65E63F250BC8BA0DC57 ] C:\WINDOWS\system32\AdobePDF.dll
13:14:12.0484 2524 C:\WINDOWS\system32\AdobePDF.dll - ok
13:14:12.0484 2524 [ EDB3D87983DA77A0A4CFA046C8BCE5CA ] C:\WINDOWS\system32\cnbjmon.dll
13:14:12.0484 2524 C:\WINDOWS\system32\cnbjmon.dll - ok
13:14:12.0484 2524 [ 322FD75A97DBA67FC8F97A9957F857F1 ] C:\WINDOWS\system32\mdimon.dll
13:14:12.0484 2524 C:\WINDOWS\system32\mdimon.dll - ok
13:14:12.0500 2524 [ 2C264A0CC77E3E307D5FE407F90FAF5E ] C:\WINDOWS\system32\msi.dll
13:14:12.0500 2524 C:\WINDOWS\system32\msi.dll - ok
13:14:12.0500 2524 [ A751CFE02B53DC37EDC912D9BD778775 ] C:\WINDOWS\system32\MLMON_0G.DLL
13:14:12.0500 2524 C:\WINDOWS\system32\MLMON_0G.DLL - ok
13:14:12.0500 2524 [ B71DDDB2C32CF40382CBF7EB595A6FA9 ] C:\WINDOWS\system32\MSPOOL0G.DLL
13:14:12.0500 2524 C:\WINDOWS\system32\MSPOOL0G.DLL - ok
13:14:12.0500 2524 [ B07780B0B2CF4F6456289679FE9DF368 ] C:\WINDOWS\system32\wsock32.dll
13:14:12.0500 2524 C:\WINDOWS\system32\wsock32.dll - ok
13:14:12.0515 2524 [ E2EB496B7A1CACF6550EF028B329893A ] C:\WINDOWS\system32\pjlmon.dll
13:14:12.0515 2524 C:\WINDOWS\system32\pjlmon.dll - ok
13:14:12.0515 2524 [ 519C77BC60B14AB6187C4D328105CD61 ] C:\WINDOWS\system32\tcpmon.dll
13:14:12.0515 2524 C:\WINDOWS\system32\tcpmon.dll - ok
13:14:12.0515 2524 [ 9DD7DCC47F1EAA3FBCC985C20AD71B64 ] C:\WINDOWS\system32\usbmon.dll
13:14:12.0515 2524 C:\WINDOWS\system32\usbmon.dll - ok
13:14:12.0515 2524 [ 4F54119ACB137AF8ABE45AF7242E72CF ] C:\WINDOWS\system32\spool\prtprocs\w32x86\MIMFPR0G.DLL

13:14:12.0515 2524 C:\WINDOWS\system32\spool\prtprocs\w32x86\MIMFPR0G.DLL - ok
13:14:12.0531 2524 [ B481C1BE44B8821AC00DA47C565851B5 ] C:\WINDOWS\system32\MIMF320G.DLL
13:14:12.0531 2524 C:\WINDOWS\system32\MIMF320G.DLL - ok
13:14:12.0531 2524 [ 867C65E6246A113F1BCD2B4B575D8E6C ] C:\WINDOWS\system32\MTAG320G.DLL
13:14:12.0531 2524 C:\WINDOWS\system32\MTAG320G.DLL - ok
13:14:12.0531 2524 [ EA8647A21BCB56C5F15712D4B7407501 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
13:14:12.0531 2524 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
13:14:12.0531 2524 [ 94E5D1795A0855E5F1FB5BDCF903F9DA ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
13:14:12.0531 2524 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
13:14:12.0546 2524 [ 1EC6A255B9B5AE8F53F0F3A41E66E5FD ] C:\WINDOWS\system32\win32spl.dll
13:14:12.0546 2524 C:\WINDOWS\system32\win32spl.dll - ok
13:14:12.0546 2524 [ 6E3248D3F8766502A51DF12F1F54BCE3 ] C:\WINDOWS\system32\netrap.dll
13:14:12.0546 2524 C:\WINDOWS\system32\netrap.dll - ok
13:14:12.0546 2524 [ F420C325956CA593679A8796065BFBB6 ] C:\WINDOWS\system32\inetpp.dll
13:14:12.0546 2524 C:\WINDOWS\system32\inetpp.dll - ok
13:14:12.0546 2524 [ A371F11EF07653591C8DE26AFB13CE7F ] C:\WINDOWS\system32\es.dll
13:14:12.0546 2524 C:\WINDOWS\system32\es.dll - ok
13:14:12.0562 2524 [ AD6B1A69B0CCCF27A792F4C00740D24D ] C:\DOCUME~1\David\LOCALS~1\Temp\E6A393DA-DE2E-48A3-A003-41EDEB67FE74.exe
13:14:12.0562 2524 C:\DOCUME~1\David\LOCALS~1\Temp\E6A393DA-DE2E-48A3-A003-41EDEB67FE74.exe - ok
13:14:12.0562 2524 [ D65C288E5F9B0C557F685CECC0B1B1E6 ] C:\WINDOWS\system32\msutb.dll
13:14:12.0562 2524 C:\WINDOWS\system32\msutb.dll - ok
13:14:12.0562 2524 [ 269A0930085C63E0464C85F3FA1D2DBA ] C:\WINDOWS\system32\msctf.dll
13:14:12.0562 2524 C:\WINDOWS\system32\msctf.dll - ok
13:14:12.0562 2524 [ 7FDE9FC15765E02B23E1756930165AD1 ] C:\WINDOWS\system32\linkinfo.dll
13:14:12.0562 2524 C:\WINDOWS\system32\linkinfo.dll - ok
13:14:12.0562 2524 [ 5D23A83D4B6324EC147F17334E057493 ] C:\WINDOWS\system32\ntshrui.dll
13:14:12.0562 2524 C:\WINDOWS\system32\ntshrui.dll - ok
13:14:12.0578 2524 [ 6B4377A3DA487722270E5DD2A20DDDF2 ] C:\WINDOWS\system32\verclsid.exe
13:14:12.0578 2524 C:\WINDOWS\system32\verclsid.exe - ok
13:14:12.0578 2524 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\87215803.sys
13:14:12.0578 2524 C:\WINDOWS\system32\drivers\87215803.sys - ok
13:14:12.0578 2524 [ 129E4E748829A3D027787E6740EE351D ] C:\WINDOWS\system32\mlang.dll
13:14:12.0578 2524 C:\WINDOWS\system32\mlang.dll - ok
13:14:12.0578 2524 [ C93152B9BBEC79C7A6CA39E4E4F77ECB ] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
13:14:12.0578 2524 C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe - ok
13:14:12.0593 2524 [ E0DD5DB829C887C4DCC2D9B31470F7EC ] C:\WINDOWS\system32\netshell.dll
13:14:12.0593 2524 C:\WINDOWS\system32\netshell.dll - ok
13:14:12.0593 2524 [ 1D37681166E7B0AE1FABF5676439F924 ] C:\WINDOWS\system32\credui.dll
13:14:12.0593 2524 C:\WINDOWS\system32\credui.dll - ok
13:14:12.0593 2524 [ C9AFEA3C13B62701FAE571D8466EB5F6 ] C:\WINDOWS\system32\dot3dlg.dll
13:14:12.0593 2524 C:\WINDOWS\system32\dot3dlg.dll - ok
13:14:12.0593 2524 [ DFBCA5222331A476C42DF1AA3921629E ] C:\WINDOWS\system32\eappcfg.dll
13:14:12.0593 2524 C:\WINDOWS\system32\eappcfg.dll - ok
13:14:12.0609 2524 [ F6D35EBC8F11300AAFD1D4CA6DC65B9D ] C:\WINDOWS\system32\eappprxy.dll
13:14:12.0609 2524 C:\WINDOWS\system32\eappprxy.dll - ok
13:14:12.0609 2524 [ A7162CFFDA477AE2239D4FB6F8094534 ] C:\WINDOWS\system32\onex.dll
13:14:12.0609 2524 C:\WINDOWS\system32\onex.dll - ok
13:14:12.0609 2524 [ 33FC9AB5D74633F257B879B401F70BBE ] C:\WINDOWS\system32\rundll32.exe
13:14:12.0609 2524 C:\WINDOWS\system32\rundll32.exe - ok
13:14:12.0625 2524 [ D081C72A6A33B6B7127D17B66FFDF995 ] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
13:14:12.0625 2524 C:\Program Files\NVIDIA Corporation\nview\nwiz.exe - ok
13:14:12.0625 2524 [ 0A74B5376B81E29BF5D4CDB9FACC5E46 ] C:\Program Files\McAfee\Common Framework\UdaterUI.exe
13:14:12.0625 2524 C:\Program Files\McAfee\Common Framework\UdaterUI.exe - ok
13:14:12.0625 2524 [ A760DE5BFC2C1A17635DA7F7BDE37769 ] C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
13:14:12.0625 2524 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe - ok
13:14:12.0625 2524 [ 7D86BF7E930A483E67484BBC91FF7CD5 ] C:\Program Files\McAfee\Common Framework\nailog3.dll
13:14:12.0625 2524 C:\Program Files\McAfee\Common Framework\nailog3.dll - ok
13:14:12.0625 2524 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\system32\msvcr71.dll
13:14:12.0625 2524 C:\WINDOWS\system32\msvcr71.dll - ok
13:14:12.0640 2524 [ E1636F57581CAB5D995FD54D2991EF57 ] C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
13:14:12.0640 2524 C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe - ok
13:14:12.0640 2524 [ F577910A133A592234EBAAD3F3AFA258 ] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:14:12.0640 2524 C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe - ok
13:14:12.0640 2524 [ D5DE3333EA2BB10015F484134565DB92 ] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
13:14:12.0640 2524 C:\Program Files\OpenVPN\bin\openvpn-gui.exe - ok
13:14:12.0640 2524 [ 38ED0EC2661770A7699E599C45DAE844 ] C:\Program Files\Razer\DeathAdder\razerhid.exe
13:14:12.0640 2524 C:\Program Files\Razer\DeathAdder\razerhid.exe - ok
13:14:12.0656 2524 [ A756B8F0F7BAFBA6DFE39F7D169F2519 ] C:\WINDOWS\system32\ctfmon.exe
13:14:12.0656 2524 C:\WINDOWS\system32\ctfmon.exe - ok
13:14:12.0656 2524 [ AA8C99220DAF040D1F0543F51BDEE84A ] C:\Program Files\McAfee\VirusScan Enterprise\ftcfg.dll
13:14:12.0656 2524 C:\Program Files\McAfee\VirusScan Enterprise\ftcfg.dll - ok
13:14:12.0656 2524 [ 0C66454DEBE3B89199D637CB036723B5 ] C:\Program Files\OpenVPN\bin\libeay32.dll
13:14:12.0656 2524 C:\Program Files\OpenVPN\bin\libeay32.dll - ok
13:14:12.0656 2524 [ 2ABF16D8A9F80936E884EC323B335410 ] C:\WINDOWS\system32\nvmctray.dll
13:14:12.0656 2524 C:\WINDOWS\system32\nvmctray.dll - ok
13:14:12.0671 2524 [ FE4083ADBD690EF8B02EC30CF756EFBD ] C:\WINDOWS\ime\sptip.dll
13:14:12.0671 2524 C:\WINDOWS\ime\sptip.dll - ok
13:14:12.0671 2524 [ 051C4F9607E2A1913FA84104BF9CDDF2 ] C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll
13:14:12.0671 2524 C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll - ok
13:14:12.0671 2524 [ 332D5439C89E9FA475EDFB69B02E1975 ] C:\WINDOWS\system32\shfolder.dll
13:14:12.0671 2524 C:\WINDOWS\system32\shfolder.dll - ok
13:14:12.0671 2524 [ DC2126F3456A6FE04BA8A50E3987F349 ] C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll
13:14:12.0671 2524 C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll - ok
13:14:12.0687 2524 [ A1DF927F39BF907C2CC88290DC075579 ] C:\Program Files\McAfee\Common Framework\naCmnLib3_71.dll
13:14:12.0687 2524 C:\Program Files\McAfee\Common Framework\naCmnLib3_71.dll - ok
13:14:12.0687 2524 [ 7A50E919F9CF6D3850A40C18F92C5E03 ] C:\WINDOWS\system32\nvcpl.dll
13:14:12.0687 2524 C:\WINDOWS\system32\nvcpl.dll - ok
13:14:12.0687 2524 [ B2EEE3DEE31F50E082E9C720A6D7757D ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
13:14:12.0687 2524 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll - ok
13:14:12.0703 2524 [ ECDB189942E5F9FA05B4EF09D000534B ] C:\Program Files\McAfee\Common Framework\naxml3_71.dll
13:14:12.0703 2524 C:\Program Files\McAfee\Common Framework\naxml3_71.dll - ok
13:14:12.0703 2524 [ 472C9DB931D5DAB846AEE46C63643BD2 ] C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll
13:14:12.0703 2524 C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll - ok
13:14:12.0703 2524 [ DE880A525EC99DE38C5F85F3A3A3E16E ] C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll
13:14:12.0703 2524 C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll - ok
13:14:12.0703 2524 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\WINDOWS\system32\msvcp71.dll
13:14:12.0703 2524 C:\WINDOWS\system32\msvcp71.dll - ok
13:14:12.0718 2524 [ 464325F6C822FD26A44E54E0DC9F144F ] C:\WINDOWS\system32\lz32.dll
13:14:12.0718 2524 C:\WINDOWS\system32\lz32.dll - ok
13:14:12.0718 2524 [ BFFB54B16B9C7B1D80F183B10234A4A3 ] C:\Program Files\McAfee\VirusScan Enterprise\Res0900\McShield.DLL
13:14:12.0718 2524 C:\Program Files\McAfee\VirusScan Enterprise\Res0900\McShield.DLL - ok
13:14:12.0718 2524 [ 0460FC2BA9D61054C5F1A3A0EADD39F7 ] C:\Program Files\McAfee\VirusScan Enterprise\graphics.dll
13:14:12.0718 2524 C:\Program Files\McAfee\VirusScan Enterprise\graphics.dll - ok
13:14:12.0734 2524 [ 7538050656FE5D63CB4B80349DD1CFE3 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
13:14:12.0734 2524 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll - ok
13:14:12.0734 2524 [ EC37B222A92A95948D2A1C71DC1544D9 ] C:\Program Files\McAfee\Common Framework\AppLib.dll
13:14:12.0734 2524 C:\Program Files\McAfee\Common Framework\AppLib.dll - ok
13:14:12.0734 2524 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
13:14:12.0734 2524 C:\WINDOWS\system32\webcheck.dll - ok
13:14:12.0734 2524 [ 7D41B90803F8B9EBAEAC9ECB3E53882F ] C:\Program Files\OpenVPN\bin\openvpn.exe
13:14:12.0734 2524 C:\Program Files\OpenVPN\bin\openvpn.exe - ok
13:14:12.0734 2524 [ 114E5342884A174F0E261526F07B63A1 ] C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\libcurl.dll
13:14:12.0734 2524 C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\libcurl.dll - ok
13:14:12.0750 2524 [ 6705043F0BB486E666D57DBBB5D389D0 ] C:\Program Files\NVIDIA Corporation\nview\nView.dll
13:14:12.0750 2524 C:\Program Files\NVIDIA Corporation\nview\nView.dll - ok
13:14:12.0750 2524 [ 3BECFAA73C00CA42CB8FC85A21F45141 ] C:\Program Files\McAfee\Common Framework\CMALib.dll
13:14:12.0750 2524 C:\Program Files\McAfee\Common Framework\CMALib.dll - ok
13:14:12.0750 2524 [ B68B20BC561C8ECF672DF627A4D8DC8F ] C:\WINDOWS\system32\stobject.dll
13:14:12.0750 2524 C:\WINDOWS\system32\stobject.dll - ok
13:14:12.0750 2524 [ 9D7EF8E7DD3BA8A73CA25E4658AE84B9 ] C:\Program Files\McAfee\Common Framework\cryptocme2.dll
13:14:12.0750 2524 C:\Program Files\McAfee\Common Framework\cryptocme2.dll - ok
13:14:12.0765 2524 [ E868299439DCBFD5117A2FEB90217C84 ] C:\WINDOWS\system32\batmeter.dll
13:14:12.0765 2524 C:\WINDOWS\system32\batmeter.dll - ok
13:14:12.0765 2524 [ 6307849B9BE3C206DB46A62316BF191F ] C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\libeay32.dll
13:14:12.0765 2524 C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\libeay32.dll - ok
13:14:12.0765 2524 [ 165AE7A443F2139DD2C078AD87699F91 ] C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL
13:14:12.0765 2524 C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL - ok
13:14:12.0765 2524 [ 507C2C7E84331D28C64A7ADF5BFC4557 ] C:\Program Files\OpenVPN\bin\libssl32.dll
13:14:12.0765 2524 C:\Program Files\OpenVPN\bin\libssl32.dll - ok
13:14:12.0781 2524 [ 1169436EE42F860C7DB37A4692B38F0E ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
13:14:12.0781 2524 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll - ok
13:14:12.0781 2524 [ C92328F77863CA4472CBCB2292B12D1C ] C:\Program Files\NVIDIA Corporation\nview\NVWRSCS.dll
13:14:12.0781 2524 C:\Program Files\NVIDIA Corporation\nview\NVWRSCS.dll - ok
13:14:12.0781 2524 [ 8E009E7AC012823845D5F39A77F4A27F ] C:\WINDOWS\system32\dsound.dll
13:14:12.0781 2524 C:\WINDOWS\system32\dsound.dll - ok
13:14:12.0781 2524 [ AAA55B127EC38BDEBD2A3891A2E5FD54 ] C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\ssleay32.dll
13:14:12.0781 2524 C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\ssleay32.dll - ok
13:14:12.0796 2524 [ 84BD091511BB994664D33EC313645BF9 ] C:\WINDOWS\system32\nvwddi.dll
13:14:12.0796 2524 C:\WINDOWS\system32\nvwddi.dll - ok
13:14:12.0796 2524 [ 7D770F6FD01B8478F61287BEEEBDBF8E ] C:\WINDOWS\system32\oledlg.dll
13:14:12.0796 2524 C:\WINDOWS\system32\oledlg.dll - ok
13:14:12.0796 2524 [ 907B50DE97ED835EFE151F203818216D ] C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll
13:14:12.0796 2524 C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll - ok
13:14:12.0796 2524 [ F5BB3D0BB06C4DE2AC2E593460AE15EA ] C:\Program Files\McAfee\VirusScan Enterprise\nailite.dll
13:14:12.0796 2524 C:\Program Files\McAfee\VirusScan Enterprise\nailite.dll - ok
13:14:12.0812 2524 [ 21C141732D231677D8FEC89A73EB44A2 ] C:\WINDOWS\system32\msxml3.dll
13:14:12.0812 2524 C:\WINDOWS\system32\msxml3.dll - ok
13:14:12.0828 2524 [ 16C195EBC0A3EC35C48D0C2D9A346BAB ] C:\WINDOWS\system32\olepro32.dll
13:14:12.0828 2524 C:\WINDOWS\system32\olepro32.dll - ok
13:14:12.0843 2524 [ 0E8CB0A757E27B87F4DB45AC031BF02E ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
13:14:12.0843 2524 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
13:14:12.0859 2524 [ 0B13FD431ED8AD66F4482B3D33F54986 ] C:\WINDOWS\system32\nvrscs.dll
13:14:12.0859 2524 C:\WINDOWS\system32\nvrscs.dll - ok
13:14:12.0859 2524 [ 20A20998EF2D760603AE736422D2C8E8 ] C:\WINDOWS\system32\pstorec.dll
13:14:12.0859 2524 C:\WINDOWS\system32\pstorec.dll - ok
13:14:12.0859 2524 [ 2161B0A46C4F57FA3645DD881572962C ] C:\WINDOWS\system32\nvapi.dll
13:14:12.0859 2524 C:\WINDOWS\system32\nvapi.dll - ok
13:14:12.0859 2524 [ AF6A4BCDE2343E8562D3003A1740CC96 ] C:\WINDOWS\system32\ksuser.dll
13:14:12.0859 2524 C:\WINDOWS\system32\ksuser.dll - ok
13:14:12.0859 2524 [ 6B227D8DDFEF9546F393DF255C9BA6DF ] C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll
13:14:12.0859 2524 C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll - ok
13:14:12.0875 2524 [ DF872832944E29564DD9824F85AEA51B ] C:\Program Files\Razer\DeathAdder\CheckPidVid.dll
13:14:12.0875 2524 C:\Program Files\Razer\DeathAdder\CheckPidVid.dll - ok
13:14:12.0875 2524 [ 7F0077B0701B30001602CFE7A44F1957 ] C:\Program Files\McAfee\VirusScan Enterprise\mfeavfa.dll
13:14:12.0875 2524 C:\Program Files\McAfee\VirusScan Enterprise\mfeavfa.dll - ok
13:14:12.0875 2524 [ CF3315B51F46C9C91C663DB04804398E ] C:\Program Files\McAfee\VirusScan Enterprise\mfehida.dll
13:14:12.0875 2524 C:\Program Files\McAfee\VirusScan Enterprise\mfehida.dll - ok
13:14:12.0875 2524 [ EEEF5FF5B53416D6197965A6D6D723B6 ] C:\Program Files\Razer\DeathAdder\razertra.exe
13:14:12.0875 2524 C:\Program Files\Razer\DeathAdder\razertra.exe - ok
13:14:12.0890 2524 [ F694D53C6BF3EE02D128D5A42DBECC9E ] C:\Program Files\Razer\DeathAdder\razerlan.dll
13:14:12.0890 2524 C:\Program Files\Razer\DeathAdder\razerlan.dll - ok
13:14:12.0890 2524 [ 2A032EFAE93D6C5DE769796FB355185F ] C:\Program Files\Razer\DeathAdder\razerofa.exe
13:14:12.0890 2524 C:\Program Files\Razer\DeathAdder\razerofa.exe - ok
13:14:12.0890 2524 [ 268D17827F501D68BA0AB26C1DCD8264 ] C:\Program Files\Razer\DeathAdder\vdDaemon.exe
13:14:12.0890 2524 C:\Program Files\Razer\DeathAdder\vdDaemon.exe - ok
13:14:12.0890 2524 [ FFB0A2D2B73A64979CD29C15B3B0A9D5 ] C:\WINDOWS\system32\hid.dll
13:14:12.0890 2524 C:\WINDOWS\system32\hid.dll - ok
13:14:12.0906 2524 [ D6B18454ACCBA9258735ACD83BC4F220 ] C:\WINDOWS\system32\msisip.dll
13:14:12.0906 2524 C:\WINDOWS\system32\msisip.dll - ok
13:14:12.0906 2524 [ DA97675EC9029801E874E52208DEDF83 ] C:\WINDOWS\system32\wshext.dll
13:14:12.0906 2524 C:\WINDOWS\system32\wshext.dll - ok
13:14:12.0906 2524 [ 40FA2F035ED88108850757CA51DAD942 ] C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL
13:14:12.0906 2524 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL - ok
13:14:12.0906 2524 [ B60DDDD2D63CE41CB8C487FCFBB6419E ] C:\Program Files\Internet Explorer\iexplore.exe
13:14:12.0906 2524 C:\Program Files\Internet Explorer\iexplore.exe - ok
13:14:12.0921 2524 [ 8A3745782FD1334295B954D2F813DF21 ] C:\WINDOWS\AppPatch\aclayers.dll
13:14:12.0921 2524 C:\WINDOWS\AppPatch\aclayers.dll - ok
13:14:12.0921 2524 [ 5EB87BA0B93CA7E894FC8002E3CE4C2A ] C:\Program Files\Internet Explorer\sqmapi.dll
13:14:12.0921 2524 C:\Program Files\Internet Explorer\sqmapi.dll - ok
13:14:12.0921 2524 [ DB5681928E4BBA7DCE31E89586DCEF2D ] C:\Program Files\Internet Explorer\xpshims.dll
13:14:12.0921 2524 C:\Program Files\Internet Explorer\xpshims.dll - ok
13:14:12.0921 2524 [ E0D95FEA7F12175A77E08AB8D52359A4 ] C:\WINDOWS\system32\avifil32.dll
13:14:12.0921 2524 C:\WINDOWS\system32\avifil32.dll - ok
13:14:12.0937 2524 [ 9B613297C3E040ABC73314C44F8A14E2 ] C:\WINDOWS\system32\msvfw32.dll
13:14:12.0937 2524 C:\WINDOWS\system32\msvfw32.dll - ok
13:14:12.0937 2524 [ 79AF4AF3E24A99D1790380B770B336FC ] C:\Program Files\McAfee\Common Framework\0409\UpdRes.Dll
13:14:12.0937 2524 C:\Program Files\McAfee\Common Framework\0409\UpdRes.Dll - ok
13:14:12.0937 2524 [ 39DA15B313F798372DA59F53355E8477 ] C:\Program Files\McAfee\Common Framework\McTray.exe
13:14:12.0937 2524 C:\Program Files\McAfee\Common Framework\McTray.exe - ok
13:14:12.0937 2524 [ 5E3075E17D48A2F018C398FF890BDFCC ] C:\Program Files\McAfee\Common Framework\0409\AgentRes.Dll
13:14:12.0937 2524 C:\Program Files\McAfee\Common Framework\0409\AgentRes.Dll - ok
13:14:12.0937 2524 [ 829E425E30DA88834E8FC058B261D983 ] C:\Program Files\McAfee\Common Framework\JrMac.dll
13:14:12.0937 2524 C:\Program Files\McAfee\Common Framework\JrMac.dll - ok
13:14:12.0953 2524 [ 841E2FA780B91F091A29A872A15CB83C ] C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory3.dll
13:14:12.0953 2524 C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory3.dll - ok
13:14:12.0953 2524 [ 2695ED5F8A4FAC0B16BA36D28481182D ] C:\WINDOWS\system32\drprov.dll
13:14:12.0953 2524 C:\WINDOWS\system32\drprov.dll - ok
13:14:12.0953 2524 [ 3B93BD2EA2B66FA32C344ACCE7378A43 ] C:\WINDOWS\system32\ntlanman.dll
13:14:12.0953 2524 C:\WINDOWS\system32\ntlanman.dll - ok
13:14:12.0953 2524 [ 14B9BE12D4539225D2785093802DEEF0 ] C:\WINDOWS\system32\netui0.dll
13:14:12.0953 2524 C:\WINDOWS\system32\netui0.dll - ok
13:14:12.0968 2524 [ BBBCD7E2493566BF8FF676DB69D9A754 ] C:\WINDOWS\system32\netui1.dll
13:14:12.0968 2524 C:\WINDOWS\system32\netui1.dll - ok
13:14:12.0968 2524 [ 2B50EA34CBCFAB1B71E66EAFC1F9AB8C ] C:\WINDOWS\system32\davclnt.dll
13:14:12.0968 2524 C:\WINDOWS\system32\davclnt.dll - ok
13:14:12.0968 2524 ============================================================
13:14:12.0968 2524 Scan finished
13:14:12.0968 2524 ============================================================
13:14:13.0078 2516 Detected object count: 15
13:14:13.0078 2516 Actual detected object count: 15
13:15:19.0656 2516 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - skipped by user
13:15:19.0656 2516 System memory ( MEM:Backdoor.Win32.Sinowal.d ) - User select action: Skip
13:15:19.0656 2516 astcc ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:19.0656 2516 astcc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:19.0671 2516 ATMsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:19.0671 2516 ATMsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:19.0671 2516 fwdrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:19.0671 2516 fwdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:19.0671 2516 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:19.0671 2516 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:19.0671 2516 idsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:19.0671 2516 idsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:19.0671 2516 khips ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:19.0671 2516 khips ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:19.0671 2516 KPF4 ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:19.0671 2516 KPF4 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:19.0671 2516 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:19.0671 2516 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:19.0671 2516 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:19.0671 2516 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:19.0671 2516 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:19.0671 2516 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:19.0671 2516 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:19.0671 2516 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:19.0671 2516 tap0801 ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:19.0671 2516 tap0801 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:19.0687 2516 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user
13:15:19.0687 2516 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip
13:15:19.0687 2516 \Device\Harddisk1\DR1 ( Rootkit.Boot.Sinowal.b ) - skipped by user
13:15:19.0687 2516 \Device\Harddisk1\DR1 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip

V miste spusteni MBRScanu by mely byt soubory s nazvy Dump_HDD apod. vsechny zabalte do raru a nekam uploadnete, pred tim prosim vypnete antivir jinak nam je sezere

Mate moznost vypalit CD

soubory jsou zde:
http://leteckaposta.cz/723904603
mam moznost vypalit CD (mam jeste notebook, ten je cisty)

Stahnete OTLPEStd http://oldtimer.geekstogo.com/OTLPEStd.exe

Ulozte nejlepe treba primo na disk c:\
Vlozte prazdne CD\DVD do vypalovacky
Spustte OTLPEStd.exe
Dojde k vypaleni programu na disk

Nabootujte z vypaleneho CD - zavede se system prostredi zvane rategoo - napiste ci se povedlo

Ja zde budu vecer a napisu dalsi postup na opravu, nyni v praci neni klid

Stazeno, vypaleno, nabootovano - jsem v prostredi reatogo.

Super, neudelal se nam jeden dump

Takze jeste nabootujte do normalniho rezimu, spustte MBRScan, prejdete na zalozku Dump, vyberte DR1 a kliknete na dump, totez udelejte s DR0, vsechny dumpy pak zabalte a uploadnete

omlouvam se, dumpy se udelaly, ale zamichaly se mezi ostatni ikony na plose, takze jsem si jich nevsimnul, tady jsou
http://leteckaposta.cz/594326506
mrknete, zda jsou to ony

Ano, jsou to ony, nyni mi dejte chvili nez napisu dalsi postup

Nabootujte opet rategoo

Stahnete si tyto soubory DR0.dat a DR1.dat http://leteckaposta.cz/793299482 a ulozte jej primo na c:\

Spustte MBRFix z plochy rategoo

Davejte pozor na presny opis - cislicka, mezery atd, jinak nam pujde PC do kytek
zadejte mbrfix /drive 0 restorembr c:\DR0.dat odenterujte a potvrdte Y a opet enter
zadejte mbrfix /drive 1 restorembr c:\DR1.dat odenterujte a potvrdte Y a opet enter
Ukoncete MBRFix krizkem

Restart PC a boot do klasickeho rezimu

Stahnete Avenger http://forum.viry.cz//viewtopic.php?f=11&t=19832

Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

Kód: Vybrat vše

Drivers to delete:
xpsec
xcpip

Files to delete:
C:\DOCUME~1\David\LOCALS~1\Temp\pxldapod.sys
C:\WINDOWS\system32\drivers\xpsec.sys
C:\WINDOWS\system32\drivers\xcpip.sys

Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

Provedte znovu sken MBRScanem a TDSSKilerem jako na zacatku http://forum.viry.cz/viewtopic.php?f=13 ... 5#p1140756

oba soubory mam na plose ratega, ale MBRFix pise:
"function failed. error 2: the system cannot fing the file specified", jste si jist, ze plocha je C:?
na prikazovem radku sviti X:\Programs\MBRFix\mbrfix....

VIRY.CZ

zpomalila se odezva pocitace, detekovan Sinowal

zpomalila se odezva pocitace, detekovan Sinowal

Re: zpomalila se odezva pocitace, detekovan Sinowal

Re: zpomalila se odezva pocitace, detekovan Sinowal

Re: zpomalila se odezva pocitace, detekovan Sinowal

Re: zpomalila se odezva pocitace, detekovan Sinowal

Re: zpomalila se odezva pocitace, detekovan Sinowal

Re: zpomalila se odezva pocitace, detekovan Sinowal

Re: zpomalila se odezva pocitace, detekovan Sinowal

Re: zpomalila se odezva pocitace, detekovan Sinowal

Re: zpomalila se odezva pocitace, detekovan Sinowal

Re: zpomalila se odezva pocitace, detekovan Sinowal

Re: zpomalila se odezva pocitace, detekovan Sinowal

Re: zpomalila se odezva pocitace, detekovan Sinowal

Re: zpomalila se odezva pocitace, detekovan Sinowal

Re: zpomalila se odezva pocitace, detekovan Sinowal