Zdravim, mam stejny problem jako jiz nekolik lidi zde.
cca 5min po spusteni Firefox, tak ESET hlasi nalez tohoto trojana, obcas dochazi i k padu prohlizece. Jinak nezaznamenam vyrazny pokles vykonu PC
Prosim o pomoc, dekuji.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Do Thanh Tung at 2012-09-01 10:58:41
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 67 GB (67%) free of 100 GB
Total RAM: 4003 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:58:44, on 1.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\totalcmd 7 == ko can installed\Totalcmd.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\trend micro\Do Thanh Tung.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8861 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\IProsetMonitor.exe
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3460.11935a70.2143345369 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 3460 "\\.\pipe\gecko-crash-server-pipe.3460" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe" --proxy-stub-channel=Flash3748.6D66A168.41 --host-broker-channel=Flash3748.6D66A168.18467 --host-pid=3748 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe" --channel=668.0028F214.1761242704 --proxy-stub-channel=Flash3748.6D66A168.41 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\totalcmd 7 == ko can installed\Totalcmd.exe"
"C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde
C:\Windows\splwow64.exe 8192
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -scheduled -critical
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1232 CREDAT:203009
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe -Embedding
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1232 CREDAT:203010
"D:\DOWNLOADs\Remove virus\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Do Thanh Tung\AppData\Roaming\Mozilla\Firefox\Profiles\ejlq5bxa.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.271 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Description"=Yahoo Messenger State Plugin
"Path"=C:\Program Files (x86)\Yahoo!\Shared\npYState.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.271 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2012-02-16 371552]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2012-02-16 222640]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05 453544]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05 157616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-10-06 166936]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-10-06 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-10-06 416792]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-10-05 11474024]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 4035152]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-04-27 113288]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-09-13 283160]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-10-01 380416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-09-01 10:58:41 ----D---- C:\rsit
2012-09-01 10:58:41 ----D---- C:\Program Files\trend micro
2012-08-31 00:33:22 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2012-08-31 00:30:32 ----SHD---- C:\Config.Msi
2012-08-30 23:26:32 ----D---- C:\ProgramData\Windows
2012-08-16 09:14:38 ----A---- C:\Windows\SYSWOW64\url.dll
2012-08-16 09:14:38 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-08-16 09:14:38 ----A---- C:\Windows\system32\mshtmled.dll
2012-08-16 09:14:37 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-08-16 09:14:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-08-16 09:14:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-08-16 09:14:37 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-08-16 09:14:37 ----A---- C:\Windows\system32\urlmon.dll
2012-08-16 09:14:37 ----A---- C:\Windows\system32\url.dll
2012-08-16 09:14:37 ----A---- C:\Windows\system32\ieUnatt.exe
2012-08-16 09:14:37 ----A---- C:\Windows\system32\ieui.dll
2012-08-16 09:14:37 ----A---- C:\Windows\system32\iertutil.dll
2012-08-16 09:14:36 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-08-16 09:14:36 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-08-16 09:14:36 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-08-16 09:14:36 ----A---- C:\Windows\system32\wininet.dll
2012-08-16 09:14:36 ----A---- C:\Windows\system32\jsproxy.dll
2012-08-16 09:14:36 ----A---- C:\Windows\system32\jscript9.dll
2012-08-16 09:14:35 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-08-16 09:14:35 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-08-16 09:14:35 ----A---- C:\Windows\system32\jscript.dll
2012-08-16 09:14:34 ----A---- C:\Windows\system32\mshtml.dll
2012-08-16 09:14:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-08-16 09:14:33 ----A---- C:\Windows\system32\ieframe.dll
2012-08-15 05:37:12 ----A---- C:\Windows\SYSWOW64\srclient.dll
2012-08-15 05:37:12 ----A---- C:\Windows\system32\srcore.dll
2012-08-15 05:37:09 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2012-08-15 05:37:09 ----A---- C:\Windows\system32\win32spl.dll
2012-08-15 05:37:09 ----A---- C:\Windows\system32\spoolsv.exe
2012-08-15 05:37:09 ----A---- C:\Windows\splwow64.exe
2012-08-15 05:28:56 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2012-08-15 05:28:56 ----A---- C:\Windows\SYSWOW64\browcli.dll
2012-08-15 05:28:56 ----A---- C:\Windows\system32\netapi32.dll
2012-08-15 05:28:56 ----A---- C:\Windows\system32\browser.dll
2012-08-15 05:28:56 ----A---- C:\Windows\system32\browcli.dll
2012-08-15 05:28:50 ----A---- C:\Windows\system32\win32k.sys
2012-08-15 05:25:46 ----A---- C:\Windows\system32\localspl.dll
2012-08-05 10:28:33 ----D---- C:\Program Files (x86)\Gabest
2012-08-05 00:50:17 ----D---- C:\Users\Do Thanh Tung\AppData\Roaming\GetRightToGo
2012-08-02 01:11:39 ----A---- C:\Windows\system32\unrar.dll
2012-08-02 01:11:38 ----D---- C:\Program Files\K-Lite Codec Pack x64
2012-08-02 01:11:38 ----A---- C:\Windows\system32\ff_vfw.dll
2012-08-02 00:37:15 ----A---- C:\Windows\SYSWOW64\VSFilter.dll
======List of files/folders modified in the last 1 month======
2012-09-01 10:58:42 ----D---- C:\Windows\Temp
2012-09-01 10:58:41 ----RD---- C:\Program Files
2012-09-01 10:39:04 ----A---- C:\Windows\SYSWOW64\log.txt
2012-09-01 10:38:12 ----D---- C:\Windows\system32\config
2012-08-31 09:54:38 ----D---- C:\Windows\System32
2012-08-31 09:54:38 ----D---- C:\Windows\inf
2012-08-31 09:54:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-31 02:21:05 ----D---- C:\Users\Do Thanh Tung\AppData\Roaming\DMCache
2012-08-31 01:27:25 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-31 01:09:48 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-08-31 00:33:56 ----SHD---- C:\Windows\Installer
2012-08-31 00:33:52 ----D---- C:\ProgramData\Microsoft Help
2012-08-31 00:33:39 ----D---- C:\Windows\SysWOW64
2012-08-31 00:33:39 ----D---- C:\Program Files (x86)\Microsoft Works
2012-08-31 00:33:35 ----D---- C:\Program Files (x86)\MSBuild
2012-08-31 00:33:22 ----RD---- C:\Program Files (x86)
2012-08-31 00:33:22 ----D---- C:\Program Files (x86)\Common Files
2012-08-31 00:33:20 ----D---- C:\Windows\ShellNew
2012-08-31 00:33:05 ----RD---- C:\Windows\Fonts
2012-08-31 00:31:08 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-08-31 00:30:48 ----A---- C:\Windows\win.ini
2012-08-31 00:30:08 ----D---- C:\Windows\Prefetch
2012-08-31 00:30:07 ----SHD---- C:\System Volume Information
2012-08-30 23:26:41 ----D---- C:\Windows\system32\sysprep
2012-08-30 23:26:32 ----HD---- C:\ProgramData
2012-08-29 22:27:15 ----D---- C:\Windows\system32\catroot2
2012-08-25 00:26:46 ----SD---- C:\Users\Do Thanh Tung\AppData\Roaming\Microsoft
2012-08-16 21:00:51 ----D---- C:\Windows\winsxs
2012-08-16 09:25:57 ----D---- C:\Windows\SYSWOW64\migration
2012-08-16 09:25:57 ----D---- C:\Windows\system32\migration
2012-08-16 09:25:57 ----D---- C:\Windows
2012-08-16 09:25:57 ----D---- C:\Program Files\Internet Explorer
2012-08-16 09:25:57 ----D---- C:\Program Files (x86)\Internet Explorer
2012-08-16 09:25:56 ----D---- C:\Windows\system32\DriverStore
2012-08-16 09:15:06 ----D---- C:\Windows\system32\catroot
2012-08-16 09:13:31 ----A---- C:\Windows\system32\MRT.exe
2012-08-14 21:40:56 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-08-11 19:35:03 ----D---- C:\Windows\system32\NDF
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-09-13 437272]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-03-03 828912]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2012-02-08 149640]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-10-01 12157792]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-10-05 2511464]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-08-31 317440]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 adg4ocj7;adg4ocj7; C:\Windows\system32\drivers\adg4ocj7.sys []
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2010-08-12 133800]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-06 325656]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-03 1255736]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Win32/TrojanDownloader.Mebload.AR
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Win32/TrojanDownloader.Mebload.AR
Moc dekuji za rychlou odezvu, zasilam pozadovane logy
Naposledy upravil(a) vyosek dne 22 zář 2012 06:54, celkem upraveno 1 x.
Důvod: odmazan MBAM dle dohody s Naughtym
Důvod: odmazan MBAM dle dohody s Naughtym
Re: Win32/TrojanDownloader.Mebload.AR
a ten druhy...
Kód: Vybrat vše
MBRScan v1.1.1
OS : Windows 7 Service Pack 1 (64 bit)
PROCESSOR : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
BOOT : Normal Boot
DATE : 2012/09/01 (ISO 8601) at 12:18:16
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __WDC WD75 02AAEX-00Y9A (05.0)
BUS_TYPE : (0x03) P-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 698.6 Go [Fixed] ==> 7 MBR Code .
MBR_MD5 : 4A2713A9EE5F04B373E986D7B66EABCB
MBR_SHA1 : BA68A326A0ABA42205D6B95742C2BA15A0EB1ACE
Device\Harddisk0\Partition1 100.0 Mo 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 97.56 Go 0x07 NTFS / HPFS
Device\Harddisk0\Partition3 390.6 Go 0x07 NTFS / HPFS
Device\Harddisk0\Partition4 210.4 Go 0x07 NTFS / HPFS
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x02E02000
SIZE : 292.0 Ko
DRIVER : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00B9E000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00CCE000
SIZE : 316.0 Ko
DRIVER : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00D31000
SIZE : 376.0 Ko
DRIVER : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00C00000
SIZE : 768.0 Ko
DRIVER : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E65000
SIZE : 656.0 Ko
DRIVER : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F09000
SIZE : 60.0 Ko
DRIVER : C:\Windows\System32\Drivers\spuc.sys => Invisible on the disk
ADDRESS : 0x01073000
SIZE : 1.15 Mo
DRIVER : C:\Windows\System32\Drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x0119A000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\Drivers\SCSIPORT.SYS => Invisible on the disk
ADDRESS : 0x011A3000
SIZE : 188.0 Ko
DRIVER : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE : 348.0 Ko
DRIVER : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x01057000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x01061000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00F18000
SIZE : 204.0 Ko
DRIVER : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x011D2000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x011E7000
SIZE : 84.0 Ko
DRIVER : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00F4B000
SIZE : 368.0 Ko
DRIVER : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00FA7000
SIZE : 104.0 Ko
DRIVER : C:\Windows\system32\drivers\vmbus.sys => Invisible on the disk
ADDRESS : 0x00FC1000
SIZE : 240.0 Ko
DRIVER : C:\Windows\system32\drivers\winhv.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE : 80.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\iaStor.sys => Invisible on the disk
ADDRESS : 0x01265000
SIZE : 1.33 Mo
DRIVER : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x013B9000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x013C2000
SIZE : 168.0 Ko
DRIVER : C:\Windows\system32\drivers\msahci.sys => Invisible on the disk
ADDRESS : 0x013EC000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x01200000
SIZE : 64.0 Ko
DRIVER : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x01210000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x00E14000
SIZE : 304.0 Ko
DRIVER : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x0121B000
SIZE : 80.0 Ko
DRIVER : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x0144B000
SIZE : 1.64 Mo
DRIVER : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x00D8F000
SIZE : 376.0 Ko
DRIVER : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE : 108.0 Ko
DRIVER : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x016EB000
SIZE : 456.0 Ko
DRIVER : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x0175D000
SIZE : 68.0 Ko
DRIVER : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x0176E000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x018EE000
SIZE : 972.0 Ko
DRIVER : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01800000
SIZE : 384.0 Ko
DRIVER : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01860000
SIZE : 168.0 Ko
DRIVER : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01AC2000
SIZE : 2.01 Mo
DRIVER : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01CC5000
SIZE : 296.0 Ko
DRIVER : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x01D0F000
SIZE : 64.0 Ko
DRIVER : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01D1F000
SIZE : 304.0 Ko
DRIVER : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01D6B000
SIZE : 32.0 Ko
DRIVER : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01D73000
SIZE : 232.0 Ko
DRIVER : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01DAD000
SIZE : 72.0 Ko
DRIVER : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01DBF000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01A00000
SIZE : 232.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x01A3A000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01A50000
SIZE : 192.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x04200000
SIZE : 168.0 Ko
DRIVER : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x0422A000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x04233000
SIZE : 28.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ehdrv.sys => Invisible on the disk
ADDRESS : 0x0423A000
SIZE : 156.0 Ko
DRIVER : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x04261000
SIZE : 56.0 Ko
DRIVER : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x01A8E000
SIZE : 148.0 Ko
DRIVER : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x0426F000
SIZE : 64.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x0427F000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x043F7000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x01AB3000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x01DC8000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x01DD3000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x0188A000
SIZE : 136.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x01DE4000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE : 548.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x01689000
SIZE : 276.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x01DF1000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x018AC000
SIZE : 152.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x018D2000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x019E1000
SIZE : 108.0 Ko
DRIVER : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x016CE000
SIZE : 80.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x01778000
SIZE : 324.0 Ko
DRIVER : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x018E1000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x017C9000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x017D4000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x04440000
SIZE : 524.0 Ko
DRIVER : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x044C3000
SIZE : 120.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x044E1000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x044F2000
SIZE : 152.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x04C20000
SIZE : 11.60 Mo
DRIVER : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x046B3000
SIZE : 976.0 Ko
DRIVER : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x047A7000
SIZE : 280.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x047ED000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\e1c62x64.sys => Invisible on the disk
ADDRESS : 0x04600000
SIZE : 316.0 Ko
DRIVER : C:\Windows\system32\drivers\usbehci.sys => Invisible on the disk
ADDRESS : 0x0464F000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\drivers\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x04518000
SIZE : 344.0 Ko
DRIVER : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x04660000
SIZE : 144.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\nusb3xhc.sys => Invisible on the disk
ADDRESS : 0x057B9000
SIZE : 192.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x04684000
SIZE : 8.0 Ko
DRIVER : C:\Windows\system32\drivers\1394ohci.sys => Invisible on the disk
ADDRESS : 0x0456E000
SIZE : 248.0 Ko
DRIVER : C:\Windows\System32\Drivers\adg4ocj7.SYS => Invisible on the disk
ADDRESS : 0x045AC000
SIZE : 268.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x04686000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x0469C000
SIZE : 64.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x057E9000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x04400000
SIZE : 144.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x04C00000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x0141B000
SIZE : 188.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x04424000
SIZE : 108.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x0122F000
SIZE : 132.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x017E3000
SIZE : 104.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk
ADDRESS : 0x04C0C000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x045EF000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x015EE000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x046AC000
SIZE : 8.0 Ko
DRIVER : C:\Windows\system32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x05C6B000
SIZE : 268.0 Ko
DRIVER : C:\Windows\system32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0x05CAE000
SIZE : 72.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x05CC0000
SIZE : 360.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\nusb3hub.sys => Invisible on the disk
ADDRESS : 0x05D1A000
SIZE : 96.0 Ko
DRIVER : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x05D32000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x062DE000
SIZE : 2.39 Mo
DRIVER : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x06542000
SIZE : 244.0 Ko
DRIVER : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x0657F000
SIZE : 136.0 Ko
DRIVER : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x065A1000
SIZE : 24.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\IntcDAud.sys => Invisible on the disk
ADDRESS : 0x065A7000
SIZE : 332.0 Ko
DRIVER : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x06200000
SIZE : 56.0 Ko
DRIVER : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00070000
SIZE : 3.08 Mo
DRIVER : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x06221000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x0622D000
SIZE : 56.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x0623B000
SIZE : 100.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x06254000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x0625D000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x0626A000
SIZE : 116.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\kbdhid.sys => Invisible on the disk
ADDRESS : 0x06287000
SIZE : 56.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x06295000
SIZE : 56.0 Ko
DRIVER : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x005D0000
SIZE : 40.0 Ko
DRIVER : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00770000
SIZE : 156.0 Ko
DRIVER : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x062A3000
SIZE : 140.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\eamonm.sys => Invisible on the disk
ADDRESS : 0x0284F000
SIZE : 904.0 Ko
DRIVER : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x02931000
SIZE : 132.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x02952000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x02967000
SIZE : 96.0 Ko
DRIVER : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x03E32000
SIZE : 804.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x03EFB000
SIZE : 120.0 Ko
DRIVER : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x03F19000
SIZE : 96.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x03F31000
SIZE : 180.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x03F5E000
SIZE : 312.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x03FAC000
SIZE : 144.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\epfwwfpr.sys => Invisible on the disk
ADDRESS : 0x03FD0000
SIZE : 144.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\idmwfp.sys => Invisible on the disk
ADDRESS : 0x03E00000
SIZE : 160.0 Ko
DRIVER : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x05D47000
SIZE : 664.0 Ko
DRIVER : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x03FF4000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x0297F000
SIZE : 196.0 Ko
DRIVER : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x029B0000
SIZE : 72.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x05C00000
SIZE : 420.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x060AA000
SIZE : 608.0 Ko
DRIVER : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47C60000
SIZE : 128.0 Ko
SystemStartOptions : NOEXECUTE=OPTIN
________________________________________________________________________________
_______MBR \Device\Harddisk0\DR0
0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿.
0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹..
0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å.
0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF..
0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu.
0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t
0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h.
0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ.
0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..ë.¸..».|.V.
0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ
0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².ë.
0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2ä.V.Í.]ë..>þ}U
0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°Ñæd
0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßæ`è|.°.ædèu
0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT
0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.».
0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf
0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f
0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í
0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.ë..¶.ë..µ.2ä
0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....ð¬<.t.»..´.Í
0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø
0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti
0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error
0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati
0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin
0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x000001B0 65 6D 00 00 00 63 7B 9A 00 C2 A6 BD 00 00 80 20 em...c{..¦½...
0x000001C0 21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF !..ß....... ...ß
0x000001D0 14 0C 07 FE FF FF 00 28 03 00 00 D8 31 0C 00 FE ...þ...(...Ø1..þ
0x000001E0 FF FF 07 FE FF FF 00 00 35 0C 00 00 D4 30 00 FE ...þ....5...Ô0.þ
0x000001F0 FF FF 07 FE FF FF 00 00 09 3D 00 58 4B 1A 55 AA ...þ.....=.XK.Uª
__________________________16_BIT_ASM_CODE
0x0000 33c0 XOR AX, AX
0x0002 8ed0 MOV SS, AX
0x0004 bc 007c MOV SP, 0x7c00
0x0007 8ec0 MOV ES, AX
0x0009 8ed8 MOV DS, AX
0x000B be 007c MOV SI, 0x7c00
0x000E bf 0006 MOV DI, 0x600
0x0011 b9 0002 MOV CX, 0x200
0x0014 fc CLD
0x0015 f3 a4 REP MOVSB
0x0017 50 PUSH AX
0x0018 68 1c06 PUSH 0x61c
0x001B cb RETF
0x001C fb STI
0x001D b9 0400 MOV CX, 0x4
0x0020 bd be07 MOV BP, 0x7be
0x0023 807e 00 00 CMP BYTE [BP+0x0], 0x0
0x0027 7c 0b JL 0x34
0x0029 0f85 0e01 JNZ 0x13b
0x002D 83c5 10 ADD BP, 0x10
0x0030 e2 f1 LOOP 0x23
0x0032 cd 18 INT 0x18
0x0034 8856 00 MOV [BP+0x0], DL
0x0037 55 PUSH BP
0x0038 c646 11 05 MOV BYTE [BP+0x11], 0x5
0x003C c646 10 00 MOV BYTE [BP+0x10], 0x0
0x0040 b4 41 MOV AH, 0x41
0x0042 bb aa55 MOV BX, 0x55aa
0x0045 cd 13 INT 0x13
0x0047 5d POP BP
0x0048 72 0f JB 0x59
0x004A 81fb 55aa CMP BX, 0xaa55
0x004E 75 09 JNZ 0x59
0x0050 f7c1 0100 TEST CX, 0x1
0x0054 74 03 JZ 0x59
0x0056 fe46 10 INC BYTE [BP+0x10]
0x0059 66 60 PUSHAD
0x005B 807e 10 00 CMP BYTE [BP+0x10], 0x0
0x005F 74 26 JZ 0x87
0x0061 66 68 00000000 PUSH 0x0
0x0067 66 ff76 08 PUSH DWORD [BP+0x8]
0x006B 68 0000 PUSH 0x0
0x006E 68 007c PUSH 0x7c00
0x0071 68 0100 PUSH 0x1
0x0074 68 1000 PUSH 0x10
0x0077 b4 42 MOV AH, 0x42
0x0079 8a56 00 MOV DL, [BP+0x0]
0x007C 8bf4 MOV SI, SP
0x007E cd 13 INT 0x13
0x0080 9f LAHF
0x0081 83c4 10 ADD SP, 0x10
0x0084 9e SAHF
0x0085 eb 14 JMP 0x9b
0x0087 b8 0102 MOV AX, 0x201
0x008A bb 007c MOV BX, 0x7c00
0x008D 8a56 00 MOV DL, [BP+0x0]
0x0090 8a76 01 MOV DH, [BP+0x1]
0x0093 8a4e 02 MOV CL, [BP+0x2]
0x0096 8a6e 03 MOV CH, [BP+0x3]
0x0099 cd 13 INT 0x13
0x009B 66 61 POPAD
0x009D 73 1c JAE 0xbb
0x009F fe4e 11 DEC BYTE [BP+0x11]
0x00A2 75 0c JNZ 0xb0
0x00A4 807e 00 80 CMP BYTE [BP+0x0], 0x80
0x00A8 0f84 8a00 JZ 0x136
0x00AC b2 80 MOV DL, 0x80
0x00AE eb 84 JMP 0x34
0x00B0 55 PUSH BP
0x00B1 32e4 XOR AH, AH
0x00B3 8a56 00 MOV DL, [BP+0x0]
0x00B6 cd 13 INT 0x13
0x00B8 5d POP BP
0x00B9 eb 9e JMP 0x59
0x00BB 813e fe7d 55aa CMP WORD [0x7dfe], 0xaa55
0x00C1 75 6e JNZ 0x131
0x00C3 ff76 00 PUSH WORD [BP+0x0]
0x00C6 e8 8d00 CALL 0x156
0x00C9 75 17 JNZ 0xe2
0x00CB fa CLI
0x00CC b0 d1 MOV AL, 0xd1
0x00CE e6 64 OUT 0x64, AL
0x00D0 e8 8300 CALL 0x156
0x00D3 b0 df MOV AL, 0xdf
0x00D5 e6 60 OUT 0x60, AL
0x00D7 e8 7c00 CALL 0x156
0x00DA b0 ff MOV AL, 0xff
0x00DC e6 64 OUT 0x64, AL
0x00DE e8 7500 CALL 0x156
0x00E1 fb STI
0x00E2 b8 00bb MOV AX, 0xbb00
0x00E5 cd 1a INT 0x1a
0x00E7 66 23c0 AND EAX, EAX
0x00EA 75 3b JNZ 0x127
0x00EC 66 81fb 54435041CMP EBX, 0x41504354
0x00F3 75 32 JNZ 0x127
0x00F5 81f9 0201 CMP CX, 0x102
0x00F9 72 2c JB 0x127
0x00FB 66 68 07bb0000 PUSH 0xbb07
0x0101 66 68 00020000 PUSH 0x200
0x0107 66 68 08000000 PUSH 0x8
0x010D 66 53 PUSH EBX
0x010F 66 53 PUSH EBX
0x0111 66 55 PUSH EBP
0x0113 66 68 00000000 PUSH 0x0
0x0119 66 68 007c0000 PUSH 0x7c00
0x011F 66 61 POPAD
0x0121 68 0000 PUSH 0x0
0x0124 07 POP ES
0x0125 cd 1a INT 0x1a
0x0127 5a POP DX
0x0128 32f6 XOR DH, DH
0x012A ea 007c 0000 JMP FAR 0x0:0x7c00
0x012F cd 18 INT 0x18
0x0131 a0 b707 MOV AL, [0x7b7]
0x0134 eb 08 JMP 0x13e
0x0136 a0 b607 MOV AL, [0x7b6]
0x0139 eb 03 JMP 0x13e
0x013B a0 b507 MOV AL, [0x7b5]
0x013E 32e4 XOR AH, AH
0x0140 05 0007 ADD AX, 0x700
0x0143 8bf0 MOV SI, AX
0x0145 ac LODSB
0x0146 3c 00 CMP AL, 0x0
0x0148 74 09 JZ 0x153
0x014A bb 0700 MOV BX, 0x7
0x014D b4 0e MOV AH, 0xe
0x014F cd 10 INT 0x10
0x0151 eb f2 JMP 0x145
0x0153 f4 HLT
0x0154 eb fd JMP 0x153
0x0156 2bc9 SUB CX, CX
0x0158 e4 64 IN AL, 0x64
0x015A eb 00 JMP 0x15c
0x015C 24 02 AND AL, 0x2
0x015E e0 f8 LOOPNZ 0x158
0x0160 24 02 AND AL, 0x2
0x0162 c3 RET
0x0163 49 DEC CX
0x0164 6e OUTSB
0x0165 76 61 JBE 0x1c8
0x0167 6c INSB
0x0168 6964 20 7061 IMUL SP, [SI+0x20], 0x6170
0x016D 72 74 JB 0x1e3
0x016F 6974 69 6f6e IMUL SI, [SI+0x69], 0x6e6f
0x0174 2074 61 AND [SI+0x61], DH
0x0177 626c 65 BOUND BP, [SI+0x65]
0x017A 0045 72 ADD [DI+0x72], AL
0x017D 72 6f JB 0x1ee
0x017F 72 20 JB 0x1a1
0x0181 6c INSB
0x0182 6f OUTSW
0x0183 61 POPA
0x0184 64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20
0x018A 70 65 JO 0x1f1
0x018C 72 61 JB 0x1ef
0x018E 74 69 JZ 0x1f9
0x0190 6e OUTSB
0x0191 67 2073 79 AND [EBX+0x79], DH
0x0195 73 74 JAE 0x20b
0x0197 65 6d INS WORD GS:[DI], DX
0x0199 004d 69 ADD [DI+0x69], CL
0x019C 73 73 JAE 0x211
0x019E 696e 67 206f IMUL BP, [BP+0x67], 0x6f20
0x01A3 70 65 JO 0x20a
0x01A5 72 61 JB 0x208
0x01A7 74 69 JZ 0x212
0x01A9 6e OUTSB
0x01AA 67 2073 79 AND [EBX+0x79], DH
0x01AE 73 74 JAE 0x224
0x01B0 65 6d INS WORD GS:[DI], DX
0x01B2 0000 ADD [BX+SI], AL
0x01B4 0063 7b ADD [BP+DI+0x7b], AH
0x01B7 9a 00c2 a6bd CALL FAR 0xbda6:0xc200
0x01BC 0000 ADD [BX+SI], AL
0x01BE 8020 21 AND BYTE [BX+SI], 0x21
0x01C1 0007 ADD [BX], AL
0x01C3 df13 FIST WORD [BP+DI]
0x01C5 0c 00 OR AL, 0x0
0x01C7 0800 OR [BX+SI], AL
0x01C9 0000 ADD [BX+SI], AL
0x01CB 2003 AND [BP+DI], AL
0x01CD 0000 ADD [BX+SI], AL
0x01CF df14 FIST WORD [SI]
0x01D1 0c 07 OR AL, 0x7
0x01D3 fe DB 0xfe
0x01D4 ff DB 0xff
0x01D5 ff00 INC WORD [BX+SI]
0x01D7 2803 SUB [BP+DI], AL
0x01D9 0000 ADD [BX+SI], AL
0x01DB d831 FDIV DWORD [BX+DI]
0x01DD 0c 00 OR AL, 0x0
0x01DF fe DB 0xfe
0x01E0 ff DB 0xff
0x01E1 ff07 INC WORD [BX]
0x01E3 fe DB 0xfe
0x01E4 ff DB 0xff
0x01E5 ff00 INC WORD [BX+SI]
0x01E7 0035 ADD [DI], DH
0x01E9 0c 00 OR AL, 0x0
0x01EB 00d4 ADD AH, DL
0x01ED 3000 XOR [BX+SI], AL
0x01EF fe DB 0xfe
0x01F0 ff DB 0xff
0x01F1 ff07 INC WORD [BX]
0x01F3 fe DB 0xfe
0x01F4 ff DB 0xff
0x01F5 ff00 INC WORD [BX+SI]
0x01F7 0009 ADD [BX+DI], CL
0x01F9 3d 0058 CMP AX, 0x5800
0x01FC 4b DEC BX
0x01FD 1a55 aa SBB DL, [DI-0x56]
Re: Win32/TrojanDownloader.Mebload.AR
Jeste jednou dik, cenim si tvy asistence
system log tam skutecne je, jen jsem zapomel, tak dodatecne:
2.
Zprava z RogueKiller
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Do Thanh Tung [Práva správce]
Mód : Kontrola -- Datum : 09/01/2012 13:21:40
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD7502AAEX-00Y9A0 +++++
--- User ---
[MBR] 4a2713a9ee5f04b373e986d7b66eabcb
[BSP] 161c598c40b233848f7207abe3874528 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99899 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204800000 | Size: 400000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024000000 | Size: 215403 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
system log tam skutecne je, jen jsem zapomel, tak dodatecne:
2.
Zprava z RogueKiller
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Do Thanh Tung [Práva správce]
Mód : Kontrola -- Datum : 09/01/2012 13:21:40
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD7502AAEX-00Y9A0 +++++
--- User ---
[MBR] 4a2713a9ee5f04b373e986d7b66eabcb
[BSP] 161c598c40b233848f7207abe3874528 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99899 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204800000 | Size: 400000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024000000 | Size: 215403 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Naposledy upravil(a) vyosek dne 22 zář 2012 06:55, celkem upraveno 1 x.
Důvod: odmazan MBAM dle dohody s Naughtym
Důvod: odmazan MBAM dle dohody s Naughtym
Re: Win32/TrojanDownloader.Mebload.AR
Tady je ten log z TDSS...
tesim se na dalsi instrukce
13:31:29.0817 2652 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:31:30.0067 2652 ============================================================
13:31:30.0067 2652 Current date / time: 2012/09/01 13:31:30.0067
13:31:30.0067 2652 SystemInfo:
13:31:30.0067 2652
13:31:30.0067 2652 OS Version: 6.1.7601 ServicePack: 1.0
13:31:30.0067 2652 Product type: Workstation
13:31:30.0067 2652 ComputerName: PC
13:31:30.0067 2652 UserName: Do Thanh Tung
13:31:30.0067 2652 Windows directory: C:\Windows
13:31:30.0067 2652 System windows directory: C:\Windows
13:31:30.0067 2652 Running under WOW64
13:31:30.0067 2652 Processor architecture: Intel x64
13:31:30.0067 2652 Number of processors: 4
13:31:30.0067 2652 Page size: 0x1000
13:31:30.0067 2652 Boot type: Normal boot
13:31:30.0067 2652 ============================================================
13:31:30.0332 2652 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:31:30.0332 2652 ============================================================
13:31:30.0332 2652 \Device\Harddisk0\DR0:
13:31:30.0332 2652 MBR partitions:
13:31:30.0332 2652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:31:30.0332 2652 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
13:31:30.0332 2652 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x30D40000
13:31:30.0332 2652 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x3D090000, BlocksNum 0x1A4B5800
13:31:30.0332 2652 ============================================================
13:31:30.0348 2652 C: <-> \Device\Harddisk0\DR0\Partition2
13:31:30.0363 2652 D: <-> \Device\Harddisk0\DR0\Partition3
13:31:30.0379 2652 E: <-> \Device\Harddisk0\DR0\Partition4
13:31:30.0379 2652 ============================================================
13:31:30.0379 2652 Initialize success
13:31:30.0379 2652 ============================================================
13:32:03.0857 3836 ============================================================
13:32:03.0857 3836 Scan started
13:32:03.0857 3836 Mode: Manual; SigCheck; TDLFS;
13:32:03.0857 3836 ============================================================
13:32:03.0981 3836 ================ Scan system memory ========================
13:32:03.0981 3836 System memory - ok
13:32:03.0981 3836 ================ Scan services =============================
13:32:04.0106 3836 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:32:04.0169 3836 1394ohci - ok
13:32:04.0231 3836 [ F11D68E40ED62FDB7C460C445F1EC4E5 ] 602XML Updater C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
13:32:04.0247 3836 602XML Updater - ok
13:32:04.0262 3836 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:32:04.0278 3836 ACPI - ok
13:32:04.0293 3836 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:32:04.0325 3836 AcpiPmi - ok
13:32:04.0371 3836 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:32:04.0371 3836 AdobeARMservice - ok
13:32:04.0434 3836 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:32:04.0449 3836 AdobeFlashPlayerUpdateSvc - ok
13:32:04.0465 3836 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:32:04.0496 3836 adp94xx - ok
13:32:04.0512 3836 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:32:04.0527 3836 adpahci - ok
13:32:04.0543 3836 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:32:04.0559 3836 adpu320 - ok
13:32:04.0590 3836 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:32:04.0621 3836 AeLookupSvc - ok
13:32:04.0652 3836 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:32:04.0668 3836 AFD - ok
13:32:04.0699 3836 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:32:04.0699 3836 agp440 - ok
13:32:04.0699 3836 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:32:04.0730 3836 ALG - ok
13:32:04.0730 3836 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:32:04.0746 3836 aliide - ok
13:32:04.0761 3836 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:32:04.0761 3836 amdide - ok
13:32:04.0777 3836 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:32:04.0793 3836 AmdK8 - ok
13:32:04.0808 3836 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:32:04.0824 3836 AmdPPM - ok
13:32:04.0839 3836 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:32:04.0839 3836 amdsata - ok
13:32:04.0855 3836 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:32:04.0855 3836 amdsbs - ok
13:32:04.0871 3836 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:32:04.0886 3836 amdxata - ok
13:32:04.0902 3836 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:32:04.0949 3836 AppID - ok
13:32:04.0964 3836 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:32:04.0980 3836 AppIDSvc - ok
13:32:04.0980 3836 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:32:05.0011 3836 Appinfo - ok
13:32:05.0042 3836 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:32:05.0058 3836 AppMgmt - ok
13:32:05.0058 3836 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:32:05.0073 3836 arc - ok
13:32:05.0089 3836 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:32:05.0105 3836 arcsas - ok
13:32:05.0120 3836 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:32:05.0151 3836 AsyncMac - ok
13:32:05.0167 3836 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:32:05.0167 3836 atapi - ok
13:32:05.0183 3836 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:32:05.0245 3836 AudioEndpointBuilder - ok
13:32:05.0245 3836 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:32:05.0276 3836 AudioSrv - ok
13:32:05.0292 3836 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:32:05.0323 3836 AxInstSV - ok
13:32:05.0339 3836 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:32:05.0354 3836 b06bdrv - ok
13:32:05.0385 3836 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:32:05.0385 3836 b57nd60a - ok
13:32:05.0401 3836 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:32:05.0417 3836 BDESVC - ok
13:32:05.0432 3836 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:32:05.0463 3836 Beep - ok
13:32:05.0495 3836 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:32:05.0526 3836 BFE - ok
13:32:05.0557 3836 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:32:05.0588 3836 BITS - ok
13:32:05.0588 3836 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:32:05.0588 3836 blbdrive - ok
13:32:05.0619 3836 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:32:05.0619 3836 bowser - ok
13:32:05.0635 3836 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:32:05.0635 3836 BrFiltLo - ok
13:32:05.0651 3836 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:32:05.0651 3836 BrFiltUp - ok
13:32:05.0666 3836 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:32:05.0682 3836 Browser - ok
13:32:05.0682 3836 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:32:05.0697 3836 Brserid - ok
13:32:05.0713 3836 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:32:05.0713 3836 BrSerWdm - ok
13:32:05.0729 3836 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:32:05.0744 3836 BrUsbMdm - ok
13:32:05.0760 3836 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:32:05.0775 3836 BrUsbSer - ok
13:32:05.0791 3836 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:32:05.0791 3836 BTHMODEM - ok
13:32:05.0807 3836 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:32:05.0838 3836 bthserv - ok
13:32:05.0838 3836 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:32:05.0869 3836 cdfs - ok
13:32:05.0885 3836 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:32:05.0900 3836 cdrom - ok
13:32:05.0916 3836 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:32:05.0947 3836 CertPropSvc - ok
13:32:05.0947 3836 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:32:05.0963 3836 circlass - ok
13:32:05.0978 3836 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:32:05.0978 3836 CLFS - ok
13:32:06.0041 3836 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:32:06.0056 3836 clr_optimization_v2.0.50727_32 - ok
13:32:06.0072 3836 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:32:06.0087 3836 clr_optimization_v2.0.50727_64 - ok
13:32:06.0119 3836 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:32:06.0134 3836 clr_optimization_v4.0.30319_32 - ok
13:32:06.0150 3836 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:32:06.0165 3836 clr_optimization_v4.0.30319_64 - ok
13:32:06.0181 3836 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:32:06.0197 3836 CmBatt - ok
13:32:06.0212 3836 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:32:06.0228 3836 cmdide - ok
13:32:06.0243 3836 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:32:06.0275 3836 CNG - ok
13:32:06.0290 3836 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:32:06.0290 3836 Compbatt - ok
13:32:06.0321 3836 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:32:06.0337 3836 CompositeBus - ok
13:32:06.0337 3836 COMSysApp - ok
13:32:06.0353 3836 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:32:06.0353 3836 crcdisk - ok
13:32:06.0384 3836 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:32:06.0399 3836 CryptSvc - ok
13:32:06.0431 3836 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:32:06.0462 3836 CSC - ok
13:32:06.0477 3836 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:32:06.0509 3836 CscService - ok
13:32:06.0524 3836 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:32:06.0555 3836 DcomLaunch - ok
13:32:06.0571 3836 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:32:06.0602 3836 defragsvc - ok
13:32:06.0618 3836 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:32:06.0649 3836 DfsC - ok
13:32:06.0649 3836 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:32:06.0680 3836 Dhcp - ok
13:32:06.0680 3836 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:32:06.0711 3836 discache - ok
13:32:06.0711 3836 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:32:06.0727 3836 Disk - ok
13:32:06.0743 3836 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:32:06.0758 3836 Dnscache - ok
13:32:06.0774 3836 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:32:06.0805 3836 dot3svc - ok
13:32:06.0805 3836 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:32:06.0836 3836 DPS - ok
13:32:06.0852 3836 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:32:06.0883 3836 drmkaud - ok
13:32:06.0899 3836 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:32:06.0930 3836 DXGKrnl - ok
13:32:06.0961 3836 [ 6BAFD9819D9FEC2EDBAEBC8493C711A4 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
13:32:06.0977 3836 e1cexpress - ok
13:32:07.0008 3836 [ 13533557D01B88C83110D5CF749F14D7 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
13:32:07.0008 3836 eamonm - ok
13:32:07.0023 3836 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:32:07.0055 3836 EapHost - ok
13:32:07.0101 3836 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:32:07.0133 3836 ebdrv - ok
13:32:07.0133 3836 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:32:07.0148 3836 EFS - ok
13:32:07.0164 3836 [ E097728129E7B79BF1089D7AEF42332B ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
13:32:07.0179 3836 ehdrv - ok
13:32:07.0211 3836 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:32:07.0242 3836 ehRecvr - ok
13:32:07.0257 3836 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:32:07.0273 3836 ehSched - ok
13:32:07.0351 3836 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
13:32:07.0382 3836 ekrn - ok
13:32:07.0398 3836 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:32:07.0413 3836 elxstor - ok
13:32:07.0413 3836 [ 2380976CF8A4A56611F35633ACD2A74F ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
13:32:07.0429 3836 epfwwfpr - ok
13:32:07.0429 3836 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:32:07.0460 3836 ErrDev - ok
13:32:07.0476 3836 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:32:07.0491 3836 EventSystem - ok
13:32:07.0507 3836 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:32:07.0538 3836 exfat - ok
13:32:07.0538 3836 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:32:07.0569 3836 fastfat - ok
13:32:07.0616 3836 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:32:07.0647 3836 Fax - ok
13:32:07.0647 3836 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:32:07.0663 3836 fdc - ok
13:32:07.0694 3836 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:32:07.0725 3836 fdPHost - ok
13:32:07.0725 3836 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:32:07.0741 3836 FDResPub - ok
13:32:07.0757 3836 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:32:07.0757 3836 FileInfo - ok
13:32:07.0772 3836 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:32:07.0788 3836 Filetrace - ok
13:32:07.0803 3836 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:32:07.0819 3836 flpydisk - ok
13:32:07.0835 3836 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:32:07.0850 3836 FltMgr - ok
13:32:07.0881 3836 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:32:07.0897 3836 FontCache - ok
13:32:07.0928 3836 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:32:07.0928 3836 FontCache3.0.0.0 - ok
13:32:07.0928 3836 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:32:07.0944 3836 FsDepends - ok
13:32:07.0959 3836 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:32:07.0959 3836 Fs_Rec - ok
13:32:07.0991 3836 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:32:07.0991 3836 fvevol - ok
13:32:08.0006 3836 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:32:08.0006 3836 gagp30kx - ok
13:32:08.0037 3836 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:32:08.0084 3836 gpsvc - ok
13:32:08.0100 3836 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:32:08.0115 3836 hcw85cir - ok
13:32:08.0147 3836 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:32:08.0147 3836 HdAudAddService - ok
13:32:08.0162 3836 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:32:08.0178 3836 HDAudBus - ok
13:32:08.0178 3836 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:32:08.0193 3836 HidBatt - ok
13:32:08.0209 3836 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:32:08.0225 3836 HidBth - ok
13:32:08.0240 3836 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:32:08.0256 3836 HidIr - ok
13:32:08.0271 3836 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:32:08.0303 3836 hidserv - ok
13:32:08.0303 3836 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:32:08.0318 3836 HidUsb - ok
13:32:08.0318 3836 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:32:08.0349 3836 hkmsvc - ok
13:32:08.0365 3836 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:32:08.0381 3836 HomeGroupListener - ok
13:32:08.0396 3836 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:32:08.0412 3836 HomeGroupProvider - ok
13:32:08.0412 3836 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:32:08.0427 3836 HpSAMD - ok
13:32:08.0443 3836 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:32:08.0474 3836 HTTP - ok
13:32:08.0490 3836 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:32:08.0490 3836 hwpolicy - ok
13:32:08.0505 3836 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:32:08.0521 3836 i8042prt - ok
13:32:08.0552 3836 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:32:08.0568 3836 iaStor - ok
13:32:08.0630 3836 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:32:08.0646 3836 IAStorDataMgrSvc - ok
13:32:08.0661 3836 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:32:08.0677 3836 iaStorV - ok
13:32:08.0724 3836 [ 5534E14EF27EBE8563CDBCE6B88501A3 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
13:32:08.0739 3836 IDMWFP - ok
13:32:08.0771 3836 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:32:08.0802 3836 idsvc - ok
13:32:08.0958 3836 [ BC610ABB825504272364EFE4C831E672 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:32:09.0051 3836 igfx - ok
13:32:09.0083 3836 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:32:09.0083 3836 iirsp - ok
13:32:09.0114 3836 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:32:09.0145 3836 IKEEXT - ok
13:32:09.0207 3836 [ C03463214D23B46B991F582821C8DF69 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:32:09.0239 3836 IntcAzAudAddService - ok
13:32:09.0254 3836 [ 4429B91B0FE91F9BE8E24E93CC960368 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
13:32:09.0254 3836 IntcDAud - ok
13:32:09.0270 3836 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:32:09.0285 3836 intelide - ok
13:32:09.0301 3836 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:32:09.0317 3836 intelppm - ok
13:32:09.0332 3836 [ 068EC06F3B6DD7B81B365D8FD2CE27E6 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
13:32:09.0332 3836 Intel® PROSet Monitoring Service - ok
13:32:09.0348 3836 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:32:09.0379 3836 IPBusEnum - ok
13:32:09.0395 3836 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:32:09.0426 3836 IpFilterDriver - ok
13:32:09.0457 3836 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:32:09.0488 3836 iphlpsvc - ok
13:32:09.0519 3836 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:32:09.0519 3836 IPMIDRV - ok
13:32:09.0535 3836 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:32:09.0566 3836 IPNAT - ok
13:32:09.0582 3836 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:32:09.0613 3836 IRENUM - ok
13:32:09.0613 3836 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:32:09.0629 3836 isapnp - ok
13:32:09.0644 3836 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:32:09.0660 3836 iScsiPrt - ok
13:32:09.0675 3836 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
13:32:09.0691 3836 ivusb - ok
13:32:09.0707 3836 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:32:09.0707 3836 kbdclass - ok
13:32:09.0722 3836 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:32:09.0738 3836 kbdhid - ok
13:32:09.0753 3836 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:32:09.0769 3836 KeyIso - ok
13:32:09.0769 3836 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:32:09.0785 3836 KSecDD - ok
13:32:09.0785 3836 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:32:09.0800 3836 KSecPkg - ok
13:32:09.0800 3836 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:32:09.0831 3836 ksthunk - ok
13:32:09.0863 3836 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:32:09.0894 3836 KtmRm - ok
13:32:09.0909 3836 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:32:09.0941 3836 LanmanServer - ok
13:32:09.0956 3836 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:32:09.0972 3836 LanmanWorkstation - ok
13:32:10.0003 3836 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:32:10.0050 3836 lltdio - ok
13:32:10.0065 3836 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:32:10.0097 3836 lltdsvc - ok
13:32:10.0097 3836 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:32:10.0128 3836 lmhosts - ok
13:32:10.0159 3836 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:32:10.0175 3836 LMS - ok
13:32:10.0190 3836 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:32:10.0190 3836 LSI_FC - ok
13:32:10.0206 3836 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:32:10.0206 3836 LSI_SAS - ok
13:32:10.0221 3836 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:32:10.0221 3836 LSI_SAS2 - ok
13:32:10.0221 3836 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:32:10.0237 3836 LSI_SCSI - ok
13:32:10.0253 3836 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:32:10.0284 3836 luafv - ok
13:32:10.0284 3836 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:32:10.0299 3836 Mcx2Svc - ok
13:32:10.0315 3836 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:32:10.0331 3836 megasas - ok
13:32:10.0331 3836 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:32:10.0346 3836 MegaSR - ok
13:32:10.0362 3836 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:32:10.0362 3836 MEIx64 - ok
13:32:10.0409 3836 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:32:10.0424 3836 Microsoft Office Groove Audit Service - ok
13:32:10.0424 3836 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:32:10.0471 3836 MMCSS - ok
13:32:10.0487 3836 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:32:10.0518 3836 Modem - ok
13:32:10.0518 3836 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:32:10.0549 3836 monitor - ok
13:32:10.0565 3836 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:32:10.0565 3836 mouclass - ok
13:32:10.0565 3836 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:32:10.0580 3836 mouhid - ok
13:32:10.0611 3836 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:32:10.0611 3836 mountmgr - ok
13:32:10.0658 3836 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:32:10.0674 3836 MozillaMaintenance - ok
13:32:10.0689 3836 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:32:10.0705 3836 mpio - ok
13:32:10.0705 3836 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:32:10.0752 3836 mpsdrv - ok
13:32:10.0783 3836 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:32:10.0814 3836 MpsSvc - ok
13:32:10.0814 3836 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:32:10.0845 3836 MRxDAV - ok
13:32:10.0845 3836 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:32:10.0861 3836 mrxsmb - ok
13:32:10.0877 3836 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:32:10.0892 3836 mrxsmb10 - ok
13:32:10.0892 3836 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:32:10.0908 3836 mrxsmb20 - ok
13:32:10.0908 3836 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:32:10.0923 3836 msahci - ok
13:32:10.0939 3836 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:32:10.0939 3836 msdsm - ok
13:32:10.0955 3836 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:32:10.0970 3836 MSDTC - ok
13:32:10.0986 3836 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:32:11.0001 3836 Msfs - ok
13:32:11.0017 3836 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:32:11.0048 3836 mshidkmdf - ok
13:32:11.0064 3836 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:32:11.0064 3836 msisadrv - ok
13:32:11.0079 3836 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:32:11.0111 3836 MSiSCSI - ok
13:32:11.0111 3836 msiserver - ok
13:32:11.0126 3836 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:32:11.0142 3836 MSKSSRV - ok
13:32:11.0157 3836 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:32:11.0173 3836 MSPCLOCK - ok
13:32:11.0189 3836 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:32:11.0204 3836 MSPQM - ok
13:32:11.0235 3836 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:32:11.0235 3836 MsRPC - ok
13:32:11.0251 3836 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:32:11.0251 3836 mssmbios - ok
13:32:11.0267 3836 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:32:11.0282 3836 MSTEE - ok
13:32:11.0298 3836 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:32:11.0298 3836 MTConfig - ok
13:32:11.0313 3836 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:32:11.0313 3836 Mup - ok
13:32:11.0345 3836 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:32:11.0376 3836 napagent - ok
13:32:11.0391 3836 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:32:11.0407 3836 NativeWifiP - ok
13:32:11.0438 3836 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:32:11.0454 3836 NDIS - ok
13:32:11.0454 3836 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:32:11.0485 3836 NdisCap - ok
13:32:11.0501 3836 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:32:11.0516 3836 NdisTapi - ok
13:32:11.0532 3836 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:32:11.0563 3836 Ndisuio - ok
13:32:11.0563 3836 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:32:11.0594 3836 NdisWan - ok
13:32:11.0610 3836 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:32:11.0625 3836 NDProxy - ok
13:32:11.0625 3836 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:32:11.0657 3836 NetBIOS - ok
13:32:11.0672 3836 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:32:11.0703 3836 NetBT - ok
13:32:11.0703 3836 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:32:11.0719 3836 Netlogon - ok
13:32:11.0750 3836 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:32:11.0766 3836 Netman - ok
13:32:11.0781 3836 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:32:11.0828 3836 netprofm - ok
13:32:11.0844 3836 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:32:11.0859 3836 NetTcpPortSharing - ok
13:32:11.0875 3836 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:32:11.0875 3836 nfrd960 - ok
13:32:11.0891 3836 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:32:11.0922 3836 NlaSvc - ok
13:32:11.0937 3836 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:32:11.0953 3836 Npfs - ok
13:32:11.0953 3836 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:32:11.0984 3836 nsi - ok
13:32:11.0984 3836 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:32:12.0015 3836 nsiproxy - ok
13:32:12.0062 3836 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:32:12.0093 3836 Ntfs - ok
13:32:12.0109 3836 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:32:12.0140 3836 Null - ok
13:32:12.0171 3836 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
13:32:12.0171 3836 nusb3hub - ok
13:32:12.0203 3836 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:32:12.0203 3836 nusb3xhc - ok
13:32:12.0218 3836 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:32:12.0218 3836 nvraid - ok
13:32:12.0234 3836 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:32:12.0234 3836 nvstor - ok
13:32:12.0265 3836 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:32:12.0265 3836 nv_agp - ok
13:32:12.0312 3836 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:32:12.0343 3836 odserv - ok
13:32:12.0343 3836 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:32:12.0359 3836 ohci1394 - ok
13:32:12.0390 3836 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:32:12.0390 3836 ose - ok
13:32:12.0405 3836 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:32:12.0421 3836 p2pimsvc - ok
13:32:12.0437 3836 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:32:12.0452 3836 p2psvc - ok
13:32:12.0468 3836 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:32:12.0468 3836 Parport - ok
13:32:12.0499 3836 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:32:12.0499 3836 partmgr - ok
13:32:12.0515 3836 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:32:12.0546 3836 PcaSvc - ok
13:32:12.0561 3836 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:32:12.0561 3836 pci - ok
13:32:12.0577 3836 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:32:12.0577 3836 pciide - ok
13:32:12.0577 3836 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:32:12.0593 3836 pcmcia - ok
13:32:12.0593 3836 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:32:12.0608 3836 pcw - ok
13:32:12.0608 3836 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:32:12.0639 3836 PEAUTH - ok
13:32:12.0671 3836 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:32:12.0702 3836 PeerDistSvc - ok
13:32:12.0749 3836 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:32:12.0764 3836 PerfHost - ok
13:32:12.0811 3836 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:32:12.0873 3836 pla - ok
13:32:12.0920 3836 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:32:12.0936 3836 PlugPlay - ok
13:32:12.0951 3836 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:32:12.0967 3836 PNRPAutoReg - ok
13:32:12.0967 3836 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:32:12.0983 3836 PNRPsvc - ok
13:32:12.0998 3836 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:32:13.0014 3836 PolicyAgent - ok
13:32:13.0029 3836 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:32:13.0061 3836 Power - ok
13:32:13.0076 3836 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:32:13.0092 3836 PptpMiniport - ok
13:32:13.0107 3836 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:32:13.0123 3836 Processor - ok
13:32:13.0154 3836 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:32:13.0170 3836 ProfSvc - ok
13:32:13.0185 3836 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:32:13.0185 3836 ProtectedStorage - ok
13:32:13.0185 3836 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:32:13.0217 3836 Psched - ok
13:32:13.0248 3836 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:32:13.0263 3836 ql2300 - ok
13:32:13.0279 3836 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:32:13.0279 3836 ql40xx - ok
13:32:13.0295 3836 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:32:13.0310 3836 QWAVE - ok
13:32:13.0326 3836 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:32:13.0326 3836 QWAVEdrv - ok
13:32:13.0341 3836 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:32:13.0357 3836 RasAcd - ok
13:32:13.0373 3836 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:32:13.0404 3836 RasAgileVpn - ok
13:32:13.0404 3836 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:32:13.0435 3836 RasAuto - ok
13:32:13.0451 3836 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:32:13.0466 3836 Rasl2tp - ok
13:32:13.0482 3836 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:32:13.0529 3836 RasMan - ok
13:32:13.0544 3836 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:32:13.0560 3836 RasPppoe - ok
13:32:13.0575 3836 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:32:13.0591 3836 RasSstp - ok
13:32:13.0622 3836 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:32:13.0638 3836 rdbss - ok
13:32:13.0653 3836 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:32:13.0685 3836 rdpbus - ok
13:32:13.0716 3836 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:32:13.0747 3836 RDPCDD - ok
13:32:13.0763 3836 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:32:13.0763 3836 RDPDR - ok
13:32:13.0778 3836 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:32:13.0794 3836 RDPENCDD - ok
13:32:13.0809 3836 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:32:13.0825 3836 RDPREFMP - ok
13:32:13.0841 3836 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:32:13.0856 3836 RdpVideoMiniport - ok
13:32:13.0872 3836 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:32:13.0872 3836 RDPWD - ok
13:32:13.0903 3836 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:32:13.0903 3836 rdyboost - ok
13:32:13.0919 3836 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:32:13.0950 3836 RemoteAccess - ok
13:32:13.0965 3836 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:32:13.0981 3836 RemoteRegistry - ok
13:32:13.0997 3836 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:32:14.0012 3836 RpcEptMapper - ok
13:32:14.0028 3836 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:32:14.0043 3836 RpcLocator - ok
13:32:14.0059 3836 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:32:14.0075 3836 RpcSs - ok
13:32:14.0090 3836 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:32:14.0121 3836 rspndr - ok
13:32:14.0137 3836 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:32:14.0137 3836 s3cap - ok
13:32:14.0153 3836 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:32:14.0168 3836 SamSs - ok
13:32:14.0168 3836 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:32:14.0184 3836 sbp2port - ok
13:32:14.0199 3836 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:32:14.0215 3836 SCardSvr - ok
13:32:14.0231 3836 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:32:14.0246 3836 scfilter - ok
13:32:14.0262 3836 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:32:14.0309 3836 Schedule - ok
13:32:14.0309 3836 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:32:14.0324 3836 SCPolicySvc - ok
13:32:14.0340 3836 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:32:14.0355 3836 SDRSVC - ok
13:32:14.0355 3836 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:32:14.0371 3836 secdrv - ok
13:32:14.0387 3836 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:32:14.0402 3836 seclogon - ok
13:32:14.0418 3836 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:32:14.0433 3836 SENS - ok
13:32:14.0449 3836 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:32:14.0465 3836 SensrSvc - ok
13:32:14.0480 3836 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:32:14.0496 3836 Serenum - ok
13:32:14.0511 3836 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:32:14.0527 3836 Serial - ok
13:32:14.0558 3836 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:32:14.0574 3836 sermouse - ok
13:32:14.0589 3836 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:32:14.0621 3836 SessionEnv - ok
13:32:14.0636 3836 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:32:14.0652 3836 sffdisk - ok
13:32:14.0652 3836 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:32:14.0667 3836 sffp_mmc - ok
13:32:14.0667 3836 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:32:14.0683 3836 sffp_sd - ok
13:32:14.0699 3836 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:32:14.0699 3836 sfloppy - ok
13:32:14.0730 3836 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:32:14.0761 3836 SharedAccess - ok
13:32:14.0792 3836 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:32:14.0823 3836 ShellHWDetection - ok
13:32:14.0839 3836 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:32:14.0839 3836 SiSRaid2 - ok
13:32:14.0839 3836 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:32:14.0855 3836 SiSRaid4 - ok
13:32:14.0870 3836 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:32:14.0886 3836 Smb - ok
13:32:14.0901 3836 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:32:14.0917 3836 SNMPTRAP - ok
13:32:14.0917 3836 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:32:14.0933 3836 spldr - ok
13:32:14.0948 3836 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:32:14.0964 3836 Spooler - ok
13:32:15.0026 3836 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:32:15.0120 3836 sppsvc - ok
13:32:15.0135 3836 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:32:15.0151 3836 sppuinotify - ok
13:32:15.0182 3836 [ 51DE15CA5C05BCA46D8B110CD00A02FB ] sptd C:\Windows\system32\Drivers\sptd.sys
13:32:15.0182 3836 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51DE15CA5C05BCA46D8B110CD00A02FB
13:32:15.0182 3836 sptd ( LockedFile.Multi.Generic ) - warning
13:32:15.0182 3836 sptd - detected LockedFile.Multi.Generic (1)
13:32:15.0213 3836 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:32:15.0245 3836 srv - ok
13:32:15.0245 3836 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:32:15.0260 3836 srv2 - ok
13:32:15.0276 3836 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:32:15.0276 3836 srvnet - ok
13:32:15.0291 3836 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:32:15.0338 3836 SSDPSRV - ok
13:32:15.0338 3836 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:32:15.0369 3836 SstpSvc - ok
13:32:15.0416 3836 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
13:32:15.0416 3836 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
13:32:15.0416 3836 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
13:32:15.0432 3836 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:32:15.0447 3836 stexstor - ok
13:32:15.0463 3836 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:32:15.0479 3836 stisvc - ok
13:32:15.0510 3836 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:32:15.0510 3836 storflt - ok
13:32:15.0525 3836 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:32:15.0525 3836 storvsc - ok
13:32:15.0541 3836 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:32:15.0557 3836 swenum - ok
13:32:15.0557 3836 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:32:15.0603 3836 swprv - ok
13:32:15.0603 3836 Synth3dVsc - ok
13:32:15.0635 3836 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:32:15.0697 3836 SysMain - ok
13:32:15.0697 3836 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:32:15.0713 3836 TabletInputService - ok
13:32:15.0744 3836 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:32:15.0775 3836 TapiSrv - ok
13:32:15.0791 3836 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:32:15.0806 3836 TBS - ok
13:32:15.0853 3836 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:32:15.0884 3836 Tcpip - ok
13:32:15.0915 3836 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:32:15.0947 3836 TCPIP6 - ok
13:32:15.0962 3836 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:32:15.0978 3836 tcpipreg - ok
13:32:15.0993 3836 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:32:15.0993 3836 TDPIPE - ok
13:32:16.0009 3836 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:32:16.0009 3836 TDTCP - ok
13:32:16.0025 3836 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:32:16.0056 3836 tdx - ok
13:32:16.0071 3836 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:32:16.0071 3836 TermDD - ok
13:32:16.0103 3836 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:32:16.0134 3836 TermService - ok
13:32:16.0134 3836 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:32:16.0149 3836 Themes - ok
13:32:16.0149 3836 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:32:16.0181 3836 THREADORDER - ok
13:32:16.0181 3836 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:32:16.0212 3836 TrkWks - ok
13:32:16.0243 3836 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:32:16.0290 3836 TrustedInstaller - ok
13:32:16.0305 3836 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:32:16.0321 3836 tssecsrv - ok
13:32:16.0337 3836 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:32:16.0352 3836 TsUsbFlt - ok
13:32:16.0352 3836 tsusbhub - ok
13:32:16.0368 3836 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:32:16.0383 3836 tunnel - ok
13:32:16.0399 3836 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:32:16.0399 3836 uagp35 - ok
13:32:16.0415 3836 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:32:16.0446 3836 udfs - ok
13:32:16.0446 3836 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:32:16.0461 3836 UI0Detect - ok
13:32:16.0477 3836 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:32:16.0477 3836 uliagpkx - ok
13:32:16.0508 3836 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:32:16.0524 3836 umbus - ok
13:32:16.0524 3836 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:32:16.0539 3836 UmPass - ok
13:32:16.0539 3836 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:32:16.0555 3836 UmRdpService - ok
13:32:16.0617 3836 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:32:16.0664 3836 UNS - ok
13:32:16.0680 3836 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:32:16.0695 3836 upnphost - ok
13:32:16.0711 3836 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:32:16.0727 3836 usbccgp - ok
13:32:16.0727 3836 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:32:16.0742 3836 usbcir - ok
13:32:16.0742 3836 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:32:16.0758 3836 usbehci - ok
13:32:16.0773 3836 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:32:16.0789 3836 usbhub - ok
13:32:16.0789 3836 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:32:16.0805 3836 usbohci - ok
13:32:16.0820 3836 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:32:16.0836 3836 usbprint - ok
13:32:16.0851 3836 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:32:16.0851 3836 USBSTOR - ok
13:32:16.0867 3836 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:32:16.0883 3836 usbuhci - ok
13:32:16.0883 3836 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:32:16.0914 3836 UxSms - ok
13:32:16.0929 3836 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:32:16.0929 3836 VaultSvc - ok
13:32:16.0961 3836 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:32:16.0961 3836 vdrvroot - ok
13:32:16.0976 3836 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:32:17.0007 3836 vds - ok
13:32:17.0023 3836 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:32:17.0023 3836 vga - ok
13:32:17.0039 3836 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:32:17.0070 3836 VgaSave - ok
13:32:17.0070 3836 VGPU - ok
13:32:17.0085 3836 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:32:17.0085 3836 vhdmp - ok
13:32:17.0101 3836 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:32:17.0117 3836 viaide - ok
13:32:17.0117 3836 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:32:17.0132 3836 vmbus - ok
13:32:17.0132 3836 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:32:17.0148 3836 VMBusHID - ok
13:32:17.0163 3836 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:32:17.0179 3836 volmgr - ok
13:32:17.0179 3836 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:32:17.0195 3836 volmgrx - ok
13:32:17.0195 3836 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:32:17.0210 3836 volsnap - ok
13:32:17.0226 3836 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:32:17.0226 3836 vsmraid - ok
13:32:17.0257 3836 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:32:17.0304 3836 VSS - ok
13:32:17.0319 3836 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:32:17.0335 3836 vwifibus - ok
13:32:17.0382 3836 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:32:17.0413 3836 W32Time - ok
13:32:17.0413 3836 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:32:17.0429 3836 WacomPen - ok
13:32:17.0460 3836 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:32:17.0475 3836 WANARP - ok
13:32:17.0475 3836 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:32:17.0507 3836 Wanarpv6 - ok
13:32:17.0522 3836 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:32:17.0538 3836 WatAdminSvc - ok
13:32:17.0569 3836 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:32:17.0600 3836 wbengine - ok
13:32:17.0616 3836 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:32:17.0631 3836 WbioSrvc - ok
13:32:17.0647 3836 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:32:17.0647 3836 wcncsvc - ok
13:32:17.0663 3836 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:32:17.0678 3836 WcsPlugInService - ok
13:32:17.0678 3836 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:32:17.0694 3836 Wd - ok
13:32:17.0709 3836 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:32:17.0709 3836 Wdf01000 - ok
13:32:17.0725 3836 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:32:17.0741 3836 WdiServiceHost - ok
13:32:17.0741 3836 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:32:17.0756 3836 WdiSystemHost - ok
13:32:17.0756 3836 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:32:17.0772 3836 WebClient - ok
13:32:17.0787 3836 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:32:17.0819 3836 Wecsvc - ok
13:32:17.0834 3836 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:32:17.0850 3836 wercplsupport - ok
13:32:17.0865 3836 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:32:17.0897 3836 WerSvc - ok
13:32:17.0897 3836 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:32:17.0928 3836 WfpLwf - ok
13:32:17.0928 3836 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:32:17.0943 3836 WIMMount - ok
13:32:17.0943 3836 WinDefend - ok
13:32:17.0943 3836 WinHttpAutoProxySvc - ok
13:32:17.0990 3836 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:32:18.0006 3836 Winmgmt - ok
13:32:18.0037 3836 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:32:18.0084 3836 WinRM - ok
13:32:18.0115 3836 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:32:18.0146 3836 WinUsb - ok
13:32:18.0162 3836 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:32:18.0177 3836 Wlansvc - ok
13:32:18.0193 3836 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:32:18.0193 3836 WmiAcpi - ok
13:32:18.0209 3836 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:32:18.0224 3836 wmiApSrv - ok
13:32:18.0240 3836 WMPNetworkSvc - ok
13:32:18.0255 3836 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:32:18.0255 3836 WPCSvc - ok
13:32:18.0271 3836 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:32:18.0287 3836 WPDBusEnum - ok
13:32:18.0287 3836 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:32:18.0318 3836 ws2ifsl - ok
13:32:18.0333 3836 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:32:18.0333 3836 wscsvc - ok
13:32:18.0349 3836 WSearch - ok
13:32:18.0396 3836 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:32:18.0443 3836 wuauserv - ok
13:32:18.0458 3836 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:32:18.0474 3836 WudfPf - ok
13:32:18.0489 3836 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:32:18.0505 3836 WUDFRd - ok
13:32:18.0521 3836 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:32:18.0552 3836 wudfsvc - ok
13:32:18.0552 3836 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:32:18.0583 3836 WwanSvc - ok
13:32:18.0583 3836 ================ Scan global ===============================
13:32:18.0614 3836 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:32:18.0630 3836 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:32:18.0645 3836 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:32:18.0661 3836 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:32:18.0692 3836 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:32:18.0692 3836 [Global] - ok
13:32:18.0692 3836 ================ Scan MBR ==================================
13:32:18.0708 3836 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:32:18.0989 3836 \Device\Harddisk0\DR0 - ok
13:32:18.0989 3836 ================ Scan VBR ==================================
13:32:18.0989 3836 [ B952D1E99CC68E4F0BAA95DED41B5411 ] \Device\Harddisk0\DR0\Partition1
13:32:18.0989 3836 \Device\Harddisk0\DR0\Partition1 - ok
13:32:19.0020 3836 [ 71D24B60AAE7E1729A17F9B3FBDB48BD ] \Device\Harddisk0\DR0\Partition2
13:32:19.0020 3836 \Device\Harddisk0\DR0\Partition2 - ok
13:32:19.0035 3836 [ 46D73D22C65899A274FBB7A67317F5A5 ] \Device\Harddisk0\DR0\Partition3
13:32:19.0035 3836 \Device\Harddisk0\DR0\Partition3 - ok
13:32:19.0051 3836 [ DFC9A636AD8D6E07A450D4ED967AD35F ] \Device\Harddisk0\DR0\Partition4
13:32:19.0051 3836 \Device\Harddisk0\DR0\Partition4 - ok
13:32:19.0051 3836 ============================================================
13:32:19.0051 3836 Scan finished
13:32:19.0051 3836 ============================================================
13:32:19.0067 4616 Detected object count: 2
13:32:19.0067 4616 Actual detected object count: 2
13:32:51.0272 4616 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:32:51.0272 4616 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:32:51.0272 4616 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
13:32:51.0272 4616 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
tesim se na dalsi instrukce
13:31:29.0817 2652 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:31:30.0067 2652 ============================================================
13:31:30.0067 2652 Current date / time: 2012/09/01 13:31:30.0067
13:31:30.0067 2652 SystemInfo:
13:31:30.0067 2652
13:31:30.0067 2652 OS Version: 6.1.7601 ServicePack: 1.0
13:31:30.0067 2652 Product type: Workstation
13:31:30.0067 2652 ComputerName: PC
13:31:30.0067 2652 UserName: Do Thanh Tung
13:31:30.0067 2652 Windows directory: C:\Windows
13:31:30.0067 2652 System windows directory: C:\Windows
13:31:30.0067 2652 Running under WOW64
13:31:30.0067 2652 Processor architecture: Intel x64
13:31:30.0067 2652 Number of processors: 4
13:31:30.0067 2652 Page size: 0x1000
13:31:30.0067 2652 Boot type: Normal boot
13:31:30.0067 2652 ============================================================
13:31:30.0332 2652 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:31:30.0332 2652 ============================================================
13:31:30.0332 2652 \Device\Harddisk0\DR0:
13:31:30.0332 2652 MBR partitions:
13:31:30.0332 2652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:31:30.0332 2652 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
13:31:30.0332 2652 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x30D40000
13:31:30.0332 2652 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x3D090000, BlocksNum 0x1A4B5800
13:31:30.0332 2652 ============================================================
13:31:30.0348 2652 C: <-> \Device\Harddisk0\DR0\Partition2
13:31:30.0363 2652 D: <-> \Device\Harddisk0\DR0\Partition3
13:31:30.0379 2652 E: <-> \Device\Harddisk0\DR0\Partition4
13:31:30.0379 2652 ============================================================
13:31:30.0379 2652 Initialize success
13:31:30.0379 2652 ============================================================
13:32:03.0857 3836 ============================================================
13:32:03.0857 3836 Scan started
13:32:03.0857 3836 Mode: Manual; SigCheck; TDLFS;
13:32:03.0857 3836 ============================================================
13:32:03.0981 3836 ================ Scan system memory ========================
13:32:03.0981 3836 System memory - ok
13:32:03.0981 3836 ================ Scan services =============================
13:32:04.0106 3836 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:32:04.0169 3836 1394ohci - ok
13:32:04.0231 3836 [ F11D68E40ED62FDB7C460C445F1EC4E5 ] 602XML Updater C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
13:32:04.0247 3836 602XML Updater - ok
13:32:04.0262 3836 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:32:04.0278 3836 ACPI - ok
13:32:04.0293 3836 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:32:04.0325 3836 AcpiPmi - ok
13:32:04.0371 3836 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:32:04.0371 3836 AdobeARMservice - ok
13:32:04.0434 3836 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:32:04.0449 3836 AdobeFlashPlayerUpdateSvc - ok
13:32:04.0465 3836 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:32:04.0496 3836 adp94xx - ok
13:32:04.0512 3836 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:32:04.0527 3836 adpahci - ok
13:32:04.0543 3836 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:32:04.0559 3836 adpu320 - ok
13:32:04.0590 3836 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:32:04.0621 3836 AeLookupSvc - ok
13:32:04.0652 3836 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:32:04.0668 3836 AFD - ok
13:32:04.0699 3836 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:32:04.0699 3836 agp440 - ok
13:32:04.0699 3836 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:32:04.0730 3836 ALG - ok
13:32:04.0730 3836 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:32:04.0746 3836 aliide - ok
13:32:04.0761 3836 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:32:04.0761 3836 amdide - ok
13:32:04.0777 3836 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:32:04.0793 3836 AmdK8 - ok
13:32:04.0808 3836 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:32:04.0824 3836 AmdPPM - ok
13:32:04.0839 3836 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:32:04.0839 3836 amdsata - ok
13:32:04.0855 3836 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:32:04.0855 3836 amdsbs - ok
13:32:04.0871 3836 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:32:04.0886 3836 amdxata - ok
13:32:04.0902 3836 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:32:04.0949 3836 AppID - ok
13:32:04.0964 3836 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:32:04.0980 3836 AppIDSvc - ok
13:32:04.0980 3836 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:32:05.0011 3836 Appinfo - ok
13:32:05.0042 3836 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:32:05.0058 3836 AppMgmt - ok
13:32:05.0058 3836 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:32:05.0073 3836 arc - ok
13:32:05.0089 3836 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:32:05.0105 3836 arcsas - ok
13:32:05.0120 3836 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:32:05.0151 3836 AsyncMac - ok
13:32:05.0167 3836 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:32:05.0167 3836 atapi - ok
13:32:05.0183 3836 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:32:05.0245 3836 AudioEndpointBuilder - ok
13:32:05.0245 3836 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:32:05.0276 3836 AudioSrv - ok
13:32:05.0292 3836 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:32:05.0323 3836 AxInstSV - ok
13:32:05.0339 3836 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:32:05.0354 3836 b06bdrv - ok
13:32:05.0385 3836 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:32:05.0385 3836 b57nd60a - ok
13:32:05.0401 3836 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:32:05.0417 3836 BDESVC - ok
13:32:05.0432 3836 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:32:05.0463 3836 Beep - ok
13:32:05.0495 3836 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:32:05.0526 3836 BFE - ok
13:32:05.0557 3836 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:32:05.0588 3836 BITS - ok
13:32:05.0588 3836 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:32:05.0588 3836 blbdrive - ok
13:32:05.0619 3836 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:32:05.0619 3836 bowser - ok
13:32:05.0635 3836 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:32:05.0635 3836 BrFiltLo - ok
13:32:05.0651 3836 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:32:05.0651 3836 BrFiltUp - ok
13:32:05.0666 3836 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:32:05.0682 3836 Browser - ok
13:32:05.0682 3836 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:32:05.0697 3836 Brserid - ok
13:32:05.0713 3836 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:32:05.0713 3836 BrSerWdm - ok
13:32:05.0729 3836 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:32:05.0744 3836 BrUsbMdm - ok
13:32:05.0760 3836 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:32:05.0775 3836 BrUsbSer - ok
13:32:05.0791 3836 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:32:05.0791 3836 BTHMODEM - ok
13:32:05.0807 3836 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:32:05.0838 3836 bthserv - ok
13:32:05.0838 3836 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:32:05.0869 3836 cdfs - ok
13:32:05.0885 3836 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:32:05.0900 3836 cdrom - ok
13:32:05.0916 3836 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:32:05.0947 3836 CertPropSvc - ok
13:32:05.0947 3836 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:32:05.0963 3836 circlass - ok
13:32:05.0978 3836 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:32:05.0978 3836 CLFS - ok
13:32:06.0041 3836 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:32:06.0056 3836 clr_optimization_v2.0.50727_32 - ok
13:32:06.0072 3836 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:32:06.0087 3836 clr_optimization_v2.0.50727_64 - ok
13:32:06.0119 3836 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:32:06.0134 3836 clr_optimization_v4.0.30319_32 - ok
13:32:06.0150 3836 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:32:06.0165 3836 clr_optimization_v4.0.30319_64 - ok
13:32:06.0181 3836 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:32:06.0197 3836 CmBatt - ok
13:32:06.0212 3836 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:32:06.0228 3836 cmdide - ok
13:32:06.0243 3836 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:32:06.0275 3836 CNG - ok
13:32:06.0290 3836 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:32:06.0290 3836 Compbatt - ok
13:32:06.0321 3836 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:32:06.0337 3836 CompositeBus - ok
13:32:06.0337 3836 COMSysApp - ok
13:32:06.0353 3836 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:32:06.0353 3836 crcdisk - ok
13:32:06.0384 3836 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:32:06.0399 3836 CryptSvc - ok
13:32:06.0431 3836 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:32:06.0462 3836 CSC - ok
13:32:06.0477 3836 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:32:06.0509 3836 CscService - ok
13:32:06.0524 3836 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:32:06.0555 3836 DcomLaunch - ok
13:32:06.0571 3836 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:32:06.0602 3836 defragsvc - ok
13:32:06.0618 3836 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:32:06.0649 3836 DfsC - ok
13:32:06.0649 3836 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:32:06.0680 3836 Dhcp - ok
13:32:06.0680 3836 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:32:06.0711 3836 discache - ok
13:32:06.0711 3836 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:32:06.0727 3836 Disk - ok
13:32:06.0743 3836 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:32:06.0758 3836 Dnscache - ok
13:32:06.0774 3836 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:32:06.0805 3836 dot3svc - ok
13:32:06.0805 3836 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:32:06.0836 3836 DPS - ok
13:32:06.0852 3836 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:32:06.0883 3836 drmkaud - ok
13:32:06.0899 3836 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:32:06.0930 3836 DXGKrnl - ok
13:32:06.0961 3836 [ 6BAFD9819D9FEC2EDBAEBC8493C711A4 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
13:32:06.0977 3836 e1cexpress - ok
13:32:07.0008 3836 [ 13533557D01B88C83110D5CF749F14D7 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
13:32:07.0008 3836 eamonm - ok
13:32:07.0023 3836 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:32:07.0055 3836 EapHost - ok
13:32:07.0101 3836 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:32:07.0133 3836 ebdrv - ok
13:32:07.0133 3836 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:32:07.0148 3836 EFS - ok
13:32:07.0164 3836 [ E097728129E7B79BF1089D7AEF42332B ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
13:32:07.0179 3836 ehdrv - ok
13:32:07.0211 3836 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:32:07.0242 3836 ehRecvr - ok
13:32:07.0257 3836 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:32:07.0273 3836 ehSched - ok
13:32:07.0351 3836 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
13:32:07.0382 3836 ekrn - ok
13:32:07.0398 3836 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:32:07.0413 3836 elxstor - ok
13:32:07.0413 3836 [ 2380976CF8A4A56611F35633ACD2A74F ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
13:32:07.0429 3836 epfwwfpr - ok
13:32:07.0429 3836 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:32:07.0460 3836 ErrDev - ok
13:32:07.0476 3836 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:32:07.0491 3836 EventSystem - ok
13:32:07.0507 3836 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:32:07.0538 3836 exfat - ok
13:32:07.0538 3836 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:32:07.0569 3836 fastfat - ok
13:32:07.0616 3836 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:32:07.0647 3836 Fax - ok
13:32:07.0647 3836 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:32:07.0663 3836 fdc - ok
13:32:07.0694 3836 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:32:07.0725 3836 fdPHost - ok
13:32:07.0725 3836 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:32:07.0741 3836 FDResPub - ok
13:32:07.0757 3836 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:32:07.0757 3836 FileInfo - ok
13:32:07.0772 3836 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:32:07.0788 3836 Filetrace - ok
13:32:07.0803 3836 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:32:07.0819 3836 flpydisk - ok
13:32:07.0835 3836 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:32:07.0850 3836 FltMgr - ok
13:32:07.0881 3836 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:32:07.0897 3836 FontCache - ok
13:32:07.0928 3836 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:32:07.0928 3836 FontCache3.0.0.0 - ok
13:32:07.0928 3836 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:32:07.0944 3836 FsDepends - ok
13:32:07.0959 3836 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:32:07.0959 3836 Fs_Rec - ok
13:32:07.0991 3836 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:32:07.0991 3836 fvevol - ok
13:32:08.0006 3836 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:32:08.0006 3836 gagp30kx - ok
13:32:08.0037 3836 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:32:08.0084 3836 gpsvc - ok
13:32:08.0100 3836 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:32:08.0115 3836 hcw85cir - ok
13:32:08.0147 3836 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:32:08.0147 3836 HdAudAddService - ok
13:32:08.0162 3836 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:32:08.0178 3836 HDAudBus - ok
13:32:08.0178 3836 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:32:08.0193 3836 HidBatt - ok
13:32:08.0209 3836 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:32:08.0225 3836 HidBth - ok
13:32:08.0240 3836 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:32:08.0256 3836 HidIr - ok
13:32:08.0271 3836 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:32:08.0303 3836 hidserv - ok
13:32:08.0303 3836 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:32:08.0318 3836 HidUsb - ok
13:32:08.0318 3836 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:32:08.0349 3836 hkmsvc - ok
13:32:08.0365 3836 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:32:08.0381 3836 HomeGroupListener - ok
13:32:08.0396 3836 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:32:08.0412 3836 HomeGroupProvider - ok
13:32:08.0412 3836 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:32:08.0427 3836 HpSAMD - ok
13:32:08.0443 3836 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:32:08.0474 3836 HTTP - ok
13:32:08.0490 3836 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:32:08.0490 3836 hwpolicy - ok
13:32:08.0505 3836 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:32:08.0521 3836 i8042prt - ok
13:32:08.0552 3836 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:32:08.0568 3836 iaStor - ok
13:32:08.0630 3836 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:32:08.0646 3836 IAStorDataMgrSvc - ok
13:32:08.0661 3836 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:32:08.0677 3836 iaStorV - ok
13:32:08.0724 3836 [ 5534E14EF27EBE8563CDBCE6B88501A3 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
13:32:08.0739 3836 IDMWFP - ok
13:32:08.0771 3836 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:32:08.0802 3836 idsvc - ok
13:32:08.0958 3836 [ BC610ABB825504272364EFE4C831E672 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:32:09.0051 3836 igfx - ok
13:32:09.0083 3836 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:32:09.0083 3836 iirsp - ok
13:32:09.0114 3836 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:32:09.0145 3836 IKEEXT - ok
13:32:09.0207 3836 [ C03463214D23B46B991F582821C8DF69 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:32:09.0239 3836 IntcAzAudAddService - ok
13:32:09.0254 3836 [ 4429B91B0FE91F9BE8E24E93CC960368 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
13:32:09.0254 3836 IntcDAud - ok
13:32:09.0270 3836 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:32:09.0285 3836 intelide - ok
13:32:09.0301 3836 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:32:09.0317 3836 intelppm - ok
13:32:09.0332 3836 [ 068EC06F3B6DD7B81B365D8FD2CE27E6 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
13:32:09.0332 3836 Intel® PROSet Monitoring Service - ok
13:32:09.0348 3836 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:32:09.0379 3836 IPBusEnum - ok
13:32:09.0395 3836 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:32:09.0426 3836 IpFilterDriver - ok
13:32:09.0457 3836 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:32:09.0488 3836 iphlpsvc - ok
13:32:09.0519 3836 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:32:09.0519 3836 IPMIDRV - ok
13:32:09.0535 3836 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:32:09.0566 3836 IPNAT - ok
13:32:09.0582 3836 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:32:09.0613 3836 IRENUM - ok
13:32:09.0613 3836 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:32:09.0629 3836 isapnp - ok
13:32:09.0644 3836 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:32:09.0660 3836 iScsiPrt - ok
13:32:09.0675 3836 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
13:32:09.0691 3836 ivusb - ok
13:32:09.0707 3836 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:32:09.0707 3836 kbdclass - ok
13:32:09.0722 3836 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:32:09.0738 3836 kbdhid - ok
13:32:09.0753 3836 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:32:09.0769 3836 KeyIso - ok
13:32:09.0769 3836 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:32:09.0785 3836 KSecDD - ok
13:32:09.0785 3836 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:32:09.0800 3836 KSecPkg - ok
13:32:09.0800 3836 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:32:09.0831 3836 ksthunk - ok
13:32:09.0863 3836 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:32:09.0894 3836 KtmRm - ok
13:32:09.0909 3836 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:32:09.0941 3836 LanmanServer - ok
13:32:09.0956 3836 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:32:09.0972 3836 LanmanWorkstation - ok
13:32:10.0003 3836 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:32:10.0050 3836 lltdio - ok
13:32:10.0065 3836 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:32:10.0097 3836 lltdsvc - ok
13:32:10.0097 3836 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:32:10.0128 3836 lmhosts - ok
13:32:10.0159 3836 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:32:10.0175 3836 LMS - ok
13:32:10.0190 3836 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:32:10.0190 3836 LSI_FC - ok
13:32:10.0206 3836 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:32:10.0206 3836 LSI_SAS - ok
13:32:10.0221 3836 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:32:10.0221 3836 LSI_SAS2 - ok
13:32:10.0221 3836 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:32:10.0237 3836 LSI_SCSI - ok
13:32:10.0253 3836 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:32:10.0284 3836 luafv - ok
13:32:10.0284 3836 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:32:10.0299 3836 Mcx2Svc - ok
13:32:10.0315 3836 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:32:10.0331 3836 megasas - ok
13:32:10.0331 3836 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:32:10.0346 3836 MegaSR - ok
13:32:10.0362 3836 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:32:10.0362 3836 MEIx64 - ok
13:32:10.0409 3836 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:32:10.0424 3836 Microsoft Office Groove Audit Service - ok
13:32:10.0424 3836 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:32:10.0471 3836 MMCSS - ok
13:32:10.0487 3836 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:32:10.0518 3836 Modem - ok
13:32:10.0518 3836 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:32:10.0549 3836 monitor - ok
13:32:10.0565 3836 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:32:10.0565 3836 mouclass - ok
13:32:10.0565 3836 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:32:10.0580 3836 mouhid - ok
13:32:10.0611 3836 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:32:10.0611 3836 mountmgr - ok
13:32:10.0658 3836 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:32:10.0674 3836 MozillaMaintenance - ok
13:32:10.0689 3836 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:32:10.0705 3836 mpio - ok
13:32:10.0705 3836 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:32:10.0752 3836 mpsdrv - ok
13:32:10.0783 3836 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:32:10.0814 3836 MpsSvc - ok
13:32:10.0814 3836 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:32:10.0845 3836 MRxDAV - ok
13:32:10.0845 3836 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:32:10.0861 3836 mrxsmb - ok
13:32:10.0877 3836 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:32:10.0892 3836 mrxsmb10 - ok
13:32:10.0892 3836 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:32:10.0908 3836 mrxsmb20 - ok
13:32:10.0908 3836 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:32:10.0923 3836 msahci - ok
13:32:10.0939 3836 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:32:10.0939 3836 msdsm - ok
13:32:10.0955 3836 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:32:10.0970 3836 MSDTC - ok
13:32:10.0986 3836 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:32:11.0001 3836 Msfs - ok
13:32:11.0017 3836 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:32:11.0048 3836 mshidkmdf - ok
13:32:11.0064 3836 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:32:11.0064 3836 msisadrv - ok
13:32:11.0079 3836 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:32:11.0111 3836 MSiSCSI - ok
13:32:11.0111 3836 msiserver - ok
13:32:11.0126 3836 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:32:11.0142 3836 MSKSSRV - ok
13:32:11.0157 3836 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:32:11.0173 3836 MSPCLOCK - ok
13:32:11.0189 3836 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:32:11.0204 3836 MSPQM - ok
13:32:11.0235 3836 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:32:11.0235 3836 MsRPC - ok
13:32:11.0251 3836 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:32:11.0251 3836 mssmbios - ok
13:32:11.0267 3836 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:32:11.0282 3836 MSTEE - ok
13:32:11.0298 3836 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:32:11.0298 3836 MTConfig - ok
13:32:11.0313 3836 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:32:11.0313 3836 Mup - ok
13:32:11.0345 3836 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:32:11.0376 3836 napagent - ok
13:32:11.0391 3836 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:32:11.0407 3836 NativeWifiP - ok
13:32:11.0438 3836 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:32:11.0454 3836 NDIS - ok
13:32:11.0454 3836 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:32:11.0485 3836 NdisCap - ok
13:32:11.0501 3836 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:32:11.0516 3836 NdisTapi - ok
13:32:11.0532 3836 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:32:11.0563 3836 Ndisuio - ok
13:32:11.0563 3836 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:32:11.0594 3836 NdisWan - ok
13:32:11.0610 3836 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:32:11.0625 3836 NDProxy - ok
13:32:11.0625 3836 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:32:11.0657 3836 NetBIOS - ok
13:32:11.0672 3836 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:32:11.0703 3836 NetBT - ok
13:32:11.0703 3836 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:32:11.0719 3836 Netlogon - ok
13:32:11.0750 3836 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:32:11.0766 3836 Netman - ok
13:32:11.0781 3836 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:32:11.0828 3836 netprofm - ok
13:32:11.0844 3836 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:32:11.0859 3836 NetTcpPortSharing - ok
13:32:11.0875 3836 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:32:11.0875 3836 nfrd960 - ok
13:32:11.0891 3836 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:32:11.0922 3836 NlaSvc - ok
13:32:11.0937 3836 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:32:11.0953 3836 Npfs - ok
13:32:11.0953 3836 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:32:11.0984 3836 nsi - ok
13:32:11.0984 3836 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:32:12.0015 3836 nsiproxy - ok
13:32:12.0062 3836 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:32:12.0093 3836 Ntfs - ok
13:32:12.0109 3836 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:32:12.0140 3836 Null - ok
13:32:12.0171 3836 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
13:32:12.0171 3836 nusb3hub - ok
13:32:12.0203 3836 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:32:12.0203 3836 nusb3xhc - ok
13:32:12.0218 3836 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:32:12.0218 3836 nvraid - ok
13:32:12.0234 3836 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:32:12.0234 3836 nvstor - ok
13:32:12.0265 3836 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:32:12.0265 3836 nv_agp - ok
13:32:12.0312 3836 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:32:12.0343 3836 odserv - ok
13:32:12.0343 3836 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:32:12.0359 3836 ohci1394 - ok
13:32:12.0390 3836 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:32:12.0390 3836 ose - ok
13:32:12.0405 3836 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:32:12.0421 3836 p2pimsvc - ok
13:32:12.0437 3836 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:32:12.0452 3836 p2psvc - ok
13:32:12.0468 3836 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:32:12.0468 3836 Parport - ok
13:32:12.0499 3836 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:32:12.0499 3836 partmgr - ok
13:32:12.0515 3836 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:32:12.0546 3836 PcaSvc - ok
13:32:12.0561 3836 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:32:12.0561 3836 pci - ok
13:32:12.0577 3836 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:32:12.0577 3836 pciide - ok
13:32:12.0577 3836 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:32:12.0593 3836 pcmcia - ok
13:32:12.0593 3836 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:32:12.0608 3836 pcw - ok
13:32:12.0608 3836 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:32:12.0639 3836 PEAUTH - ok
13:32:12.0671 3836 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:32:12.0702 3836 PeerDistSvc - ok
13:32:12.0749 3836 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:32:12.0764 3836 PerfHost - ok
13:32:12.0811 3836 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:32:12.0873 3836 pla - ok
13:32:12.0920 3836 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:32:12.0936 3836 PlugPlay - ok
13:32:12.0951 3836 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:32:12.0967 3836 PNRPAutoReg - ok
13:32:12.0967 3836 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:32:12.0983 3836 PNRPsvc - ok
13:32:12.0998 3836 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:32:13.0014 3836 PolicyAgent - ok
13:32:13.0029 3836 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:32:13.0061 3836 Power - ok
13:32:13.0076 3836 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:32:13.0092 3836 PptpMiniport - ok
13:32:13.0107 3836 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:32:13.0123 3836 Processor - ok
13:32:13.0154 3836 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:32:13.0170 3836 ProfSvc - ok
13:32:13.0185 3836 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:32:13.0185 3836 ProtectedStorage - ok
13:32:13.0185 3836 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:32:13.0217 3836 Psched - ok
13:32:13.0248 3836 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:32:13.0263 3836 ql2300 - ok
13:32:13.0279 3836 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:32:13.0279 3836 ql40xx - ok
13:32:13.0295 3836 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:32:13.0310 3836 QWAVE - ok
13:32:13.0326 3836 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:32:13.0326 3836 QWAVEdrv - ok
13:32:13.0341 3836 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:32:13.0357 3836 RasAcd - ok
13:32:13.0373 3836 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:32:13.0404 3836 RasAgileVpn - ok
13:32:13.0404 3836 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:32:13.0435 3836 RasAuto - ok
13:32:13.0451 3836 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:32:13.0466 3836 Rasl2tp - ok
13:32:13.0482 3836 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:32:13.0529 3836 RasMan - ok
13:32:13.0544 3836 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:32:13.0560 3836 RasPppoe - ok
13:32:13.0575 3836 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:32:13.0591 3836 RasSstp - ok
13:32:13.0622 3836 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:32:13.0638 3836 rdbss - ok
13:32:13.0653 3836 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:32:13.0685 3836 rdpbus - ok
13:32:13.0716 3836 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:32:13.0747 3836 RDPCDD - ok
13:32:13.0763 3836 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:32:13.0763 3836 RDPDR - ok
13:32:13.0778 3836 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:32:13.0794 3836 RDPENCDD - ok
13:32:13.0809 3836 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:32:13.0825 3836 RDPREFMP - ok
13:32:13.0841 3836 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:32:13.0856 3836 RdpVideoMiniport - ok
13:32:13.0872 3836 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:32:13.0872 3836 RDPWD - ok
13:32:13.0903 3836 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:32:13.0903 3836 rdyboost - ok
13:32:13.0919 3836 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:32:13.0950 3836 RemoteAccess - ok
13:32:13.0965 3836 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:32:13.0981 3836 RemoteRegistry - ok
13:32:13.0997 3836 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:32:14.0012 3836 RpcEptMapper - ok
13:32:14.0028 3836 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:32:14.0043 3836 RpcLocator - ok
13:32:14.0059 3836 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:32:14.0075 3836 RpcSs - ok
13:32:14.0090 3836 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:32:14.0121 3836 rspndr - ok
13:32:14.0137 3836 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:32:14.0137 3836 s3cap - ok
13:32:14.0153 3836 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:32:14.0168 3836 SamSs - ok
13:32:14.0168 3836 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:32:14.0184 3836 sbp2port - ok
13:32:14.0199 3836 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:32:14.0215 3836 SCardSvr - ok
13:32:14.0231 3836 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:32:14.0246 3836 scfilter - ok
13:32:14.0262 3836 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:32:14.0309 3836 Schedule - ok
13:32:14.0309 3836 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:32:14.0324 3836 SCPolicySvc - ok
13:32:14.0340 3836 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:32:14.0355 3836 SDRSVC - ok
13:32:14.0355 3836 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:32:14.0371 3836 secdrv - ok
13:32:14.0387 3836 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:32:14.0402 3836 seclogon - ok
13:32:14.0418 3836 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:32:14.0433 3836 SENS - ok
13:32:14.0449 3836 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:32:14.0465 3836 SensrSvc - ok
13:32:14.0480 3836 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:32:14.0496 3836 Serenum - ok
13:32:14.0511 3836 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:32:14.0527 3836 Serial - ok
13:32:14.0558 3836 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:32:14.0574 3836 sermouse - ok
13:32:14.0589 3836 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:32:14.0621 3836 SessionEnv - ok
13:32:14.0636 3836 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:32:14.0652 3836 sffdisk - ok
13:32:14.0652 3836 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:32:14.0667 3836 sffp_mmc - ok
13:32:14.0667 3836 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:32:14.0683 3836 sffp_sd - ok
13:32:14.0699 3836 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:32:14.0699 3836 sfloppy - ok
13:32:14.0730 3836 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:32:14.0761 3836 SharedAccess - ok
13:32:14.0792 3836 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:32:14.0823 3836 ShellHWDetection - ok
13:32:14.0839 3836 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:32:14.0839 3836 SiSRaid2 - ok
13:32:14.0839 3836 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:32:14.0855 3836 SiSRaid4 - ok
13:32:14.0870 3836 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:32:14.0886 3836 Smb - ok
13:32:14.0901 3836 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:32:14.0917 3836 SNMPTRAP - ok
13:32:14.0917 3836 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:32:14.0933 3836 spldr - ok
13:32:14.0948 3836 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:32:14.0964 3836 Spooler - ok
13:32:15.0026 3836 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:32:15.0120 3836 sppsvc - ok
13:32:15.0135 3836 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:32:15.0151 3836 sppuinotify - ok
13:32:15.0182 3836 [ 51DE15CA5C05BCA46D8B110CD00A02FB ] sptd C:\Windows\system32\Drivers\sptd.sys
13:32:15.0182 3836 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51DE15CA5C05BCA46D8B110CD00A02FB
13:32:15.0182 3836 sptd ( LockedFile.Multi.Generic ) - warning
13:32:15.0182 3836 sptd - detected LockedFile.Multi.Generic (1)
13:32:15.0213 3836 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:32:15.0245 3836 srv - ok
13:32:15.0245 3836 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:32:15.0260 3836 srv2 - ok
13:32:15.0276 3836 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:32:15.0276 3836 srvnet - ok
13:32:15.0291 3836 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:32:15.0338 3836 SSDPSRV - ok
13:32:15.0338 3836 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:32:15.0369 3836 SstpSvc - ok
13:32:15.0416 3836 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
13:32:15.0416 3836 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
13:32:15.0416 3836 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
13:32:15.0432 3836 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:32:15.0447 3836 stexstor - ok
13:32:15.0463 3836 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:32:15.0479 3836 stisvc - ok
13:32:15.0510 3836 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:32:15.0510 3836 storflt - ok
13:32:15.0525 3836 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:32:15.0525 3836 storvsc - ok
13:32:15.0541 3836 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:32:15.0557 3836 swenum - ok
13:32:15.0557 3836 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:32:15.0603 3836 swprv - ok
13:32:15.0603 3836 Synth3dVsc - ok
13:32:15.0635 3836 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:32:15.0697 3836 SysMain - ok
13:32:15.0697 3836 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:32:15.0713 3836 TabletInputService - ok
13:32:15.0744 3836 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:32:15.0775 3836 TapiSrv - ok
13:32:15.0791 3836 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:32:15.0806 3836 TBS - ok
13:32:15.0853 3836 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:32:15.0884 3836 Tcpip - ok
13:32:15.0915 3836 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:32:15.0947 3836 TCPIP6 - ok
13:32:15.0962 3836 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:32:15.0978 3836 tcpipreg - ok
13:32:15.0993 3836 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:32:15.0993 3836 TDPIPE - ok
13:32:16.0009 3836 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:32:16.0009 3836 TDTCP - ok
13:32:16.0025 3836 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:32:16.0056 3836 tdx - ok
13:32:16.0071 3836 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:32:16.0071 3836 TermDD - ok
13:32:16.0103 3836 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:32:16.0134 3836 TermService - ok
13:32:16.0134 3836 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:32:16.0149 3836 Themes - ok
13:32:16.0149 3836 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:32:16.0181 3836 THREADORDER - ok
13:32:16.0181 3836 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:32:16.0212 3836 TrkWks - ok
13:32:16.0243 3836 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:32:16.0290 3836 TrustedInstaller - ok
13:32:16.0305 3836 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:32:16.0321 3836 tssecsrv - ok
13:32:16.0337 3836 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:32:16.0352 3836 TsUsbFlt - ok
13:32:16.0352 3836 tsusbhub - ok
13:32:16.0368 3836 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:32:16.0383 3836 tunnel - ok
13:32:16.0399 3836 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:32:16.0399 3836 uagp35 - ok
13:32:16.0415 3836 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:32:16.0446 3836 udfs - ok
13:32:16.0446 3836 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:32:16.0461 3836 UI0Detect - ok
13:32:16.0477 3836 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:32:16.0477 3836 uliagpkx - ok
13:32:16.0508 3836 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:32:16.0524 3836 umbus - ok
13:32:16.0524 3836 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:32:16.0539 3836 UmPass - ok
13:32:16.0539 3836 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:32:16.0555 3836 UmRdpService - ok
13:32:16.0617 3836 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:32:16.0664 3836 UNS - ok
13:32:16.0680 3836 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:32:16.0695 3836 upnphost - ok
13:32:16.0711 3836 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:32:16.0727 3836 usbccgp - ok
13:32:16.0727 3836 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:32:16.0742 3836 usbcir - ok
13:32:16.0742 3836 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:32:16.0758 3836 usbehci - ok
13:32:16.0773 3836 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:32:16.0789 3836 usbhub - ok
13:32:16.0789 3836 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:32:16.0805 3836 usbohci - ok
13:32:16.0820 3836 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:32:16.0836 3836 usbprint - ok
13:32:16.0851 3836 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:32:16.0851 3836 USBSTOR - ok
13:32:16.0867 3836 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:32:16.0883 3836 usbuhci - ok
13:32:16.0883 3836 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:32:16.0914 3836 UxSms - ok
13:32:16.0929 3836 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:32:16.0929 3836 VaultSvc - ok
13:32:16.0961 3836 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:32:16.0961 3836 vdrvroot - ok
13:32:16.0976 3836 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:32:17.0007 3836 vds - ok
13:32:17.0023 3836 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:32:17.0023 3836 vga - ok
13:32:17.0039 3836 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:32:17.0070 3836 VgaSave - ok
13:32:17.0070 3836 VGPU - ok
13:32:17.0085 3836 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:32:17.0085 3836 vhdmp - ok
13:32:17.0101 3836 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:32:17.0117 3836 viaide - ok
13:32:17.0117 3836 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:32:17.0132 3836 vmbus - ok
13:32:17.0132 3836 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:32:17.0148 3836 VMBusHID - ok
13:32:17.0163 3836 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:32:17.0179 3836 volmgr - ok
13:32:17.0179 3836 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:32:17.0195 3836 volmgrx - ok
13:32:17.0195 3836 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:32:17.0210 3836 volsnap - ok
13:32:17.0226 3836 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:32:17.0226 3836 vsmraid - ok
13:32:17.0257 3836 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:32:17.0304 3836 VSS - ok
13:32:17.0319 3836 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:32:17.0335 3836 vwifibus - ok
13:32:17.0382 3836 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:32:17.0413 3836 W32Time - ok
13:32:17.0413 3836 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:32:17.0429 3836 WacomPen - ok
13:32:17.0460 3836 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:32:17.0475 3836 WANARP - ok
13:32:17.0475 3836 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:32:17.0507 3836 Wanarpv6 - ok
13:32:17.0522 3836 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:32:17.0538 3836 WatAdminSvc - ok
13:32:17.0569 3836 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:32:17.0600 3836 wbengine - ok
13:32:17.0616 3836 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:32:17.0631 3836 WbioSrvc - ok
13:32:17.0647 3836 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:32:17.0647 3836 wcncsvc - ok
13:32:17.0663 3836 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:32:17.0678 3836 WcsPlugInService - ok
13:32:17.0678 3836 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:32:17.0694 3836 Wd - ok
13:32:17.0709 3836 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:32:17.0709 3836 Wdf01000 - ok
13:32:17.0725 3836 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:32:17.0741 3836 WdiServiceHost - ok
13:32:17.0741 3836 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:32:17.0756 3836 WdiSystemHost - ok
13:32:17.0756 3836 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:32:17.0772 3836 WebClient - ok
13:32:17.0787 3836 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:32:17.0819 3836 Wecsvc - ok
13:32:17.0834 3836 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:32:17.0850 3836 wercplsupport - ok
13:32:17.0865 3836 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:32:17.0897 3836 WerSvc - ok
13:32:17.0897 3836 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:32:17.0928 3836 WfpLwf - ok
13:32:17.0928 3836 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:32:17.0943 3836 WIMMount - ok
13:32:17.0943 3836 WinDefend - ok
13:32:17.0943 3836 WinHttpAutoProxySvc - ok
13:32:17.0990 3836 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:32:18.0006 3836 Winmgmt - ok
13:32:18.0037 3836 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:32:18.0084 3836 WinRM - ok
13:32:18.0115 3836 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:32:18.0146 3836 WinUsb - ok
13:32:18.0162 3836 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:32:18.0177 3836 Wlansvc - ok
13:32:18.0193 3836 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:32:18.0193 3836 WmiAcpi - ok
13:32:18.0209 3836 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:32:18.0224 3836 wmiApSrv - ok
13:32:18.0240 3836 WMPNetworkSvc - ok
13:32:18.0255 3836 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:32:18.0255 3836 WPCSvc - ok
13:32:18.0271 3836 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:32:18.0287 3836 WPDBusEnum - ok
13:32:18.0287 3836 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:32:18.0318 3836 ws2ifsl - ok
13:32:18.0333 3836 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:32:18.0333 3836 wscsvc - ok
13:32:18.0349 3836 WSearch - ok
13:32:18.0396 3836 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:32:18.0443 3836 wuauserv - ok
13:32:18.0458 3836 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:32:18.0474 3836 WudfPf - ok
13:32:18.0489 3836 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:32:18.0505 3836 WUDFRd - ok
13:32:18.0521 3836 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:32:18.0552 3836 wudfsvc - ok
13:32:18.0552 3836 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:32:18.0583 3836 WwanSvc - ok
13:32:18.0583 3836 ================ Scan global ===============================
13:32:18.0614 3836 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:32:18.0630 3836 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:32:18.0645 3836 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:32:18.0661 3836 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:32:18.0692 3836 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:32:18.0692 3836 [Global] - ok
13:32:18.0692 3836 ================ Scan MBR ==================================
13:32:18.0708 3836 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:32:18.0989 3836 \Device\Harddisk0\DR0 - ok
13:32:18.0989 3836 ================ Scan VBR ==================================
13:32:18.0989 3836 [ B952D1E99CC68E4F0BAA95DED41B5411 ] \Device\Harddisk0\DR0\Partition1
13:32:18.0989 3836 \Device\Harddisk0\DR0\Partition1 - ok
13:32:19.0020 3836 [ 71D24B60AAE7E1729A17F9B3FBDB48BD ] \Device\Harddisk0\DR0\Partition2
13:32:19.0020 3836 \Device\Harddisk0\DR0\Partition2 - ok
13:32:19.0035 3836 [ 46D73D22C65899A274FBB7A67317F5A5 ] \Device\Harddisk0\DR0\Partition3
13:32:19.0035 3836 \Device\Harddisk0\DR0\Partition3 - ok
13:32:19.0051 3836 [ DFC9A636AD8D6E07A450D4ED967AD35F ] \Device\Harddisk0\DR0\Partition4
13:32:19.0051 3836 \Device\Harddisk0\DR0\Partition4 - ok
13:32:19.0051 3836 ============================================================
13:32:19.0051 3836 Scan finished
13:32:19.0051 3836 ============================================================
13:32:19.0067 4616 Detected object count: 2
13:32:19.0067 4616 Actual detected object count: 2
13:32:51.0272 4616 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:32:51.0272 4616 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:32:51.0272 4616 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
13:32:51.0272 4616 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
Re: Win32/TrojanDownloader.Mebload.AR
Bohuzel stale ano, posledni threat hlaseny ESETem je 1.9.2012 18:33. viz prilozeny screen
Ten Trojan tam asi stale je..., nejake dalsi doporuceni ?
Ten Trojan tam asi stale je..., nejake dalsi doporuceni ?
- Přílohy
-
- screen.png (102.73 KiB) Zobrazeno 959 x
Naposledy upravil(a) exec09 dne 01 zář 2012 19:01, celkem upraveno 1 x.
Re: Win32/TrojanDownloader.Mebload.AR
jen dodam ze ten trojan podle ESETU je v operacni pameti,
Jinak o prostredi "Reatogo-X-PE" slysim poprve...
mam stale postupovat to vypaleni atd... ?
Jinak o prostredi "Reatogo-X-PE" slysim poprve...
mam stale postupovat to vypaleni atd... ?
Re: Win32/TrojanDownloader.Mebload.AR
Dobry den...Houstne
Tak se mi nepodarilo dostat se do prostredi Reatogo-X-PE, System se chvili snazi bootovat z CD ale jen do okamziku kdyz se objevi logo WinXP, potom uz jen BSoD- STOP: 0x0000007B (0xF78DA528, 0xC0000034, 0x00000000, 0x000000000). Ach..tolik jsem se bal
Zkousel jsem 3x, proste dal me to nepusti...Prilozim log z vypalovani, zda se ze probehlo bez chyb...
Pitome se ptam...vede nekam nejaka jina cesta ?
Dekuji...
W 20:37:22 Operating System has been changed!
I 20:37:22 ImgBurn Version 2.5.1.0 started!
I 20:37:22 Microsoft Windows 7 Ultimate x64 Edition (6.1, Build 7601 : Service Pack 1)
I 20:37:22 Total Physical Memory: 4 099 484 KB - Available: 2 446 220 KB
W 20:37:22 Duplex Secure's SPTD driver can have a detrimental effect on drive performance.
I 20:37:22 Initialising SPTI...
I 20:37:22 Searching for SCSI / ATAPI devices...
I 20:37:22 -> Drive 1 - Info: HL-DT-ST DVDRAM GH22NS90 HN00 (F:) (ATAPI)
I 20:37:22 -> Drive 2 - Info: FAJ H27SDUJGH 3.5Z (H:) (SCSI)
I 20:37:22 Found 1 DVD±RW/RAM and 1 BD-ROM/HD DVD-ROM!
I 20:37:23 Operation Started!
I 20:37:23 Source File: C:\Users\DOTHAN~1\AppData\Local\Temp\7zSB0D9.tmp\OTLPE_New_Std.iso
I 20:37:23 Source File Sectors: 145 470 (MODE1/2048)
I 20:37:23 Source File Size: 297 922 560 bytes
I 20:37:23 Source File Volume Identifier: ReatogoPE
I 20:37:23 Source File Application Identifier: PEBUILDER/MKISOFS
I 20:37:23 Source File File System(s): ISO9660 (Bootable)
I 20:37:23 Destination Device: [0:0:0] HL-DT-ST DVDRAM GH22NS90 HN00 (F:) (ATAPI)
I 20:37:23 Destination Media Type: CD-R (Disc ID: 97m17s06f, Moser Baer India) (Speeds: 16x; 32x; 40x; 48x)
I 20:37:23 Destination Media Sectors: 359 847
I 20:37:23 Write Mode: CD
I 20:37:23 Write Type: SAO
I 20:37:23 Write Speed: MAX
I 20:37:23 Lock Volume: Yes
I 20:37:23 Test Mode: No
I 20:37:23 OPC: No
I 20:37:23 BURN-Proof: Enabled
I 20:37:23 Write Speed Successfully Set! - Effective: 8 467 KB/s (48x)
I 20:37:23 Filling Buffer... (20 MB)
I 20:37:25 Writing LeadIn...
I 20:37:43 Writing Session 1 of 1... (1 Track, LBA: 0 - 145469)
I 20:37:43 Writing Track 1 of 1... (MODE1/2048, LBA: 0 - 145469)
I 20:38:54 Synchronising Cache...
I 20:38:58 Exporting Graph Data...
I 20:38:58 Graph Data File: C:\Users\Do Thanh Tung\AppData\Local\Temp\7zSB0D9.tmp\Graph Data Files\HL-DT-ST_DVDRAM_GH22NS90_HN00_1-ZÁŘÍ-2012_20-37_97m17s06f_MAX.ibg
I 20:38:58 Export Successfully Completed!
I 20:38:58 Operation Successfully Completed! - Duration: 00:01:35
I 20:38:58 Average Write Rate: 4 097 KB/s (27.3x) - Maximum Write Rate: 5 180 KB/s (34.5x)
Tak se mi nepodarilo dostat se do prostredi Reatogo-X-PE, System se chvili snazi bootovat z CD ale jen do okamziku kdyz se objevi logo WinXP, potom uz jen BSoD- STOP: 0x0000007B (0xF78DA528, 0xC0000034, 0x00000000, 0x000000000). Ach..tolik jsem se bal
Zkousel jsem 3x, proste dal me to nepusti...Prilozim log z vypalovani, zda se ze probehlo bez chyb...
Pitome se ptam...vede nekam nejaka jina cesta ?
Dekuji...
W 20:37:22 Operating System has been changed!
I 20:37:22 ImgBurn Version 2.5.1.0 started!
I 20:37:22 Microsoft Windows 7 Ultimate x64 Edition (6.1, Build 7601 : Service Pack 1)
I 20:37:22 Total Physical Memory: 4 099 484 KB - Available: 2 446 220 KB
W 20:37:22 Duplex Secure's SPTD driver can have a detrimental effect on drive performance.
I 20:37:22 Initialising SPTI...
I 20:37:22 Searching for SCSI / ATAPI devices...
I 20:37:22 -> Drive 1 - Info: HL-DT-ST DVDRAM GH22NS90 HN00 (F:) (ATAPI)
I 20:37:22 -> Drive 2 - Info: FAJ H27SDUJGH 3.5Z (H:) (SCSI)
I 20:37:22 Found 1 DVD±RW/RAM and 1 BD-ROM/HD DVD-ROM!
I 20:37:23 Operation Started!
I 20:37:23 Source File: C:\Users\DOTHAN~1\AppData\Local\Temp\7zSB0D9.tmp\OTLPE_New_Std.iso
I 20:37:23 Source File Sectors: 145 470 (MODE1/2048)
I 20:37:23 Source File Size: 297 922 560 bytes
I 20:37:23 Source File Volume Identifier: ReatogoPE
I 20:37:23 Source File Application Identifier: PEBUILDER/MKISOFS
I 20:37:23 Source File File System(s): ISO9660 (Bootable)
I 20:37:23 Destination Device: [0:0:0] HL-DT-ST DVDRAM GH22NS90 HN00 (F:) (ATAPI)
I 20:37:23 Destination Media Type: CD-R (Disc ID: 97m17s06f, Moser Baer India) (Speeds: 16x; 32x; 40x; 48x)
I 20:37:23 Destination Media Sectors: 359 847
I 20:37:23 Write Mode: CD
I 20:37:23 Write Type: SAO
I 20:37:23 Write Speed: MAX
I 20:37:23 Lock Volume: Yes
I 20:37:23 Test Mode: No
I 20:37:23 OPC: No
I 20:37:23 BURN-Proof: Enabled
I 20:37:23 Write Speed Successfully Set! - Effective: 8 467 KB/s (48x)
I 20:37:23 Filling Buffer... (20 MB)
I 20:37:25 Writing LeadIn...
I 20:37:43 Writing Session 1 of 1... (1 Track, LBA: 0 - 145469)
I 20:37:43 Writing Track 1 of 1... (MODE1/2048, LBA: 0 - 145469)
I 20:38:54 Synchronising Cache...
I 20:38:58 Exporting Graph Data...
I 20:38:58 Graph Data File: C:\Users\Do Thanh Tung\AppData\Local\Temp\7zSB0D9.tmp\Graph Data Files\HL-DT-ST_DVDRAM_GH22NS90_HN00_1-ZÁŘÍ-2012_20-37_97m17s06f_MAX.ibg
I 20:38:58 Export Successfully Completed!
I 20:38:58 Operation Successfully Completed! - Duration: 00:01:35
I 20:38:58 Average Write Rate: 4 097 KB/s (27.3x) - Maximum Write Rate: 5 180 KB/s (34.5x)
Re: Win32/TrojanDownloader.Mebload.AR
Dobre dopoledne
po zmene konfigurace Biosu se mi podarilo dostat se do Reatogo
kontrola disku (driveinfo) OK, skutecne se jedna o me HDD WD 750GB
vygenerovani sobouru zalohambr.dat provedeno (uploadnu ti ho co nejdrive)
Spousteni OTLPE: PROBLEM
Zadna vyzva k pripojeni registru, jen okno Browse for Folder
Po vybrani disku (B,C,,D,E...) a zmacknuti OK, vyskocili okno s chybovym hlasenim, bud
Targer is not windows 2000 or later aneb
No windows instalation found..
Kde jsem udelal chybu ?
po zmene konfigurace Biosu se mi podarilo dostat se do Reatogo
kontrola disku (driveinfo) OK, skutecne se jedna o me HDD WD 750GB
vygenerovani sobouru zalohambr.dat provedeno (uploadnu ti ho co nejdrive)
Spousteni OTLPE: PROBLEM
Zadna vyzva k pripojeni registru, jen okno Browse for Folder
Po vybrani disku (B,C,,D,E...) a zmacknuti OK, vyskocili okno s chybovym hlasenim, bud
Targer is not windows 2000 or later aneb
No windows instalation found..
Kde jsem udelal chybu ?
Re: Win32/TrojanDownloader.Mebload.AR
Ach joZasilam ty pozadovane logy v priloze
Extras.Txt
OTL.Txt
zalohambr.dat
- Přílohy
-
- LOGY.rar
- (114.81 KiB) Staženo 24 x
Re: Win32/TrojanDownloader.Mebload.AR
Zdravim...
Otlpe mam jedine na plochu v tom Reatogo-X-PE , takze mam nejdrive ho spustit , pak vybrat slozku window atd. jako v predchozim kroku ?
mbrscan.exe mam jiz stazeny ale nevim kde je slozka "Ziskej",
A v normalnim Windows zadny OTLPE instalovan neni, jen soubor OTLPEStd.exe a ten je urcen k vypaleni BOOT CD
Mam urcitou jazykovou barieru, protoze, jak jiste poznas, nejsem rodily Cech.
Predem dekuji za trpelivost
Jsem trochu zmateny, tohle vsechno se dela v tom prostredi Reatogo-X-PE?V otlpe, přesuň mbrscan do složky získej.
přemístní Mbrscan.exe do složky s jménem "ziskej"
Otlpe mam jedine na plochu v tom Reatogo-X-PE , takze mam nejdrive ho spustit , pak vybrat slozku window atd. jako v predchozim kroku ?
mbrscan.exe mam jiz stazeny ale nevim kde je slozka "Ziskej",
A v normalnim Windows zadny OTLPE instalovan neni, jen soubor OTLPEStd.exe a ten je urcen k vypaleni BOOT CD
Mam urcitou jazykovou barieru, protoze, jak jiste poznas, nejsem rodily Cech.
Asi mi zbyvaji jeste 2xPostup si důkladně a raději se 3x zeptejte, než abyste udělali chybný krok - havěť a její odstraňování netolerují chyby !!!
Predem dekuji za trpelivost
Re: Win32/TrojanDownloader.Mebload.AR
Zasilam ty pozadovane dump_files
- Přílohy
-
- DUMPy.rar
- (131.76 KiB) Staženo 20 x
Re: Win32/TrojanDownloader.Mebload.AR
Diky za rychlou odezvu
Mam dodatecne jeden dotaz, od zacatku jsme nasadili ruzne tooly MBAM, MBRScan, RogueKiller. TDsskiller, MbrFix..., Nevim jestli dochazelo k nakemu cisteni nebo zatim jsme jen dianostikovali skenovanim. Ptam se protoze jsem od rana zkousel prohlizet weby pres FireFox ten zatim nepada a ESET jiz nehlasi zadny nalez (pri tom po aplikaci scanu v rade pripadu jsme neprovedli zadnou akci, jen skip)
Provedu to "hrani" s ComboFix a dam vedet. Dekuji
Mam dodatecne jeden dotaz, od zacatku jsme nasadili ruzne tooly MBAM, MBRScan, RogueKiller. TDsskiller, MbrFix..., Nevim jestli dochazelo k nakemu cisteni nebo zatim jsme jen dianostikovali skenovanim. Ptam se protoze jsem od rana zkousel prohlizet weby pres FireFox ten zatim nepada a ESET jiz nehlasi zadny nalez (pri tom po aplikaci scanu v rade pripadu jsme neprovedli zadnou akci, jen skip)
Provedu to "hrani" s ComboFix a dam vedet. Dekuji
Re: Win32/TrojanDownloader.Mebload.AR
Prilozim log z ComboFix
Mam ale problem, ztratilo se pripojeni k internetu
Pri reseni potizi windows pise
Systemu Windows se nepodarilo automaticky zjistit nastaveni proxy serveru site...
ComboFix 12-09-01.01 - Do Thanh Tung 02.09.2012 19:29:21.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4003.2469 [GMT 2:00]
Spuštěný z: c:\users\Do Thanh Tung\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\windows
c:\programdata\windows\ccdxmmde.dat
c:\programdata\windows\drss.dat
c:\programdata\windows\msseedir.dll
c:\programdata\Windows\xessmsxe.dat
c:\users\Do Thanh Tung\AppData\Roaming\FFSJ
c:\users\Do Thanh Tung\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\Do Thanh Tung\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-02 do 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 22:09 . 2012-09-02 22:22 -------- d-----w- C:\ZISKEJ
2012-09-01 17:21 . 2012-09-01 17:21 -------- d-----w- c:\users\Do Thanh Tung\AppData\Roaming\IrfanView
2012-09-01 17:21 . 2012-09-01 17:21 -------- d-----w- c:\program files (x86)\IrfanView
2012-09-01 10:05 . 2012-09-01 10:05 -------- d-----w- c:\programdata\Malwarebytes
2012-09-01 08:58 . 2012-09-01 08:58 -------- d-----w- C:\rsit
2012-09-01 08:58 . 2012-09-01 08:58 -------- d-----w- c:\program files\trend micro
2012-08-31 17:01 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AF7D0E7-3C99-4462-86FD-2A3DFE9EA9E1}\mpengine.dll
2012-08-30 23:09 . 2012-08-30 23:09 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-15 03:37 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 03:37 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 03:37 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 03:37 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 03:37 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 03:37 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 03:28 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 03:28 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 03:28 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 03:28 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 03:28 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 03:25 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-08 15:44 . 2012-08-08 15:44 -------- d-----w- c:\users\Khanh\AppData\Local\Macromedia
2012-08-05 08:28 . 2012-08-05 08:28 -------- d-----w- c:\program files (x86)\Gabest
2012-08-04 22:50 . 2012-08-04 22:50 -------- d-----w- c:\users\Do Thanh Tung\AppData\Roaming\GetRightToGo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 07:13 . 2012-03-10 11:47 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-14 19:40 . 2012-04-29 18:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 19:40 . 2012-03-02 21:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 20:06 . 2012-07-17 18:44 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2012-03-03 23:13 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-09 05:43 . 2012-07-12 17:42 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-12 17:42 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-12 17:42 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-12 17:42 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-12 17:42 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-12 17:42 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-12 17:42 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-30 114144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-03 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-03-03 828912]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 149640]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 19:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-06 166936]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-06 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-06 416792]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\Do Thanh Tung\AppData\Roaming\Mozilla\Firefox\Profiles\ejlq5bxa.default\
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1581985111-1869438471-3331172567-1000_Classes\Wow6432Node\CLSID\{52640c6b-0656-4273-9a85-28feacee27df}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ba
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1581985111-1869438471-3331172567-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):62,a3,35,c2,c6,fe,d9,57,1a,67,7c,11,de,2c,00,6c,f4,1a,60,66,9c,
20,5e,72,b1,f2,ce,e9,02,e2,b2,24,16,23,f7,fb,e1,7a,8c,f2,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Celkový čas: 2012-09-02 19:34:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-02 17:34
.
Před spuštěním: Volných bajtů: 71 695 986 688
Po spuštění: Volných bajtů: 71 829 176 320
.
- - End Of File - - B5BD64F780E4BB0DA16BD38547CC7801
Mam ale problem, ztratilo se pripojeni k internetu
Pri reseni potizi windows pise
Systemu Windows se nepodarilo automaticky zjistit nastaveni proxy serveru site...
ComboFix 12-09-01.01 - Do Thanh Tung 02.09.2012 19:29:21.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4003.2469 [GMT 2:00]
Spuštěný z: c:\users\Do Thanh Tung\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\windows
c:\programdata\windows\ccdxmmde.dat
c:\programdata\windows\drss.dat
c:\programdata\windows\msseedir.dll
c:\programdata\Windows\xessmsxe.dat
c:\users\Do Thanh Tung\AppData\Roaming\FFSJ
c:\users\Do Thanh Tung\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\Do Thanh Tung\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-02 do 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 22:09 . 2012-09-02 22:22 -------- d-----w- C:\ZISKEJ
2012-09-01 17:21 . 2012-09-01 17:21 -------- d-----w- c:\users\Do Thanh Tung\AppData\Roaming\IrfanView
2012-09-01 17:21 . 2012-09-01 17:21 -------- d-----w- c:\program files (x86)\IrfanView
2012-09-01 10:05 . 2012-09-01 10:05 -------- d-----w- c:\programdata\Malwarebytes
2012-09-01 08:58 . 2012-09-01 08:58 -------- d-----w- C:\rsit
2012-09-01 08:58 . 2012-09-01 08:58 -------- d-----w- c:\program files\trend micro
2012-08-31 17:01 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AF7D0E7-3C99-4462-86FD-2A3DFE9EA9E1}\mpengine.dll
2012-08-30 23:09 . 2012-08-30 23:09 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-15 03:37 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 03:37 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 03:37 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 03:37 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 03:37 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 03:37 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 03:28 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 03:28 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 03:28 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 03:28 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 03:28 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 03:25 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-08 15:44 . 2012-08-08 15:44 -------- d-----w- c:\users\Khanh\AppData\Local\Macromedia
2012-08-05 08:28 . 2012-08-05 08:28 -------- d-----w- c:\program files (x86)\Gabest
2012-08-04 22:50 . 2012-08-04 22:50 -------- d-----w- c:\users\Do Thanh Tung\AppData\Roaming\GetRightToGo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 07:13 . 2012-03-10 11:47 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-14 19:40 . 2012-04-29 18:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 19:40 . 2012-03-02 21:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 20:06 . 2012-07-17 18:44 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2012-03-03 23:13 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-09 05:43 . 2012-07-12 17:42 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-12 17:42 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-12 17:42 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-12 17:42 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-12 17:42 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-12 17:42 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-12 17:42 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-30 114144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-03 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-03-03 828912]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 149640]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 19:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-06 166936]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-06 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-06 416792]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\Do Thanh Tung\AppData\Roaming\Mozilla\Firefox\Profiles\ejlq5bxa.default\
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1581985111-1869438471-3331172567-1000_Classes\Wow6432Node\CLSID\{52640c6b-0656-4273-9a85-28feacee27df}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ba
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1581985111-1869438471-3331172567-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):62,a3,35,c2,c6,fe,d9,57,1a,67,7c,11,de,2c,00,6c,f4,1a,60,66,9c,
20,5e,72,b1,f2,ce,e9,02,e2,b2,24,16,23,f7,fb,e1,7a,8c,f2,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Celkový čas: 2012-09-02 19:34:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-02 17:34
.
Před spuštěním: Volných bajtů: 71 695 986 688
Po spuštění: Volných bajtů: 71 829 176 320
.
- - End Of File - - B5BD64F780E4BB0DA16BD38547CC7801
Re: Win32/TrojanDownloader.Mebload.AR
soubor lokalizovan v c:\quoobox\Quarantine\Registry_backups\tcpip.reg
hodnoty reg pridany, po restartu stale BEZ PRIPOJENI
Prosim o radu, dekuji
hodnoty reg pridany, po restartu stale BEZ PRIPOJENI
Prosim o radu, dekuji
Přispějete na provoz fóra?