VIRY.CZ

Dobrý den, prosím pěkně o kontrolu logu.
AVG antivir mi vyhledal rootkiky, který neumí odstranit. Jinak žádné problémy nejsou až na zpomalený start PC.
Děkuji

GMER 2.1.19163 - http://www.gmer.net
Rootkit quick scan 2013-06-23 18:06:12
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD600BB-00CAA1 rev.17.07W17 55,90GB
Running: gmer.exe; Driver: C:\DOCUME~1\sedlacek\LOCALS~1\Temp\pxtdapow.sys


---- Devices - GMER 2.1 ----

Device \Driver\atapi \Device\Ide\IdePort0 [F73AFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F73AFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F73AFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F73AFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F73AFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F73AFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\a8zhrd5b \Device\Scsi\a8zhrd5b1 86AEC1F8
Device \Driver\a8zhrd5b \Device\Scsi\a8zhrd5b1Port2Path0Target1Lun0 86AEC1F8
Device \Driver\a8zhrd5b \Device\Scsi\a8zhrd5b1Port2Path0Target0Lun0 86AEC1F8
Device \FileSystem\Ntfs \Ntfs 86FD71F8
Device \FileSystem\Fastfat \Fat 86B511F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys

---- EOF - GMER 2.1 ----


GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-23 21:02:14
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD600BB-00CAA1 rev.17.07W17 55,90GB
Running: gmer.exe; Driver: C:\DOCUME~1\sedlacek\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 2.1 ----

SSDT Lbd.sys ZwCreateKey [0xF75DE87E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xF784F5D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xF784F700]
SSDT spxu.sys ZwOpenKey [0xF745B0C0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xF784F010]
SSDT spxu.sys ZwQueryKey [0xF747420A]
SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xF766F1D6]
SSDT Lbd.sys ZwSetValueKey [0xF75DEBFE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xF784F300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xF784F3E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xF784F120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xF784F210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xF784F4D0]

INT 0x39 ? 86BB7F00
INT 0x39 ? 86FDBBF8
INT 0x3B ? 86BB7F00
INT 0x3B ? 86BB7F00
INT 0x3B ? 86BB7F00
INT 0x3E ? 86FD8BF8
INT 0x3F ? 86FD8BF8

---- Kernel code sections - GMER 2.1 ----

? spxu.sys Systém nemůže nalézt uvedený soubor. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF653F000, 0x2C3BC6, 0xE8000020]

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs 86FD71F8
Device \FileSystem\Fastfat \FatCdrom 86B511F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{99045E80-A4BE-4EFE-9FF3-5D425F602DE1} 86C8C500

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys

Device \Driver\usbohci \Device\USBPDO-0 86B451F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F6A1F8
Device \Driver\dmio \Device\DmControl\DmConfig 86F6A1F8
Device \Driver\dmio \Device\DmControl\DmPnP 86F6A1F8
Device \Driver\dmio \Device\DmControl\DmInfo 86F6A1F8
Device \Driver\usbohci \Device\USBPDO-1 86B451F8
Device \Driver\usbehci \Device\USBPDO-2 86B2E1F8
Device \Driver\usbuhci \Device\USBPDO-3 86B061F8
Device \Driver\usbuhci \Device\USBPDO-4 86B061F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD91F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD91F8
Device \Driver\Cdrom \Device\CdRom0 86D5D1F8
Device \Driver\atapi \Device\Ide\IdePort0 [F73AFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F73AFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F73AFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F73AFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F73AFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F73AFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 86D5D1F8
Device \Driver\Cdrom \Device\CdRom2 86D5D1F8
Device \Driver\Cdrom \Device\CdRom3 86D5D1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86C8C500
Device \Driver\sptd \Device\4172899952 spxu.sys
Device \Driver\NetBT \Device\NetbiosSmb 86C8C500
Device \Driver\PCI_PNP8368 \Device\0000005c spxu.sys

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys

Device \Driver\usbohci \Device\USBFDO-0 86B451F8
Device \Driver\usbohci \Device\USBFDO-1 86B451F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8668E500
Device \Driver\usbehci \Device\USBFDO-2 86B2E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8668E500
Device \Driver\usbuhci \Device\USBFDO-3 86B061F8
Device \Driver\usbuhci \Device\USBFDO-4 86B061F8
Device \Driver\Ftdisk \Device\FtControl 86FD91F8
Device \Driver\a8zhrd5b \Device\Scsi\a8zhrd5b1 86AEC1F8
Device \Driver\a8zhrd5b \Device\Scsi\a8zhrd5b1Port2Path0Target1Lun0 86AEC1F8
Device \Driver\a8zhrd5b \Device\Scsi\a8zhrd5b1Port2Path0Target0Lun0 86AEC1F8
Device \FileSystem\Fastfat \Fat 86B511F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys

Device \FileSystem\Cdfs \Cdfs 86B62500

---- Trace I/O - GMER 2.1 ----

Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spxu.sys >>UNKNOWN [0x86f8a938]<< 86f8a938
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ea3ab8] 86ea3ab8
Trace 3 CLASSPNP.SYS[f75cefd7] -> nt!IofCallDriver -> \Device\00000074[0x86fcc338] 86fcc338
Trace 5 ACPI.sys[f741a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86f41d98] 86f41d98

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x78 0xEB 0x6F 0x79 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE3 0x19 0xC5 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF0 0x63 0x63 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xE5 0x64 0x0B 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x02 0xB7 0xEC 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x02 0xB7 0xEC 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x78 0xEB 0x6F 0x79 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE3 0x19 0xC5 0xF7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF0 0x63 0x63 0x94 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xE5 0x64 0x0B 0x13 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x02 0xB7 0xEC 0x50 ...

---- EOF - GMER 2.1 ----


Process:

System Idle Process
System
C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Documents and Settings\sedlacek\Plocha\IceSword122en\IceSword.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2013\avgfws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\alg.exe


Kernel Module:

\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
spxu.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
isapnp.sys
intelide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
Lbd.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
agp440.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\RTL8139.SYS
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\drivers\wfeaglxt.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\system32\drivers\emu10k1m.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\sfmanm.sys
\SystemRoot\system32\drivers\ctlfacem.sys
\SystemRoot\system32\DRIVERS\ctljystk.sys
\SystemRoot\system32\DRIVERS\gameenum.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\System32\Drivers\a8zhrd5b.SYS
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\avgfwdx.sys
\SystemRoot\system32\DRIVERS\safetica.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\DOCUME~1\sedlacek\LOCALS~1\Temp\pxtdapow.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\??\C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS
\SystemRoot\system32\drivers\kmixer.sys
\WINDOWS\system32\ntdll.dll
\Program Files\DAEMON Tools Lite\Engine.dll
C:\WINDOWS\System32\Drivers\sptd.sys


06/23/13 21:27:21 [Info]: BlackLight Engine 2.2.1092 initialized
06/23/13 21:27:21 [Info]: OS: 5.1 build 2600 (Service Pack 3)
06/23/13 21:27:21 [Note]: 7019 4
06/23/13 21:27:21 [Note]: 7005 0
06/23/13 21:27:25 [Note]: 7006 0
06/23/13 21:27:25 [Note]: 7011 500
06/23/13 21:27:25 [Note]: 7035 0
06/23/13 21:27:25 [Note]: 7026 0
06/23/13 21:27:25 [Note]: 7026 0
06/23/13 21:27:28 [Note]: FSRAW library version 1.7.1024
06/23/13 21:34:10 [Note]: 2000 1012
06/23/13 21:34:10 [Note]: 2000 1012
06/23/13 21:34:10 [Note]: 2000 1012
06/23/13 21:34:10 [Note]: 2000 1012
06/23/13 21:34:10 [Note]: 2000 1012
06/23/13 21:34:10 [Note]: 2000 1012
06/23/13 21:37:31 [Note]: 7007 0


RootkikReval

HKU\S-1-5-21-1960408961-1580818891-1060284298-1003\Software\Adobe\MediaBrowser\MRU\illustrator\ApplicationPath 10.6.2012 20:01 91 bytes Data mismatch between Windows API and raw hive data.
HKLM\SECURITY\Policy\Secrets\SAC* 3.12.2008 21:14 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 3.12.2008 21:14 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 16.10.2012 16:26 0 bytes Access is denied.
C:\Documents and Settings\All Users\Data aplikací\AVG2013\log\avgfw8db.log 24.6.2013 18:23 252 bytes Hidden from Windows API.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\075884af680ff6dc__exp__1372090868 23.6.2013 18:21 1.26 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\075884af680ff6dc__exp__1372177398 24.6.2013 18:23 1.26 KB Hidden from Windows API.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\49fbbc5a8678d502__exp__1372090868 23.6.2013 18:21 661 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\49fbbc5a8678d502__exp__1372177398 24.6.2013 18:23 661 bytes Hidden from Windows API.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\56c7c753f2f71f3e__exp__1372090867 23.6.2013 18:21 11.14 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\56c7c753f2f71f3e__exp__1372177397 24.6.2013 18:23 11.14 KB Hidden from Windows API.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\5c54eb1a1655b076__exp__1372090868 23.6.2013 18:21 1.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\5c54eb1a1655b076__exp__1372177398 24.6.2013 18:23 1.61 KB Hidden from Windows API.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\613e8ce7ab7106af__exp__1372090868 23.6.2013 18:21 1.05 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\613e8ce7ab7106af__exp__1372177398 24.6.2013 18:23 1.05 KB Hidden from Windows API.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\691f14230153a9e1__exp__1372090869 23.6.2013 18:21 668 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\691f14230153a9e1__exp__1372177399 24.6.2013 18:23 668 bytes Hidden from Windows API.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\7614bd6cfa99e546__exp__1372090869 23.6.2013 18:21 663 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\7614bd6cfa99e546__exp__1372177398 24.6.2013 18:23 663 bytes Hidden from Windows API.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\881b3593316772f0__exp__1372090868 23.6.2013 18:21 586 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\881b3593316772f0__exp__1372177398 24.6.2013 18:23 586 bytes Hidden from Windows API.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\c4e10d1be905349b__exp__1372090868 23.6.2013 18:21 627 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\c4e10d1be905349b__exp__1372177398 24.6.2013 18:23 627 bytes Hidden from Windows API.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\c8a51ba84752784f__exp__1372090868 23.6.2013 18:21 5.92 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\c8a51ba84752784f__exp__1372177398 24.6.2013 18:23 5.92 KB Hidden from Windows API.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\f2cda51fd108941f__exp__1372090868 23.6.2013 18:21 366 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\sedlacek\Data aplikací\AVG SafeGuard toolbar\cache\f2cda51fd108941f__exp__1372177398 24.6.2013 18:23 366 bytes Hidden from Windows API.
C:\System Volume Information\_restore{FD147038-28E7-4033-A3B2-20EA6BEC61C4}\RP886\A0166633.cfg 23.6.2013 21:13 182.50 KB Hidden from Windows API.
C:\System Volume Information\_restore{FD147038-28E7-4033-A3B2-20EA6BEC61C4}\RP886\A0166634.ini 23.6.2013 17:21 306 bytes Hidden from Windows API.
C:\WINDOWS\Temp\avg-02e41f20-d96c-400e-b0f1-8211637fbc77.tmp 24.6.2013 17:24 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Temp\avg-5b11bd5b-7188-4c48-b6a4-db2cce95c72b.tmp 24.6.2013 18:23 0 bytes Hidden from Windows API.
C:\WINDOWS\Temp\avg-9b45e263-c229-4e6f-bd0c-dd4f53b1207d.tmp 24.6.2013 18:23 0 bytes Hidden from Windows API.

Zdravím!
Jaké konkrétní rootkity našel AVG?

Našel to přes AntiRootkik test.

"";"i8042prt.sys, přesměrovaný import HAL.dll READ_PORT_UCHAR -> spjr.sys +0x11B90, C:\WINDOWS\system32\drivers\spjr.sys";"Infikováno"
"";"atapi.sys, přesměrovaný import HAL.dll READ_PORT_UCHAR -> spjr.sys +0x2042, C:\WINDOWS\system32\drivers\spjr.sys";"Infikováno"
"";"atapi.sys, přesměrovaný import HAL.dll READ_PORT_BUFFER_USHORT -> spjr.sys +0x213E, C:\WINDOWS\system32\drivers\spjr.sys";"Infikováno"
"";"atapi.sys, přesměrovaný import HAL.dll READ_PORT_USHORT -> spjr.sys +0x20C0, C:\WINDOWS\system32\drivers\spjr.sys";"Infikováno"
"";"atapi.sys, přesměrovaný import HAL.dll WRITE_PORT_BUFFER_USHORT -> spjr.sys +0x2800, C:\WINDOWS\system32\drivers\spjr.sys";"Infikováno"
"";"atapi.sys, přesměrovaný import HAL.dll WRITE_PORT_UCHAR -> spjr.sys +0x26D6, C:\WINDOWS\system32\drivers\spjr.sys";"Infikováno"
"";"pci.sys, přesměrovaný import ntoskrnl.exe IoDetachDevice -> spjr.sys +0x2CDDC, C:\WINDOWS\system32\drivers\spjr.sys";"Infikováno"
"";"pci.sys, přesměrovaný import ntoskrnl.exe IoAttachDeviceToDeviceStack -> spjr.sys +0x2CE30, C:\WINDOWS\system32\drivers\spjr.sys";"Infikováno"

OK. Spusťte tuto utilitu:

Stáhněte Malwarebytes Anti-Rootkit http://www.malwarebytes.org/products/mbar/

Uložte nejlépe na Plochu a rozbalte
Spusťte kliknutím na mbar
Nyní postupně klikněte na Next a Update
Po dokončení update (aktualizace) databáze klikněte opět na Next
Nechte zaškrtnute všechny tři možnosti a kliněte na Scan čímž spustíte prohledavani PC
Po dokončeni skenu (cca 5 minutek) zkontrolujte, zda-li je u všech nalezů (samozrejme pokud budou) zatržítko
Tež zkontrolujte, jestli je zatržitko u Create Restore point
Nyní klikněte na CleanUp čímž nalezenou infekci odstraníme
PC bude restartován
Složka mbar by měla obsahovat log (a zřejmě se i sám otevře) mbar-log-rok-měsíc-den (hodina-minuta-sekunda).txt, ten mi sem dejte.

Výsledek testu Malware nenalezen.

OK. Nemáte nainstalovánu virtuálku, nebo nějaký CD emulátor?

Myslím, že nemám, ale raději přikládám seznam nainstalovaných programů:

Program Velikost Verze Typ Nainstalován Společnost
7-Zip 4.65 3.13 MB 32-bit 27.02.2010
A4 TECH USB2.0 PC Camera J 49.60 MB 2008.01.07 32-bit 24.11.2009 Vimicro Corporation
ABBYY FineReader 11 713.14 MB 11.0.289 32-bit 16.06.2013 ABBYY
ABBYY FineReader 9.0 Sprint 173.50 MB 9.01.513.58212 32-bit 09.12.2011 ABBYY
Adobe Creative Suite 2 2177.80 MB 32-bit 30.06.2009
Adobe Flash Player 11 ActiveX 6.00 MB 11.7.700.224 32-bit 14.06.2013 Adobe Systems Incorporated
Adobe Flash Player 11 Plugin 6.00 MB 11.7.700.224 32-bit 15.06.2013 Adobe Systems Incorporated
Adobe Reader 8 - Czech 194.60 MB 8.1.2 32-bit 16.06.2013 Adobe Systems Incorporated
Adobe SVG Viewer 3.0 4.31 MB 3 32-bit 30.06.2009 Adobe Systems, Inc.
Airytec Switch Off 0.20 MB 3,4 32-bit 23.04.2011 Airytec
AMD Catalyst Install Manager 20.24 MB 3.0.859.0 32-bit 28.10.2012 Advanced Micro Devices, Inc.
AVG 2013 2013.0.3345 32-bit 22.06.2013 AVG Technologies CZ, s.r.o.
CCleaner 5.46 MB 4 32-bit 13.06.2013 Piriform
Diagram Designer 1.44 MB 32-bit 18.04.2013
DivX Web Player 2.83 MB 1.5.0 32-bit 04.03.2011 DivX,Inc.
EVEREST Home Edition v2.20 6.58 MB 2,2 32-bit 17.11.2012 Lavalys Inc
Flash Player Pro V4.6 11.59 MB 32-bit 22.12.2011 FlashPlayerPro.com
Google Chrome 364.74 MB 27.0.1453.116 32-bit 21.06.2013 Google Inc.
HP Customer Participation Program 13.0 199.66 MB 13 32-bit 21.02.2010 HP
HP Imaging Device Functions 13.0 3.36 MB 13 32-bit 21.02.2010 HP
HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6 39.66 MB 13 32-bit 21.02.2010 HP
HP Print Projects 1.0 3.29 MB 1 32-bit 21.02.2010 HP
HP Smart Web Printing 4.5 26.39 MB 4,5 32-bit 21.02.2010 HP
HP Solution Center 13.0 3.46 MB 13 32-bit 21.02.2010 HP
HP Update 3.76 MB 4.000.011.006 32-bit 21.02.2010 Hewlett-Packard
LEDA SD - Programové vybavení 87.13 MB 3,3 32-bit 01.07.2009 LEDA spol. s r. o.
LEDA SD - Technický slovník naučný 161.84 MB 1 32-bit 01.07.2009 LEDA spol. s r. o.
Media Player Codec Pack 4.2.1 4.2.1 32-bit 27.10.2012 Media Player Codec Pack
MediaCoder 0.7.2.4526 37.43 MB 0.7.2.4526 32-bit 27.10.2012 Broad Intelligence
Microsoft .NET Framework 2.0 Client Profile Basic Version 1.0.0.13 1.0.0.13 32-bit 16.06.2013 Wondershare, Inc.
Microsoft .NET Framework 2.0 Service Pack 2 185.16 MB 2.2.30729 32-bit 17.06.2013 Microsoft Corporation
Microsoft .NET Framework 3.0 Service Pack 2 253.59 MB 3.2.30729 32-bit 16.06.2013 Microsoft Corporation
Microsoft .NET Framework 3.5 SP1 28.07 MB 32-bit 14.08.2009 Microsoft Corporation
Microsoft .NET Framework 4 Client Profile 38.80 MB 4.0.30319 32-bit 26.05.2012 Microsoft Corporation
Microsoft .NET Framework 4 Client Profile CSY Language Pack 2.94 MB 4.0.30319 32-bit 26.05.2012 Microsoft Corporation
Microsoft .NET Framework 4 Extended 51.99 MB 4.0.30319 32-bit 26.05.2012 Microsoft Corporation
Microsoft .NET Framework 4 Extended CSY Language Pack 10.69 MB 4.0.30319 32-bit 26.05.2012 Microsoft Corporation
Microsoft Office 2003 Web Components 61.20 MB 12.0.6213.1000 32-bit 19.08.2012 Microsoft Corporation
Microsoft Office Enterprise 2007 342.01 MB 12.0.6612.1000 32-bit 28.03.2012 Microsoft Corporation
Microsoft Office File Validation Add-In 11.21 MB 14.0.5130.5003 32-bit 16.06.2013 Microsoft Corporation
Microsoft Silverlight 158.41 MB 5.1.20125.0 32-bit 16.06.2013 Microsoft Corporation
Microsoft Visual C++ 2005 Redistributable 5.28 MB 8.0.61001 32-bit 16.06.2013 Microsoft Corporation
Microsoft Visual C++ 2005 Redistributable 4.61 MB 8.0.56336 32-bit 16.06.2013 Microsoft Corporation
Microsoft Visual C++ 2005 Redistributable 4.64 MB 8.0.59193 32-bit 16.06.2013 Microsoft Corporation
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 0.15 MB 9.0.30729.4148 32-bit 25.06.2010 Microsoft Corporation
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 10.28 MB 9.0.30729 32-bit 16.06.2013 Microsoft Corporation
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 10.20 MB 9.0.30729.6161 32-bit 16.06.2013 Microsoft Corporation
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 14.97 MB 10.0.40219 32-bit 22.12.2012 Microsoft Corporation
Microsoft Visual Studio 2005 Tools for Applications - ENU 0.02 MB 32-bit 24.06.2010 Microsoft Corporation
Microsoft WinUsb 2.0 32-bit 16.06.2013 Microsoft Corporation
MSXML 4.0 SP2 (KB954430) 2.67 MB 4.20.9870.0 32-bit 16.06.2013 Microsoft Corporation
MSXML 4.0 SP2 (KB973688) 2.77 MB 4.20.9876.0 32-bit 16.06.2013 Microsoft Corporation
MSXML 6 Service Pack 2 (KB954459) 1.34 MB 6.20.1099.0 32-bit 16.06.2013 Microsoft Corporation
Nástroj pro odesílání služby Windows Live 0.22 MB 14.0.8014.1029 32-bit 21.03.2010 Microsoft Corporation
Nero 7 Premium 363.33 MB 7.00.6627 32-bit 25.12.2010 Nero AG
OneTouch Version 3.0 5.21 MB Version 3.0 32-bit 18.09.2010 Visioneer Inc.
PaperPort 7.02 56.93 MB 32-bit 15.08.2011
PDFCreator 24.73 MB 1.7.0 32-bit 07.06.2013 pdfforge
REALTEK Wireless LAN Driver and Utility 5.21 MB 1.00.0150 32-bit 16.06.2013 REALTEK Semiconductor Corp.
Revo Uninstaller Pro 3.0.5 29.96 MB 3.0.5 32-bit 07.06.2013 VS Revo Group, Ltd.
SIW version 2011.10.29 5.84 MB 2011.10.29 32-bit 14.10.2012 Topala Software Solutions
Skype™ 5.10 19.45 MB 5.10.116 32-bit 13.09.2012 Skype Technologies S.A.
SolidWorks 2010 SP0 3518.18 MB 18.0.0.5035 32-bit 24.06.2010 SolidWorks Corporation
Sony PC Companion 2.10.136 18.32 MB 2.10.136 32-bit 16.06.2013 Sony
Sony USB Driver 1.41 MB 32-bit 21.01.2012
Total Commander (Remove or Repair) 7.19 MB 7.50 PB5 (Public Beta 5) 32-bit 03.07.2009 C. Ghisler & Co.
Učitel psaní 0.48 MB 32-bit 02.02.2011
USB Driver for Panasonic DVC 1.10 MB 1.00.0000 32-bit 16.06.2013 Panasonic
VLC media player 1.0.5 76.61 MB 1.0.5 32-bit 05.04.2010 VideoLAN Team
Windows Internet Explorer 8 5.72 MB 20090308,14 32-bit 07.05.2011 Microsoft Corporation
Windows Live Essentials 35.52 MB 14.0.8064.0206 32-bit 21.03.2010 Microsoft Corporation
Windows Media Format 11 runtime 7.69 MB 32-bit 05.04.2010
Windows Media Player 11 7.69 MB 32-bit 05.04.2010
WinFast Multimedia Driver Installation 2.15 MB 32-bit 16.06.2013 Multimedia
WinFast PVR 31.09 MB 1 32-bit 16.06.2013 Leadtek
WinRAR 4.08 MB 32-bit 20.06.2010
Wondershare MobileGo for Android ( Version 3.2.0 ) 44.66 MB 3.2.0 32-bit 16.06.2013 Wondershare
yBook 3.40 MB 32-bit 03.04.2010 Spacejock Software
Zoner Photo Studio 11 125.56 MB 32-bit 26.09.2009 ZONER software

Začínám mít dojem, že se honíme za chimérou. V kterém souboru (resp. jaký) rootkit AVG nalezl?

"";"i8042prt.sys, přesměrovaný import HAL.dll READ_PORT_UCHAR -> spjr.sys +0x11B90,

OK. Spusťte TDSSKiller: http://www.stahuj.centrum.cz/utility_a_ ... dsskiller/ . Nechte pracovat a po skončení akce sem dejte log.

AVG přesně píše potenciálně možný problém střední úrovně ve skratce.
Jinak moc díky za zájem..
1 nález:

21:26:37.0579 1744 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
21:26:39.0191 1744 ============================================================
21:26:39.0191 1744 Current date / time: 2013/06/27 21:26:39.0191
21:26:39.0191 1744 SystemInfo:
21:26:39.0191 1744
21:26:39.0191 1744 OS Version: 5.1.2600 ServicePack: 3.0
21:26:39.0191 1744 Product type: Workstation
21:26:39.0191 1744 ComputerName: PC
21:26:39.0201 1744 UserName: sedlacek
21:26:39.0201 1744 Windows directory: C:\WINDOWS
21:26:39.0201 1744 System windows directory: C:\WINDOWS
21:26:39.0201 1744 Processor architecture: Intel x86
21:26:39.0201 1744 Number of processors: 1
21:26:39.0201 1744 Page size: 0x1000
21:26:39.0201 1744 Boot type: Normal boot
21:26:39.0201 1744 ============================================================
21:26:41.0815 1744 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:26:41.0825 1744 Drive \Device\Harddisk1\DR1 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:26:41.0835 1744 ============================================================
21:26:41.0835 1744 \Device\Harddisk0\DR0:
21:26:41.0835 1744 MBR partitions:
21:26:41.0835 1744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
21:26:41.0835 1744 \Device\Harddisk1\DR1:
21:26:41.0835 1744 MBR partitions:
21:26:41.0835 1744 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C8ED06
21:26:41.0835 1744 ============================================================
21:26:41.0855 1744 D: <-> \Device\Harddisk1\DR1\Partition1
21:26:41.0885 1744 C: <-> \Device\Harddisk0\DR0\Partition1
21:26:41.0885 1744 ============================================================
21:26:41.0885 1744 Initialize success
21:26:41.0885 1744 ============================================================
21:26:46.0331 2712 ============================================================
21:26:46.0331 2712 Scan started
21:26:46.0331 2712 Mode: Manual;
21:26:46.0331 2712 ============================================================
21:26:49.0085 2712 ================ Scan system memory ========================
21:26:49.0095 2712 System memory - ok
21:26:49.0095 2712 ================ Scan services =============================
21:26:49.0286 2712 [ 656F06850D02BAED19F0E2E72B047CE2 ] ABBYY.Licensing.FineReader.Professional.11.0 C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe
21:26:49.0316 2712 ABBYY.Licensing.FineReader.Professional.11.0 - ok
21:26:49.0416 2712 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
21:26:49.0446 2712 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
21:26:49.0566 2712 Abiosdsk - ok
21:26:49.0756 2712 abp480n5 - ok
21:26:49.0816 2712 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:26:49.0816 2712 ACPI - ok
21:26:49.0866 2712 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:26:49.0886 2712 ACPIEC - ok
21:26:49.0947 2712 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:26:50.0638 2712 Adobe LM Service - ok
21:26:50.0758 2712 [ 41D15EAD554396BF35B7C5246AD47A28 ] Adobe Version Cue CS2 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
21:26:51.0389 2712 Adobe Version Cue CS2 - ok
21:26:51.0479 2712 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:26:51.0489 2712 AdobeFlashPlayerUpdateSvc - ok
21:26:51.0499 2712 adpu160m - ok
21:26:51.0539 2712 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:26:51.0549 2712 aec - ok
21:26:51.0589 2712 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:26:51.0589 2712 AegisP - ok
21:26:51.0649 2712 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
21:26:51.0689 2712 Afc - ok
21:26:51.0739 2712 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:26:51.0739 2712 AFD - ok
21:26:51.0799 2712 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
21:26:51.0809 2712 agp440 - ok
21:26:51.0819 2712 Aha154x - ok
21:26:51.0839 2712 aic78u2 - ok
21:26:51.0859 2712 aic78xx - ok
21:26:51.0899 2712 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:26:51.0919 2712 Alerter - ok
21:26:51.0949 2712 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
21:26:51.0949 2712 ALG - ok
21:26:51.0969 2712 AliIde - ok
21:26:51.0989 2712 amsint - ok
21:26:52.0060 2712 [ 02EAC89288B8B097CAE7251509EF540A ] androidusb C:\WINDOWS\system32\Drivers\wsadb.sys
21:26:52.0250 2712 androidusb - ok
21:26:52.0300 2712 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:26:52.0320 2712 AppMgmt - ok
21:26:52.0370 2712 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:26:52.0370 2712 Arp1394 - ok
21:26:52.0390 2712 asc - ok
21:26:52.0410 2712 asc3350p - ok
21:26:52.0420 2712 asc3550 - ok
21:26:52.0570 2712 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:26:52.0590 2712 aspnet_state - ok
21:26:52.0620 2712 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:26:52.0630 2712 AsyncMac - ok
21:26:52.0660 2712 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:26:52.0670 2712 atapi - ok
21:26:52.0680 2712 Atdisk - ok
21:26:52.0771 2712 [ 944E535926628FB2FA33435EB848F94E ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:26:52.0801 2712 Ati HotKey Poller - ok
21:26:53.0161 2712 [ 0997918A56A6E09DDF7BDFC0EBE8A99D ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:26:53.0432 2712 ati2mtag - ok
21:26:53.0482 2712 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:26:53.0482 2712 Atmarpc - ok
21:26:53.0532 2712 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:26:53.0542 2712 AudioSrv - ok
21:26:53.0592 2712 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:26:53.0602 2712 audstub - ok
21:26:53.0652 2712 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
21:26:53.0692 2712 Avgfwdx - ok
21:26:53.0722 2712 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
21:26:53.0722 2712 Avgfwfd - ok
21:26:54.0042 2712 [ 6D3A517FE33AD047578BF73BB447EEAD ] avgfws C:\Program Files\AVG\AVG2013\avgfws.exe
21:26:54.0253 2712 avgfws - ok
21:26:55.0054 2712 [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
21:26:55.0765 2712 AVGIDSAgent - ok
21:26:55.0805 2712 [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
21:26:55.0835 2712 AVGIDSDriver - ok
21:26:55.0875 2712 [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
21:26:55.0885 2712 AVGIDSHX - ok
21:26:55.0915 2712 [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
21:26:55.0945 2712 AVGIDSShim - ok
21:26:55.0985 2712 [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:26:56.0015 2712 Avgldx86 - ok
21:26:56.0055 2712 [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
21:26:56.0085 2712 Avglogx - ok
21:26:56.0125 2712 [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:26:56.0135 2712 Avgmfx86 - ok
21:26:56.0175 2712 [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:26:56.0196 2712 Avgrkx86 - ok
21:26:56.0246 2712 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:26:56.0246 2712 Avgtdix - ok
21:26:56.0296 2712 [ 8DCD8B53E5935D9AF52CB62FD2B965B5 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
21:26:56.0296 2712 avgtp - ok
21:26:56.0376 2712 [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
21:26:56.0386 2712 avgwd - ok
21:26:56.0446 2712 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:26:56.0476 2712 Beep - ok
21:26:56.0556 2712 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
21:26:56.0656 2712 BITS - ok
21:26:56.0716 2712 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
21:26:56.0866 2712 Browser - ok
21:26:56.0927 2712 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:26:56.0937 2712 cbidf2k - ok
21:26:56.0987 2712 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:26:56.0987 2712 CCDECODE - ok
21:26:57.0007 2712 cd20xrnt - ok
21:26:57.0057 2712 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:26:57.0077 2712 Cdaudio - ok
21:26:57.0117 2712 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:26:57.0117 2712 Cdfs - ok
21:26:57.0147 2712 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:26:57.0157 2712 Cdrom - ok
21:26:57.0177 2712 Changer - ok
21:26:57.0227 2712 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:26:57.0237 2712 CiSvc - ok
21:26:57.0267 2712 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:26:57.0277 2712 ClipSrv - ok
21:26:57.0377 2712 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:26:57.0527 2712 clr_optimization_v2.0.50727_32 - ok
21:26:57.0567 2712 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:26:57.0578 2712 clr_optimization_v4.0.30319_32 - ok
21:26:57.0598 2712 CmdIde - ok
21:26:57.0608 2712 COMSysApp - ok
21:26:57.0728 2712 [ AB82A8885AB9687D82AA51A4B4F62E2D ] CoordinatorServiceHost C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
21:26:57.0778 2712 CoordinatorServiceHost - ok
21:26:57.0798 2712 Cpqarray - ok
21:26:57.0848 2712 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:26:57.0848 2712 CryptSvc - ok
21:26:57.0898 2712 [ F054744F67576A01139885173392502B ] CrystalSysInfo C:\Program Files\MediaCoder\SysInfo.sys
21:26:57.0948 2712 CrystalSysInfo - ok
21:26:57.0988 2712 [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk C:\WINDOWS\system32\DRIVERS\ctljystk.sys
21:26:57.0998 2712 ctljystk - ok
21:26:58.0058 2712 [ 47813EDD5BEBD250DE420D24F7AB37A3 ] CX23880 C:\WINDOWS\system32\drivers\cx88vid.sys
21:26:58.0068 2712 CX23880 - ok
21:26:58.0088 2712 [ 8303E99B649DBF80D24E51D9A9C8B707 ] CXAVXBAR C:\WINDOWS\system32\drivers\cxavxbar.sys
21:26:58.0088 2712 CXAVXBAR - ok
21:26:58.0138 2712 [ EA2ECEEC41A5E0A1629D791BE92B218E ] CXTUNE C:\WINDOWS\system32\drivers\CX88TUNE.sys
21:26:58.0148 2712 CXTUNE - ok
21:26:58.0158 2712 dac2w2k - ok
21:26:58.0178 2712 dac960nt - ok
21:26:58.0248 2712 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:26:58.0268 2712 DcomLaunch - ok
21:26:58.0329 2712 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:26:58.0339 2712 Dhcp - ok
21:26:58.0379 2712 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:26:58.0379 2712 Disk - ok
21:26:58.0399 2712 dmadmin - ok
21:26:58.0489 2712 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:26:58.0519 2712 dmboot - ok
21:26:58.0559 2712 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:26:58.0569 2712 dmio - ok
21:26:58.0599 2712 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:26:58.0599 2712 dmload - ok
21:26:58.0639 2712 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:26:58.0649 2712 dmserver - ok
21:26:58.0669 2712 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:26:58.0669 2712 DMusic - ok
21:26:58.0719 2712 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:26:58.0719 2712 Dnscache - ok
21:26:58.0789 2712 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:26:58.0799 2712 Dot3svc - ok
21:26:58.0849 2712 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
21:26:58.0859 2712 dot4 - ok
21:26:58.0909 2712 [ 02E5D9216994B7C77BBFE01ADCB783A4 ] Dot4 HPH11 C:\WINDOWS\system32\DRIVERS\hphid411.sys
21:26:58.0919 2712 Dot4 HPH11 - ok
21:26:58.0970 2712 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
21:26:58.0970 2712 Dot4Print - ok
21:26:58.0990 2712 [ 0FCC3ED5A97260EEC98CEAE8167E940A ] Dot4Print HPH11 C:\WINDOWS\system32\DRIVERS\hphipr11.sys
21:26:58.0990 2712 Dot4Print HPH11 - ok
21:26:59.0020 2712 [ 93C5582EB9A04CF25B29CA0F1FE57A87 ] Dot4Storage HPH11 C:\WINDOWS\system32\Drivers\hphs2k11.sys
21:26:59.0020 2712 Dot4Storage HPH11 - ok
21:26:59.0040 2712 [ CCC4092DFC85336F2E1C142483ADEB42 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
21:26:59.0040 2712 dot4usb - ok
21:26:59.0070 2712 [ 08B9BF9C88867D3B70473657AE4307B3 ] Dot4Usb HPH11 C:\WINDOWS\system32\drivers\hphius11.sys
21:26:59.0070 2712 Dot4Usb HPH11 - ok
21:26:59.0090 2712 dpti2o - ok
21:26:59.0140 2712 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:26:59.0290 2712 drmkaud - ok
21:26:59.0360 2712 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:26:59.0360 2712 EapHost - ok
21:26:59.0430 2712 [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k C:\WINDOWS\system32\drivers\emu10k1m.sys
21:26:59.0450 2712 emu10k - ok
21:26:59.0480 2712 [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1 C:\WINDOWS\system32\drivers\ctlfacem.sys
21:26:59.0490 2712 emu10k1 - ok
21:26:59.0540 2712 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:26:59.0540 2712 ERSvc - ok
21:26:59.0610 2712 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
21:26:59.0630 2712 Eventlog - ok
21:26:59.0681 2712 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
21:26:59.0691 2712 EventSystem - ok
21:26:59.0711 2712 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:26:59.0721 2712 Fastfat - ok
21:26:59.0781 2712 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:26:59.0781 2712 FastUserSwitchingCompatibility - ok
21:26:59.0841 2712 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:26:59.0841 2712 Fdc - ok
21:26:59.0861 2712 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:26:59.0871 2712 Fips - ok
21:26:59.0961 2712 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:27:00.0011 2712 FLEXnet Licensing Service - ok
21:27:00.0041 2712 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:27:00.0051 2712 Flpydisk - ok
21:27:00.0111 2712 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:27:00.0111 2712 FltMgr - ok
21:27:00.0211 2712 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:27:00.0241 2712 FontCache3.0.0.0 - ok
21:27:00.0271 2712 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:27:00.0291 2712 Fs_Rec - ok
21:27:00.0321 2712 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:27:00.0321 2712 Ftdisk - ok
21:27:00.0362 2712 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:27:00.0372 2712 gameenum - ok
21:27:00.0412 2712 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:27:00.0422 2712 Gpc - ok
21:27:00.0502 2712 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:27:00.0542 2712 gupdate - ok
21:27:00.0562 2712 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:27:00.0562 2712 gupdatem - ok
21:27:00.0612 2712 [ 7929A161F9951D173CA9900FE7067391 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
21:27:00.0622 2712 hamachi - ok
21:27:00.0702 2712 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:27:00.0702 2712 helpsvc - ok
21:27:00.0752 2712 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:27:00.0752 2712 HidServ - ok
21:27:00.0812 2712 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:27:00.0812 2712 HidUsb - ok
21:27:00.0872 2712 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:27:00.0872 2712 hkmsvc - ok
21:27:00.0892 2712 hpn - ok
21:27:01.0022 2712 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:27:01.0042 2712 hpqcxs08 - ok
21:27:01.0073 2712 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:27:01.0073 2712 hpqddsvc - ok
21:27:01.0133 2712 [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:27:01.0173 2712 HPSLPSVC - ok
21:27:01.0223 2712 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:27:01.0223 2712 HPZid412 - ok
21:27:01.0273 2712 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:27:01.0273 2712 HPZipr12 - ok
21:27:01.0323 2712 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:27:01.0333 2712 HPZius12 - ok
21:27:01.0393 2712 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:27:01.0403 2712 HTTP - ok
21:27:01.0423 2712 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:27:01.0433 2712 HTTPFilter - ok
21:27:01.0443 2712 i2omgmt - ok
21:27:01.0463 2712 i2omp - ok
21:27:01.0493 2712 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:27:01.0503 2712 i8042prt - ok
21:27:01.0693 2712 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:27:01.0824 2712 idsvc - ok
21:27:01.0884 2712 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:27:01.0884 2712 Imapi - ok
21:27:01.0934 2712 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:27:01.0944 2712 ImapiService - ok
21:27:01.0964 2712 InCDFs - ok
21:27:01.0974 2712 InCDPass - ok
21:27:01.0994 2712 InCDRm - ok
21:27:02.0024 2712 ini910u - ok
21:27:02.0054 2712 [ 57D928E548B38502ABBA7A77A6EB7312 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:27:02.0054 2712 IntelIde - ok
21:27:02.0104 2712 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:27:02.0104 2712 intelppm - ok
21:27:02.0124 2712 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:27:02.0134 2712 Ip6Fw - ok
21:27:02.0174 2712 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:27:02.0184 2712 IpFilterDriver - ok
21:27:02.0204 2712 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:27:02.0204 2712 IpInIp - ok
21:27:02.0254 2712 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:27:02.0264 2712 IpNat - ok
21:27:02.0284 2712 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:27:02.0294 2712 IPSec - ok
21:27:02.0324 2712 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:27:02.0344 2712 IRENUM - ok
21:27:02.0374 2712 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:27:02.0374 2712 isapnp - ok
21:27:02.0404 2712 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:27:02.0404 2712 Kbdclass - ok
21:27:02.0434 2712 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:27:02.0445 2712 kmixer - ok
21:27:02.0485 2712 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:27:02.0485 2712 KSecDD - ok
21:27:02.0515 2712 [ DAEB765F05285C989B9DC5C6B791C026 ] kvnet C:\WINDOWS\system32\DRIVERS\kvnet.sys
21:27:02.0575 2712 kvnet - ok
21:27:02.0595 2712 kwflower - ok
21:27:02.0645 2712 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:27:02.0645 2712 lanmanserver - ok
21:27:02.0705 2712 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:27:02.0705 2712 lanmanworkstation - ok
21:27:02.0725 2712 Lavasoft Kernexplorer - ok
21:27:02.0765 2712 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
21:27:02.0775 2712 Lbd - ok
21:27:02.0795 2712 lbrtfdc - ok
21:27:02.0885 2712 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:27:03.0686 2712 LightScribeService - ok
21:27:03.0726 2712 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:27:03.0736 2712 LmHosts - ok
21:27:03.0826 2712 [ 83BD376835EFD86547E6BC00EFE2B9F5 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
21:27:03.0837 2712 MDM - ok
21:27:03.0877 2712 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:27:03.0877 2712 Messenger - ok
21:27:03.0927 2712 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:27:03.0927 2712 mnmdd - ok
21:27:03.0987 2712 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:27:04.0127 2712 mnmsrvc - ok
21:27:04.0177 2712 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:27:04.0197 2712 Modem - ok
21:27:04.0227 2712 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:27:04.0257 2712 Mouclass - ok
21:27:04.0297 2712 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:27:04.0297 2712 mouhid - ok
21:27:04.0327 2712 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:27:04.0327 2712 MountMgr - ok
21:27:04.0387 2712 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
21:27:04.0387 2712 MPE - ok
21:27:04.0407 2712 mraid35x - ok
21:27:04.0437 2712 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:27:04.0437 2712 MRxDAV - ok
21:27:04.0517 2712 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:27:04.0538 2712 MRxSmb - ok
21:27:04.0598 2712 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:27:04.0598 2712 MSDTC - ok
21:27:04.0638 2712 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:27:04.0638 2712 Msfs - ok
21:27:04.0658 2712 MSIServer - ok
21:27:04.0688 2712 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:27:04.0688 2712 MSKSSRV - ok
21:27:04.0728 2712 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:27:04.0728 2712 MSPCLOCK - ok
21:27:04.0778 2712 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:27:04.0778 2712 MSPQM - ok
21:27:04.0838 2712 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:27:04.0838 2712 mssmbios - ok
21:27:04.0878 2712 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:27:04.0888 2712 MSTEE - ok
21:27:05.0108 2712 [ 73FA09B84B23A1897809A84F976D5D99 ] msvsmon80 C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
21:27:05.0208 2712 msvsmon80 - ok
21:27:05.0259 2712 [ CD3C06F56104BAC9268587BF1C25A84C ] MTDVC2 C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sys
21:27:05.0279 2712 MTDVC2 - ok
21:27:05.0309 2712 [ A25B4CEC85388F2E88567B4D629AA6E4 ] MTDVC2_ENUM C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sys
21:27:05.0319 2712 MTDVC2_ENUM - ok
21:27:05.0359 2712 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:27:05.0369 2712 Mup - ok
21:27:05.0409 2712 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:27:05.0409 2712 NABTSFEC - ok
21:27:05.0479 2712 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:27:05.0509 2712 napagent - ok
21:27:05.0559 2712 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:27:05.0569 2712 NDIS - ok
21:27:05.0599 2712 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:27:05.0599 2712 NdisIP - ok
21:27:05.0649 2712 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:27:05.0649 2712 NdisTapi - ok
21:27:05.0679 2712 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:27:05.0679 2712 Ndisuio - ok
21:27:05.0709 2712 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:27:05.0709 2712 NdisWan - ok
21:27:05.0769 2712 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:27:05.0769 2712 NDProxy - ok
21:27:05.0829 2712 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
21:27:05.0829 2712 Net Driver HPZ12 - ok
21:27:05.0879 2712 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:27:05.0879 2712 NetBIOS - ok
21:27:05.0919 2712 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:27:05.0919 2712 NetBT - ok
21:27:05.0970 2712 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
21:27:05.0980 2712 NetDDE - ok
21:27:06.0000 2712 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:27:06.0000 2712 NetDDEdsdm - ok
21:27:06.0050 2712 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:27:06.0050 2712 Netlogon - ok
21:27:06.0080 2712 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
21:27:06.0090 2712 Netman - ok
21:27:06.0140 2712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:27:06.0160 2712 NetTcpPortSharing - ok
21:27:06.0200 2712 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:27:06.0210 2712 NIC1394 - ok
21:27:06.0270 2712 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
21:27:06.0280 2712 Nla - ok
21:27:06.0300 2712 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:27:06.0310 2712 Npfs - ok
21:27:06.0360 2712 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:27:06.0560 2712 Ntfs - ok
21:27:06.0580 2712 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:27:06.0580 2712 NtLmSsp - ok
21:27:06.0661 2712 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:27:06.0691 2712 NtmsSvc - ok
21:27:06.0711 2712 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:27:06.0711 2712 Null - ok
21:27:06.0771 2712 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:27:06.0801 2712 NwlnkFlt - ok
21:27:06.0851 2712 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:27:06.0851 2712 NwlnkFwd - ok
21:27:06.0961 2712 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:27:06.0981 2712 odserv - ok
21:27:07.0041 2712 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:27:07.0041 2712 ohci1394 - ok
21:27:07.0091 2712 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:27:07.0131 2712 ose - ok
21:27:07.0161 2712 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:27:07.0171 2712 Parport - ok
21:27:07.0201 2712 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:27:07.0201 2712 PartMgr - ok
21:27:07.0251 2712 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:27:07.0251 2712 ParVdm - ok
21:27:07.0281 2712 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:27:07.0281 2712 PCI - ok
21:27:07.0301 2712 PCIDump - ok
21:27:07.0322 2712 PCIIde - ok
21:27:07.0352 2712 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:27:07.0352 2712 Pcmcia - ok
21:27:07.0402 2712 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
21:27:07.0772 2712 pcouffin - ok
21:27:07.0792 2712 PDCOMP - ok
21:27:07.0812 2712 PDFRAME - ok
21:27:07.0832 2712 PDRELI - ok
21:27:07.0842 2712 PDRFRAME - ok
21:27:07.0862 2712 perc2 - ok
21:27:07.0882 2712 perc2hib - ok
21:27:07.0962 2712 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
21:27:07.0962 2712 PlugPlay - ok
21:27:08.0013 2712 [ E5204E28A4C7E8ECA7F558E2FAB92A89 ] Pml Driver HPH11 C:\WINDOWS\system32\HPHipm11.exe
21:27:08.0013 2712 Pml Driver HPH11 - ok
21:27:08.0043 2712 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
21:27:08.0053 2712 Pml Driver HPZ12 - ok
21:27:08.0073 2712 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:27:08.0073 2712 PolicyAgent - ok
21:27:08.0143 2712 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:27:08.0143 2712 PptpMiniport - ok
21:27:08.0163 2712 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:27:08.0163 2712 ProtectedStorage - ok
21:27:08.0193 2712 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:27:08.0193 2712 PSched - ok
21:27:08.0243 2712 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:27:08.0243 2712 Ptilink - ok
21:27:08.0293 2712 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:27:08.0323 2712 PxHelp20 - ok
21:27:08.0343 2712 ql1080 - ok
21:27:08.0363 2712 Ql10wnt - ok
21:27:08.0373 2712 ql12160 - ok
21:27:08.0393 2712 ql1240 - ok
21:27:08.0413 2712 ql1280 - ok
21:27:08.0453 2712 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:27:08.0453 2712 RasAcd - ok
21:27:08.0503 2712 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:27:08.0513 2712 RasAuto - ok
21:27:08.0543 2712 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:27:08.0553 2712 Rasl2tp - ok
21:27:08.0603 2712 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:27:08.0613 2712 RasMan - ok
21:27:08.0643 2712 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:27:08.0643 2712 RasPppoe - ok
21:27:08.0673 2712 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:27:08.0673 2712 Raspti - ok
21:27:08.0704 2712 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:27:08.0714 2712 Rdbss - ok
21:27:08.0734 2712 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:27:08.0734 2712 RDPCDD - ok
21:27:08.0804 2712 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:27:08.0814 2712 rdpdr - ok
21:27:09.0014 2712 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:27:09.0024 2712 RDPWD - ok
21:27:09.0074 2712 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:27:09.0084 2712 RDSessMgr - ok
21:27:09.0114 2712 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:27:09.0114 2712 redbook - ok
21:27:09.0164 2712 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:27:09.0164 2712 RemoteAccess - ok
21:27:09.0224 2712 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:27:09.0234 2712 RemoteRegistry - ok
21:27:09.0284 2712 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
21:27:09.0304 2712 Revoflt - ok
21:27:09.0364 2712 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:27:09.0364 2712 RpcLocator - ok
21:27:09.0415 2712 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:27:09.0425 2712 RpcSs - ok
21:27:09.0485 2712 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:27:09.0485 2712 RSVP - ok
21:27:09.0555 2712 [ A3592E61F11A898B9D3BB1DC10134E1C ] RT61 C:\WINDOWS\system32\DRIVERS\RT61.sys
21:27:09.0915 2712 RT61 - ok
21:27:09.0965 2712 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:27:09.0965 2712 rtl8139 - ok
21:27:10.0055 2712 [ ACD10C56E4455F203707A679040C3B61 ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
21:27:10.0496 2712 RTL8192su - ok
21:27:10.0536 2712 [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus C:\WINDOWS\system32\DRIVERS\s0016bus.sys
21:27:10.0566 2712 s0016bus - ok
21:27:10.0606 2712 [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
21:27:10.0606 2712 s0016mdfl - ok
21:27:10.0646 2712 [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
21:27:10.0646 2712 s0016mdm - ok
21:27:10.0686 2712 [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
21:27:10.0686 2712 s0016mgmt - ok
21:27:10.0716 2712 [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5 C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
21:27:10.0726 2712 s0016nd5 - ok
21:27:10.0766 2712 [ 36792935847143E4A3CDA0DC87248487 ] s0016obex C:\WINDOWS\system32\DRIVERS\s0016obex.sys
21:27:10.0776 2712 s0016obex - ok
21:27:10.0807 2712 [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic C:\WINDOWS\system32\DRIVERS\s0016unic.sys
21:27:10.0827 2712 s0016unic - ok
21:27:10.0887 2712 [ E6E7A43B99318F40A575B0842D93C73C ] Safetica C:\WINDOWS\system32\DRIVERS\safetica.sys
21:27:10.0927 2712 Safetica - ok
21:27:10.0947 2712 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
21:27:10.0947 2712 SamSs - ok
21:27:10.0977 2712 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:27:10.0987 2712 SCardSvr - ok
21:27:11.0047 2712 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:27:11.0057 2712 Schedule - ok
21:27:11.0137 2712 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:27:11.0137 2712 Secdrv - ok
21:27:11.0187 2712 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:27:11.0197 2712 seclogon - ok
21:27:11.0247 2712 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
21:27:11.0247 2712 SENS - ok
21:27:11.0277 2712 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:27:11.0277 2712 serenum - ok
21:27:11.0317 2712 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:27:11.0488 2712 Serial - ok
21:27:11.0558 2712 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:27:11.0568 2712 Sfloppy - ok
21:27:11.0588 2712 [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman C:\WINDOWS\system32\drivers\sfmanm.sys
21:27:11.0588 2712 sfman - ok
21:27:11.0668 2712 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:27:11.0688 2712 SharedAccess - ok
21:27:11.0728 2712 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:27:11.0728 2712 ShellHWDetection - ok
21:27:11.0758 2712 Simbad - ok
21:27:11.0818 2712 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:27:11.0828 2712 SkypeUpdate - ok
21:27:11.0858 2712 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:27:11.0858 2712 SLIP - ok
21:27:11.0958 2712 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
21:27:12.0309 2712 SolidWorks Licensing Service - ok
21:27:12.0389 2712 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
21:27:12.0409 2712 Sony PC Companion - ok
21:27:12.0429 2712 Sparrow - ok
21:27:12.0479 2712 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:27:12.0479 2712 splitter - ok
21:27:12.0539 2712 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:27:12.0539 2712 Spooler - ok
21:27:12.0629 2712 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
21:27:13.0100 2712 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
21:27:13.0110 2712 sptd ( LockedFile.Multi.Generic ) - warning
21:27:13.0110 2712 sptd - detected LockedFile.Multi.Generic (1)
21:27:13.0150 2712 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:27:13.0150 2712 sr - ok
21:27:13.0210 2712 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
21:27:13.0220 2712 srservice - ok
21:27:13.0280 2712 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:27:13.0310 2712 Srv - ok
21:27:13.0370 2712 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:27:13.0370 2712 SSDPSRV - ok
21:27:13.0430 2712 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
21:27:13.0641 2712 StarOpen - ok
21:27:13.0711 2712 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:27:13.0731 2712 stisvc - ok
21:27:13.0801 2712 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:27:13.0811 2712 streamip - ok
21:27:13.0851 2712 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:27:14.0021 2712 swenum - ok
21:27:14.0041 2712 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:27:14.0051 2712 swmidi - ok
21:27:14.0081 2712 SwOffScheduler - ok
21:27:14.0101 2712 SwOffWeb - ok
21:27:14.0111 2712 SwPrv - ok
21:27:14.0141 2712 symc810 - ok
21:27:14.0161 2712 symc8xx - ok
21:27:14.0181 2712 sym_hi - ok
21:27:14.0201 2712 sym_u3 - ok
21:27:14.0231 2712 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:27:14.0241 2712 sysaudio - ok
21:27:14.0292 2712 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:27:14.0302 2712 SysmonLog - ok
21:27:14.0372 2712 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:27:14.0382 2712 TapiSrv - ok
21:27:14.0462 2712 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:27:14.0482 2712 Tcpip - ok
21:27:14.0522 2712 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:27:14.0522 2712 TDPIPE - ok
21:27:14.0572 2712 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:27:14.0572 2712 TDTCP - ok
21:27:14.0602 2712 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:27:14.0622 2712 TermDD - ok
21:27:14.0682 2712 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
21:27:14.0702 2712 TermService - ok
21:27:14.0742 2712 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:27:14.0742 2712 Themes - ok
21:27:14.0802 2712 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:27:14.0812 2712 TlntSvr - ok
21:27:14.0822 2712 TosIde - ok
21:27:14.0862 2712 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:27:14.0862 2712 TrkWks - ok
21:27:14.0902 2712 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:27:14.0902 2712 Udfs - ok
21:27:14.0952 2712 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
21:27:15.0303 2712 UleadBurningHelper - ok
21:27:15.0323 2712 ultra - ok
21:27:15.0383 2712 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:27:15.0413 2712 Update - ok
21:27:15.0473 2712 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
21:27:15.0483 2712 upnphost - ok
21:27:15.0513 2712 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
21:27:15.0513 2712 UPS - ok
21:27:15.0583 2712 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:27:15.0583 2712 usbaudio - ok
21:27:15.0603 2712 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:27:15.0613 2712 usbccgp - ok
21:27:15.0664 2712 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:27:15.0664 2712 usbehci - ok
21:27:15.0694 2712 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:27:15.0694 2712 usbhub - ok
21:27:15.0744 2712 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:27:15.0744 2712 usbohci - ok
21:27:15.0794 2712 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:27:15.0804 2712 usbprint - ok
21:27:15.0854 2712 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:27:15.0854 2712 usbscan - ok
21:27:15.0914 2712 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:27:15.0914 2712 USBSTOR - ok
21:27:15.0944 2712 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:27:15.0944 2712 usbuhci - ok
21:27:16.0004 2712 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
21:27:16.0004 2712 usbvideo - ok
21:27:16.0034 2712 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:27:16.0034 2712 VgaSave - ok
21:27:16.0054 2712 ViaIde - ok
21:27:16.0114 2712 [ D6E99240EB4DBE7961A0A2089039BB57 ] VMUVC C:\WINDOWS\system32\Drivers\VMUVC.sys
21:27:16.0505 2712 VMUVC - ok
21:27:16.0645 2712 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:27:16.0645 2712 VolSnap - ok
21:27:16.0715 2712 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
21:27:16.0745 2712 VSS - ok
21:27:16.0935 2712 [ 654D358F8DC18167F31A01166B4CA9D6 ] vToolbarUpdater15.3.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
21:27:17.0025 2712 vToolbarUpdater15.3.0 - ok
21:27:17.0116 2712 [ 5C1100D8EC7E3DDE56FFC521087A1D19 ] vvftUVC C:\WINDOWS\system32\drivers\vvftUVC.sys
21:27:17.0456 2712 vvftUVC - ok
21:27:17.0526 2712 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
21:27:17.0546 2712 W32Time - ok
21:27:17.0576 2712 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:27:17.0576 2712 Wanarp - ok
21:27:17.0616 2712 [ A2A8CACB5B80AC45CC69692E60621864 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
21:27:17.0616 2712 wceusbsh - ok
21:27:17.0686 2712 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
21:27:17.0696 2712 Wdf01000 - ok
21:27:17.0716 2712 WDICA - ok
21:27:17.0757 2712 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:27:17.0757 2712 wdmaud - ok
21:27:17.0817 2712 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:27:17.0817 2712 WebClient - ok
21:27:17.0907 2712 [ 9BC98A4E3401D52ED860CF883CCB7478 ] WFIOCTL C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
21:27:18.0157 2712 WFIOCTL - ok
21:27:18.0227 2712 [ 004B5A8EE1C7DF9757450EF173630505 ] WFLR6654 C:\WINDOWS\system32\drivers\wfeaglxt.sys
21:27:18.0297 2712 WFLR6654 - ok
21:27:18.0407 2712 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:27:18.0407 2712 winmgmt - ok
21:27:18.0478 2712 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
21:27:18.0488 2712 WinUSB - ok
21:27:18.0528 2712 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:27:18.0558 2712 WmdmPmSN - ok
21:27:18.0628 2712 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:27:18.0658 2712 Wmi - ok
21:27:18.0728 2712 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:27:18.0728 2712 WmiApSrv - ok
21:27:18.0848 2712 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:27:19.0078 2712 WMPNetworkSvc - ok
21:27:19.0128 2712 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:27:19.0139 2712 WpdUsb - ok
21:27:19.0249 2712 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:27:19.0279 2712 WPFFontCache_v0400 - ok
21:27:19.0339 2712 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:27:19.0349 2712 wscsvc - ok
21:27:19.0409 2712 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:27:19.0409 2712 WSTCODEC - ok
21:27:19.0469 2712 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:27:19.0469 2712 wuauserv - ok
21:27:19.0519 2712 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:27:19.0539 2712 WudfPf - ok
21:27:19.0589 2712 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:27:19.0589 2712 WudfRd - ok
21:27:19.0629 2712 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:27:19.0639 2712 WudfSvc - ok
21:27:19.0709 2712 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:27:19.0729 2712 WZCSVC - ok
21:27:19.0789 2712 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:27:19.0799 2712 xmlprov - ok
21:27:19.0870 2712 ================ Scan global ===============================
21:27:19.0900 2712 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
21:27:19.0960 2712 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
21:27:20.0000 2712 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
21:27:20.0040 2712 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
21:27:20.0040 2712 [Global] - ok
21:27:20.0050 2712 ================ Scan MBR ==================================
21:27:20.0080 2712 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
21:27:20.0250 2712 \Device\Harddisk0\DR0 - ok
21:27:20.0270 2712 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk1\DR1
21:27:20.0270 2712 \Device\Harddisk1\DR1 - ok
21:27:20.0280 2712 ================ Scan VBR ==================================
21:27:20.0290 2712 [ 35AA5FF84D01DC69FE80210CDFD257C2 ] \Device\Harddisk0\DR0\Partition1
21:27:20.0290 2712 \Device\Harddisk0\DR0\Partition1 - ok
21:27:20.0300 2712 [ 5B3BEB19D54DD9831B051038199DC461 ] \Device\Harddisk1\DR1\Partition1
21:27:20.0300 2712 \Device\Harddisk1\DR1\Partition1 - ok
21:27:20.0320 2712 ============================================================
21:27:20.0320 2712 Scan finished
21:27:20.0320 2712 ============================================================
21:27:20.0340 4040 Detected object count: 1
21:27:20.0340 4040 Actual detected object count: 1
21:27:33.0369 4040 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:27:33.0369 4040 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Máte nainstalovaný nějaký emulátor mechanik (DaemonTools a pod.)?

Ano- nakonec jsem ho našel..
daemon

Takže ten "rootkit" patří právě jemu. Ovladač programu Daemon Tools používá při své činnosti praktiky podobné chování rootkitu a je některými antiviry takto detekován. Jde v logu o tento záznam:

.........21:27:12.0629 2712 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
21:27:13.0100 2712 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
21:27:13.0110 2712 sptd ( LockedFile.Multi.Generic ) - warning
21:27:13.0110 2712 sptd - detected LockedFile.Multi.Generic (1)..........