Dobrý den, Anti Malware mi hlasí infekci Rootkit.0Acces.H - jak ji odstraním, za chvíli je tam znovu. Anti-Matware nesutále blokuje jakési přístupy na internet... Díky za pomoc chlapi!
Logfile of random's system information tool 1.09 (written by random/random)
Run by JM at 2012-06-18 11:06:39
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 77 GB (32%) free of 238 GB
Total RAM: 2038 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:07:12, on 18.6.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\MAFWTray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Ovislink\Common\TurboG-UI.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\RSIT.exe
C:\Program Files\trend micro\JM.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\JM\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AirLive 802.11N Wireless Utility.lnk = C:\Program Files\Ovislink\Common\TurboG-UI.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
--
End of file - 8585 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"=C:\Windows\system32\MAFWTray.exe [2009-07-29 252424]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"NeroCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2011-10-04 220992]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-01-24 3478336]
"Google Update"=C:\Users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 116648]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AirLive 802.11N Wireless Utility.lnk - C:\Program Files\Ovislink\Common\TurboG-UI.exe
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.divxa32"=msaud32_divx.acm
"msacm.vorbis"=vorbis.acm
"VIDC.FFDS"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-06-18 11:06:39 ----D---- C:\rsit
2012-06-18 11:06:32 ----A---- C:\RSIT.exe
2012-06-18 08:17:59 ----D---- C:\Windows\system32\SPReview
2012-06-18 08:17:07 ----D---- C:\Windows\system32\EventProviders
2012-06-18 08:13:32 ----A---- C:\Windows\system32\MRT.exe
2012-06-18 08:04:03 ----A---- C:\Windows\system32\dfshim.dll
2012-06-18 08:03:58 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2012-06-18 08:03:57 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-06-18 08:03:57 ----A---- C:\Windows\system32\mstscax.dll
2012-06-18 08:03:57 ----A---- C:\Windows\system32\LSCSHostPolicy.dll
2012-06-18 08:03:53 ----A---- C:\Windows\system32\mfc40u.dll
2012-06-18 08:03:53 ----A---- C:\Windows\system32\mfc40.dll
2012-06-18 08:03:53 ----A---- C:\Windows\system32\d3d10warp.dll
2012-06-18 08:03:52 ----A---- C:\Windows\system32\tssrvlic.dll
2012-06-18 08:03:52 ----A---- C:\Windows\system32\RDVGHelper.exe
2012-06-18 08:03:50 ----A---- C:\Windows\system32\sysmain.dll
2012-06-18 08:03:49 ----A---- C:\Windows\system32\secproc_isv.dll
2012-06-18 08:03:48 ----A---- C:\Windows\system32\secproc.dll
2012-06-18 08:03:48 ----A---- C:\Windows\system32\RMActivate_isv.exe
2012-06-18 08:03:46 ----A---- C:\Windows\system32\RMActivate.exe
2012-06-18 08:03:44 ----A---- C:\Windows\system32\spwizui.dll
2012-06-18 08:03:44 ----A---- C:\Windows\system32\mscoree.dll
2012-06-18 08:03:43 ----A---- C:\Windows\system32\mf.dll
2012-06-18 08:03:42 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2012-06-18 08:03:42 ----A---- C:\Windows\system32\CertEnroll.dll
2012-06-18 08:03:41 ----A---- C:\Windows\system32\wmp.dll
2012-06-18 08:03:40 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2012-06-18 08:03:40 ----A---- C:\Windows\system32\PresentationHost.exe
2012-06-18 08:03:40 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2012-06-18 08:03:40 ----A---- C:\Windows\system32\drivers\hwpolicy.sys
2012-06-18 08:03:39 ----A---- C:\Windows\system32\schedsvc.dll
2012-06-18 08:03:38 ----A---- C:\Windows\system32\RacEngn.dll
2012-06-18 08:03:38 ----A---- C:\Windows\system32\AuthFWSnapin.dll
2012-06-18 08:03:36 ----A---- C:\Windows\system32\rdpdd.dll
2012-06-18 08:03:36 ----A---- C:\Windows\system32\qmgr.dll
2012-06-18 08:03:35 ----A---- C:\Windows\system32\ole32.dll
2012-06-18 08:03:35 ----A---- C:\Windows\system32\ExplorerFrame.dll
2012-06-18 08:03:34 ----A---- C:\Windows\system32\wevtsvc.dll
2012-06-18 08:03:34 ----A---- C:\Windows\system32\vssapi.dll
2012-06-18 08:03:34 ----A---- C:\Windows\system32\SearchFolder.dll
2012-06-18 08:03:34 ----A---- C:\Windows\system32\drivers\tdx.sys
2012-06-18 08:03:33 ----A---- C:\Windows\system32\taskschd.dll
2012-06-18 08:03:33 ----A---- C:\Windows\system32\IKEEXT.DLL
2012-06-18 08:03:33 ----A---- C:\Windows\system32\d3d9.dll
2012-06-18 08:03:31 ----A---- C:\Windows\system32\termsrv.dll
2012-06-18 08:03:31 ----A---- C:\Windows\system32\spreview.exe
2012-06-18 08:03:31 ----A---- C:\Windows\system32\spinstall.exe
2012-06-18 08:03:31 ----A---- C:\Windows\system32\PushPrinterConnections.exe
2012-06-18 08:03:31 ----A---- C:\Windows\system32\mstsc.exe
2012-06-18 08:03:30 ----A---- C:\Windows\system32\wer.dll
2012-06-18 08:03:30 ----A---- C:\Windows\system32\rpcrt4.dll
2012-06-18 08:03:30 ----A---- C:\Windows\system32\msxml6.dll
2012-06-18 08:03:30 ----A---- C:\Windows\system32\gpsvc.dll
2012-06-18 08:03:30 ----A---- C:\Windows\system32\certcli.dll
2012-06-18 08:03:29 ----A---- C:\Windows\system32\wbengine.exe
2012-06-18 08:03:29 ----A---- C:\Windows\system32\odbc32.dll
2012-06-18 08:03:29 ----A---- C:\Windows\system32\MPSSVC.dll
2012-06-18 08:03:29 ----A---- C:\Windows\system32\dwmcore.dll
2012-06-18 08:03:29 ----A---- C:\Windows\system32\diagperf.dll
2012-06-18 08:03:28 ----A---- C:\Windows\system32\WinSAT.exe
2012-06-18 08:03:28 ----A---- C:\Windows\system32\umrdp.dll
2012-06-18 08:03:28 ----A---- C:\Windows\system32\TSWorkspace.dll
2012-06-18 08:03:28 ----A---- C:\Windows\system32\tsmf.dll
2012-06-18 08:03:28 ----A---- C:\Windows\system32\scavengeui.dll
2012-06-18 08:03:28 ----A---- C:\Windows\system32\dot3api.dll
2012-06-18 08:03:27 ----A---- C:\Windows\system32\winhttp.dll
2012-06-18 08:03:27 ----A---- C:\Windows\system32\setupapi.dll
2012-06-18 08:03:27 ----A---- C:\Windows\system32\localspl.dll
2012-06-18 08:03:26 ----A---- C:\Windows\system32\MSVidCtl.dll
2012-06-18 08:03:26 ----A---- C:\Windows\system32\apphelp.dll
2012-06-18 08:03:25 ----A---- C:\Windows\system32\WindowsCodecs.dll
2012-06-18 08:03:25 ----A---- C:\Windows\system32\VSSVC.exe
2012-06-18 08:03:25 ----A---- C:\Windows\system32\rdpshell.exe
2012-06-18 08:03:25 ----A---- C:\Windows\system32\netlogon.dll
2012-06-18 08:03:25 ----A---- C:\Windows\system32\netcfgx.dll
2012-06-18 08:03:25 ----A---- C:\Windows\system32\dbgeng.dll
2012-06-18 08:03:25 ----A---- C:\Windows\system32\d3d11.dll
2012-06-18 08:03:24 ----A---- C:\Windows\system32\WMVDECOD.DLL
2012-06-18 08:03:24 ----A---- C:\Windows\system32\winlogon.exe
2012-06-18 08:03:24 ----A---- C:\Windows\system32\user32.dll
2012-06-18 08:03:24 ----A---- C:\Windows\system32\Query.dll
2012-06-18 08:03:24 ----A---- C:\Windows\system32\gpprefcl.dll
2012-06-18 08:03:23 ----A---- C:\Windows\system32\WsmSvc.dll
2012-06-18 08:03:23 ----A---- C:\Windows\system32\upnp.dll
2012-06-18 08:03:23 ----A---- C:\Windows\system32\mmcndmgr.dll
2012-06-18 08:03:23 ----A---- C:\Windows\system32\DShowRdpFilter.dll
2012-06-18 08:03:23 ----A---- C:\Windows\system32\advapi32.dll
2012-06-18 08:03:22 ----A---- C:\Windows\system32\sppobjs.dll
2012-06-18 08:03:22 ----A---- C:\Windows\system32\SessEnv.dll
2012-06-18 08:03:22 ----A---- C:\Windows\system32\netfxperf.dll
2012-06-18 08:03:22 ----A---- C:\Windows\system32\msv1_0.dll
2012-06-18 08:03:22 ----A---- C:\Windows\system32\msdrm.dll
2012-06-18 08:03:22 ----A---- C:\Windows\system32\lsm.exe
2012-06-18 08:03:22 ----A---- C:\Windows\system32\imapi2fs.dll
2012-06-18 08:03:22 ----A---- C:\Windows\system32\drivers\csc.sys
2012-06-18 08:03:22 ----A---- C:\Windows\system32\authui.dll
2012-06-18 08:03:21 ----A---- C:\Windows\system32\usp10.dll
2012-06-18 08:03:21 ----A---- C:\Windows\system32\shlwapi.dll
2012-06-18 08:03:21 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2012-06-18 08:03:21 ----A---- C:\Windows\system32\mcbuilder.exe
2012-06-18 08:03:20 ----A---- C:\Windows\system32\xpsservices.dll
2012-06-18 08:03:20 ----A---- C:\Windows\system32\winload.exe
2012-06-18 08:03:20 ----A---- C:\Windows\system32\WebClnt.dll
2012-06-18 08:03:20 ----A---- C:\Windows\system32\userenv.dll
2012-06-18 08:03:20 ----A---- C:\Windows\system32\drvstore.dll
2012-06-18 08:03:20 ----A---- C:\Windows\system32\comdlg32.dll
2012-06-18 08:03:20 ----A---- C:\Windows\system32\certmgr.dll
2012-06-18 08:03:20 ----A---- C:\Windows\system32\audiosrv.dll
2012-06-18 08:03:19 ----A---- C:\Windows\system32\sppwinob.dll
2012-06-18 08:03:19 ----A---- C:\Windows\system32\rpcss.dll
2012-06-18 08:03:19 ----A---- C:\Windows\system32\iphlpsvc.dll
2012-06-18 08:03:19 ----A---- C:\Windows\system32\cmd.exe
2012-06-18 08:03:18 ----A---- C:\Windows\system32\wuaueng.dll
2012-06-18 08:03:18 ----A---- C:\Windows\system32\Wldap32.dll
2012-06-18 08:03:18 ----A---- C:\Windows\system32\win32spl.dll
2012-06-18 08:03:18 ----A---- C:\Windows\system32\rdpendp.dll
2012-06-18 08:03:18 ----A---- C:\Windows\system32\propsys.dll
2012-06-18 08:03:18 ----A---- C:\Windows\system32\nlasvc.dll
2012-06-18 08:03:18 ----A---- C:\Windows\system32\mfds.dll
2012-06-18 08:03:18 ----A---- C:\Windows\system32\framedynos.dll
2012-06-18 08:03:18 ----A---- C:\Windows\system32\drivers\volsnap.sys
2012-06-18 08:03:18 ----A---- C:\Windows\system32\drivers\ndis.sys
2012-06-18 08:03:18 ----A---- C:\Windows\system32\BFE.DLL
2012-06-18 08:03:17 ----A---- C:\Windows\system32\wucltux.dll
2012-06-18 08:03:17 ----A---- C:\Windows\system32\wmicmiplugin.dll
2012-06-18 08:03:17 ----A---- C:\Windows\system32\winresume.exe
2012-06-18 08:03:17 ----A---- C:\Windows\system32\werconcpl.dll
2012-06-18 08:03:17 ----A---- C:\Windows\system32\samsrv.dll
2012-06-18 08:03:17 ----A---- C:\Windows\system32\rdpclip.exe
2012-06-18 08:03:17 ----A---- C:\Windows\system32\ncsi.dll
2012-06-18 08:03:17 ----A---- C:\Windows\system32\drivers\netio.sys
2012-06-18 08:03:17 ----A---- C:\Windows\system32\cscsvc.dll
2012-06-18 08:03:17 ----A---- C:\Windows\system32\azroles.dll
2012-06-18 08:03:16 ----A---- C:\Windows\system32\themeui.dll
2012-06-18 08:03:16 ----A---- C:\Windows\system32\taskeng.exe
2012-06-18 08:03:16 ----A---- C:\Windows\system32\spp.dll
2012-06-18 08:03:16 ----A---- C:\Windows\system32\dhcpcore.dll
2012-06-18 08:03:16 ----A---- C:\Windows\system32\credui.dll
2012-06-18 08:03:16 ----A---- C:\Windows\system32\appmgr.dll
2012-06-18 08:03:15 ----A---- C:\Windows\system32\msxml3.dll
2012-06-18 08:03:15 ----A---- C:\Windows\system32\mswsock.dll
2012-06-18 08:03:15 ----A---- C:\Windows\system32\mfreadwrite.dll
2012-06-18 08:03:15 ----A---- C:\Windows\system32\drivers\http.sys
2012-06-18 08:03:15 ----A---- C:\Windows\system32\basecsp.dll
2012-06-18 08:03:14 ----A---- C:\Windows\system32\taskcomp.dll
2012-06-18 08:03:14 ----A---- C:\Windows\system32\rdpinit.exe
2012-06-18 08:03:14 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2012-06-18 08:03:14 ----A---- C:\Windows\system32\gdi32.dll
2012-06-18 08:03:14 ----A---- C:\Windows\system32\evr.dll
2012-06-18 08:03:14 ----A---- C:\Windows\system32\dxgi.dll
2012-06-18 08:03:14 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2012-06-18 08:03:14 ----A---- C:\Windows\system32\dbghelp.dll
2012-06-18 08:03:13 ----A---- C:\Windows\system32\WinSATAPI.dll
2012-06-18 08:03:13 ----A---- C:\Windows\system32\vpnike.dll
2012-06-18 08:03:13 ----A---- C:\Windows\system32\sqlsrv32.dll
2012-06-18 08:03:13 ----A---- C:\Windows\system32\spoolsv.exe
2012-06-18 08:03:13 ----A---- C:\Windows\system32\QAGENTRT.DLL
2012-06-18 08:03:13 ----A---- C:\Windows\system32\drivers\1394ohci.sys
2012-06-18 08:03:13 ----A---- C:\Windows\system32\calc.exe
2012-06-18 08:03:12 ----A---- C:\Windows\system32\UIRibbon.dll
2012-06-18 08:03:12 ----A---- C:\Windows\system32\srvsvc.dll
2012-06-18 08:03:12 ----A---- C:\Windows\system32\lpksetup.exe
2012-06-18 08:03:12 ----A---- C:\Windows\system32\fveapi.dll
2012-06-18 08:03:11 ----A---- C:\Windows\system32\ws2_32.dll
2012-06-18 08:03:11 ----A---- C:\Windows\system32\tspubwmi.dll
2012-06-18 08:03:11 ----A---- C:\Windows\system32\sxs.dll
2012-06-18 08:03:11 ----A---- C:\Windows\system32\stobject.dll
2012-06-18 08:03:11 ----A---- C:\Windows\system32\netshell.dll
2012-06-18 08:03:11 ----A---- C:\Windows\system32\hgprint.dll
2012-06-18 08:03:11 ----A---- C:\Windows\system32\drivers\fvevol.sys
2012-06-18 08:03:10 ----A---- C:\Windows\system32\prncache.dll
2012-06-18 08:03:10 ----A---- C:\Windows\system32\printui.dll
2012-06-18 08:03:10 ----A---- C:\Windows\system32\inetpp.dll
2012-06-18 08:03:10 ----A---- C:\Windows\system32\drivers\rdbss.sys
2012-06-18 08:03:10 ----A---- C:\Windows\system32\drivers\msdsm.sys
2012-06-18 08:03:10 ----A---- C:\Windows\system32\dps.dll
2012-06-18 08:03:10 ----A---- C:\Windows\system32\comctl32.dll
2012-06-18 08:03:09 ----A---- C:\Windows\system32\WSDApi.dll
2012-06-18 08:03:09 ----A---- C:\Windows\system32\wmpeffects.dll
2012-06-18 08:03:09 ----A---- C:\Windows\system32\rpchttp.dll
2012-06-18 08:03:09 ----A---- C:\Windows\system32\net1.exe
2012-06-18 08:03:09 ----A---- C:\Windows\system32\drivers\vmbus.sys
2012-06-18 08:03:09 ----A---- C:\Windows\system32\ci.dll
2012-06-18 08:03:09 ----A---- C:\Windows\system32\aitagent.exe
2012-06-18 08:03:09 ----A---- C:\Windows\system32\aepdu.dll
2012-06-18 08:03:08 ----A---- C:\Windows\system32\vds.exe
2012-06-18 08:03:08 ----A---- C:\Windows\system32\scansetting.dll
2012-06-18 08:03:08 ----A---- C:\Windows\system32\FXSSVC.exe
2012-06-18 08:03:08 ----A---- C:\Windows\system32\drivers\pci.sys
2012-06-18 08:03:07 ----A---- C:\Windows\system32\WMVCORE.DLL
2012-06-18 08:03:07 ----A---- C:\Windows\system32\wlangpui.dll
2012-06-18 08:03:07 ----A---- C:\Windows\system32\QSHVHOST.DLL
2012-06-18 08:03:07 ----A---- C:\Windows\system32\MMDevAPI.dll
2012-06-18 08:03:07 ----A---- C:\Windows\system32\davclnt.dll
2012-06-18 08:03:07 ----A---- C:\Windows\system32\consent.exe
2012-06-18 08:03:07 ----A---- C:\Windows\system32\aaclient.dll
2012-06-18 08:03:06 ----A---- C:\Windows\system32\wpdshext.dll
2012-06-18 08:03:06 ----A---- C:\Windows\system32\webservices.dll
2012-06-18 08:03:06 ----A---- C:\Windows\system32\tscfgwmi.dll
2012-06-18 08:03:06 ----A---- C:\Windows\system32\t2embed.dll
2012-06-18 08:03:06 ----A---- C:\Windows\system32\scrptadm.dll
2012-06-18 08:03:06 ----A---- C:\Windows\system32\pnidui.dll
2012-06-18 08:03:06 ----A---- C:\Windows\system32\netdiagfx.dll
2012-06-18 08:03:06 ----A---- C:\Windows\system32\IPSECSVC.DLL
2012-06-18 08:03:06 ----A---- C:\Windows\system32\fde.dll
2012-06-18 08:03:06 ----A---- C:\Windows\system32\drivers\termdd.sys
2012-06-18 08:03:06 ----A---- C:\Windows\system32\drivers\rdpdr.sys
2012-06-18 08:03:05 ----A---- C:\Windows\system32\wuapi.dll
2012-06-18 08:03:05 ----A---- C:\Windows\system32\wscapi.dll
2012-06-18 08:03:05 ----A---- C:\Windows\system32\vmicsvc.exe
2012-06-18 08:03:05 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2012-06-18 08:03:05 ----A---- C:\Windows\system32\SyncCenter.dll
2012-06-18 08:03:05 ----A---- C:\Windows\system32\sdengin2.dll
2012-06-18 08:03:05 ----A---- C:\Windows\system32\drivers\sbp2port.sys
2012-06-18 08:03:04 ----A---- C:\Windows\system32\wisptis.exe
2012-06-18 08:03:04 ----A---- C:\Windows\system32\WinSCard.dll
2012-06-18 08:03:04 ----A---- C:\Windows\system32\pla.dll
2012-06-18 08:03:04 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2012-06-18 08:03:04 ----A---- C:\Windows\system32\msasn1.dll
2012-06-18 08:03:04 ----A---- C:\Windows\system32\mcmde.dll
2012-06-18 08:03:04 ----A---- C:\Windows\system32\drivers\vhdmp.sys
2012-06-18 08:03:04 ----A---- C:\Windows\system32\cscobj.dll
2012-06-18 08:03:03 ----A---- C:\Windows\system32\WUDFSvc.dll
2012-06-18 08:03:03 ----A---- C:\Windows\system32\winsta.dll
2012-06-18 08:03:03 ----A---- C:\Windows\system32\wiaservc.dll
2012-06-18 08:03:03 ----A---- C:\Windows\system32\setupcl.exe
2012-06-18 08:03:03 ----A---- C:\Windows\system32\imapi2.dll
2012-06-18 08:03:03 ----A---- C:\Windows\system32\drivers\msahci.sys
2012-06-18 08:03:02 ----A---- C:\Windows\system32\gameux.dll
2012-06-18 08:03:02 ----A---- C:\Windows\system32\DXPTaskRingtone.dll
2012-06-18 08:03:02 ----A---- C:\Windows\system32\aeinv.dll
2012-06-18 08:03:01 ----A---- C:\Windows\system32\dwmredir.dll
2012-06-18 08:03:00 ----A---- C:\Windows\system32\WMPEncEn.dll
2012-06-18 08:03:00 ----A---- C:\Windows\system32\winmm.dll
2012-06-18 08:03:00 ----A---- C:\Windows\system32\vaultsvc.dll
2012-06-18 08:03:00 ----A---- C:\Windows\system32\TabSvc.dll
2012-06-18 08:03:00 ----A---- C:\Windows\system32\shsvcs.dll
2012-06-18 08:03:00 ----A---- C:\Windows\system32\rasmans.dll
2012-06-18 08:03:00 ----A---- C:\Windows\system32\onex.dll
2012-06-18 08:03:00 ----A---- C:\Windows\system32\hbaapi.dll
2012-06-18 08:03:00 ----A---- C:\Windows\system32\drivers\udfs.sys
2012-06-18 08:03:00 ----A---- C:\Windows\system32\drivers\acpi.sys
2012-06-18 08:03:00 ----A---- C:\Windows\system32\autofmt.exe
2012-06-18 08:02:59 ----A---- C:\Windows\system32\thumbcache.dll
2012-06-18 08:02:59 ----A---- C:\Windows\system32\samcli.dll
2012-06-18 08:02:59 ----A---- C:\Windows\system32\proquota.exe
2012-06-18 08:02:59 ----A---- C:\Windows\system32\netiohlp.dll
2012-06-18 08:02:59 ----A---- C:\Windows\system32\Narrator.exe
2012-06-18 08:02:59 ----A---- C:\Windows\system32\msutb.dll
2012-06-18 08:02:59 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2012-06-18 08:02:59 ----A---- C:\Windows\system32\halmacpi.dll
2012-06-18 08:02:59 ----A---- C:\Windows\system32\hal.dll
2012-06-18 08:02:59 ----A---- C:\Windows\system32\bootres.dll
2012-06-18 08:02:59 ----A---- C:\Windows\system32\autochk.exe
2012-06-18 08:02:59 ----A---- C:\Windows\system32\autoconv.exe
2012-06-18 08:02:59 ----A---- C:\Windows\system32\AudioSes.dll
2012-06-18 08:02:59 ----A---- C:\Windows\system32\audiodg.exe
2012-06-18 08:02:58 ----A---- C:\Windows\system32\wcncsvc.dll
2012-06-18 08:02:58 ----A---- C:\Windows\system32\tcpipcfg.dll
2012-06-18 08:02:58 ----A---- C:\Windows\system32\srchadmin.dll
2012-06-18 08:02:58 ----A---- C:\Windows\system32\schtasks.exe
2012-06-18 08:02:58 ----A---- C:\Windows\system32\regapi.dll
2012-06-18 08:02:58 ----A---- C:\Windows\system32\powercpl.dll
2012-06-18 08:02:58 ----A---- C:\Windows\system32\msinfo32.exe
2012-06-18 08:02:58 ----A---- C:\Windows\system32\msihnd.dll
2012-06-18 08:02:58 ----A---- C:\Windows\system32\mimefilt.dll
2012-06-18 08:02:58 ----A---- C:\Windows\system32\ipsmsnap.dll
2012-06-18 08:02:58 ----A---- C:\Windows\system32\framedyn.dll
2012-06-18 08:02:58 ----A---- C:\Windows\system32\eapphost.dll
2012-06-18 08:02:58 ----A---- C:\Windows\system32\drivers\winusb.sys
2012-06-18 08:02:57 ----A---- C:\Windows\system32\QAGENT.DLL
2012-06-18 08:02:57 ----A---- C:\Windows\system32\mscorier.dll
2012-06-18 08:02:57 ----A---- C:\Windows\system32\drivers\volmgr.sys
2012-06-18 08:02:57 ----A---- C:\Windows\system32\drivers\netbt.sys
2012-06-18 08:02:57 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2012-06-18 08:02:56 ----A---- C:\Windows\system32\wdc.dll
2012-06-18 08:02:56 ----A---- C:\Windows\system32\umpo.dll
2012-06-18 08:02:56 ----A---- C:\Windows\system32\StructuredQuery.dll
2012-06-18 08:02:56 ----A---- C:\Windows\system32\scesrv.dll
2012-06-18 08:02:56 ----A---- C:\Windows\system32\netid.dll
2012-06-18 08:02:56 ----A---- C:\Windows\system32\DXP.dll
2012-06-18 08:02:56 ----A---- C:\Windows\system32\actxprxy.dll
2012-06-18 08:02:55 ----A---- C:\Windows\system32\Vault.dll
2012-06-18 08:02:55 ----A---- C:\Windows\system32\untfs.dll
2012-06-18 08:02:55 ----A---- C:\Windows\system32\sppsvc.exe
2012-06-18 08:02:55 ----A---- C:\Windows\system32\sdclt.exe
2012-06-18 08:02:55 ----A---- C:\Windows\system32\rastls.dll
2012-06-18 08:02:55 ----A---- C:\Windows\system32\nci.dll
2012-06-18 08:02:55 ----A---- C:\Windows\system32\drivers\ataport.sys
2012-06-18 08:02:54 ----A---- C:\Windows\system32\WMNetMgr.dll
2012-06-18 08:02:54 ----A---- C:\Windows\system32\wlanpref.dll
2012-06-18 08:02:54 ----A---- C:\Windows\system32\RpcRtRemote.dll
2012-06-18 08:02:54 ----A---- C:\Windows\system32\Robocopy.exe
2012-06-18 08:02:54 ----A---- C:\Windows\system32\ListSvc.dll
2012-06-18 08:02:53 ----A---- C:\Windows\system32\taskmgr.exe
2012-06-18 08:02:53 ----A---- C:\Windows\system32\mtxclu.dll
2012-06-18 08:02:53 ----A---- C:\Windows\system32\msdri.dll
2012-06-18 08:02:53 ----A---- C:\Windows\system32\DxpTaskSync.dll
2012-06-18 08:02:53 ----A---- C:\Windows\system32\drivers\mpio.sys
2012-06-18 08:02:53 ----A---- C:\Windows\system32\Display.dll
2012-06-18 08:02:52 ----A---- C:\Windows\system32\XpsRasterService.dll
2012-06-18 08:02:52 ----A---- C:\Windows\system32\userinit.exe
2012-06-18 08:02:52 ----A---- C:\Windows\system32\termmgr.dll
2012-06-18 08:02:52 ----A---- C:\Windows\system32\sharemediacpl.dll
2012-06-18 08:02:52 ----A---- C:\Windows\system32\puiobj.dll
2012-06-18 08:02:52 ----A---- C:\Windows\system32\eudcedit.exe
2012-06-18 08:02:52 ----A---- C:\Windows\system32\drivers\usbvideo.sys
2012-06-18 08:02:52 ----A---- C:\Windows\system32\drivers\scsiport.sys
2012-06-18 08:02:52 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2012-06-18 08:02:52 ----A---- C:\Windows\system32\DiagCpl.dll
2012-06-18 08:02:52 ----A---- C:\Windows\system32\cscui.dll
2012-06-18 08:02:51 ----A---- C:\Windows\system32\msdtctm.dll
2012-06-18 08:02:51 ----A---- C:\Windows\system32\logoncli.dll
2012-06-18 08:02:51 ----A---- C:\Windows\system32\drivers\winhv.sys
2012-06-18 08:02:51 ----A---- C:\Windows\system32\drivers\vmstorfl.sys
2012-06-18 08:02:50 ----A---- C:\Windows\system32\wiadefui.dll
2012-06-18 08:02:50 ----A---- C:\Windows\system32\sppcomapi.dll
2012-06-18 08:02:50 ----A---- C:\Windows\system32\shsetup.dll
2012-06-18 08:02:50 ----A---- C:\Windows\system32\rasppp.dll
2012-06-18 08:02:50 ----A---- C:\Windows\system32\msconfig.exe
2012-06-18 08:02:50 ----A---- C:\Windows\system32\FirewallControlPanel.dll
2012-06-18 08:02:50 ----A---- C:\Windows\system32\drivers\storvsc.sys
2012-06-18 08:02:50 ----A---- C:\Windows\system32\cabview.dll
2012-06-18 08:02:50 ----A---- C:\Windows\system32\biocpl.dll
2012-06-18 08:02:49 ----A---- C:\Windows\system32\wpccpl.dll
2012-06-18 08:02:49 ----A---- C:\Windows\system32\themecpl.dll
2012-06-18 08:02:49 ----A---- C:\Windows\system32\SensorsCpl.dll
2012-06-18 08:02:49 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2012-06-18 08:02:49 ----A---- C:\Windows\system32\drivers\rdyboost.sys
2012-06-18 08:02:49 ----A---- C:\Windows\system32\dnscmmc.dll
2012-06-18 08:02:48 ----A---- C:\Windows\system32\tapisrv.dll
2012-06-18 08:02:48 ----A---- C:\Windows\system32\scecli.dll
2012-06-18 08:02:48 ----A---- C:\Windows\system32\PhotoScreensaver.scr
2012-06-18 08:02:48 ----A---- C:\Windows\system32\hgcpl.dll
2012-06-18 08:02:47 ----A---- C:\Windows\system32\srcore.dll
2012-06-18 08:02:47 ----A---- C:\Windows\system32\SndVolSSO.dll
2012-06-18 08:02:47 ----A---- C:\Windows\system32\mscories.dll
2012-06-18 08:02:47 ----A---- C:\Windows\system32\mscms.dll
2012-06-18 08:02:47 ----A---- C:\Windows\system32\mprddm.dll
2012-06-18 08:02:47 ----A---- C:\Windows\system32\localsec.dll
2012-06-18 08:02:47 ----A---- C:\Windows\system32\iasacct.dll
2012-06-18 08:02:47 ----A---- C:\Windows\system32\fontext.dll
2012-06-18 08:02:47 ----A---- C:\Windows\system32\bcdsrv.dll
2012-06-18 08:02:46 ----A---- C:\Windows\system32\wpdbusenum.dll
2012-06-18 08:02:46 ----A---- C:\Windows\system32\wlanui.dll
2012-06-18 08:02:46 ----A---- C:\Windows\system32\wkssvc.dll
2012-06-18 08:02:46 ----A---- C:\Windows\system32\w32tm.exe
2012-06-18 08:02:46 ----A---- C:\Windows\system32\VAN.dll
2012-06-18 08:02:46 ----A---- C:\Windows\system32\usercpl.dll
2012-06-18 08:02:46 ----A---- C:\Windows\system32\SndVol.exe
2012-06-18 08:02:46 ----A---- C:\Windows\system32\qedit.dll
2012-06-18 08:02:46 ----A---- C:\Windows\system32\prntvpt.dll
2012-06-18 08:02:46 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2012-06-18 08:02:46 ----A---- C:\Windows\system32\netcenter.dll
2012-06-18 08:02:46 ----A---- C:\Windows\system32\mblctr.exe
2012-06-18 08:02:46 ----A---- C:\Windows\system32\KMSVC.DLL
2012-06-18 08:02:46 ----A---- C:\Windows\system32\batmeter.dll
2012-06-18 08:02:45 ----A---- C:\Windows\system32\zipfldr.dll
2012-06-18 08:02:45 ----A---- C:\Windows\system32\wksprt.exe
2012-06-18 08:02:45 ----A---- C:\Windows\system32\spwizeng.dll
2012-06-18 08:02:45 ----A---- C:\Windows\system32\fdeploy.dll
2012-06-18 08:02:45 ----A---- C:\Windows\system32\drivers\ks.sys
2012-06-18 08:02:45 ----A---- C:\Windows\system32\azroleui.dll
2012-06-18 08:02:45 ----A---- C:\Windows\system32\accessibilitycpl.dll
2012-06-18 08:02:44 ----A---- C:\Windows\system32\wusa.exe
2012-06-18 08:02:44 ----A---- C:\Windows\system32\networkmap.dll
2012-06-18 08:02:44 ----A---- C:\Windows\system32\netjoin.dll
2012-06-18 08:02:44 ----A---- C:\Windows\system32\mspbda.dll
2012-06-18 08:02:44 ----A---- C:\Windows\system32\MSAC3ENC.DLL
2012-06-18 08:02:44 ----A---- C:\Windows\system32\MCEWMDRMNDBootstrap.dll
2012-06-18 08:02:44 ----A---- C:\Windows\system32\Faultrep.dll
2012-06-18 08:02:44 ----A---- C:\Windows\system32\cryptui.dll
2012-06-18 08:02:44 ----A---- C:\Windows\system32\adsldp.dll
2012-06-18 08:02:43 ----A---- C:\Windows\system32\sud.dll
2012-06-18 08:02:43 ----A---- C:\Windows\system32\prnfldr.dll
2012-06-18 08:02:43 ----A---- C:\Windows\system32\photowiz.dll
2012-06-18 08:02:43 ----A---- C:\Windows\system32\OnLineIDCpl.dll
2012-06-18 08:02:43 ----A---- C:\Windows\system32\msieftp.dll
2012-06-18 08:02:43 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2012-06-18 08:02:43 ----A---- C:\Windows\system32\ActionCenter.dll
2012-06-18 08:02:42 ----A---- C:\Windows\system32\taskhost.exe
2012-06-18 08:02:42 ----A---- C:\Windows\system32\taskbarcpl.dll
2012-06-18 08:02:42 ----A---- C:\Windows\system32\slui.exe
2012-06-18 08:02:42 ----A---- C:\Windows\system32\iprtrmgr.dll
2012-06-18 08:02:42 ----A---- C:\Windows\system32\iasrad.dll
2012-06-18 08:02:42 ----A---- C:\Windows\system32\halacpi.dll
2012-06-18 08:02:42 ----A---- C:\Windows\system32\ftp.exe
2012-06-18 08:02:42 ----A---- C:\Windows\system32\drivers\hidclass.sys
2012-06-18 08:02:42 ----A---- C:\Windows\system32\dot3cfg.dll
2012-06-18 08:02:42 ----A---- C:\Windows\system32\defaultlocationcpl.dll
2012-06-18 08:02:42 ----A---- C:\Windows\system32\credssp.dll
2012-06-18 08:02:41 ----A---- C:\Windows\system32\wpd_ci.dll
2012-06-18 08:02:41 ----A---- C:\Windows\system32\sisbkup.dll
2012-06-18 08:02:41 ----A---- C:\Windows\system32\shwebsvc.dll
2012-06-18 08:02:41 ----A---- C:\Windows\system32\recovery.dll
2012-06-18 08:02:41 ----A---- C:\Windows\system32\ifsutil.dll
2012-06-18 08:02:41 ----A---- C:\Windows\system32\efscore.dll
2012-06-18 08:02:41 ----A---- C:\Windows\system32\ActionCenterCPL.dll
2012-06-18 08:02:40 ----A---- C:\Windows\system32\syncui.dll
2012-06-18 08:02:40 ----A---- C:\Windows\system32\sdcpl.dll
2012-06-18 08:02:40 ----A---- C:\Windows\system32\DeviceCenter.dll
2012-06-18 08:02:40 ----A---- C:\Windows\system32\bcdedit.exe
2012-06-18 08:02:40 ----A---- C:\Windows\system32\autoplay.dll
2012-06-18 08:02:39 ----A---- C:\Windows\system32\wmpmde.dll
2012-06-18 08:02:39 ----A---- C:\Windows\system32\sppnp.dll
2012-06-18 08:02:39 ----A---- C:\Windows\system32\rtutils.dll
2012-06-18 08:02:39 ----A---- C:\Windows\system32\ntlanman.dll
2012-06-18 08:02:39 ----A---- C:\Windows\system32\dskquoui.dll
2012-06-18 08:02:38 ----A---- C:\Windows\system32\vdsutil.dll
2012-06-18 08:02:38 ----A---- C:\Windows\system32\systemcpl.dll
2012-06-18 08:02:38 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2012-06-18 08:02:38 ----A---- C:\Windows\system32\sethc.exe
2012-06-18 08:02:38 ----A---- C:\Windows\system32\rstrui.exe
2012-06-18 08:02:38 ----A---- C:\Windows\system32\riched20.dll
2012-06-18 08:02:38 ----A---- C:\Windows\system32\recdisc.exe
2012-06-18 08:02:38 ----A---- C:\Windows\system32\rdpsign.exe
2012-06-18 08:02:38 ----A---- C:\Windows\system32\OobeFldr.dll
2012-06-18 08:02:38 ----A---- C:\Windows\system32\ntprint.dll
2012-06-18 08:02:38 ----A---- C:\Windows\system32\nshwfp.dll
2012-06-18 08:02:38 ----A---- C:\Windows\system32\fvecpl.dll
2012-06-18 08:02:38 ----A---- C:\Windows\system32\blackbox.dll
2012-06-18 08:02:38 ----A---- C:\Windows\system32\bcdboot.exe
2012-06-18 08:02:37 ----A---- C:\Windows\system32\wmpsrcwp.dll
2012-06-18 08:02:37 ----A---- C:\Windows\system32\netplwiz.dll
2012-06-18 08:02:37 ----A---- C:\Windows\system32\NAPHLPR.DLL
2012-06-18 08:02:37 ----A---- C:\Windows\system32\migisol.dll
2012-06-18 08:02:37 ----A---- C:\Windows\system32\fms.dll
2012-06-18 08:02:37 ----A---- C:\Windows\system32\AxInstSv.dll
2012-06-18 08:02:37 ----A---- C:\Windows\system32\activeds.dll
2012-06-18 08:02:36 ----A---- C:\Windows\system32\wsqmcons.exe
2012-06-18 08:02:36 ----A---- C:\Windows\system32\nshipsec.dll
2012-06-18 08:02:36 ----A---- C:\Windows\system32\nlaapi.dll
2012-06-18 08:02:36 ----A---- C:\Windows\system32\httpapi.dll
2012-06-18 08:02:36 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2012-06-18 08:02:36 ----A---- C:\Windows\system32\dpx.dll
2012-06-18 08:02:36 ----A---- C:\Windows\system32\dot3svc.dll
2012-06-18 08:02:36 ----A---- C:\Windows\system32\cdosys.dll
2012-06-18 08:02:36 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2012-06-18 08:02:36 ----A---- C:\Windows\system32\asycfilt.dll
2012-06-18 08:02:35 ----A---- C:\Windows\system32\wuwebv.dll
2012-06-18 08:02:35 ----A---- C:\Windows\system32\wlanmsm.dll
2012-06-18 08:02:35 ----A---- C:\Windows\system32\wavemsp.dll
2012-06-18 08:02:35 ----A---- C:\Windows\system32\ReAgent.dll
2012-06-18 08:02:35 ----A---- C:\Windows\system32\provsvc.dll
2012-06-18 08:02:35 ----A---- C:\Windows\system32\msftedit.dll
2012-06-18 08:02:35 ----A---- C:\Windows\system32\isoburn.exe
2012-06-18 08:02:35 ----A---- C:\Windows\system32\dot3ui.dll
2012-06-18 08:02:35 ----A---- C:\Windows\system32\dfrgui.exe
2012-06-18 08:02:34 ----A---- C:\Windows\system32\wvc.dll
2012-06-18 08:02:34 ----A---- C:\Windows\system32\wtsapi32.dll
2012-06-18 08:02:34 ----A---- C:\Windows\system32\wimgapi.dll
2012-06-18 08:02:34 ----A---- C:\Windows\system32\tzutil.exe
2012-06-18 08:02:34 ----A---- C:\Windows\system32\twext.dll
2012-06-18 08:02:34 ----A---- C:\Windows\system32\sysclass.dll
2012-06-18 08:02:34 ----A---- C:\Windows\system32\PkgMgr.exe
2012-06-18 08:02:34 ----A---- C:\Windows\system32\ocsetup.exe
2012-06-18 08:02:34 ----A---- C:\Windows\system32\mstask.dll
2012-06-18 08:02:34 ----A---- C:\Windows\system32\dsuiext.dll
2012-06-18 08:02:34 ----A---- C:\Windows\system32\drivers\ndproxy.sys
2012-06-18 08:02:34 ----A---- C:\Windows\system32\certprop.dll
2012-06-18 08:02:34 ----A---- C:\Windows\system32\appinfo.dll
2012-06-18 08:02:34 ----A---- C:\Windows\system32\AdmTmpl.dll
2012-06-18 08:02:33 ----A---- C:\Windows\twain_32.dll
2012-06-18 08:02:33 ----A---- C:\Windows\system32\SmiEngine.dll
2012-06-18 08:02:33 ----A---- C:\Windows\system32\shdocvw.dll
2012-06-18 08:02:33 ----A---- C:\Windows\system32\setupugc.exe
2012-06-18 08:02:33 ----A---- C:\Windows\system32\qcap.dll
2012-06-18 08:02:33 ----A---- C:\Windows\system32\qasf.dll
2012-06-18 08:02:32 ----A---- C:\Windows\system32\wwanconn.dll
2012-06-18 08:02:32 ----A---- C:\Windows\system32\uxlib.dll
2012-06-18 08:02:32 ----A---- C:\Windows\system32\ssText3d.scr
2012-06-18 08:02:32 ----A---- C:\Windows\system32\srrstr.dll
2012-06-18 08:02:32 ----A---- C:\Windows\system32\slwga.dll
2012-06-18 08:02:32 ----A---- C:\Windows\system32\PresentationSettings.exe
2012-06-18 08:02:32 ----A---- C:\Windows\system32\msvfw32.dll
2012-06-18 08:02:32 ----A---- C:\Windows\system32\mciavi32.dll
2012-06-18 08:02:32 ----A---- C:\Windows\system32\imm32.dll
2012-06-18 08:02:32 ----A---- C:\Windows\system32\iisRtl.dll
2012-06-18 08:02:32 ----A---- C:\Windows\system32\audiodev.dll
2012-06-18 08:02:31 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2012-06-18 08:02:31 ----A---- C:\Windows\system32\wmdrmsdk.dll
2012-06-18 08:02:31 ----A---- C:\Windows\system32\nslookup.exe
2012-06-18 08:02:31 ----A---- C:\Windows\system32\msscp.dll
2012-06-18 08:02:31 ----A---- C:\Windows\system32\DevicePairingFolder.dll
2012-06-18 08:02:31 ----A---- C:\Windows\system32\clusapi.dll
2012-06-18 08:02:30 ----A---- C:\Windows\system32\wimserv.exe
2012-06-18 08:02:30 ----A---- C:\Windows\system32\TSpkg.dll
2012-06-18 08:02:30 ----A---- C:\Windows\system32\sdrsvc.dll
2012-06-18 08:02:30 ----A---- C:\Windows\system32\remotepg.dll
2012-06-18 08:02:30 ----A---- C:\Windows\system32\rdpencom.dll
2012-06-18 08:02:30 ----A---- C:\Windows\system32\raschap.dll
2012-06-18 08:02:30 ----A---- C:\Windows\system32\QUTIL.DLL
2012-06-18 08:02:30 ----A---- C:\Windows\system32\perfmon.exe
2012-06-18 08:02:30 ----A---- C:\Windows\system32\NAPCRYPT.DLL
2012-06-18 08:02:30 ----A---- C:\Windows\system32\input.dll
2012-06-18 08:02:30 ----A---- C:\Windows\system32\drmmgrtn.dll
2012-06-18 08:02:30 ----A---- C:\Windows\system32\diskraid.exe
2012-06-18 08:02:30 ----A---- C:\Windows\system32\browser.dll
2012-06-18 08:02:30 ----A---- C:\Windows\system32\acppage.dll
2012-06-18 08:02:29 ----A---- C:\Windows\system32\wmpdxm.dll
2012-06-18 08:02:29 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
2012-06-18 08:02:29 ----A---- C:\Windows\system32\vpnikeapi.dll
2012-06-18 08:02:29 ----A---- C:\Windows\system32\UserAccountControlSettings.dll
2012-06-18 08:02:29 ----A---- C:\Windows\system32\onexui.dll
2012-06-18 08:02:29 ----A---- C:\Windows\system32\olepro32.dll
2012-06-18 08:02:29 ----A---- C:\Windows\system32\ocsetapi.dll
2012-06-18 08:02:29 ----A---- C:\Windows\system32\nltest.exe
2012-06-18 08:02:29 ----A---- C:\Windows\system32\networkexplorer.dll
2012-06-18 08:02:28 ----A---- C:\Windows\system32\wpdwcn.dll
2012-06-18 08:02:28 ----A---- C:\Windows\system32\vdsbas.dll
2012-06-18 08:02:28 ----A---- C:\Windows\system32\runonce.exe
2012-06-18 08:02:28 ----A---- C:\Windows\system32\Mcx2Svc.dll
2012-06-18 08:02:28 ----A---- C:\Windows\system32\logagent.exe
2012-06-18 08:02:28 ----A---- C:\Windows\system32\iTVData.dll
2012-06-18 08:02:28 ----A---- C:\Windows\system32\dxdiagn.dll
2012-06-18 08:02:28 ----A---- C:\Windows\bfsvc.exe
2012-06-18 08:02:27 ----A---- C:\Windows\system32\wmpshell.dll
2012-06-18 08:02:27 ----A---- C:\Windows\system32\wmdrmdev.dll
2012-06-18 08:02:27 ----A---- C:\Windows\system32\shacct.dll
2012-06-18 08:02:27 ----A---- C:\Windows\system32\PnPUnattend.exe
2012-06-18 08:02:27 ----A---- C:\Windows\system32\msvidc32.dll
2012-06-18 08:02:27 ----A---- C:\Windows\system32\msiexec.exe
2012-06-18 08:02:27 ----A---- C:\Windows\system32\MFPlay.dll
2012-06-18 08:02:27 ----A---- C:\Windows\system32\eapp3hst.dll
2012-06-18 08:02:27 ----A---- C:\Windows\system32\drivers\rmcast.sys
2012-06-18 08:02:27 ----A---- C:\Windows\system32\d3d10level9.dll
2012-06-18 08:02:26 ----A---- C:\Windows\system32\wudriver.dll
2012-06-18 08:02:26 ----A---- C:\Windows\system32\unimdmat.dll
2012-06-18 08:02:26 ----A---- C:\Windows\system32\tabcal.exe
2012-06-18 08:02:26 ----A---- C:\Windows\system32\sqlcese30.dll
2012-06-18 08:02:26 ----A---- C:\Windows\system32\rdpd3d.dll
2012-06-18 08:02:26 ----A---- C:\Windows\system32\PortableDeviceSyncProvider.dll
2012-06-18 08:02:26 ----A---- C:\Windows\system32\pdh.dll
2012-06-18 08:02:26 ----A---- C:\Windows\system32\OpcServices.dll
2012-06-18 08:02:26 ----A---- C:\Windows\system32\ncryptui.dll
2012-06-18 08:02:26 ----A---- C:\Windows\system32\mprapi.dll
2012-06-18 08:02:26 ----A---- C:\Windows\system32\lsmproxy.dll
2012-06-18 08:02:26 ----A---- C:\Windows\system32\logman.exe
2012-06-18 08:02:26 ----A---- C:\Windows\system32\iscsium.dll
2012-06-18 08:02:26 ----A---- C:\Windows\system32\cscapi.dll
2012-06-18 08:02:26 ----A---- C:\Windows\system32\Bubbles.scr
2012-06-18 08:02:26 ----A---- C:\Windows\system32\bitsadmin.exe
2012-06-18 08:02:25 ----A---- C:\Windows\system32\wwanprotdim.dll
2012-06-18 08:02:25 ----A---- C:\Windows\system32\WUDFPlatform.dll
2012-06-18 08:02:25 ----A---- C:\Windows\system32\WPDSp.dll
2012-06-18 08:02:25 ----A---- C:\Windows\system32\tsgqec.dll
2012-06-18 08:02:25 ----A---- C:\Windows\system32\srvcli.dll
2012-06-18 08:02:25 ----A---- C:\Windows\system32\Ribbons.scr
2012-06-18 08:02:25 ----A---- C:\Windows\system32\QSVRMGMT.DLL
2012-06-18 08:02:25 ----A---- C:\Windows\system32\PortableDeviceStatus.dll
2012-06-18 08:02:25 ----A---- C:\Windows\system32\olethk32.dll
2012-06-18 08:02:25 ----A---- C:\Windows\system32\Mystify.scr
2012-06-18 08:02:25 ----A---- C:\Windows\system32\MdSched.exe
2012-06-18 08:02:25 ----A---- C:\Windows\system32\lpremove.exe
2012-06-18 08:02:25 ----A---- C:\Windows\system32\djoin.exe
2012-06-18 08:02:24 ----A---- C:\Windows\system32\WMVSDECD.DLL
2012-06-18 08:02:24 ----A---- C:\Windows\system32\WMPhoto.dll
2012-06-18 08:02:24 ----A---- C:\Windows\system32\wmdrmnet.dll
2012-06-18 08:02:24 ----A---- C:\Windows\system32\WMADMOD.DLL
2012-06-18 08:02:24 ----A---- C:\Windows\system32\wiavideo.dll
2012-06-18 08:02:24 ----A---- C:\Windows\system32\utildll.dll
2012-06-18 08:02:24 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-06-18 08:02:24 ----A---- C:\Windows\system32\takeown.exe
2012-06-18 08:02:24 ----A---- C:\Windows\system32\mapistub.dll
2012-06-18 08:02:24 ----A---- C:\Windows\system32\mapi32.dll
2012-06-18 08:02:24 ----A---- C:\Windows\system32\iyuv_32.dll
2012-06-18 08:02:24 ----A---- C:\Windows\system32\fphc.dll
2012-06-18 08:02:24 ----A---- C:\Windows\system32\dot3msm.dll
2012-06-18 08:02:24 ----A---- C:\Windows\system32\CscMig.dll
2012-06-18 08:02:24 ----A---- C:\Windows\system32\avifil32.dll
2012-06-18 08:02:24 ----A---- C:\Windows\system32\ActionQueue.dll
2012-06-18 08:02:23 ----A---- C:\Windows\system32\sppinst.dll
2012-06-18 08:02:23 ----A---- C:\Windows\system32\qdv.dll
2012-06-18 08:02:23 ----A---- C:\Windows\system32\QCLIPROV.DLL
2012-06-18 08:02:23 ----A---- C:\Windows\system32\msyuv.dll
2012-06-18 08:02:23 ----A---- C:\Windows\system32\msrle32.dll
2012-06-18 08:02:23 ----A---- C:\Windows\system32\msnetobj.dll
2012-06-18 08:02:23 ----A---- C:\Windows\system32\EhStorAPI.dll
2012-06-18 08:02:22 ----A---- C:\Windows\system32\WUDFx.dll
2012-06-18 08:02:22 ----A---- C:\Windows\system32\WUDFHost.exe
2012-06-18 08:02:22 ----A---- C:\Windows\system32\wsnmp32.dll
2012-06-18 08:02:22 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2012-06-18 08:02:22 ----A---- C:\Windows\system32\vfwwdm32.dll
2012-06-18 08:02:22 ----A---- C:\Windows\system32\unattend.dll
2012-06-18 08:02:22 ----A---- C:\Windows\system32\setupcln.dll
2012-06-18 08:02:22 ----A---- C:\Windows\system32\RelPost.exe
2012-06-18 08:02:22 ----A---- C:\Windows\system32\qprocess.exe
2012-06-18 08:02:22 ----A---- C:\Windows\system32\pdhui.dll
2012-06-18 08:02:22 ----A---- C:\Windows\system32\MuiUnattend.exe
2012-06-18 08:02:22 ----A---- C:\Windows\system32\cmstp.exe
2012-06-18 08:02:22 ----A---- C:\Windows\system32\cca.dll
2012-06-18 08:02:22 ----A---- C:\Windows\system32\basesrv.dll
2012-06-18 08:02:21 ----A---- C:\Windows\system32\wuauclt.exe
2012-06-18 08:02:21 ----A---- C:\Windows\system32\umb.dll
2012-06-18 08:02:21 ----A---- C:\Windows\system32\tsbyuv.dll
2012-06-18 08:02:21 ----A---- C:\Windows\system32\relog.exe
2012-06-18 08:02:21 ----A---- C:\Windows\system32\qwinsta.exe
2012-06-18 08:02:21 ----A---- C:\Windows\system32\PrintIsolationProxy.dll
2012-06-18 08:02:21 ----A---- C:\Windows\system32\netiougc.exe
2012-06-18 08:02:21 ----A---- C:\Windows\system32\msorcl32.dll
2012-06-18 08:02:21 ----A---- C:\Windows\system32\msg.exe
2012-06-18 08:02:21 ----A---- C:\Windows\system32\iscsicli.exe
2012-06-18 08:02:21 ----A---- C:\Windows\system32\iasrecst.dll
2012-06-18 08:02:21 ----A---- C:\Windows\system32\chglogon.exe
2012-06-18 08:02:21 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2012-06-18 08:02:21 ----A---- C:\Windows\system32\drivers\ndisuio.sys
2012-06-18 08:02:21 ----A---- C:\Windows\system32\BdeHdCfg.exe
2012-06-18 08:02:21 ----A---- C:\Windows\system32\AzSqlExt.dll
2012-06-18 08:02:20 ----A---- C:\Windows\system32\wkscli.dll
2012-06-18 08:02:20 ----A---- C:\Windows\system32\WavDest.dll
2012-06-18 08:02:20 ----A---- C:\Windows\system32\sppuinotify.dll
2012-06-18 08:02:20 ----A---- C:\Windows\system32\spbcd.dll
2012-06-18 08:02:20 ----A---- C:\Windows\system32\setbcdlocale.dll
2012-06-18 08:02:20 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2012-06-18 08:02:20 ----A---- C:\Windows\system32\secproc_ssp.dll
2012-06-18 08:02:20 ----A---- C:\Windows\system32\resutils.dll
2012-06-18 08:02:20 ----A---- C:\Windows\system32\rastapi.dll
2012-06-18 08:02:20 ----A---- C:\Windows\system32\quser.exe
2012-06-18 08:02:20 ----A---- C:\Windows\system32\nrpsrv.dll
2012-06-18 08:02:20 ----A---- C:\Windows\system32\netbtugc.exe
2012-06-18 08:02:20 ----A---- C:\Windows\system32\mydocs.dll
2012-06-18 08:02:20 ----A---- C:\Windows\system32\MultiDigiMon.exe
2012-06-18 08:02:20 ----A---- C:\Windows\system32\itircl.dll
2012-06-18 08:02:20 ----A---- C:\Windows\system32\diskpart.exe
2012-06-18 08:02:20 ----A---- C:\Windows\system32\amstream.dll
2012-06-18 08:02:19 ----A---- C:\Windows\system32\wuapp.exe
2012-06-18 08:02:19 ----A---- C:\Windows\system32\wmpps.dll
2012-06-18 08:02:19 ----A---- C:\Windows\system32\WerFaultSecure.exe
2012-06-18 08:02:19 ----A---- C:\Windows\system32\tsdiscon.exe
2012-06-18 08:02:19 ----A---- C:\Windows\system32\tscon.exe
2012-06-18 08:02:19 ----A---- C:\Windows\system32\tlscsp.dll
2012-06-18 08:02:19 ----A---- C:\Windows\system32\syssetup.dll
2012-06-18 08:02:19 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2012-06-18 08:02:19 ----A---- C:\Windows\system32\ReAgentc.exe
2012-06-18 08:02:19 ----A---- C:\Windows\system32\qappsrv.exe
2012-06-18 08:02:19 ----A---- C:\Windows\system32\PrintBrmUi.exe
2012-06-18 08:02:19 ----A---- C:\Windows\system32\chgusr.exe
2012-06-18 08:02:19 ----A---- C:\Windows\system32\chgport.exe
2012-06-18 08:02:19 ----A---- C:\Windows\system32\FXSTIFF.dll
2012-06-18 08:02:19 ----A---- C:\Windows\system32\findstr.exe
2012-06-18 08:02:19 ----A---- C:\Windows\system32\eappgnui.dll
2012-06-18 08:02:19 ----A---- C:\Windows\system32\CertPolEng.dll
2012-06-18 08:02:18 ----A---- C:\Windows\system32\wiarpc.dll
2012-06-18 08:02:18 ----A---- C:\Windows\system32\tskill.exe
2012-06-18 08:02:18 ----A---- C:\Windows\system32\sppc.dll
2012-06-18 08:02:18 ----A---- C:\Windows\system32\spopk.dll
2012-06-18 08:02:18 ----A---- C:\Windows\system32\shadow.exe
2012-06-18 08:02:18 ----A---- C:\Windows\system32\rwinsta.exe
2012-06-18 08:02:18 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2012-06-18 08:02:18 ----A---- C:\Windows\system32\netutils.dll
2012-06-18 08:02:18 ----A---- C:\Windows\system32\netapi32.dll
2012-06-18 08:02:18 ----A---- C:\Windows\system32\muifontsetup.dll
2012-06-18 08:02:18 ----A---- C:\Windows\system32\mobsync.exe
2012-06-18 08:02:18 ----A---- C:\Windows\system32\mciqtz32.dll
2012-06-18 08:02:18 ----A---- C:\Windows\system32\logoff.exe
2012-06-18 08:02:18 ----A---- C:\Windows\system32\iccvid.dll
2012-06-18 08:02:18 ----A---- C:\Windows\system32\drivers\tdi.sys
2012-06-18 08:02:18 ----A---- C:\Windows\system32\dosx.exe
2012-06-18 08:02:18 ----A---- C:\Windows\system32\cabinet.dll
2012-06-18 08:02:17 ----A---- C:\Windows\system32\wdiasqmmodule.dll
2012-06-18 08:02:17 ----A---- C:\Windows\system32\vmstorfltres.dll
2012-06-18 08:02:17 ----A---- C:\Windows\system32\vmicres.dll
2012-06-18 08:02:17 ----A---- C:\Windows\system32\unlodctr.exe
2012-06-18 08:02:17 ----A---- C:\Windows\system32\shimgvw.dll
2012-06-18 08:02:17 ----A---- C:\Windows\system32\reset.exe
2012-06-18 08:02:17 ----A---- C:\Windows\system32\repair-bde.exe
2012-06-18 08:02:17 ----A---- C:\Windows\system32\rdprefdrvapi.dll
2012-06-18 08:02:17 ----A---- C:\Windows\system32\query.exe
2012-06-18 08:02:17 ----A---- C:\Windows\system32\netcfg.exe
2012-06-18 08:02:17 ----A---- C:\Windows\system32\msdmo.dll
2012-06-18 08:02:17 ----A---- C:\Windows\system32\manage-bde.exe
2012-06-18 08:02:17 ----A---- C:\Windows\system32\luainstall.dll
2012-06-18 08:02:17 ----A---- C:\Windows\system32\inetmib1.dll
2012-06-18 08:02:17 ----A---- C:\Windows\system32\HotStartUserAgent.dll
2012-06-18 08:02:17 ----A---- C:\Windows\system32\drivers\usbrpm.sys
2012-06-18 08:02:17 ----A---- C:\Windows\system32\drivers\CompositeBus.sys
2012-06-18 08:02:16 ----A---- C:\Windows\system32\wups.dll
2012-06-18 08:02:16 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2012-06-18 08:02:16 ----A---- C:\Windows\system32\vmbusres.dll
2012-06-18 08:02:16 ----A---- C:\Windows\system32\UIRibbonRes.dll
2012-06-18 08:02:16 ----A---- C:\Windows\system32\perfts.dll
2012-06-18 08:02:16 ----A---- C:\Windows\system32\odbcconf.dll
2012-06-18 08:02:16 ----A---- C:\Windows\system32\change.exe
2012-06-18 08:02:16 ----A---- C:\Windows\system32\drivers\cdrom.sys
2012-06-18 08:02:16 ----A---- C:\Windows\system32\browcli.dll
2012-06-18 08:02:15 ----A---- C:\Windows\system32\TRAPI.dll
2012-06-18 08:02:15 ----A---- C:\Windows\system32\RDPENCDD.dll
2012-06-18 08:02:15 ----A---- C:\Windows\system32\icaapi.dll
2012-06-18 08:02:15 ----A---- C:\Windows\system32\FXSMON.dll
2012-06-18 08:02:15 ----A---- C:\Windows\system32\elsTrans.dll
2012-06-18 08:02:15 ----A---- C:\Windows\system32\drivers\tunnel.sys
2012-06-18 08:02:15 ----A---- C:\Windows\system32\drivers\dfsc.sys
2012-06-18 08:02:14 ----A---- C:\Windows\system32\wshbth.dll
2012-06-18 08:02:14 ----A---- C:\Windows\system32\schedcli.dll
2012-06-18 08:02:14 ----A---- C:\Windows\system32\napdsnap.dll
2012-06-18 08:02:14 ----A---- C:\Windows\system32\LogonUI.exe
2012-06-18 08:02:14 ----A---- C:\Windows\system32\dsauth.dll
2012-06-18 08:02:14 ----A---- C:\Windows\system32\drivers\acpipmi.sys
2012-06-18 08:02:14 ----A---- C:\Windows\system32\cscdll.dll
2012-06-18 08:02:14 ----A---- C:\Windows\system32\bitsperf.dll
2012-06-18 08:02:13 ----A---- C:\Windows\system32\wsdchngr.dll
2012-06-18 08:02:13 ----A---- C:\Windows\system32\sscore.dll
2012-06-18 08:02:13 ----A---- C:\Windows\system32\shgina.dll
2012-06-18 08:02:13 ----A---- C:\Windows\system32\riched32.dll
2012-06-18 08:02:13 ----A---- C:\Windows\system32\drivers\ndiswan.sys
2012-06-18 08:02:12 ----A---- C:\Windows\system32\wups2.dll
2012-06-18 08:02:12 ----A---- C:\Windows\system32\rdpcfgex.dll
2012-06-18 08:02:12 ----A---- C:\Windows\system32\drivers\WUDFRd.sys
2012-06-18 08:02:12 ----A---- C:\Windows\system32\drivers\VMBusHID.sys
2012-06-18 08:02:12 ----A---- C:\Windows\system32\drivers\hidusb.sys
2012-06-18 08:02:12 ----A---- C:\Windows\system32\drivers\appid.sys
2012-06-18 08:02:11 ----A---- C:\Windows\system32\wshirda.dll
2012-06-18 08:02:11 ----A---- C:\Windows\system32\drivers\IPMIDrv.sys
2012-06-18 08:02:10 ----A---- C:\Windows\system32\vmictimeprovider.dll
2012-06-18 08:02:10 ----A---- C:\Windows\system32\VmdCoinstall.dll
2012-06-18 08:02:10 ----A---- C:\Windows\system32\vmbuspipe.dll
2012-06-18 08:02:10 ----A---- C:\Windows\system32\VmbusCoinstaller.dll
2012-06-18 08:02:10 ----A---- C:\Windows\system32\spwmp.dll
2012-06-18 08:02:10 ----A---- C:\Windows\system32\IcCoinstall.dll
2012-06-18 08:02:10 ----A---- C:\Windows\system32\drivers\USBCAMD2.sys
2012-06-18 08:02:10 ----A---- C:\Windows\system32\drivers\USBCAMD.sys
2012-06-18 08:02:10 ----A---- C:\Windows\system32\drivers\kbdhid.sys
2012-06-18 08:02:10 ----A---- C:\Windows\system32\browseui.dll
2012-06-18 08:02:09 ----A---- C:\Windows\system32\shunimpl.dll
2012-06-18 08:02:09 ----A---- C:\Windows\system32\RDPREFDD.dll
2012-06-18 08:02:09 ----A---- C:\Windows\system32\dxmasf.dll
2012-06-18 08:02:09 ----A---- C:\Windows\system32\drivers\WUDFPf.sys
2012-06-18 08:02:09 ----A---- C:\Windows\system32\drivers\wanarp.sys
2012-06-18 08:02:09 ----A---- C:\Windows\system32\drivers\umbus.sys
2012-06-18 08:02:09 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2012-06-18 08:02:09 ----A---- C:\Windows\system32\drivers\scfilter.sys
2012-06-18 08:02:09 ----A---- C:\Windows\system32\drivers\RDPCDD.sys
2012-06-18 08:02:09 ----A---- C:\Windows\system32\drivers\HdAudio.sys
2012-06-18 08:02:09 ----A---- C:\Windows\system32\drivers\hdaudbus.sys
2012-06-18 08:02:09 ----A---- C:\Windows\system32\C_ISCII.DLL
2012-06-18 08:02:08 ----A---- C:\Windows\system32\wmploc.DLL
2012-06-18 08:02:08 ----A---- C:\Windows\system32\KBDINTEL.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\pifmgr.dll
2012-06-18 08:02:07 ----A---- C:\Windows\system32\nlsbres.dll
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDUS.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDUGHR1.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDTURME.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDTUQ.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDTUF.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDTAJIK.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDSG.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDSF.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDPO.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDNEPR.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDMON.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDMAORI.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDLT1.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\kbdlk41a.dll
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDINTAM.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDINORI.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDINMAR.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDINKAN.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDINHIN.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDINBEN.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDGR1.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDGKL.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDGEO.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDCZ1.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDBULG.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDBLR.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\KBDBASH.DLL
2012-06-18 08:02:07 ----A---- C:\Windows\system32\drivers\vms3cap.sys
2012-06-18 08:02:07 ----A---- C:\Windows\system32\dpnaddr.dll
2012-06-18 08:02:06 ----A---- C:\Windows\system32\spwizres.dll
2012-06-18 08:02:06 ----A---- C:\Windows\system32\BlbEvents.dll
2012-06-18 08:01:50 ----A---- C:\Windows\system32\wdscore.dll
2012-06-18 08:01:22 ----A---- C:\Windows\system32\wbemcomn.dll
2012-06-18 08:01:07 ----A---- C:\Windows\system32\sqmapi.dll
2012-06-18 07:39:25 ----A---- C:\Windows\system32\rdpwsx.dll
2012-06-18 07:39:25 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-06-18 07:39:24 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-06-17 19:37:37 ----D---- C:\ProgramData\Martau
2012-06-17 19:37:32 ----D---- C:\Program Files\Total Uninstall 6
2012-06-17 19:24:00 ----D---- C:\Program Files\EnhanceMySe7en
2012-06-17 19:03:14 ----D---- C:\Users\JM\AppData\Roaming\SeriousBit
2012-06-17 17:33:08 ----D---- C:\Program Files\Common Files\Java
2012-06-17 17:32:31 ----D---- C:\Program Files\Oracle
2012-06-17 17:32:10 ----A---- C:\Windows\system32\npDeployJava1.dll
2012-06-17 17:32:10 ----A---- C:\Windows\system32\javaws.exe
2012-06-17 17:31:40 ----A---- C:\Windows\system32\javaw.exe
2012-06-17 17:31:40 ----A---- C:\Windows\system32\java.exe
2012-06-17 15:51:37 ----HDC---- C:\ProgramData\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-06-17 15:48:57 ----HDC---- C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-17 15:32:54 ----D---- C:\Users\JM\AppData\Roaming\HDRsoft
2012-06-17 15:32:54 ----D---- C:\Program Files\PhotomatixPro4
2012-06-17 14:23:25 ----D---- C:\Program Files\trend micro
2012-06-17 12:40:13 ----D---- C:\Users\JM\AppData\Roaming\Malwarebytes
2012-06-17 12:40:04 ----D---- C:\ProgramData\Malwarebytes
2012-06-17 12:40:03 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-06-17 12:40:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-06-17 10:43:09 ----D---- C:\Users\JM\AppData\Roaming\UVIWorkstation
2012-06-17 10:42:52 ----D---- C:\Users\JM\AppData\Roaming\PACE Anti-Piracy
2012-06-17 10:42:52 ----D---- C:\ProgramData\PACE Anti-Piracy
2012-06-17 10:42:52 ----D---- C:\Program Files\Common Files\PACE Anti-Piracy
2012-06-17 10:41:48 ----D---- C:\ProgramData\PACE
2012-06-17 10:41:41 ----D---- C:\Program Files\Common Files\PACE
2012-06-17 10:37:16 ----D---- C:\Program Files\Propellerhead
2012-06-17 10:37:09 ----D---- C:\Program Files\UVISoundBanks
2012-06-17 10:36:32 ----D---- C:\Program Files\UVI Workstation
2012-06-17 10:36:32 ----D---- C:\Program Files\Common Files\UVI
2012-06-17 10:36:32 ----A---- C:\Windows\system32\libsndfile-1.dll
2012-06-16 22:47:40 ----ASH---- C:\Windows\system32\dds_trash_log.cmd
2012-06-16 22:21:48 ----HDC---- C:\ProgramData\{3006A797-CDFA-44FC-98EF-155579E2CDBF}
2012-06-16 21:28:58 ----D---- C:\Windows\rescache
2012-06-16 19:28:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-06-16 19:23:12 ----A---- C:\Windows\system32\rdpcorets.dll
2012-06-16 19:23:12 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-06-16 19:22:51 ----A---- C:\Windows\system32\win32k.sys
2012-06-16 19:22:02 ----A---- C:\Windows\system32\profsvc.dll
2012-06-16 19:22:02 ----A---- C:\Windows\system32\profprov.dll
2012-06-16 19:21:37 ----A---- C:\Windows\system32\msi.dll
2012-06-16 19:21:10 ----A---- C:\Windows\system32\wininet.dll
2012-06-16 19:21:10 ----A---- C:\Windows\system32\urlmon.dll
2012-06-16 19:21:10 ----A---- C:\Windows\system32\url.dll
2012-06-16 19:21:10 ----A---- C:\Windows\system32\mshtmled.dll
2012-06-16 19:21:10 ----A---- C:\Windows\system32\mshtml.dll
2012-06-16 19:21:10 ----A---- C:\Windows\system32\jsproxy.dll
2012-06-16 19:21:10 ----A---- C:\Windows\system32\jscript9.dll
2012-06-16 19:21:10 ----A---- C:\Windows\system32\jscript.dll
2012-06-16 19:21:10 ----A---- C:\Windows\system32\ieUnatt.exe
2012-06-16 19:21:10 ----A---- C:\Windows\system32\ieui.dll
2012-06-16 19:21:10 ----A---- C:\Windows\system32\iertutil.dll
2012-06-16 19:21:10 ----A---- C:\Windows\system32\ieframe.dll
2012-06-16 19:20:04 ----A---- C:\Windows\system32\cryptsvc.dll
2012-06-16 19:20:04 ----A---- C:\Windows\system32\cryptnet.dll
2012-06-16 19:20:04 ----A---- C:\Windows\system32\crypt32.dll
2012-06-16 15:34:38 ----HDC---- C:\ProgramData\{27D02406-6F0F-419F-AF2F-A4EE19D2E463}
2012-06-16 15:34:26 ----HDC---- C:\ProgramData\{E9CDB61C-771D-42BB-B441-4CA7622ACA52}
2012-06-16 15:15:45 ----HDC---- C:\ProgramData\{0A583E76-A7A0-45F8-9386-AEE1E529A4DE}
2012-06-16 15:15:09 ----HDC---- C:\ProgramData\{CA03436C-933D-4ADA-9E89-2C39CC03E904}
2012-06-16 15:14:57 ----HDC---- C:\ProgramData\{588D017F-D30B-4C08-8A10-1FEF7D039369}
2012-06-16 15:14:45 ----HDC---- C:\ProgramData\{DC597CF0-DB39-40C2-9F8C-CF9D0A386548}
2012-06-16 15:14:31 ----HDC---- C:\ProgramData\{3DFBC806-D62A-4312-81FF-5F343DDCB5DC}
2012-06-16 15:14:15 ----HDC---- C:\ProgramData\{6E467D89-1963-440B-84F9-852C8150E323}
2012-06-16 15:14:05 ----HDC---- C:\ProgramData\{B0DF9098-245E-479F-A4ED-B5F91EA4948B}
2012-06-16 15:13:53 ----HDC---- C:\ProgramData\{D04E7E60-5F77-4E61-9CD4-7AEC5E15C525}
2012-06-16 15:13:15 ----HDC---- C:\ProgramData\{DE181BBE-2522-484E-A620-BDCFB298DC87}
2012-06-16 15:04:40 ----HDC---- C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-06-16 14:58:07 ----HDC---- C:\ProgramData\{DD2792B0-5B90-4CC3-8D97-1C733D7FB366}
2012-06-16 14:53:12 ----HDC---- C:\ProgramData\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}
2012-05-26 18:18:04 ----D---- C:\ProgramData\tmp
2012-05-26 18:18:03 ----D---- C:\ProgramData\hps
2012-05-26 16:39:50 ----D---- C:\Program Files\Fotolab
2012-05-25 19:48:20 ----D---- C:\Program Files\MSXML 4.0
2012-05-23 18:52:45 ----A---- C:\Windows\system32\msvbvm60001.dll
2012-05-23 18:52:39 ----A---- C:\Windows\system32\cdintf450_x64.dll
2012-05-23 18:52:36 ----A---- C:\Windows\system32\gdpdfplug.dll
2012-05-23 18:52:35 ----A---- C:\Windows\system32\cdintf450.dll
2012-05-23 18:52:23 ----D---- C:\Users\JM\AppData\Roaming\602XML
2012-05-23 18:52:18 ----D---- C:\Users\JM\AppData\Roaming\602Installer
2012-05-23 18:52:09 ----D---- C:\Program Files\Common Files\soft602
2012-05-23 18:52:08 ----D---- C:\Program Files\Software602
2012-05-23 18:52:08 ----D---- C:\Program Files\Common Files\Freedom Scientific
======List of files/folders modified in the last 1 month======
2012-06-18 11:06:50 ----D---- C:\Windows\Prefetch
2012-06-18 11:06:15 ----D---- C:\Windows\system32\drivers
2012-06-18 11:06:01 ----D---- C:\Program Files\KeePass-2.17
2012-06-18 11:04:31 ----D---- C:\Windows\System32
2012-06-18 11:04:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-18 11:04:30 ----D---- C:\Windows\inf
2012-06-18 10:58:10 ----D---- C:\Windows\addins
2012-06-18 10:56:41 ----D---- C:\Windows\Microsoft.NET
2012-06-18 10:54:57 ----D---- C:\Windows\Temp
2012-06-18 10:52:33 ----D---- C:\Windows\system32\config
2012-06-18 10:48:16 ----SHD---- C:\Windows\Installer
2012-06-18 10:48:15 ----RSD---- C:\Windows\assembly
2012-06-18 10:48:02 ----D---- C:\Windows\system32\cs-CZ
2012-06-18 10:44:52 ----D---- C:\Windows\system32\en-US
2012-06-18 10:44:51 ----D---- C:\Program Files\Microsoft.NET
2012-06-18 10:43:04 ----SHD---- C:\System Volume Information
2012-06-18 10:38:41 ----D---- C:\ProgramData\Microsoft Help
2012-06-18 10:37:45 ----D---- C:\Program Files\Common Files\microsoft shared
2012-06-18 10:05:39 ----D---- C:\Windows\winsxs
2012-06-18 09:57:10 ----D---- C:\Program Files\Microsoft Office
2012-06-18 09:46:55 ----D---- C:\Windows\system32\catroot
2012-06-18 09:46:54 ----D---- C:\Windows\system32\catroot2
2012-06-18 08:49:09 ----D---- C:\Windows
2012-06-18 08:48:55 ----D---- C:\Windows\system32\DriverStore
2012-06-18 08:47:02 ----D---- C:\Windows\Minidump
2012-06-18 08:35:24 ----D---- C:\Program Files\Windows Sidebar
2012-06-18 08:35:24 ----D---- C:\Program Files\Windows Portable Devices
2012-06-18 08:35:24 ----D---- C:\Program Files\Windows Photo Viewer
2012-06-18 08:35:24 ----D---- C:\Program Files\Windows Media Player
2012-06-18 08:35:24 ----D---- C:\Program Files\Windows Mail
2012-06-18 08:35:24 ----D---- C:\Program Files\Windows Journal
2012-06-18 08:35:24 ----D---- C:\Program Files\Internet Explorer
2012-06-18 08:35:24 ----D---- C:\Program Files\DVD Maker
2012-06-18 08:35:23 ----D---- C:\Windows\servicing
2012-06-18 08:35:23 ----D---- C:\Program Files\Windows Defender
2012-06-18 08:35:23 ----D---- C:\Program Files\Common Files\System
2012-06-18 08:35:22 ----D---- C:\Windows\ehome
2012-06-18 08:35:16 ----SHD---- C:\Windows\BitLockerDiscoveryVolumeContents
2012-06-18 08:35:15 ----D---- C:\Windows\system32\sysprep
2012-06-18 08:35:15 ----D---- C:\Windows\system32\oobe
2012-06-18 08:35:15 ----D---- C:\Windows\system32\da-DK
2012-06-18 08:35:15 ----D---- C:\Windows\PolicyDefinitions
2012-06-18 08:35:14 ----D---- C:\Windows\system32\Setup
2012-06-18 08:35:14 ----D---- C:\Windows\system32\migration
2012-06-18 08:35:14 ----D---- C:\Windows\system32\cs
2012-06-18 08:35:14 ----D---- C:\Windows\system32\AdvancedInstallers
2012-06-18 08:35:13 ----D---- C:\Windows\system32\sppui
2012-06-18 08:35:13 ----D---- C:\Windows\system32\manifeststore
2012-06-18 08:35:13 ----D---- C:\Windows\system32\inetsrv
2012-06-18 08:35:13 ----D---- C:\Windows\system32\es-ES
2012-06-18 08:35:12 ----D---- C:\Windows\system32\wbem
2012-06-18 08:35:12 ----D---- C:\Windows\system32\drivers\UMDF
2012-06-18 08:35:12 ----D---- C:\Windows\system32\drivers\cs-CZ
2012-06-18 08:35:11 ----D---- C:\Windows\system32\migwiz
2012-06-18 08:35:11 ----D---- C:\Windows\system32\Dism
2012-06-18 08:34:53 ----RSD---- C:\Windows\Fonts
2012-06-18 08:34:52 ----D---- C:\Windows\AppPatch
2012-06-18 08:34:41 ----D---- C:\Windows\system32\Boot
2012-06-18 08:26:48 ----A---- C:\Windows\system32\msclmd.dll
2012-06-18 08:13:34 ----D---- C:\Windows\debug
2012-06-18 08:10:57 ----D---- C:\Program Files\Microsoft Works
2012-06-18 07:30:18 ----D---- C:\Windows\schemas
2012-06-17 19:44:39 ----RD---- C:\Program Files
2012-06-17 19:44:05 ----D---- C:\Windows\Tasks
2012-06-17 19:44:05 ----D---- C:\Windows\system32\Tasks
2012-06-17 19:37:37 ----HD---- C:\ProgramData
2012-06-17 18:49:25 ----D---- C:\Users\JM\AppData\Roaming\DMCache
2012-06-17 17:54:38 ----D---- C:\Windows\tracing
2012-06-17 17:33:08 ----D---- C:\Program Files\Common Files
2012-06-17 17:31:24 ----D---- C:\Program Files\Java
2012-06-17 15:49:45 ----D---- C:\Program Files\VstPlugins
2012-06-17 15:49:37 ----D---- C:\Program Files\Native Instruments
2012-06-17 15:49:37 ----D---- C:\Program Files\Common Files\Native Instruments
2012-06-17 15:47:27 ----D---- C:\Users\JM\AppData\Roaming\DAEMON Tools Lite
2012-06-17 15:29:32 ----ASD---- C:\ProgramData\Microsoft
2012-06-17 14:17:53 ----D---- C:\Windows\Help
2012-06-17 10:42:07 ----HD---- C:\Program Files\InstallShield Installation Information
2012-06-16 14:33:01 ----D---- C:\Users\JM\AppData\Roaming\Winamp
2012-05-25 19:27:03 ----AD---- C:\ProgramData\TEMP
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Objeven jakýsi Rootkit.0Acces.H
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Objeven jakýsi Rootkit.0Acces.H
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 TPkd;TPkd; C:\Windows\system32\drivers\TPkd.sys [2012-05-16 93336]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-15 242240]
R3 CLEDX;Team H2O CLEDX service; C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-14 211456]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 MAFW;Service for M-Audio FireWire; C:\Windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 netr28u;AirLive WN-5000USB Driver for Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2007-04-30 332800]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
S2 Nsynas32;Nsynas32; C:\Windows\system32\drivers\Nsynas32.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 cpuz135;cpuz135; \??\C:\Users\JM\AppData\Local\Temp\cpuz135\cpuz135_x32.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-03-25 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2011-03-04 584488]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-11-05 128848]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-11-05 128848]
R2 PaceLicenseDServices;PACE License Services; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-05-18 2938880]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
R2 WDFME;WD File Management Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
R2 WDSC;WD File Management Shadow Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 amdk77;Se45mdm; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 besclient;Rp32service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 emitray;Diskeeper; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 GENERICDRV;CTAudSvcService; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 ni_nic;Houdiniserver; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 pdiddcci;Sbiesvc; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 SaiClass;CX23880; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 SeratoUsb;Euq_monitor; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 TClass2k;Upperdev; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 vmodem;Dac960nt; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 vmx86;LCcfltr; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 VRcore;Hpdj; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 z525mgmt;EL2000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257696]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-11-17 651720]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-08 1343400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-11-05 128848]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 TPkd;TPkd; C:\Windows\system32\drivers\TPkd.sys [2012-05-16 93336]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-15 242240]
R3 CLEDX;Team H2O CLEDX service; C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-14 211456]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 MAFW;Service for M-Audio FireWire; C:\Windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 netr28u;AirLive WN-5000USB Driver for Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2007-04-30 332800]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
S2 Nsynas32;Nsynas32; C:\Windows\system32\drivers\Nsynas32.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 cpuz135;cpuz135; \??\C:\Users\JM\AppData\Local\Temp\cpuz135\cpuz135_x32.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-03-25 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2011-03-04 584488]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-11-05 128848]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-11-05 128848]
R2 PaceLicenseDServices;PACE License Services; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-05-18 2938880]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
R2 WDFME;WD File Management Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
R2 WDSC;WD File Management Shadow Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 amdk77;Se45mdm; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 besclient;Rp32service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 emitray;Diskeeper; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 GENERICDRV;CTAudSvcService; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 ni_nic;Houdiniserver; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 pdiddcci;Sbiesvc; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 SaiClass;CX23880; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 SeratoUsb;Euq_monitor; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 TClass2k;Upperdev; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 vmodem;Dac960nt; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 vmx86;LCcfltr; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 VRcore;Hpdj; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 z525mgmt;EL2000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257696]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-11-17 651720]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-08 1343400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-11-05 128848]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Re: Objeven jakýsi Rootkit.0Acces.H
Ahoj,
tak OTL mi několikrát spadlo, chtělo uložit nějaký datový soubor na plochu a to nešlo. Druhý scan přikládám v příloze. Průvodním jevem, že je něco špatně jsou problémy s SSL certifikáty v Chromu. Např. se nemůžu přihlásit do Gmailu, FB atd.
tak OTL mi několikrát spadlo, chtělo uložit nějaký datový soubor na plochu a to nešlo. Druhý scan přikládám v příloze. Průvodním jevem, že je něco špatně jsou problémy s SSL certifikáty v Chromu. Např. se nemůžu přihlásit do Gmailu, FB atd.
- Přílohy
-
- xuetr.rar
- (195.85 KiB) Staženo 40 x
Re: Objeven jakýsi Rootkit.0Acces.H
Ahoj, posílám ten log..
06:06:50.0491 2876 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
06:06:50.0834 2876 ============================================================
06:06:50.0834 2876 Current date / time: 2012/06/19 06:06:50.0834
06:06:50.0834 2876 SystemInfo:
06:06:50.0834 2876
06:06:50.0834 2876 OS Version: 6.1.7601 ServicePack: 1.0
06:06:50.0834 2876 Product type: Workstation
06:06:50.0834 2876 ComputerName: JM-HTPC
06:06:50.0834 2876 UserName: JM
06:06:50.0834 2876 Windows directory: C:\Windows
06:06:50.0834 2876 System windows directory: C:\Windows
06:06:50.0834 2876 Processor architecture: Intel x86
06:06:50.0834 2876 Number of processors: 2
06:06:50.0834 2876 Page size: 0x1000
06:06:50.0834 2876 Boot type: Normal boot
06:06:50.0834 2876 ============================================================
06:06:53.0006 2876 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:06:53.0022 2876 ============================================================
06:06:53.0022 2876 \Device\Harddisk0\DR0:
06:06:53.0022 2876 MBR partitions:
06:06:53.0022 2876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
06:06:53.0022 2876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
06:06:53.0022 2876 ============================================================
06:06:53.0038 2876 C: <-> \Device\Harddisk0\DR0\Partition1
06:06:53.0038 2876 ============================================================
06:06:53.0038 2876 Initialize success
06:06:53.0038 2876 ============================================================
06:08:29.0447 3752 ============================================================
06:08:29.0447 3752 Scan started
06:08:29.0447 3752 Mode: Manual; SigCheck; TDLFS;
06:08:29.0447 3752 ============================================================
06:08:30.0994 3752 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
06:08:31.0181 3752 1394ohci - ok
06:08:31.0306 3752 602XML Updater (f11d68e40ed62fdb7c460c445f1ec4e5) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
06:08:31.0337 3752 602XML Updater - ok
06:08:31.0400 3752 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
06:08:31.0431 3752 ACPI - ok
06:08:31.0462 3752 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
06:08:31.0572 3752 AcpiPmi - ok
06:08:31.0744 3752 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:08:31.0822 3752 AdobeFlashPlayerUpdateSvc - ok
06:08:31.0853 3752 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
06:08:31.0900 3752 adp94xx - ok
06:08:31.0931 3752 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
06:08:31.0962 3752 adpahci - ok
06:08:31.0994 3752 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
06:08:32.0025 3752 adpu320 - ok
06:08:32.0072 3752 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
06:08:32.0166 3752 AeLookupSvc - ok
06:08:32.0228 3752 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
06:08:32.0275 3752 AFD - ok
06:08:32.0322 3752 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
06:08:32.0337 3752 agp440 - ok
06:08:32.0400 3752 aic78u2 - ok
06:08:32.0431 3752 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
06:08:32.0462 3752 aic78xx - ok
06:08:32.0494 3752 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
06:08:32.0556 3752 ALG - ok
06:08:32.0572 3752 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
06:08:32.0587 3752 aliide - ok
06:08:32.0634 3752 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
06:08:32.0650 3752 amdagp - ok
06:08:32.0728 3752 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
06:08:32.0744 3752 amdide - ok
06:08:32.0775 3752 amdk77 - ok
06:08:32.0806 3752 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
06:08:32.0853 3752 AmdK8 - ok
06:08:32.0853 3752 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
06:08:32.0900 3752 AmdPPM - ok
06:08:32.0931 3752 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
06:08:32.0962 3752 amdsata - ok
06:08:32.0978 3752 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
06:08:33.0009 3752 amdsbs - ok
06:08:33.0025 3752 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
06:08:33.0041 3752 amdxata - ok
06:08:33.0103 3752 AppHostSvc (d1af38fbac0dc7e6d796b0ed01707ee0) C:\Windows\system32\inetsrv\apphostsvc.dll
06:08:33.0181 3752 AppHostSvc - ok
06:08:33.0212 3752 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
06:08:33.0384 3752 AppID - ok
06:08:33.0416 3752 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
06:08:33.0478 3752 AppIDSvc - ok
06:08:33.0509 3752 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
06:08:33.0572 3752 Appinfo - ok
06:08:33.0603 3752 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
06:08:33.0759 3752 AppMgmt - ok
06:08:33.0806 3752 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
06:08:33.0822 3752 arc - ok
06:08:33.0837 3752 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
06:08:33.0853 3752 arcsas - ok
06:08:33.0884 3752 askernel - ok
06:08:33.0916 3752 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
06:08:34.0041 3752 AsyncMac - ok
06:08:34.0087 3752 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
06:08:34.0103 3752 atapi - ok
06:08:34.0150 3752 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
06:08:34.0228 3752 AudioEndpointBuilder - ok
06:08:34.0244 3752 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
06:08:34.0291 3752 Audiosrv - ok
06:08:34.0322 3752 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
06:08:34.0400 3752 AxInstSV - ok
06:08:34.0462 3752 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
06:08:34.0541 3752 b06bdrv - ok
06:08:34.0572 3752 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
06:08:34.0619 3752 b57nd60x - ok
06:08:34.0697 3752 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
06:08:34.0775 3752 BDESVC - ok
06:08:34.0791 3752 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
06:08:34.0853 3752 Beep - ok
06:08:34.0916 3752 besclient - ok
06:08:34.0994 3752 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
06:08:35.0072 3752 BITS - ok
06:08:35.0103 3752 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
06:08:35.0134 3752 blbdrive - ok
06:08:35.0166 3752 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
06:08:35.0228 3752 bowser - ok
06:08:35.0244 3752 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:08:35.0322 3752 BrFiltLo - ok
06:08:35.0337 3752 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:08:35.0384 3752 BrFiltUp - ok
06:08:35.0416 3752 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
06:08:35.0478 3752 Browser - ok
06:08:35.0509 3752 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
06:08:35.0556 3752 Brserid - ok
06:08:35.0587 3752 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
06:08:35.0634 3752 BrSerWdm - ok
06:08:35.0744 3752 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:08:35.0791 3752 BrUsbMdm - ok
06:08:35.0822 3752 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
06:08:35.0853 3752 BrUsbSer - ok
06:08:35.0884 3752 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
06:08:35.0931 3752 BTHMODEM - ok
06:08:35.0978 3752 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
06:08:36.0041 3752 bthserv - ok
06:08:36.0056 3752 CdaC15BA - ok
06:08:36.0087 3752 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
06:08:36.0134 3752 cdfs - ok
06:08:36.0181 3752 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
06:08:36.0228 3752 cdrom - ok
06:08:36.0259 3752 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
06:08:36.0322 3752 CertPropSvc - ok
06:08:36.0353 3752 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
06:08:36.0369 3752 circlass - ok
06:08:36.0416 3752 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\Windows\system32\DRIVERS\cledx.sys
06:08:36.0431 3752 CLEDX ( UnsignedFile.Multi.Generic ) - warning
06:08:36.0431 3752 CLEDX - detected UnsignedFile.Multi.Generic (1)
06:08:36.0478 3752 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
06:08:36.0494 3752 CLFS - ok
06:08:36.0587 3752 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:08:36.0650 3752 clr_optimization_v2.0.50727_32 - ok
06:08:36.0900 3752 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:08:36.0947 3752 clr_optimization_v4.0.30319_32 - ok
06:08:36.0978 3752 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
06:08:37.0025 3752 CmBatt - ok
06:08:37.0072 3752 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
06:08:37.0087 3752 cmdide - ok
06:08:37.0150 3752 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
06:08:37.0181 3752 CNG - ok
06:08:37.0212 3752 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
06:08:37.0228 3752 Compbatt - ok
06:08:37.0275 3752 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
06:08:37.0322 3752 CompositeBus - ok
06:08:37.0322 3752 COMSysApp - ok
06:08:37.0416 3752 cpuz135 - ok
06:08:37.0462 3752 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
06:08:37.0478 3752 crcdisk - ok
06:08:37.0525 3752 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
06:08:37.0572 3752 CryptSvc - ok
06:08:37.0619 3752 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
06:08:37.0759 3752 CSC - ok
06:08:37.0822 3752 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
06:08:37.0869 3752 CscService - ok
06:08:37.0916 3752 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
06:08:37.0962 3752 DcomLaunch - ok
06:08:38.0009 3752 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
06:08:38.0072 3752 defragsvc - ok
06:08:38.0134 3752 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
06:08:38.0212 3752 DfsC - ok
06:08:38.0275 3752 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
06:08:38.0322 3752 Dhcp - ok
06:08:38.0369 3752 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
06:08:38.0416 3752 discache - ok
06:08:38.0447 3752 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
06:08:38.0462 3752 Disk - ok
06:08:38.0525 3752 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
06:08:38.0587 3752 Dnscache - ok
06:08:38.0650 3752 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
06:08:38.0791 3752 dot3svc - ok
06:08:38.0822 3752 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
06:08:38.0884 3752 DPS - ok
06:08:38.0931 3752 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
06:08:38.0962 3752 drmkaud - ok
06:08:39.0025 3752 dtsoftbus01 (cb400d7327ded85a397812d2af8e7b01) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
06:08:39.0025 3752 Suspicious file (Forged): C:\Windows\system32\DRIVERS\dtsoftbus01.sys. Real md5: cb400d7327ded85a397812d2af8e7b01, Fake md5: 687af6bb383885ff6a64071b189a7f3e
06:08:39.0025 3752 dtsoftbus01 ( Virus.Win32.ZAccess.c ) - infected
06:08:39.0025 3752 dtsoftbus01 - detected Virus.Win32.ZAccess.c (0)
06:08:39.0119 3752 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
06:08:39.0150 3752 DXGKrnl - ok
06:08:39.0181 3752 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
06:08:39.0228 3752 e1express - ok
06:08:39.0275 3752 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
06:08:39.0337 3752 EapHost - ok
06:08:39.0587 3752 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
06:08:39.0728 3752 ebdrv - ok
06:08:39.0869 3752 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
06:08:39.0916 3752 EFS - ok
06:08:39.0994 3752 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
06:08:40.0087 3752 ehRecvr - ok
06:08:40.0119 3752 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
06:08:40.0181 3752 ehSched - ok
06:08:40.0244 3752 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
06:08:40.0291 3752 elxstor - ok
06:08:40.0337 3752 emitray - ok
06:08:40.0384 3752 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
06:08:40.0416 3752 ErrDev - ok
06:08:40.0478 3752 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
06:08:40.0541 3752 EventSystem - ok
06:08:40.0572 3752 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
06:08:40.0650 3752 exfat - ok
06:08:40.0728 3752 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
06:08:40.0791 3752 fastfat - ok
06:08:40.0869 3752 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
06:08:40.0931 3752 Fax - ok
06:08:40.0962 3752 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
06:08:41.0009 3752 fdc - ok
06:08:41.0041 3752 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
06:08:41.0103 3752 fdPHost - ok
06:08:41.0119 3752 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
06:08:41.0181 3752 FDResPub - ok
06:08:41.0212 3752 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
06:08:41.0228 3752 FileInfo - ok
06:08:41.0259 3752 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
06:08:41.0291 3752 Filetrace - ok
06:08:41.0431 3752 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:08:41.0478 3752 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
06:08:41.0478 3752 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
06:08:41.0509 3752 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
06:08:41.0541 3752 flpydisk - ok
06:08:41.0587 3752 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
06:08:41.0603 3752 FltMgr - ok
06:08:41.0994 3752 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
06:08:42.0072 3752 FontCache - ok
06:08:42.0181 3752 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
06:08:42.0197 3752 FontCache3.0.0.0 - ok
06:08:42.0228 3752 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
06:08:42.0244 3752 FsDepends - ok
06:08:42.0291 3752 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
06:08:42.0306 3752 Fs_Rec - ok
06:08:42.0353 3752 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
06:08:42.0369 3752 fvevol - ok
06:08:42.0416 3752 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
06:08:42.0431 3752 gagp30kx - ok
06:08:42.0462 3752 GENERICDRV - ok
06:08:42.0541 3752 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
06:08:42.0619 3752 gpsvc - ok
06:08:42.0681 3752 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
06:08:42.0759 3752 hcw85cir - ok
06:08:42.0822 3752 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
06:08:42.0869 3752 HdAudAddService - ok
06:08:42.0900 3752 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
06:08:42.0931 3752 HDAudBus - ok
06:08:42.0962 3752 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
06:08:43.0009 3752 HidBatt - ok
06:08:43.0041 3752 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
06:08:43.0072 3752 HidBth - ok
06:08:43.0103 3752 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
06:08:43.0134 3752 HidIr - ok
06:08:43.0166 3752 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
06:08:43.0228 3752 hidserv - ok
06:08:43.0259 3752 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
06:08:43.0291 3752 HidUsb - ok
06:08:43.0337 3752 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
06:08:43.0369 3752 hkmsvc - ok
06:08:43.0416 3752 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
06:08:43.0478 3752 HomeGroupListener - ok
06:08:43.0525 3752 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
06:08:43.0587 3752 HomeGroupProvider - ok
06:08:43.0619 3752 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
06:08:43.0634 3752 HpSAMD - ok
06:08:43.0728 3752 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
06:08:43.0791 3752 HTTP - ok
06:08:43.0822 3752 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
06:08:43.0837 3752 hwpolicy - ok
06:08:43.0869 3752 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
06:08:43.0916 3752 i8042prt - ok
06:08:43.0916 3752 iam - ok
06:08:43.0978 3752 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
06:08:43.0994 3752 iaStorV - ok
06:08:44.0150 3752 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:08:44.0212 3752 idsvc - ok
06:08:44.0587 3752 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
06:08:44.0806 3752 igfx - ok
06:08:44.0931 3752 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
06:08:44.0947 3752 iirsp - ok
06:08:45.0025 3752 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
06:08:45.0087 3752 IKEEXT - ok
06:08:45.0150 3752 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
06:08:45.0166 3752 intelide - ok
06:08:45.0181 3752 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
06:08:45.0212 3752 intelppm - ok
06:08:45.0259 3752 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
06:08:45.0322 3752 IPBusEnum - ok
06:08:45.0353 3752 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:08:45.0384 3752 IpFilterDriver - ok
06:08:45.0462 3752 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
06:08:45.0494 3752 IPMIDRV - ok
06:08:45.0509 3752 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
06:08:45.0572 3752 IPNAT - ok
06:08:45.0587 3752 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
06:08:45.0634 3752 IRENUM - ok
06:08:45.0744 3752 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
06:08:45.0775 3752 isapnp - ok
06:08:45.0822 3752 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
06:08:45.0853 3752 iScsiPrt - ok
06:08:45.0884 3752 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
06:08:45.0900 3752 kbdclass - ok
06:08:45.0931 3752 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
06:08:45.0962 3752 kbdhid - ok
06:08:45.0994 3752 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
06:08:46.0025 3752 KeyIso - ok
06:08:46.0041 3752 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
06:08:46.0056 3752 KSecDD - ok
06:08:46.0087 3752 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
06:08:46.0103 3752 KSecPkg - ok
06:08:46.0150 3752 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
06:08:46.0212 3752 KtmRm - ok
06:08:46.0259 3752 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
06:08:46.0322 3752 LanmanServer - ok
06:08:46.0369 3752 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
06:08:46.0431 3752 LanmanWorkstation - ok
06:08:46.0462 3752 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
06:08:46.0525 3752 lltdio - ok
06:08:46.0572 3752 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
06:08:46.0634 3752 lltdsvc - ok
06:08:46.0712 3752 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
06:08:46.0775 3752 lmhosts - ok
06:08:46.0806 3752 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
06:08:46.0822 3752 LSI_FC - ok
06:08:46.0837 3752 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
06:08:46.0869 3752 LSI_SAS - ok
06:08:46.0884 3752 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:08:46.0900 3752 LSI_SAS2 - ok
06:08:46.0916 3752 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:08:46.0931 3752 LSI_SCSI - ok
06:08:46.0962 3752 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
06:08:47.0009 3752 luafv - ok
06:08:47.0056 3752 MAFW (c1d028531ed173ff164f660ff03eb090) C:\Windows\system32\DRIVERS\mafw.sys
06:08:47.0087 3752 MAFW - ok
06:08:47.0150 3752 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
06:08:47.0166 3752 MBAMProtector - ok
06:08:47.0306 3752 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
06:08:47.0369 3752 MBAMService - ok
06:08:47.0416 3752 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
06:08:47.0447 3752 Mcx2Svc - ok
06:08:47.0478 3752 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
06:08:47.0494 3752 megasas - ok
06:08:47.0525 3752 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
06:08:47.0556 3752 MegaSR - ok
06:08:47.0587 3752 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
06:08:47.0634 3752 MMCSS - ok
06:08:47.0712 3752 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
06:08:47.0791 3752 Modem - ok
06:08:47.0791 3752 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
06:08:47.0837 3752 monitor - ok
06:08:47.0869 3752 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
06:08:47.0884 3752 mouclass - ok
06:08:47.0916 3752 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
06:08:47.0947 3752 mouhid - ok
06:08:47.0978 3752 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
06:08:48.0009 3752 mountmgr - ok
06:08:48.0056 3752 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
06:08:48.0072 3752 mpio - ok
06:08:48.0103 3752 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
06:08:48.0150 3752 mpsdrv - ok
06:08:48.0197 3752 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
06:08:48.0228 3752 MRxDAV - ok
06:08:48.0259 3752 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:08:48.0322 3752 mrxsmb - ok
06:08:48.0337 3752 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:08:48.0369 3752 mrxsmb10 - ok
06:08:48.0400 3752 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:08:48.0416 3752 mrxsmb20 - ok
06:08:48.0462 3752 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
06:08:48.0478 3752 msahci - ok
06:08:48.0494 3752 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
06:08:48.0525 3752 msdsm - ok
06:08:48.0572 3752 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
06:08:48.0619 3752 MSDTC - ok
06:08:48.0712 3752 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
06:08:48.0791 3752 Msfs - ok
06:08:48.0806 3752 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
06:08:48.0837 3752 mshidkmdf - ok
06:08:48.0900 3752 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
06:08:48.0916 3752 msisadrv - ok
06:08:48.0947 3752 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
06:08:49.0025 3752 MSiSCSI - ok
06:08:49.0025 3752 msiserver - ok
06:08:49.0056 3752 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
06:08:49.0119 3752 MSKSSRV - ok
06:08:49.0134 3752 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
06:08:49.0197 3752 MSPCLOCK - ok
06:08:49.0228 3752 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
06:08:49.0259 3752 MSPQM - ok
06:08:49.0291 3752 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
06:08:49.0306 3752 MsRPC - ok
06:08:49.0337 3752 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
06:08:49.0353 3752 mssmbios - ok
06:08:49.0384 3752 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
06:08:49.0431 3752 MSTEE - ok
06:08:49.0431 3752 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
06:08:49.0462 3752 MTConfig - ok
06:08:49.0478 3752 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
06:08:49.0509 3752 Mup - ok
06:08:49.0556 3752 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
06:08:49.0634 3752 napagent - ok
06:08:49.0744 3752 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
06:08:49.0822 3752 NativeWifiP - ok
06:08:49.0978 3752 NAUpdate (0a053f378b53e2a467a852119f91abe1) C:\Program Files\Nero\Update\NASvc.exe
06:08:50.0009 3752 NAUpdate - ok
06:08:50.0087 3752 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
06:08:50.0150 3752 NDIS - ok
06:08:50.0181 3752 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
06:08:50.0244 3752 NdisCap - ok
06:08:50.0259 3752 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
06:08:50.0306 3752 NdisTapi - ok
06:08:50.0337 3752 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
06:08:50.0384 3752 Ndisuio - ok
06:08:50.0431 3752 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
06:08:50.0478 3752 NdisWan - ok
06:08:50.0509 3752 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
06:08:50.0572 3752 NDProxy - ok
06:08:50.0587 3752 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
06:08:50.0650 3752 NetBIOS - ok
06:08:50.0728 3752 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
06:08:50.0791 3752 NetBT - ok
06:08:50.0822 3752 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
06:08:50.0837 3752 Netlogon - ok
06:08:50.0884 3752 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
06:08:50.0931 3752 Netman - ok
06:08:51.0041 3752 NetMsmqActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:08:51.0072 3752 NetMsmqActivator - ok
06:08:51.0072 3752 NetPipeActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:08:51.0087 3752 NetPipeActivator - ok
06:08:51.0119 3752 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
06:08:51.0197 3752 netprofm - ok
06:08:51.0259 3752 netr28u (7a60cde3a17a9a2757591e6bc63b9e9a) C:\Windows\system32\DRIVERS\netr28u.sys
06:08:51.0337 3752 netr28u - ok
06:08:51.0337 3752 NetTcpActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:08:51.0369 3752 NetTcpActivator - ok
06:08:51.0369 3752 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:08:51.0384 3752 NetTcpPortSharing - ok
06:08:51.0416 3752 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
06:08:51.0431 3752 nfrd960 - ok
06:08:51.0462 3752 ni_nic - ok
06:08:51.0509 3752 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
06:08:51.0587 3752 NlaSvc - ok
06:08:51.0603 3752 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
06:08:51.0650 3752 Npfs - ok
06:08:51.0744 3752 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
06:08:51.0791 3752 nsi - ok
06:08:51.0822 3752 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
06:08:51.0869 3752 nsiproxy - ok
06:08:51.0884 3752 Nsynas32 - ok
06:08:52.0025 3752 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
06:08:52.0103 3752 Ntfs - ok
06:08:52.0134 3752 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
06:08:52.0166 3752 Null - ok
06:08:52.0228 3752 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
06:08:52.0244 3752 nvraid - ok
06:08:52.0291 3752 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
06:08:52.0306 3752 nvstor - ok
06:08:52.0337 3752 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
06:08:52.0353 3752 nv_agp - ok
06:08:52.0509 3752 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:08:52.0556 3752 odserv - ok
06:08:52.0587 3752 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
06:08:52.0634 3752 ohci1394 - ok
06:08:52.0759 3752 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:08:52.0791 3752 ose - ok
06:08:52.0837 3752 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
06:08:52.0869 3752 p2pimsvc - ok
06:08:52.0947 3752 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
06:08:52.0978 3752 p2psvc - ok
06:08:53.0212 3752 PaceLicenseDServices (673e36852e2f9fa778d5d3ddcefa591b) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
06:08:53.0322 3752 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - warning
06:08:53.0322 3752 PaceLicenseDServices - detected UnsignedFile.Multi.Generic (1)
06:08:53.0478 3752 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
06:08:53.0494 3752 Parport - ok
06:08:53.0541 3752 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
06:08:53.0556 3752 partmgr - ok
06:08:53.0572 3752 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
06:08:53.0587 3752 Parvdm - ok
06:08:53.0619 3752 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
06:08:53.0650 3752 PcaSvc - ok
06:08:53.0775 3752 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
06:08:53.0806 3752 pci - ok
06:08:53.0822 3752 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
06:08:53.0837 3752 pciide - ok
06:08:53.0869 3752 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
06:08:53.0900 3752 pcmcia - ok
06:08:53.0931 3752 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
06:08:53.0947 3752 pcw - ok
06:08:53.0947 3752 pdiddcci - ok
06:08:54.0009 3752 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
06:08:54.0072 3752 PEAUTH - ok
06:08:54.0181 3752 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
06:08:54.0244 3752 PeerDistSvc - ok
06:08:54.0384 3752 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
06:08:54.0494 3752 pla - ok
06:08:54.0728 3752 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
06:08:54.0791 3752 PlugPlay - ok
06:08:54.0837 3752 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
06:08:54.0853 3752 PNRPAutoReg - ok
06:08:54.0884 3752 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
06:08:54.0916 3752 PNRPsvc - ok
06:08:54.0978 3752 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
06:08:55.0041 3752 PolicyAgent - ok
06:08:55.0087 3752 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
06:08:55.0119 3752 Power - ok
06:08:55.0181 3752 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
06:08:55.0244 3752 PptpMiniport - ok
06:08:55.0259 3752 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
06:08:55.0306 3752 Processor - ok
06:08:55.0353 3752 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
06:08:55.0416 3752 ProfSvc - ok
06:08:55.0462 3752 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
06:08:55.0478 3752 ProtectedStorage - ok
06:08:55.0494 3752 ps2 - ok
06:08:55.0525 3752 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
06:08:55.0572 3752 Psched - ok
06:08:55.0603 3752 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
06:08:55.0619 3752 PxHelp20 - ok
06:08:55.0775 3752 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
06:08:55.0837 3752 ql2300 - ok
06:08:55.0978 3752 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
06:08:55.0994 3752 ql40xx - ok
06:08:56.0025 3752 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
06:08:56.0072 3752 QWAVE - ok
06:08:56.0087 3752 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
06:08:56.0119 3752 QWAVEdrv - ok
06:08:56.0134 3752 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
06:08:56.0181 3752 RasAcd - ok
06:08:56.0212 3752 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
06:08:56.0259 3752 RasAgileVpn - ok
06:08:56.0275 3752 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
06:08:56.0337 3752 RasAuto - ok
06:08:56.0369 3752 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:08:56.0416 3752 Rasl2tp - ok
06:08:56.0478 3752 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
06:08:56.0541 3752 RasMan - ok
06:08:56.0572 3752 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
06:08:56.0603 3752 RasPppoe - ok
06:08:56.0619 3752 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
06:08:56.0681 3752 RasSstp - ok
06:08:56.0728 3752 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
06:08:56.0791 3752 rdbss - ok
06:08:56.0822 3752 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
06:08:56.0869 3752 rdpbus - ok
06:08:56.0900 3752 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:08:56.0962 3752 RDPCDD - ok
06:08:56.0994 3752 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
06:08:57.0119 3752 RDPDR - ok
06:08:57.0150 3752 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
06:08:57.0228 3752 RDPENCDD - ok
06:08:57.0275 3752 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
06:08:57.0306 3752 RDPREFMP - ok
06:08:57.0384 3752 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
06:08:57.0431 3752 RdpVideoMiniport - ok
06:08:57.0462 3752 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
06:08:57.0525 3752 RDPWD - ok
06:08:57.0587 3752 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
06:08:57.0603 3752 rdyboost - ok
06:08:57.0697 3752 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
06:08:57.0759 3752 RemoteAccess - ok
06:08:57.0806 3752 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
06:08:57.0900 3752 RemoteRegistry - ok
06:08:57.0916 3752 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
06:08:57.0994 3752 RpcEptMapper - ok
06:08:58.0025 3752 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
06:08:58.0056 3752 RpcLocator - ok
06:08:58.0103 3752 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
06:08:58.0150 3752 RpcSs - ok
06:08:58.0197 3752 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
06:08:58.0259 3752 rspndr - ok
06:08:58.0291 3752 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
06:08:58.0353 3752 s3cap - ok
06:08:58.0369 3752 SaiClass - ok
06:08:58.0416 3752 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
06:08:58.0431 3752 SamSs - ok
06:08:58.0494 3752 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
06:08:58.0525 3752 sbp2port - ok
06:08:58.0572 3752 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
06:08:58.0650 3752 SCardSvr - ok
06:08:58.0712 3752 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
06:08:58.0759 3752 scfilter - ok
06:08:58.0837 3752 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
06:08:58.0916 3752 Schedule - ok
06:08:58.0947 3752 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
06:08:58.0978 3752 SCPolicySvc - ok
06:08:59.0025 3752 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
06:08:59.0103 3752 SDRSVC - ok
06:08:59.0150 3752 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
06:08:59.0181 3752 secdrv - ok
06:08:59.0212 3752 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
06:08:59.0275 3752 seclogon - ok
06:08:59.0291 3752 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
06:08:59.0353 3752 SENS - ok
06:08:59.0384 3752 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
06:08:59.0431 3752 SensrSvc - ok
06:08:59.0447 3752 SeratoUsb - ok
06:08:59.0478 3752 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
06:08:59.0494 3752 Serenum - ok
06:08:59.0525 3752 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
06:08:59.0556 3752 Serial - ok
06:08:59.0603 3752 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
06:08:59.0634 3752 sermouse - ok
06:08:59.0712 3752 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
06:08:59.0775 3752 SessionEnv - ok
06:08:59.0822 3752 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
06:08:59.0853 3752 sffdisk - ok
06:08:59.0869 3752 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
06:08:59.0884 3752 sffp_mmc - ok
06:08:59.0900 3752 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
06:08:59.0931 3752 sffp_sd - ok
06:08:59.0962 3752 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
06:08:59.0994 3752 sfloppy - ok
06:09:00.0056 3752 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
06:09:00.0103 3752 SharedAccess - ok
06:09:00.0166 3752 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
06:09:00.0244 3752 ShellHWDetection - ok
06:09:00.0275 3752 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
06:09:00.0306 3752 sisagp - ok
06:09:00.0322 3752 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:09:00.0353 3752 SiSRaid2 - ok
06:09:00.0369 3752 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
06:09:00.0384 3752 SiSRaid4 - ok
06:09:00.0400 3752 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
06:09:00.0447 3752 Smb - ok
06:09:00.0494 3752 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
06:09:00.0509 3752 SNMPTRAP - ok
06:09:00.0525 3752 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
06:09:00.0541 3752 spldr - ok
06:09:00.0587 3752 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
06:09:00.0666 3752 Spooler - ok
06:09:00.0869 3752 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
06:09:01.0056 3752 sppsvc - ok
06:09:01.0181 3752 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
06:09:01.0259 3752 sppuinotify - ok
06:09:01.0275 3752 SQTECH9080 - ok
06:09:01.0353 3752 srservice (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\upsmonservice.dll
06:09:01.0353 3752 srservice ( Backdoor.Multi.ZAccess.gen ) - infected
06:09:01.0353 3752 srservice - detected Backdoor.Multi.ZAccess.gen (0)
06:09:01.0431 3752 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
06:09:01.0509 3752 srv - ok
06:09:01.0556 3752 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
06:09:01.0603 3752 srv2 - ok
06:09:01.0634 3752 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
06:09:01.0681 3752 srvnet - ok
06:09:01.0759 3752 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
06:09:01.0806 3752 SSDPSRV - ok
06:09:01.0837 3752 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
06:09:01.0900 3752 SstpSvc - ok
06:09:01.0947 3752 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
06:09:01.0962 3752 stexstor - ok
06:09:02.0025 3752 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
06:09:02.0087 3752 StiSvc - ok
06:09:02.0119 3752 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
06:09:02.0134 3752 storflt - ok
06:09:02.0166 3752 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
06:09:02.0181 3752 storvsc - ok
06:09:02.0212 3752 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
06:09:02.0228 3752 swenum - ok
06:09:02.0400 3752 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
06:09:02.0462 3752 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
06:09:02.0462 3752 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
06:09:02.0509 3752 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
06:09:02.0587 3752 swprv - ok
06:09:02.0603 3752 Synth3dVsc - ok
06:09:02.0791 3752 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
06:09:02.0853 3752 SysMain - ok
06:09:02.0900 3752 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
06:09:02.0947 3752 TabletInputService - ok
06:09:02.0994 3752 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
06:09:03.0041 3752 TapiSrv - ok
06:09:03.0103 3752 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
06:09:03.0134 3752 TBS - ok
06:09:03.0166 3752 TClass2k - ok
06:09:03.0337 3752 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
06:09:03.0400 3752 Tcpip - ok
06:09:03.0431 3752 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
06:09:03.0478 3752 TCPIP6 - ok
06:09:03.0603 3752 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
06:09:03.0650 3752 tcpipreg - ok
06:09:03.0712 3752 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
06:09:03.0759 3752 TDPIPE - ok
06:09:03.0806 3752 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
06:09:03.0869 3752 TDTCP - ok
06:09:03.0916 3752 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
06:09:03.0962 3752 tdx - ok
06:09:04.0009 3752 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
06:09:04.0025 3752 TermDD - ok
06:09:04.0087 3752 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
06:09:04.0150 3752 TermService - ok
06:09:04.0197 3752 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
06:09:04.0244 3752 Themes - ok
06:09:04.0259 3752 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
06:09:04.0306 3752 THREADORDER - ok
06:09:04.0353 3752 TPkd (e830cda96b3c43971874c3bee2d0bb18) C:\Windows\system32\drivers\TPkd.sys
06:09:04.0369 3752 TPkd - ok
06:09:04.0384 3752 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
06:09:04.0447 3752 TrkWks - ok
06:09:04.0541 3752 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
06:09:04.0619 3752 TrustedInstaller - ok
06:09:04.0666 3752 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:09:04.0744 3752 tssecsrv - ok
06:09:04.0791 3752 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
06:09:04.0822 3752 TsUsbFlt - ok
06:09:04.0822 3752 tsusbhub - ok
06:09:04.0869 3752 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
06:09:04.0916 3752 tunnel - ok
06:09:04.0947 3752 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
06:09:04.0962 3752 uagp35 - ok
06:09:05.0025 3752 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
06:09:05.0087 3752 udfs - ok
06:09:05.0134 3752 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
06:09:05.0166 3752 UI0Detect - ok
06:09:05.0244 3752 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
06:09:05.0259 3752 uliagpkx - ok
06:09:05.0306 3752 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
06:09:05.0353 3752 umbus - ok
06:09:05.0369 3752 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
06:09:05.0416 3752 UmPass - ok
06:09:05.0462 3752 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
06:09:05.0509 3752 UmRdpService - ok
06:09:05.0556 3752 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
06:09:05.0619 3752 upnphost - ok
06:09:05.0712 3752 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
06:09:05.0775 3752 usbccgp - ok
06:09:05.0822 3752 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
06:09:05.0837 3752 usbcir - ok
06:09:05.0853 3752 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
06:09:05.0869 3752 usbehci - ok
06:09:05.0916 3752 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
06:09:05.0947 3752 usbhub - ok
06:09:05.0978 3752 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
06:09:06.0009 3752 usbohci - ok
06:09:06.0041 3752 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
06:09:06.0056 3752 usbprint - ok
06:09:06.0103 3752 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
06:09:06.0166 3752 USBSTOR - ok
06:09:06.0197 3752 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
06:09:06.0212 3752 usbuhci - ok
06:09:06.0259 3752 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
06:09:06.0291 3752 usbvideo - ok
06:09:06.0337 3752 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
06:09:06.0400 3752 UxSms - ok
06:09:06.0431 3752 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
06:09:06.0462 3752 VaultSvc - ok
06:09:06.0494 3752 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
06:09:06.0509 3752 vdrvroot - ok
06:09:06.0572 3752 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
06:09:06.0650 3752 vds - ok
06:09:06.0728 3752 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
06:09:06.0775 3752 vga - ok
06:09:06.0806 3752 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
06:09:06.0837 3752 VgaSave - ok
06:09:06.0853 3752 VGPU - ok
06:09:06.0916 3752 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
06:09:06.0931 3752 vhdmp - ok
06:09:06.0978 3752 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
06:09:06.0994 3752 viaagp - ok
06:09:07.0025 3752 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
06:09:07.0056 3752 ViaC7 - ok
06:09:07.0072 3752 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
06:09:07.0103 3752 viaide - ok
06:09:07.0134 3752 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
06:09:07.0150 3752 vmbus - ok
06:09:07.0181 3752 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
06:09:07.0212 3752 VMBusHID - ok
06:09:07.0244 3752 vmodem - ok
06:09:07.0259 3752 vmx86 - ok
06:09:07.0306 3752 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
06:09:07.0322 3752 volmgr - ok
06:09:07.0369 3752 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
06:09:07.0384 3752 volmgrx - ok
06:09:07.0431 3752 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
06:09:07.0462 3752 volsnap - ok
06:09:07.0478 3752 VRcore - ok
06:09:07.0525 3752 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
06:09:07.0572 3752 vsmraid - ok
06:09:07.0697 3752 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
06:09:07.0791 3752 VSS - ok
06:09:07.0822 3752 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
06:09:07.0853 3752 vwifibus - ok
06:09:07.0900 3752 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
06:09:07.0962 3752 W32Time - ok
06:09:08.0056 3752 W3SVC (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
06:09:08.0087 3752 W3SVC - ok
06:09:08.0134 3752 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
06:09:08.0166 3752 WacomPen - ok
06:09:08.0197 3752 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
06:09:08.0244 3752 WANARP - ok
06:09:08.0244 3752 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
06:09:08.0291 3752 Wanarpv6 - ok
06:09:08.0306 3752 WAS (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
06:09:08.0322 3752 WAS - ok
06:09:08.0525 3752 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
06:09:08.0603 3752 WatAdminSvc - ok
06:09:08.0744 3752 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
06:09:08.0822 3752 wbengine - ok
06:09:08.0853 3752 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
06:09:08.0916 3752 WbioSrvc - ok
06:09:08.0978 3752 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
06:09:09.0025 3752 wcncsvc - ok
06:09:09.0041 3752 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
06:09:09.0119 3752 WcsPlugInService - ok
06:09:09.0181 3752 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
06:09:09.0197 3752 Wd - ok
06:09:09.0244 3752 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
06:09:09.0259 3752 WDC_SAM - ok
06:09:09.0416 3752 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
06:09:09.0431 3752 WDDMService ( UnsignedFile.Multi.Generic ) - warning
06:09:09.0431 3752 WDDMService - detected UnsignedFile.Multi.Generic (1)
06:09:09.0478 3752 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
06:09:09.0509 3752 Wdf01000 - ok
06:09:09.0806 3752 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
06:09:09.0884 3752 WDFME ( UnsignedFile.Multi.Generic ) - warning
06:09:09.0884 3752 WDFME - detected UnsignedFile.Multi.Generic (1)
06:09:10.0025 3752 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
06:09:10.0166 3752 WdiServiceHost - ok
06:09:10.0166 3752 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
06:09:10.0197 3752 WdiSystemHost - ok
06:09:10.0275 3752 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
06:09:10.0291 3752 WDSC ( UnsignedFile.Multi.Generic ) - warning
06:09:10.0291 3752 WDSC - detected UnsignedFile.Multi.Generic (1)
06:09:10.0337 3752 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
06:09:10.0384 3752 WebClient - ok
06:09:10.0416 3752 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
06:09:10.0478 3752 Wecsvc - ok
06:09:10.0509 3752 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
06:09:10.0587 3752 wercplsupport - ok
06:09:10.0603 3752 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
06:09:10.0650 3752 WerSvc - ok
06:09:10.0759 3752 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
06:09:10.0837 3752 WfpLwf - ok
06:09:10.0853 3752 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
06:09:10.0869 3752 WIMMount - ok
06:09:10.0884 3752 WinHttpAutoProxySvc - ok
06:09:10.0962 3752 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
06:09:11.0041 3752 Winmgmt - ok
06:09:11.0134 3752 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
06:09:11.0228 3752 WinRM - ok
06:09:11.0322 3752 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
06:09:11.0353 3752 WinUsb - ok
06:09:11.0447 3752 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
06:09:11.0494 3752 Wlansvc - ok
06:09:11.0791 3752 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:09:11.0869 3752 wlidsvc - ok
06:09:12.0025 3752 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
06:09:12.0056 3752 WmiAcpi - ok
06:09:12.0150 3752 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
06:09:12.0197 3752 wmiApSrv - ok
06:09:12.0384 3752 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
06:09:12.0494 3752 WMPNetworkSvc - ok
06:09:12.0541 3752 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
06:09:12.0603 3752 WPCSvc - ok
06:09:12.0712 3752 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
06:09:12.0775 3752 WPDBusEnum - ok
06:09:12.0869 3752 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
06:09:12.0916 3752 ws2ifsl - ok
06:09:12.0931 3752 WSearch - ok
06:09:13.0103 3752 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
06:09:13.0181 3752 wuauserv - ok
06:09:13.0337 3752 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
06:09:13.0416 3752 WudfPf - ok
06:09:13.0447 3752 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:09:13.0525 3752 WUDFRd - ok
06:09:13.0556 3752 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
06:09:13.0603 3752 wudfsvc - ok
06:09:13.0681 3752 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
06:09:13.0728 3752 WwanSvc - ok
06:09:13.0853 3752 z525mgmt - ok
06:09:13.0994 3752 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:09:14.0619 3752 \Device\Harddisk0\DR0 - ok
06:09:14.0650 3752 Boot (0x1200) (124d45174c417519fdd75160baff0f30) \Device\Harddisk0\DR0\Partition0
06:09:14.0681 3752 \Device\Harddisk0\DR0\Partition0 - ok
06:09:14.0712 3752 Boot (0x1200) (62e00d822149baec080f985234d54873) \Device\Harddisk0\DR0\Partition1
06:09:14.0712 3752 \Device\Harddisk0\DR0\Partition1 - ok
06:09:14.0712 3752 ============================================================
06:09:14.0712 3752 Scan finished
06:09:14.0712 3752 ============================================================
06:09:14.0744 3764 Detected object count: 9
06:09:14.0744 3764 Actual detected object count: 9
06:10:27.0587 3764 CLEDX ( UnsignedFile.Multi.Generic ) - skipped by user
06:10:27.0587 3764 CLEDX ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:10:27.0587 3764 dtsoftbus01 ( Virus.Win32.ZAccess.c ) - skipped by user
06:10:27.0587 3764 dtsoftbus01 ( Virus.Win32.ZAccess.c ) - User select action: Skip
06:10:27.0587 3764 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
06:10:27.0587 3764 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:10:27.0603 3764 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - skipped by user
06:10:27.0603 3764 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:10:27.0603 3764 srservice ( Backdoor.Multi.ZAccess.gen ) - skipped by user
06:10:27.0603 3764 srservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
06:10:27.0603 3764 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
06:10:27.0603 3764 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:10:27.0619 3764 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
06:10:27.0619 3764 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:10:27.0619 3764 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
06:10:27.0619 3764 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:10:27.0619 3764 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
06:10:27.0619 3764 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:06:50.0491 2876 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
06:06:50.0834 2876 ============================================================
06:06:50.0834 2876 Current date / time: 2012/06/19 06:06:50.0834
06:06:50.0834 2876 SystemInfo:
06:06:50.0834 2876
06:06:50.0834 2876 OS Version: 6.1.7601 ServicePack: 1.0
06:06:50.0834 2876 Product type: Workstation
06:06:50.0834 2876 ComputerName: JM-HTPC
06:06:50.0834 2876 UserName: JM
06:06:50.0834 2876 Windows directory: C:\Windows
06:06:50.0834 2876 System windows directory: C:\Windows
06:06:50.0834 2876 Processor architecture: Intel x86
06:06:50.0834 2876 Number of processors: 2
06:06:50.0834 2876 Page size: 0x1000
06:06:50.0834 2876 Boot type: Normal boot
06:06:50.0834 2876 ============================================================
06:06:53.0006 2876 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:06:53.0022 2876 ============================================================
06:06:53.0022 2876 \Device\Harddisk0\DR0:
06:06:53.0022 2876 MBR partitions:
06:06:53.0022 2876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
06:06:53.0022 2876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
06:06:53.0022 2876 ============================================================
06:06:53.0038 2876 C: <-> \Device\Harddisk0\DR0\Partition1
06:06:53.0038 2876 ============================================================
06:06:53.0038 2876 Initialize success
06:06:53.0038 2876 ============================================================
06:08:29.0447 3752 ============================================================
06:08:29.0447 3752 Scan started
06:08:29.0447 3752 Mode: Manual; SigCheck; TDLFS;
06:08:29.0447 3752 ============================================================
06:08:30.0994 3752 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
06:08:31.0181 3752 1394ohci - ok
06:08:31.0306 3752 602XML Updater (f11d68e40ed62fdb7c460c445f1ec4e5) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
06:08:31.0337 3752 602XML Updater - ok
06:08:31.0400 3752 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
06:08:31.0431 3752 ACPI - ok
06:08:31.0462 3752 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
06:08:31.0572 3752 AcpiPmi - ok
06:08:31.0744 3752 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:08:31.0822 3752 AdobeFlashPlayerUpdateSvc - ok
06:08:31.0853 3752 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
06:08:31.0900 3752 adp94xx - ok
06:08:31.0931 3752 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
06:08:31.0962 3752 adpahci - ok
06:08:31.0994 3752 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
06:08:32.0025 3752 adpu320 - ok
06:08:32.0072 3752 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
06:08:32.0166 3752 AeLookupSvc - ok
06:08:32.0228 3752 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
06:08:32.0275 3752 AFD - ok
06:08:32.0322 3752 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
06:08:32.0337 3752 agp440 - ok
06:08:32.0400 3752 aic78u2 - ok
06:08:32.0431 3752 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
06:08:32.0462 3752 aic78xx - ok
06:08:32.0494 3752 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
06:08:32.0556 3752 ALG - ok
06:08:32.0572 3752 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
06:08:32.0587 3752 aliide - ok
06:08:32.0634 3752 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
06:08:32.0650 3752 amdagp - ok
06:08:32.0728 3752 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
06:08:32.0744 3752 amdide - ok
06:08:32.0775 3752 amdk77 - ok
06:08:32.0806 3752 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
06:08:32.0853 3752 AmdK8 - ok
06:08:32.0853 3752 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
06:08:32.0900 3752 AmdPPM - ok
06:08:32.0931 3752 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
06:08:32.0962 3752 amdsata - ok
06:08:32.0978 3752 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
06:08:33.0009 3752 amdsbs - ok
06:08:33.0025 3752 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
06:08:33.0041 3752 amdxata - ok
06:08:33.0103 3752 AppHostSvc (d1af38fbac0dc7e6d796b0ed01707ee0) C:\Windows\system32\inetsrv\apphostsvc.dll
06:08:33.0181 3752 AppHostSvc - ok
06:08:33.0212 3752 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
06:08:33.0384 3752 AppID - ok
06:08:33.0416 3752 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
06:08:33.0478 3752 AppIDSvc - ok
06:08:33.0509 3752 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
06:08:33.0572 3752 Appinfo - ok
06:08:33.0603 3752 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
06:08:33.0759 3752 AppMgmt - ok
06:08:33.0806 3752 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
06:08:33.0822 3752 arc - ok
06:08:33.0837 3752 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
06:08:33.0853 3752 arcsas - ok
06:08:33.0884 3752 askernel - ok
06:08:33.0916 3752 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
06:08:34.0041 3752 AsyncMac - ok
06:08:34.0087 3752 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
06:08:34.0103 3752 atapi - ok
06:08:34.0150 3752 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
06:08:34.0228 3752 AudioEndpointBuilder - ok
06:08:34.0244 3752 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
06:08:34.0291 3752 Audiosrv - ok
06:08:34.0322 3752 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
06:08:34.0400 3752 AxInstSV - ok
06:08:34.0462 3752 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
06:08:34.0541 3752 b06bdrv - ok
06:08:34.0572 3752 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
06:08:34.0619 3752 b57nd60x - ok
06:08:34.0697 3752 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
06:08:34.0775 3752 BDESVC - ok
06:08:34.0791 3752 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
06:08:34.0853 3752 Beep - ok
06:08:34.0916 3752 besclient - ok
06:08:34.0994 3752 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
06:08:35.0072 3752 BITS - ok
06:08:35.0103 3752 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
06:08:35.0134 3752 blbdrive - ok
06:08:35.0166 3752 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
06:08:35.0228 3752 bowser - ok
06:08:35.0244 3752 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:08:35.0322 3752 BrFiltLo - ok
06:08:35.0337 3752 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:08:35.0384 3752 BrFiltUp - ok
06:08:35.0416 3752 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
06:08:35.0478 3752 Browser - ok
06:08:35.0509 3752 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
06:08:35.0556 3752 Brserid - ok
06:08:35.0587 3752 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
06:08:35.0634 3752 BrSerWdm - ok
06:08:35.0744 3752 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:08:35.0791 3752 BrUsbMdm - ok
06:08:35.0822 3752 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
06:08:35.0853 3752 BrUsbSer - ok
06:08:35.0884 3752 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
06:08:35.0931 3752 BTHMODEM - ok
06:08:35.0978 3752 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
06:08:36.0041 3752 bthserv - ok
06:08:36.0056 3752 CdaC15BA - ok
06:08:36.0087 3752 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
06:08:36.0134 3752 cdfs - ok
06:08:36.0181 3752 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
06:08:36.0228 3752 cdrom - ok
06:08:36.0259 3752 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
06:08:36.0322 3752 CertPropSvc - ok
06:08:36.0353 3752 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
06:08:36.0369 3752 circlass - ok
06:08:36.0416 3752 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\Windows\system32\DRIVERS\cledx.sys
06:08:36.0431 3752 CLEDX ( UnsignedFile.Multi.Generic ) - warning
06:08:36.0431 3752 CLEDX - detected UnsignedFile.Multi.Generic (1)
06:08:36.0478 3752 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
06:08:36.0494 3752 CLFS - ok
06:08:36.0587 3752 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:08:36.0650 3752 clr_optimization_v2.0.50727_32 - ok
06:08:36.0900 3752 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:08:36.0947 3752 clr_optimization_v4.0.30319_32 - ok
06:08:36.0978 3752 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
06:08:37.0025 3752 CmBatt - ok
06:08:37.0072 3752 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
06:08:37.0087 3752 cmdide - ok
06:08:37.0150 3752 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
06:08:37.0181 3752 CNG - ok
06:08:37.0212 3752 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
06:08:37.0228 3752 Compbatt - ok
06:08:37.0275 3752 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
06:08:37.0322 3752 CompositeBus - ok
06:08:37.0322 3752 COMSysApp - ok
06:08:37.0416 3752 cpuz135 - ok
06:08:37.0462 3752 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
06:08:37.0478 3752 crcdisk - ok
06:08:37.0525 3752 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
06:08:37.0572 3752 CryptSvc - ok
06:08:37.0619 3752 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
06:08:37.0759 3752 CSC - ok
06:08:37.0822 3752 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
06:08:37.0869 3752 CscService - ok
06:08:37.0916 3752 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
06:08:37.0962 3752 DcomLaunch - ok
06:08:38.0009 3752 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
06:08:38.0072 3752 defragsvc - ok
06:08:38.0134 3752 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
06:08:38.0212 3752 DfsC - ok
06:08:38.0275 3752 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
06:08:38.0322 3752 Dhcp - ok
06:08:38.0369 3752 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
06:08:38.0416 3752 discache - ok
06:08:38.0447 3752 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
06:08:38.0462 3752 Disk - ok
06:08:38.0525 3752 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
06:08:38.0587 3752 Dnscache - ok
06:08:38.0650 3752 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
06:08:38.0791 3752 dot3svc - ok
06:08:38.0822 3752 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
06:08:38.0884 3752 DPS - ok
06:08:38.0931 3752 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
06:08:38.0962 3752 drmkaud - ok
06:08:39.0025 3752 dtsoftbus01 (cb400d7327ded85a397812d2af8e7b01) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
06:08:39.0025 3752 Suspicious file (Forged): C:\Windows\system32\DRIVERS\dtsoftbus01.sys. Real md5: cb400d7327ded85a397812d2af8e7b01, Fake md5: 687af6bb383885ff6a64071b189a7f3e
06:08:39.0025 3752 dtsoftbus01 ( Virus.Win32.ZAccess.c ) - infected
06:08:39.0025 3752 dtsoftbus01 - detected Virus.Win32.ZAccess.c (0)
06:08:39.0119 3752 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
06:08:39.0150 3752 DXGKrnl - ok
06:08:39.0181 3752 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
06:08:39.0228 3752 e1express - ok
06:08:39.0275 3752 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
06:08:39.0337 3752 EapHost - ok
06:08:39.0587 3752 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
06:08:39.0728 3752 ebdrv - ok
06:08:39.0869 3752 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
06:08:39.0916 3752 EFS - ok
06:08:39.0994 3752 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
06:08:40.0087 3752 ehRecvr - ok
06:08:40.0119 3752 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
06:08:40.0181 3752 ehSched - ok
06:08:40.0244 3752 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
06:08:40.0291 3752 elxstor - ok
06:08:40.0337 3752 emitray - ok
06:08:40.0384 3752 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
06:08:40.0416 3752 ErrDev - ok
06:08:40.0478 3752 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
06:08:40.0541 3752 EventSystem - ok
06:08:40.0572 3752 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
06:08:40.0650 3752 exfat - ok
06:08:40.0728 3752 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
06:08:40.0791 3752 fastfat - ok
06:08:40.0869 3752 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
06:08:40.0931 3752 Fax - ok
06:08:40.0962 3752 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
06:08:41.0009 3752 fdc - ok
06:08:41.0041 3752 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
06:08:41.0103 3752 fdPHost - ok
06:08:41.0119 3752 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
06:08:41.0181 3752 FDResPub - ok
06:08:41.0212 3752 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
06:08:41.0228 3752 FileInfo - ok
06:08:41.0259 3752 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
06:08:41.0291 3752 Filetrace - ok
06:08:41.0431 3752 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:08:41.0478 3752 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
06:08:41.0478 3752 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
06:08:41.0509 3752 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
06:08:41.0541 3752 flpydisk - ok
06:08:41.0587 3752 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
06:08:41.0603 3752 FltMgr - ok
06:08:41.0994 3752 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
06:08:42.0072 3752 FontCache - ok
06:08:42.0181 3752 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
06:08:42.0197 3752 FontCache3.0.0.0 - ok
06:08:42.0228 3752 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
06:08:42.0244 3752 FsDepends - ok
06:08:42.0291 3752 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
06:08:42.0306 3752 Fs_Rec - ok
06:08:42.0353 3752 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
06:08:42.0369 3752 fvevol - ok
06:08:42.0416 3752 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
06:08:42.0431 3752 gagp30kx - ok
06:08:42.0462 3752 GENERICDRV - ok
06:08:42.0541 3752 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
06:08:42.0619 3752 gpsvc - ok
06:08:42.0681 3752 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
06:08:42.0759 3752 hcw85cir - ok
06:08:42.0822 3752 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
06:08:42.0869 3752 HdAudAddService - ok
06:08:42.0900 3752 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
06:08:42.0931 3752 HDAudBus - ok
06:08:42.0962 3752 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
06:08:43.0009 3752 HidBatt - ok
06:08:43.0041 3752 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
06:08:43.0072 3752 HidBth - ok
06:08:43.0103 3752 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
06:08:43.0134 3752 HidIr - ok
06:08:43.0166 3752 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
06:08:43.0228 3752 hidserv - ok
06:08:43.0259 3752 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
06:08:43.0291 3752 HidUsb - ok
06:08:43.0337 3752 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
06:08:43.0369 3752 hkmsvc - ok
06:08:43.0416 3752 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
06:08:43.0478 3752 HomeGroupListener - ok
06:08:43.0525 3752 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
06:08:43.0587 3752 HomeGroupProvider - ok
06:08:43.0619 3752 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
06:08:43.0634 3752 HpSAMD - ok
06:08:43.0728 3752 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
06:08:43.0791 3752 HTTP - ok
06:08:43.0822 3752 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
06:08:43.0837 3752 hwpolicy - ok
06:08:43.0869 3752 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
06:08:43.0916 3752 i8042prt - ok
06:08:43.0916 3752 iam - ok
06:08:43.0978 3752 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
06:08:43.0994 3752 iaStorV - ok
06:08:44.0150 3752 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:08:44.0212 3752 idsvc - ok
06:08:44.0587 3752 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
06:08:44.0806 3752 igfx - ok
06:08:44.0931 3752 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
06:08:44.0947 3752 iirsp - ok
06:08:45.0025 3752 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
06:08:45.0087 3752 IKEEXT - ok
06:08:45.0150 3752 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
06:08:45.0166 3752 intelide - ok
06:08:45.0181 3752 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
06:08:45.0212 3752 intelppm - ok
06:08:45.0259 3752 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
06:08:45.0322 3752 IPBusEnum - ok
06:08:45.0353 3752 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:08:45.0384 3752 IpFilterDriver - ok
06:08:45.0462 3752 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
06:08:45.0494 3752 IPMIDRV - ok
06:08:45.0509 3752 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
06:08:45.0572 3752 IPNAT - ok
06:08:45.0587 3752 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
06:08:45.0634 3752 IRENUM - ok
06:08:45.0744 3752 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
06:08:45.0775 3752 isapnp - ok
06:08:45.0822 3752 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
06:08:45.0853 3752 iScsiPrt - ok
06:08:45.0884 3752 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
06:08:45.0900 3752 kbdclass - ok
06:08:45.0931 3752 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
06:08:45.0962 3752 kbdhid - ok
06:08:45.0994 3752 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
06:08:46.0025 3752 KeyIso - ok
06:08:46.0041 3752 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
06:08:46.0056 3752 KSecDD - ok
06:08:46.0087 3752 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
06:08:46.0103 3752 KSecPkg - ok
06:08:46.0150 3752 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
06:08:46.0212 3752 KtmRm - ok
06:08:46.0259 3752 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
06:08:46.0322 3752 LanmanServer - ok
06:08:46.0369 3752 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
06:08:46.0431 3752 LanmanWorkstation - ok
06:08:46.0462 3752 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
06:08:46.0525 3752 lltdio - ok
06:08:46.0572 3752 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
06:08:46.0634 3752 lltdsvc - ok
06:08:46.0712 3752 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
06:08:46.0775 3752 lmhosts - ok
06:08:46.0806 3752 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
06:08:46.0822 3752 LSI_FC - ok
06:08:46.0837 3752 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
06:08:46.0869 3752 LSI_SAS - ok
06:08:46.0884 3752 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:08:46.0900 3752 LSI_SAS2 - ok
06:08:46.0916 3752 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:08:46.0931 3752 LSI_SCSI - ok
06:08:46.0962 3752 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
06:08:47.0009 3752 luafv - ok
06:08:47.0056 3752 MAFW (c1d028531ed173ff164f660ff03eb090) C:\Windows\system32\DRIVERS\mafw.sys
06:08:47.0087 3752 MAFW - ok
06:08:47.0150 3752 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
06:08:47.0166 3752 MBAMProtector - ok
06:08:47.0306 3752 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
06:08:47.0369 3752 MBAMService - ok
06:08:47.0416 3752 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
06:08:47.0447 3752 Mcx2Svc - ok
06:08:47.0478 3752 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
06:08:47.0494 3752 megasas - ok
06:08:47.0525 3752 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
06:08:47.0556 3752 MegaSR - ok
06:08:47.0587 3752 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
06:08:47.0634 3752 MMCSS - ok
06:08:47.0712 3752 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
06:08:47.0791 3752 Modem - ok
06:08:47.0791 3752 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
06:08:47.0837 3752 monitor - ok
06:08:47.0869 3752 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
06:08:47.0884 3752 mouclass - ok
06:08:47.0916 3752 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
06:08:47.0947 3752 mouhid - ok
06:08:47.0978 3752 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
06:08:48.0009 3752 mountmgr - ok
06:08:48.0056 3752 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
06:08:48.0072 3752 mpio - ok
06:08:48.0103 3752 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
06:08:48.0150 3752 mpsdrv - ok
06:08:48.0197 3752 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
06:08:48.0228 3752 MRxDAV - ok
06:08:48.0259 3752 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:08:48.0322 3752 mrxsmb - ok
06:08:48.0337 3752 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:08:48.0369 3752 mrxsmb10 - ok
06:08:48.0400 3752 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:08:48.0416 3752 mrxsmb20 - ok
06:08:48.0462 3752 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
06:08:48.0478 3752 msahci - ok
06:08:48.0494 3752 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
06:08:48.0525 3752 msdsm - ok
06:08:48.0572 3752 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
06:08:48.0619 3752 MSDTC - ok
06:08:48.0712 3752 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
06:08:48.0791 3752 Msfs - ok
06:08:48.0806 3752 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
06:08:48.0837 3752 mshidkmdf - ok
06:08:48.0900 3752 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
06:08:48.0916 3752 msisadrv - ok
06:08:48.0947 3752 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
06:08:49.0025 3752 MSiSCSI - ok
06:08:49.0025 3752 msiserver - ok
06:08:49.0056 3752 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
06:08:49.0119 3752 MSKSSRV - ok
06:08:49.0134 3752 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
06:08:49.0197 3752 MSPCLOCK - ok
06:08:49.0228 3752 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
06:08:49.0259 3752 MSPQM - ok
06:08:49.0291 3752 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
06:08:49.0306 3752 MsRPC - ok
06:08:49.0337 3752 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
06:08:49.0353 3752 mssmbios - ok
06:08:49.0384 3752 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
06:08:49.0431 3752 MSTEE - ok
06:08:49.0431 3752 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
06:08:49.0462 3752 MTConfig - ok
06:08:49.0478 3752 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
06:08:49.0509 3752 Mup - ok
06:08:49.0556 3752 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
06:08:49.0634 3752 napagent - ok
06:08:49.0744 3752 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
06:08:49.0822 3752 NativeWifiP - ok
06:08:49.0978 3752 NAUpdate (0a053f378b53e2a467a852119f91abe1) C:\Program Files\Nero\Update\NASvc.exe
06:08:50.0009 3752 NAUpdate - ok
06:08:50.0087 3752 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
06:08:50.0150 3752 NDIS - ok
06:08:50.0181 3752 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
06:08:50.0244 3752 NdisCap - ok
06:08:50.0259 3752 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
06:08:50.0306 3752 NdisTapi - ok
06:08:50.0337 3752 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
06:08:50.0384 3752 Ndisuio - ok
06:08:50.0431 3752 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
06:08:50.0478 3752 NdisWan - ok
06:08:50.0509 3752 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
06:08:50.0572 3752 NDProxy - ok
06:08:50.0587 3752 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
06:08:50.0650 3752 NetBIOS - ok
06:08:50.0728 3752 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
06:08:50.0791 3752 NetBT - ok
06:08:50.0822 3752 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
06:08:50.0837 3752 Netlogon - ok
06:08:50.0884 3752 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
06:08:50.0931 3752 Netman - ok
06:08:51.0041 3752 NetMsmqActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:08:51.0072 3752 NetMsmqActivator - ok
06:08:51.0072 3752 NetPipeActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:08:51.0087 3752 NetPipeActivator - ok
06:08:51.0119 3752 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
06:08:51.0197 3752 netprofm - ok
06:08:51.0259 3752 netr28u (7a60cde3a17a9a2757591e6bc63b9e9a) C:\Windows\system32\DRIVERS\netr28u.sys
06:08:51.0337 3752 netr28u - ok
06:08:51.0337 3752 NetTcpActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:08:51.0369 3752 NetTcpActivator - ok
06:08:51.0369 3752 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:08:51.0384 3752 NetTcpPortSharing - ok
06:08:51.0416 3752 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
06:08:51.0431 3752 nfrd960 - ok
06:08:51.0462 3752 ni_nic - ok
06:08:51.0509 3752 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
06:08:51.0587 3752 NlaSvc - ok
06:08:51.0603 3752 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
06:08:51.0650 3752 Npfs - ok
06:08:51.0744 3752 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
06:08:51.0791 3752 nsi - ok
06:08:51.0822 3752 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
06:08:51.0869 3752 nsiproxy - ok
06:08:51.0884 3752 Nsynas32 - ok
06:08:52.0025 3752 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
06:08:52.0103 3752 Ntfs - ok
06:08:52.0134 3752 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
06:08:52.0166 3752 Null - ok
06:08:52.0228 3752 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
06:08:52.0244 3752 nvraid - ok
06:08:52.0291 3752 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
06:08:52.0306 3752 nvstor - ok
06:08:52.0337 3752 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
06:08:52.0353 3752 nv_agp - ok
06:08:52.0509 3752 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:08:52.0556 3752 odserv - ok
06:08:52.0587 3752 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
06:08:52.0634 3752 ohci1394 - ok
06:08:52.0759 3752 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:08:52.0791 3752 ose - ok
06:08:52.0837 3752 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
06:08:52.0869 3752 p2pimsvc - ok
06:08:52.0947 3752 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
06:08:52.0978 3752 p2psvc - ok
06:08:53.0212 3752 PaceLicenseDServices (673e36852e2f9fa778d5d3ddcefa591b) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
06:08:53.0322 3752 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - warning
06:08:53.0322 3752 PaceLicenseDServices - detected UnsignedFile.Multi.Generic (1)
06:08:53.0478 3752 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
06:08:53.0494 3752 Parport - ok
06:08:53.0541 3752 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
06:08:53.0556 3752 partmgr - ok
06:08:53.0572 3752 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
06:08:53.0587 3752 Parvdm - ok
06:08:53.0619 3752 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
06:08:53.0650 3752 PcaSvc - ok
06:08:53.0775 3752 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
06:08:53.0806 3752 pci - ok
06:08:53.0822 3752 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
06:08:53.0837 3752 pciide - ok
06:08:53.0869 3752 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
06:08:53.0900 3752 pcmcia - ok
06:08:53.0931 3752 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
06:08:53.0947 3752 pcw - ok
06:08:53.0947 3752 pdiddcci - ok
06:08:54.0009 3752 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
06:08:54.0072 3752 PEAUTH - ok
06:08:54.0181 3752 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
06:08:54.0244 3752 PeerDistSvc - ok
06:08:54.0384 3752 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
06:08:54.0494 3752 pla - ok
06:08:54.0728 3752 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
06:08:54.0791 3752 PlugPlay - ok
06:08:54.0837 3752 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
06:08:54.0853 3752 PNRPAutoReg - ok
06:08:54.0884 3752 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
06:08:54.0916 3752 PNRPsvc - ok
06:08:54.0978 3752 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
06:08:55.0041 3752 PolicyAgent - ok
06:08:55.0087 3752 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
06:08:55.0119 3752 Power - ok
06:08:55.0181 3752 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
06:08:55.0244 3752 PptpMiniport - ok
06:08:55.0259 3752 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
06:08:55.0306 3752 Processor - ok
06:08:55.0353 3752 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
06:08:55.0416 3752 ProfSvc - ok
06:08:55.0462 3752 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
06:08:55.0478 3752 ProtectedStorage - ok
06:08:55.0494 3752 ps2 - ok
06:08:55.0525 3752 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
06:08:55.0572 3752 Psched - ok
06:08:55.0603 3752 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
06:08:55.0619 3752 PxHelp20 - ok
06:08:55.0775 3752 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
06:08:55.0837 3752 ql2300 - ok
06:08:55.0978 3752 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
06:08:55.0994 3752 ql40xx - ok
06:08:56.0025 3752 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
06:08:56.0072 3752 QWAVE - ok
06:08:56.0087 3752 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
06:08:56.0119 3752 QWAVEdrv - ok
06:08:56.0134 3752 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
06:08:56.0181 3752 RasAcd - ok
06:08:56.0212 3752 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
06:08:56.0259 3752 RasAgileVpn - ok
06:08:56.0275 3752 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
06:08:56.0337 3752 RasAuto - ok
06:08:56.0369 3752 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:08:56.0416 3752 Rasl2tp - ok
06:08:56.0478 3752 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
06:08:56.0541 3752 RasMan - ok
06:08:56.0572 3752 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
06:08:56.0603 3752 RasPppoe - ok
06:08:56.0619 3752 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
06:08:56.0681 3752 RasSstp - ok
06:08:56.0728 3752 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
06:08:56.0791 3752 rdbss - ok
06:08:56.0822 3752 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
06:08:56.0869 3752 rdpbus - ok
06:08:56.0900 3752 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:08:56.0962 3752 RDPCDD - ok
06:08:56.0994 3752 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
06:08:57.0119 3752 RDPDR - ok
06:08:57.0150 3752 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
06:08:57.0228 3752 RDPENCDD - ok
06:08:57.0275 3752 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
06:08:57.0306 3752 RDPREFMP - ok
06:08:57.0384 3752 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
06:08:57.0431 3752 RdpVideoMiniport - ok
06:08:57.0462 3752 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
06:08:57.0525 3752 RDPWD - ok
06:08:57.0587 3752 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
06:08:57.0603 3752 rdyboost - ok
06:08:57.0697 3752 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
06:08:57.0759 3752 RemoteAccess - ok
06:08:57.0806 3752 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
06:08:57.0900 3752 RemoteRegistry - ok
06:08:57.0916 3752 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
06:08:57.0994 3752 RpcEptMapper - ok
06:08:58.0025 3752 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
06:08:58.0056 3752 RpcLocator - ok
06:08:58.0103 3752 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
06:08:58.0150 3752 RpcSs - ok
06:08:58.0197 3752 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
06:08:58.0259 3752 rspndr - ok
06:08:58.0291 3752 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
06:08:58.0353 3752 s3cap - ok
06:08:58.0369 3752 SaiClass - ok
06:08:58.0416 3752 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
06:08:58.0431 3752 SamSs - ok
06:08:58.0494 3752 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
06:08:58.0525 3752 sbp2port - ok
06:08:58.0572 3752 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
06:08:58.0650 3752 SCardSvr - ok
06:08:58.0712 3752 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
06:08:58.0759 3752 scfilter - ok
06:08:58.0837 3752 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
06:08:58.0916 3752 Schedule - ok
06:08:58.0947 3752 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
06:08:58.0978 3752 SCPolicySvc - ok
06:08:59.0025 3752 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
06:08:59.0103 3752 SDRSVC - ok
06:08:59.0150 3752 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
06:08:59.0181 3752 secdrv - ok
06:08:59.0212 3752 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
06:08:59.0275 3752 seclogon - ok
06:08:59.0291 3752 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
06:08:59.0353 3752 SENS - ok
06:08:59.0384 3752 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
06:08:59.0431 3752 SensrSvc - ok
06:08:59.0447 3752 SeratoUsb - ok
06:08:59.0478 3752 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
06:08:59.0494 3752 Serenum - ok
06:08:59.0525 3752 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
06:08:59.0556 3752 Serial - ok
06:08:59.0603 3752 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
06:08:59.0634 3752 sermouse - ok
06:08:59.0712 3752 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
06:08:59.0775 3752 SessionEnv - ok
06:08:59.0822 3752 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
06:08:59.0853 3752 sffdisk - ok
06:08:59.0869 3752 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
06:08:59.0884 3752 sffp_mmc - ok
06:08:59.0900 3752 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
06:08:59.0931 3752 sffp_sd - ok
06:08:59.0962 3752 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
06:08:59.0994 3752 sfloppy - ok
06:09:00.0056 3752 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
06:09:00.0103 3752 SharedAccess - ok
06:09:00.0166 3752 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
06:09:00.0244 3752 ShellHWDetection - ok
06:09:00.0275 3752 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
06:09:00.0306 3752 sisagp - ok
06:09:00.0322 3752 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:09:00.0353 3752 SiSRaid2 - ok
06:09:00.0369 3752 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
06:09:00.0384 3752 SiSRaid4 - ok
06:09:00.0400 3752 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
06:09:00.0447 3752 Smb - ok
06:09:00.0494 3752 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
06:09:00.0509 3752 SNMPTRAP - ok
06:09:00.0525 3752 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
06:09:00.0541 3752 spldr - ok
06:09:00.0587 3752 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
06:09:00.0666 3752 Spooler - ok
06:09:00.0869 3752 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
06:09:01.0056 3752 sppsvc - ok
06:09:01.0181 3752 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
06:09:01.0259 3752 sppuinotify - ok
06:09:01.0275 3752 SQTECH9080 - ok
06:09:01.0353 3752 srservice (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\upsmonservice.dll
06:09:01.0353 3752 srservice ( Backdoor.Multi.ZAccess.gen ) - infected
06:09:01.0353 3752 srservice - detected Backdoor.Multi.ZAccess.gen (0)
06:09:01.0431 3752 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
06:09:01.0509 3752 srv - ok
06:09:01.0556 3752 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
06:09:01.0603 3752 srv2 - ok
06:09:01.0634 3752 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
06:09:01.0681 3752 srvnet - ok
06:09:01.0759 3752 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
06:09:01.0806 3752 SSDPSRV - ok
06:09:01.0837 3752 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
06:09:01.0900 3752 SstpSvc - ok
06:09:01.0947 3752 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
06:09:01.0962 3752 stexstor - ok
06:09:02.0025 3752 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
06:09:02.0087 3752 StiSvc - ok
06:09:02.0119 3752 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
06:09:02.0134 3752 storflt - ok
06:09:02.0166 3752 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
06:09:02.0181 3752 storvsc - ok
06:09:02.0212 3752 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
06:09:02.0228 3752 swenum - ok
06:09:02.0400 3752 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
06:09:02.0462 3752 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
06:09:02.0462 3752 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
06:09:02.0509 3752 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
06:09:02.0587 3752 swprv - ok
06:09:02.0603 3752 Synth3dVsc - ok
06:09:02.0791 3752 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
06:09:02.0853 3752 SysMain - ok
06:09:02.0900 3752 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
06:09:02.0947 3752 TabletInputService - ok
06:09:02.0994 3752 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
06:09:03.0041 3752 TapiSrv - ok
06:09:03.0103 3752 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
06:09:03.0134 3752 TBS - ok
06:09:03.0166 3752 TClass2k - ok
06:09:03.0337 3752 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
06:09:03.0400 3752 Tcpip - ok
06:09:03.0431 3752 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
06:09:03.0478 3752 TCPIP6 - ok
06:09:03.0603 3752 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
06:09:03.0650 3752 tcpipreg - ok
06:09:03.0712 3752 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
06:09:03.0759 3752 TDPIPE - ok
06:09:03.0806 3752 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
06:09:03.0869 3752 TDTCP - ok
06:09:03.0916 3752 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
06:09:03.0962 3752 tdx - ok
06:09:04.0009 3752 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
06:09:04.0025 3752 TermDD - ok
06:09:04.0087 3752 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
06:09:04.0150 3752 TermService - ok
06:09:04.0197 3752 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
06:09:04.0244 3752 Themes - ok
06:09:04.0259 3752 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
06:09:04.0306 3752 THREADORDER - ok
06:09:04.0353 3752 TPkd (e830cda96b3c43971874c3bee2d0bb18) C:\Windows\system32\drivers\TPkd.sys
06:09:04.0369 3752 TPkd - ok
06:09:04.0384 3752 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
06:09:04.0447 3752 TrkWks - ok
06:09:04.0541 3752 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
06:09:04.0619 3752 TrustedInstaller - ok
06:09:04.0666 3752 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:09:04.0744 3752 tssecsrv - ok
06:09:04.0791 3752 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
06:09:04.0822 3752 TsUsbFlt - ok
06:09:04.0822 3752 tsusbhub - ok
06:09:04.0869 3752 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
06:09:04.0916 3752 tunnel - ok
06:09:04.0947 3752 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
06:09:04.0962 3752 uagp35 - ok
06:09:05.0025 3752 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
06:09:05.0087 3752 udfs - ok
06:09:05.0134 3752 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
06:09:05.0166 3752 UI0Detect - ok
06:09:05.0244 3752 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
06:09:05.0259 3752 uliagpkx - ok
06:09:05.0306 3752 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
06:09:05.0353 3752 umbus - ok
06:09:05.0369 3752 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
06:09:05.0416 3752 UmPass - ok
06:09:05.0462 3752 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
06:09:05.0509 3752 UmRdpService - ok
06:09:05.0556 3752 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
06:09:05.0619 3752 upnphost - ok
06:09:05.0712 3752 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
06:09:05.0775 3752 usbccgp - ok
06:09:05.0822 3752 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
06:09:05.0837 3752 usbcir - ok
06:09:05.0853 3752 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
06:09:05.0869 3752 usbehci - ok
06:09:05.0916 3752 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
06:09:05.0947 3752 usbhub - ok
06:09:05.0978 3752 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
06:09:06.0009 3752 usbohci - ok
06:09:06.0041 3752 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
06:09:06.0056 3752 usbprint - ok
06:09:06.0103 3752 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
06:09:06.0166 3752 USBSTOR - ok
06:09:06.0197 3752 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
06:09:06.0212 3752 usbuhci - ok
06:09:06.0259 3752 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
06:09:06.0291 3752 usbvideo - ok
06:09:06.0337 3752 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
06:09:06.0400 3752 UxSms - ok
06:09:06.0431 3752 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
06:09:06.0462 3752 VaultSvc - ok
06:09:06.0494 3752 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
06:09:06.0509 3752 vdrvroot - ok
06:09:06.0572 3752 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
06:09:06.0650 3752 vds - ok
06:09:06.0728 3752 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
06:09:06.0775 3752 vga - ok
06:09:06.0806 3752 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
06:09:06.0837 3752 VgaSave - ok
06:09:06.0853 3752 VGPU - ok
06:09:06.0916 3752 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
06:09:06.0931 3752 vhdmp - ok
06:09:06.0978 3752 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
06:09:06.0994 3752 viaagp - ok
06:09:07.0025 3752 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
06:09:07.0056 3752 ViaC7 - ok
06:09:07.0072 3752 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
06:09:07.0103 3752 viaide - ok
06:09:07.0134 3752 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
06:09:07.0150 3752 vmbus - ok
06:09:07.0181 3752 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
06:09:07.0212 3752 VMBusHID - ok
06:09:07.0244 3752 vmodem - ok
06:09:07.0259 3752 vmx86 - ok
06:09:07.0306 3752 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
06:09:07.0322 3752 volmgr - ok
06:09:07.0369 3752 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
06:09:07.0384 3752 volmgrx - ok
06:09:07.0431 3752 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
06:09:07.0462 3752 volsnap - ok
06:09:07.0478 3752 VRcore - ok
06:09:07.0525 3752 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
06:09:07.0572 3752 vsmraid - ok
06:09:07.0697 3752 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
06:09:07.0791 3752 VSS - ok
06:09:07.0822 3752 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
06:09:07.0853 3752 vwifibus - ok
06:09:07.0900 3752 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
06:09:07.0962 3752 W32Time - ok
06:09:08.0056 3752 W3SVC (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
06:09:08.0087 3752 W3SVC - ok
06:09:08.0134 3752 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
06:09:08.0166 3752 WacomPen - ok
06:09:08.0197 3752 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
06:09:08.0244 3752 WANARP - ok
06:09:08.0244 3752 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
06:09:08.0291 3752 Wanarpv6 - ok
06:09:08.0306 3752 WAS (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
06:09:08.0322 3752 WAS - ok
06:09:08.0525 3752 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
06:09:08.0603 3752 WatAdminSvc - ok
06:09:08.0744 3752 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
06:09:08.0822 3752 wbengine - ok
06:09:08.0853 3752 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
06:09:08.0916 3752 WbioSrvc - ok
06:09:08.0978 3752 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
06:09:09.0025 3752 wcncsvc - ok
06:09:09.0041 3752 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
06:09:09.0119 3752 WcsPlugInService - ok
06:09:09.0181 3752 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
06:09:09.0197 3752 Wd - ok
06:09:09.0244 3752 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
06:09:09.0259 3752 WDC_SAM - ok
06:09:09.0416 3752 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
06:09:09.0431 3752 WDDMService ( UnsignedFile.Multi.Generic ) - warning
06:09:09.0431 3752 WDDMService - detected UnsignedFile.Multi.Generic (1)
06:09:09.0478 3752 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
06:09:09.0509 3752 Wdf01000 - ok
06:09:09.0806 3752 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
06:09:09.0884 3752 WDFME ( UnsignedFile.Multi.Generic ) - warning
06:09:09.0884 3752 WDFME - detected UnsignedFile.Multi.Generic (1)
06:09:10.0025 3752 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
06:09:10.0166 3752 WdiServiceHost - ok
06:09:10.0166 3752 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
06:09:10.0197 3752 WdiSystemHost - ok
06:09:10.0275 3752 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
06:09:10.0291 3752 WDSC ( UnsignedFile.Multi.Generic ) - warning
06:09:10.0291 3752 WDSC - detected UnsignedFile.Multi.Generic (1)
06:09:10.0337 3752 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
06:09:10.0384 3752 WebClient - ok
06:09:10.0416 3752 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
06:09:10.0478 3752 Wecsvc - ok
06:09:10.0509 3752 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
06:09:10.0587 3752 wercplsupport - ok
06:09:10.0603 3752 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
06:09:10.0650 3752 WerSvc - ok
06:09:10.0759 3752 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
06:09:10.0837 3752 WfpLwf - ok
06:09:10.0853 3752 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
06:09:10.0869 3752 WIMMount - ok
06:09:10.0884 3752 WinHttpAutoProxySvc - ok
06:09:10.0962 3752 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
06:09:11.0041 3752 Winmgmt - ok
06:09:11.0134 3752 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
06:09:11.0228 3752 WinRM - ok
06:09:11.0322 3752 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
06:09:11.0353 3752 WinUsb - ok
06:09:11.0447 3752 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
06:09:11.0494 3752 Wlansvc - ok
06:09:11.0791 3752 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:09:11.0869 3752 wlidsvc - ok
06:09:12.0025 3752 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
06:09:12.0056 3752 WmiAcpi - ok
06:09:12.0150 3752 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
06:09:12.0197 3752 wmiApSrv - ok
06:09:12.0384 3752 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
06:09:12.0494 3752 WMPNetworkSvc - ok
06:09:12.0541 3752 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
06:09:12.0603 3752 WPCSvc - ok
06:09:12.0712 3752 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
06:09:12.0775 3752 WPDBusEnum - ok
06:09:12.0869 3752 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
06:09:12.0916 3752 ws2ifsl - ok
06:09:12.0931 3752 WSearch - ok
06:09:13.0103 3752 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
06:09:13.0181 3752 wuauserv - ok
06:09:13.0337 3752 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
06:09:13.0416 3752 WudfPf - ok
06:09:13.0447 3752 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:09:13.0525 3752 WUDFRd - ok
06:09:13.0556 3752 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
06:09:13.0603 3752 wudfsvc - ok
06:09:13.0681 3752 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
06:09:13.0728 3752 WwanSvc - ok
06:09:13.0853 3752 z525mgmt - ok
06:09:13.0994 3752 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:09:14.0619 3752 \Device\Harddisk0\DR0 - ok
06:09:14.0650 3752 Boot (0x1200) (124d45174c417519fdd75160baff0f30) \Device\Harddisk0\DR0\Partition0
06:09:14.0681 3752 \Device\Harddisk0\DR0\Partition0 - ok
06:09:14.0712 3752 Boot (0x1200) (62e00d822149baec080f985234d54873) \Device\Harddisk0\DR0\Partition1
06:09:14.0712 3752 \Device\Harddisk0\DR0\Partition1 - ok
06:09:14.0712 3752 ============================================================
06:09:14.0712 3752 Scan finished
06:09:14.0712 3752 ============================================================
06:09:14.0744 3764 Detected object count: 9
06:09:14.0744 3764 Actual detected object count: 9
06:10:27.0587 3764 CLEDX ( UnsignedFile.Multi.Generic ) - skipped by user
06:10:27.0587 3764 CLEDX ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:10:27.0587 3764 dtsoftbus01 ( Virus.Win32.ZAccess.c ) - skipped by user
06:10:27.0587 3764 dtsoftbus01 ( Virus.Win32.ZAccess.c ) - User select action: Skip
06:10:27.0587 3764 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
06:10:27.0587 3764 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:10:27.0603 3764 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - skipped by user
06:10:27.0603 3764 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:10:27.0603 3764 srservice ( Backdoor.Multi.ZAccess.gen ) - skipped by user
06:10:27.0603 3764 srservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
06:10:27.0603 3764 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
06:10:27.0603 3764 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:10:27.0619 3764 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
06:10:27.0619 3764 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:10:27.0619 3764 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
06:10:27.0619 3764 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:10:27.0619 3764 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
06:10:27.0619 3764 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
Re: Objeven jakýsi Rootkit.0Acces.H
Posílám oba logy. Cvičně jsem zkoušel Chrome a v pohodě. Trochu jsem se po ukončení práce combofixu lekl, že nešly spustit některé programy (třeba word) - prý odkazovaly na nějakou knihovnu určenou k odstranění, ale po restartu v pohodě...
ComboFix 12-06-19.01 - JM 19.06.2012 17:46:18.1.2 - x86
Spuštěný z: c:\users\JM\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB65161$\452322428\@
c:\windows\$NtUninstallKB65161$\452322428\cfg.ini
c:\windows\$NtUninstallKB65161$\452322428\Desktop.ini
c:\windows\$NtUninstallKB65161$\452322428\L\xadqgnnk
c:\windows\$NtUninstallKB65161$\452322428\oemid
c:\windows\$NtUninstallKB65161$\452322428\U\00000001.@
c:\windows\$NtUninstallKB65161$\452322428\U\00000002.@
c:\windows\$NtUninstallKB65161$\452322428\U\00000004.@
c:\windows\$NtUninstallKB65161$\452322428\U\80000000.@
c:\windows\$NtUninstallKB65161$\452322428\U\80000004.@
c:\windows\$NtUninstallKB65161$\452322428\U\80000032.@
c:\windows\$NtUninstallKB65161$\452322428\version
c:\windows\$NtUninstallKB65161$\742322041
c:\windows\system32\ADIDTSFiltService.dll
c:\windows\system32\agpcpq.dll
c:\windows\system32\bthidmgr.dll
c:\windows\system32\buslogic.dll
c:\windows\system32\CBN.dll
c:\windows\system32\CdaD10BA.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\Defrag32.dll
c:\windows\system32\ehrecvr.dll
c:\windows\system32\hcf_msft.dll
c:\windows\system32\iaimfp4.dll
c:\windows\system32\kpfwsvc.dll
c:\windows\system32\MSMQTriggers.dll
c:\windows\system32\Ndismeetro.dll
c:\windows\system32\oraclewebassistant.dll
c:\windows\system32\qcmerced.dll
c:\windows\system32\SE2Dmdfl.dll
c:\windows\system32\se59mdm.dll
c:\windows\system32\SrvcSSIOMngr.dll
c:\windows\system32\thinkpadmodemservice.dll
c:\windows\system32\upsmonservice.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-19 do 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 15:24 . 2012-06-19 15:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-19 04:29 . 2012-06-19 04:29 -------- d-----w- c:\programdata\Martau
2012-06-19 04:29 . 2012-06-19 04:31 -------- d-----w- c:\program files\Total-Uninstall-Professional-5.2.0
2012-06-18 06:17 . 2012-06-18 06:17 -------- d-----w- c:\windows\system32\EventProviders
2012-06-18 06:04 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-06-18 06:02 . 2010-11-20 12:36 1077248 ----a-w- c:\windows\system32\Narrator.exe
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-06-18 06:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-06-18 05:39 . 2012-06-18 05:39 -------- d-----w- c:\users\JM\AppData\Local\ElevatedDiagnostics
2012-06-18 05:39 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-18 05:39 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-18 05:39 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-17 17:44 . 2012-06-17 17:44 -------- d-----w- c:\users\JM\AppData\Local\Google
2012-06-17 17:24 . 2012-06-17 17:24 -------- d-----w- c:\program files\EnhanceMySe7en
2012-06-17 17:03 . 2012-06-17 17:03 -------- d-----w- c:\users\JM\AppData\Roaming\SeriousBit
2012-06-17 15:33 . 2012-06-17 15:33 -------- d-----w- c:\program files\Common Files\Java
2012-06-17 15:32 . 2012-06-17 15:32 -------- d-----w- c:\program files\Oracle
2012-06-17 15:32 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-17 13:51 . 2012-06-17 13:51 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-06-17 13:48 . 2012-06-17 13:48 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\program files\PhotomatixPro4
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\users\JM\AppData\Roaming\HDRsoft
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\users\JM\AppData\Roaming\Malwarebytes
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 10:40 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-17 08:43 . 2012-06-17 08:43 -------- d-----w- c:\users\JM\AppData\Roaming\UVIWorkstation
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Roaming\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Local\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\programdata\PACE
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\program files\Common Files\PACE
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\Propellerhead
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVISoundBanks
2012-06-17 08:36 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVI Workstation
2012-06-17 08:36 . 2012-06-17 08:36 -------- d-----w- c:\program files\Common Files\UVI
2012-06-17 08:36 . 2011-10-06 15:22 2275328 ----a-w- c:\windows\system32\libsndfile-1.dll
2012-06-16 20:21 . 2012-06-16 20:21 -------- dc-h--w- c:\programdata\{3006A797-CDFA-44FC-98EF-155579E2CDBF}
2012-06-16 19:28 . 2012-06-18 07:35 -------- d-----w- c:\windows\rescache
2012-06-16 17:28 . 2012-06-16 18:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 17:28 . 2012-06-16 18:00 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-16 17:23 . 2012-06-16 17:23 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-16 17:23 . 2012-06-16 17:23 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 17:22 . 2012-06-16 17:22 28672 ----a-w- c:\windows\system32\profprov.dll
2012-06-16 17:22 . 2012-06-16 17:22 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-16 17:20 . 2012-06-16 17:20 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{27D02406-6F0F-419F-AF2F-A4EE19D2E463}
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{E9CDB61C-771D-42BB-B441-4CA7622ACA52}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{0A583E76-A7A0-45F8-9386-AEE1E529A4DE}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{CA03436C-933D-4ADA-9E89-2C39CC03E904}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{588D017F-D30B-4C08-8A10-1FEF7D039369}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{DC597CF0-DB39-40C2-9F8C-CF9D0A386548}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{3DFBC806-D62A-4312-81FF-5F343DDCB5DC}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{6E467D89-1963-440B-84F9-852C8150E323}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{B0DF9098-245E-479F-A4ED-B5F91EA4948B}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{D04E7E60-5F77-4E61-9CD4-7AEC5E15C525}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{DE181BBE-2522-484E-A620-BDCFB298DC87}
2012-06-16 13:04 . 2012-06-16 13:04 -------- dc-h--w- c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-06-16 12:58 . 2012-06-16 12:58 -------- dc-h--w- c:\programdata\{DD2792B0-5B90-4CC3-8D97-1C733D7FB366}
2012-06-16 12:53 . 2012-06-16 12:53 -------- dc-h--w- c:\programdata\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\tmp
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\hps
2012-05-26 14:39 . 2012-05-26 14:39 -------- d-----w- c:\program files\Fotolab
2012-05-25 17:48 . 2012-05-25 17:48 -------- d-----w- c:\program files\MSXML 4.0
2012-05-23 16:52 . 2009-07-14 00:15 1386496 ----a-w- c:\windows\system32\msvbvm60001.dll
2012-05-23 16:52 . 2011-03-30 16:58 6536192 ----a-w- c:\windows\system32\cdintf450_x64.dll
2012-05-23 16:52 . 2010-09-20 13:55 2335880 ----a-w- c:\windows\system32\gdpdfplug.dll
2012-05-23 16:52 . 2010-09-20 13:55 1262216 ----a-w- c:\windows\system32\GdViewerpro4.ocx
2012-05-23 16:52 . 2011-03-30 16:54 4835328 ----a-w- c:\windows\system32\cdintf450.dll
2012-05-23 16:52 . 2012-05-23 19:28 -------- d-----w- c:\users\JM\AppData\Roaming\602XML
2012-05-23 16:52 . 2012-05-23 16:52 -------- d-----w- c:\users\JM\AppData\Roaming\602Installer
2012-05-23 16:52 . 2012-05-23 16:52 -------- d-----w- c:\program files\Common Files\soft602
2012-05-23 16:52 . 2012-05-23 16:52 -------- d-----w- c:\program files\Software602
2012-05-23 16:52 . 2012-05-23 16:52 -------- d-----w- c:\program files\Common Files\Freedom Scientific
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 16:01 . 2012-03-15 17:27 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-18 06:26 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-06-16 17:22 . 2012-06-16 17:22 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-16 17:21 . 2012-06-16 17:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 16:22 . 2012-05-17 16:22 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-17 16:22 . 2012-05-17 16:22 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-17 16:22 . 2012-05-17 16:22 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-17 16:21 . 2012-05-17 16:21 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-17 16:19 . 2012-05-17 16:19 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-17 16:16 . 2012-05-17 16:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-17 16:16 . 2012-05-17 16:16 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-17 16:16 . 2012-05-17 16:16 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-17 16:16 . 2012-05-17 16:16 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-16 09:14 . 2012-05-16 09:14 21144 ----a-w- c:\windows\system32\drivers\iLokDrvr.sys
2012-05-16 09:13 . 2012-05-16 09:13 93336 ----a-w- c:\windows\system32\drivers\TPkd.sys
2012-05-04 17:29 . 2012-03-16 07:24 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-25 07:01 . 2012-03-25 07:01 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-25 07:01 . 2012-03-25 07:01 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-25 07:01 . 2012-03-25 07:01 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2012-03-25 07:01 . 2012-03-25 07:01 15872 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-03-25 07:01 . 2012-03-25 07:01 134656 ----a-w- c:\windows\system32\rdpudd.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 08:39 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . c:\windows\System32\drivers\tdx.sys
[-] 2010-11-20 08:39 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[-] 2009-07-13 23:12 . D93028EB2B5FD50BF58D4321A65948B6 . 74240 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AirLive 802.11N Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2011-11-17 917504]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257696]
R3 cpuz134;cpuz134;c:\users\JM\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 cpuz135;cpuz135;c:\users\JM\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-03-25 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-08 1343400]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-04 584488]
S2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-05-17 2938880]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 242240]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netr28u;AirLive WN-5000USB Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-04-30 332800]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pdiddcci
besclient
fsks
mcafeeantispyware
TClass2k
vmx86
SaiClass
VRcore
amdk77
askernel
prodrv06
pavagente
CoachVc
msk80service
sit_flt
ps2
se58obex
Machnm32
wm
hf30service
pmounter
VAIOMediaPlatform-MusicServer-UPnP
s217bus
basfipm
lxcccustomerconnect
s117nd5
entertainment
SQTECH9080
tunnelguardservice
CdaC15BA
Spsmqvsm
sp_rssrv
iam
aic78u2
z525mgmt
vmodem
emitray
GENERICDRV
JavaQuickStarterService
se58bus
SeratoUsb
ni_nic
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 18:00]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000Core.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000UA.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 62.129.50.20 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-29058996.sys
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2992)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2012-06-19 18:07:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-19 16:07
.
Před spuštěním: Volných bajtů: 79 368 552 448
Po spuštění: Volných bajtů: 79 950 319 616
.
- - End Of File - - 2C518891E20482ABD38BE68D8ACAE9CB
ComboFix 12-06-19.01 - JM 19.06.2012 17:46:18.1.2 - x86
Spuštěný z: c:\users\JM\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB65161$\452322428\@
c:\windows\$NtUninstallKB65161$\452322428\cfg.ini
c:\windows\$NtUninstallKB65161$\452322428\Desktop.ini
c:\windows\$NtUninstallKB65161$\452322428\L\xadqgnnk
c:\windows\$NtUninstallKB65161$\452322428\oemid
c:\windows\$NtUninstallKB65161$\452322428\U\00000001.@
c:\windows\$NtUninstallKB65161$\452322428\U\00000002.@
c:\windows\$NtUninstallKB65161$\452322428\U\00000004.@
c:\windows\$NtUninstallKB65161$\452322428\U\80000000.@
c:\windows\$NtUninstallKB65161$\452322428\U\80000004.@
c:\windows\$NtUninstallKB65161$\452322428\U\80000032.@
c:\windows\$NtUninstallKB65161$\452322428\version
c:\windows\$NtUninstallKB65161$\742322041
c:\windows\system32\ADIDTSFiltService.dll
c:\windows\system32\agpcpq.dll
c:\windows\system32\bthidmgr.dll
c:\windows\system32\buslogic.dll
c:\windows\system32\CBN.dll
c:\windows\system32\CdaD10BA.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\Defrag32.dll
c:\windows\system32\ehrecvr.dll
c:\windows\system32\hcf_msft.dll
c:\windows\system32\iaimfp4.dll
c:\windows\system32\kpfwsvc.dll
c:\windows\system32\MSMQTriggers.dll
c:\windows\system32\Ndismeetro.dll
c:\windows\system32\oraclewebassistant.dll
c:\windows\system32\qcmerced.dll
c:\windows\system32\SE2Dmdfl.dll
c:\windows\system32\se59mdm.dll
c:\windows\system32\SrvcSSIOMngr.dll
c:\windows\system32\thinkpadmodemservice.dll
c:\windows\system32\upsmonservice.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-19 do 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 15:24 . 2012-06-19 15:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-19 04:29 . 2012-06-19 04:29 -------- d-----w- c:\programdata\Martau
2012-06-19 04:29 . 2012-06-19 04:31 -------- d-----w- c:\program files\Total-Uninstall-Professional-5.2.0
2012-06-18 06:17 . 2012-06-18 06:17 -------- d-----w- c:\windows\system32\EventProviders
2012-06-18 06:04 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-06-18 06:02 . 2010-11-20 12:36 1077248 ----a-w- c:\windows\system32\Narrator.exe
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-06-18 06:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-06-18 05:39 . 2012-06-18 05:39 -------- d-----w- c:\users\JM\AppData\Local\ElevatedDiagnostics
2012-06-18 05:39 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-18 05:39 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-18 05:39 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-17 17:44 . 2012-06-17 17:44 -------- d-----w- c:\users\JM\AppData\Local\Google
2012-06-17 17:24 . 2012-06-17 17:24 -------- d-----w- c:\program files\EnhanceMySe7en
2012-06-17 17:03 . 2012-06-17 17:03 -------- d-----w- c:\users\JM\AppData\Roaming\SeriousBit
2012-06-17 15:33 . 2012-06-17 15:33 -------- d-----w- c:\program files\Common Files\Java
2012-06-17 15:32 . 2012-06-17 15:32 -------- d-----w- c:\program files\Oracle
2012-06-17 15:32 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-17 13:51 . 2012-06-17 13:51 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-06-17 13:48 . 2012-06-17 13:48 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\program files\PhotomatixPro4
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\users\JM\AppData\Roaming\HDRsoft
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\users\JM\AppData\Roaming\Malwarebytes
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 10:40 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-17 08:43 . 2012-06-17 08:43 -------- d-----w- c:\users\JM\AppData\Roaming\UVIWorkstation
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Roaming\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Local\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\programdata\PACE
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\program files\Common Files\PACE
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\Propellerhead
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVISoundBanks
2012-06-17 08:36 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVI Workstation
2012-06-17 08:36 . 2012-06-17 08:36 -------- d-----w- c:\program files\Common Files\UVI
2012-06-17 08:36 . 2011-10-06 15:22 2275328 ----a-w- c:\windows\system32\libsndfile-1.dll
2012-06-16 20:21 . 2012-06-16 20:21 -------- dc-h--w- c:\programdata\{3006A797-CDFA-44FC-98EF-155579E2CDBF}
2012-06-16 19:28 . 2012-06-18 07:35 -------- d-----w- c:\windows\rescache
2012-06-16 17:28 . 2012-06-16 18:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 17:28 . 2012-06-16 18:00 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-16 17:23 . 2012-06-16 17:23 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-16 17:23 . 2012-06-16 17:23 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 17:22 . 2012-06-16 17:22 28672 ----a-w- c:\windows\system32\profprov.dll
2012-06-16 17:22 . 2012-06-16 17:22 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-16 17:20 . 2012-06-16 17:20 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{27D02406-6F0F-419F-AF2F-A4EE19D2E463}
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{E9CDB61C-771D-42BB-B441-4CA7622ACA52}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{0A583E76-A7A0-45F8-9386-AEE1E529A4DE}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{CA03436C-933D-4ADA-9E89-2C39CC03E904}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{588D017F-D30B-4C08-8A10-1FEF7D039369}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{DC597CF0-DB39-40C2-9F8C-CF9D0A386548}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{3DFBC806-D62A-4312-81FF-5F343DDCB5DC}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{6E467D89-1963-440B-84F9-852C8150E323}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{B0DF9098-245E-479F-A4ED-B5F91EA4948B}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{D04E7E60-5F77-4E61-9CD4-7AEC5E15C525}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{DE181BBE-2522-484E-A620-BDCFB298DC87}
2012-06-16 13:04 . 2012-06-16 13:04 -------- dc-h--w- c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-06-16 12:58 . 2012-06-16 12:58 -------- dc-h--w- c:\programdata\{DD2792B0-5B90-4CC3-8D97-1C733D7FB366}
2012-06-16 12:53 . 2012-06-16 12:53 -------- dc-h--w- c:\programdata\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\tmp
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\hps
2012-05-26 14:39 . 2012-05-26 14:39 -------- d-----w- c:\program files\Fotolab
2012-05-25 17:48 . 2012-05-25 17:48 -------- d-----w- c:\program files\MSXML 4.0
2012-05-23 16:52 . 2009-07-14 00:15 1386496 ----a-w- c:\windows\system32\msvbvm60001.dll
2012-05-23 16:52 . 2011-03-30 16:58 6536192 ----a-w- c:\windows\system32\cdintf450_x64.dll
2012-05-23 16:52 . 2010-09-20 13:55 2335880 ----a-w- c:\windows\system32\gdpdfplug.dll
2012-05-23 16:52 . 2010-09-20 13:55 1262216 ----a-w- c:\windows\system32\GdViewerpro4.ocx
2012-05-23 16:52 . 2011-03-30 16:54 4835328 ----a-w- c:\windows\system32\cdintf450.dll
2012-05-23 16:52 . 2012-05-23 19:28 -------- d-----w- c:\users\JM\AppData\Roaming\602XML
2012-05-23 16:52 . 2012-05-23 16:52 -------- d-----w- c:\users\JM\AppData\Roaming\602Installer
2012-05-23 16:52 . 2012-05-23 16:52 -------- d-----w- c:\program files\Common Files\soft602
2012-05-23 16:52 . 2012-05-23 16:52 -------- d-----w- c:\program files\Software602
2012-05-23 16:52 . 2012-05-23 16:52 -------- d-----w- c:\program files\Common Files\Freedom Scientific
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 16:01 . 2012-03-15 17:27 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-18 06:26 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-06-16 17:22 . 2012-06-16 17:22 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-16 17:21 . 2012-06-16 17:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 16:22 . 2012-05-17 16:22 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-17 16:22 . 2012-05-17 16:22 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-17 16:22 . 2012-05-17 16:22 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-17 16:21 . 2012-05-17 16:21 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-17 16:19 . 2012-05-17 16:19 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-17 16:16 . 2012-05-17 16:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-17 16:16 . 2012-05-17 16:16 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-17 16:16 . 2012-05-17 16:16 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-17 16:16 . 2012-05-17 16:16 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-16 09:14 . 2012-05-16 09:14 21144 ----a-w- c:\windows\system32\drivers\iLokDrvr.sys
2012-05-16 09:13 . 2012-05-16 09:13 93336 ----a-w- c:\windows\system32\drivers\TPkd.sys
2012-05-04 17:29 . 2012-03-16 07:24 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-25 07:01 . 2012-03-25 07:01 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-25 07:01 . 2012-03-25 07:01 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-25 07:01 . 2012-03-25 07:01 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2012-03-25 07:01 . 2012-03-25 07:01 15872 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-03-25 07:01 . 2012-03-25 07:01 134656 ----a-w- c:\windows\system32\rdpudd.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 08:39 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . c:\windows\System32\drivers\tdx.sys
[-] 2010-11-20 08:39 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[-] 2009-07-13 23:12 . D93028EB2B5FD50BF58D4321A65948B6 . 74240 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AirLive 802.11N Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2011-11-17 917504]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257696]
R3 cpuz134;cpuz134;c:\users\JM\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 cpuz135;cpuz135;c:\users\JM\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-03-25 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-08 1343400]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-04 584488]
S2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-05-17 2938880]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 242240]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netr28u;AirLive WN-5000USB Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-04-30 332800]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pdiddcci
besclient
fsks
mcafeeantispyware
TClass2k
vmx86
SaiClass
VRcore
amdk77
askernel
prodrv06
pavagente
CoachVc
msk80service
sit_flt
ps2
se58obex
Machnm32
wm
hf30service
pmounter
VAIOMediaPlatform-MusicServer-UPnP
s217bus
basfipm
lxcccustomerconnect
s117nd5
entertainment
SQTECH9080
tunnelguardservice
CdaC15BA
Spsmqvsm
sp_rssrv
iam
aic78u2
z525mgmt
vmodem
emitray
GENERICDRV
JavaQuickStarterService
se58bus
SeratoUsb
ni_nic
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 18:00]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000Core.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000UA.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 62.129.50.20 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-29058996.sys
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2992)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2012-06-19 18:07:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-19 16:07
.
Před spuštěním: Volných bajtů: 79 368 552 448
Po spuštění: Volných bajtů: 79 950 319 616
.
- - End Of File - - 2C518891E20482ABD38BE68D8ACAE9CB
- Přílohy
-
- TDSSKiller.2.7.40.0_19.06.2012_17.21.44_log.rar
- (22.02 KiB) Staženo 34 x
Re: Objeven jakýsi Rootkit.0Acces.H
Posílám..
ComboFix 12-06-20.01 - JM 20.06.2012 18:41:41.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2038.1312 [GMT 2:00]
Spuštěný z: C:\Users\JM\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Windows\$NtUninstallKB65161$\3369292820
C:\Windows\$NtUninstallKB65161$ . . . . nemohl být smazán
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-20 do 2012-06-20 )))))))))))))))))))))))))))))))
2012-06-20 16:51:46 . 2012-06-20 16:54:50 -------- d-----w- C:\Users\JM\AppData\Local\temp
2012-06-20 16:51:46 . 2012-06-20 16:51:46 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-06-20 16:51:46 . 2012-06-20 16:51:46 -------- d-----w- C:\Users\Administrator\AppData\Local\temp
2012-06-19 04:29:55 . 2012-06-19 04:29:55 -------- d-----w- C:\ProgramData\Martau
2012-06-19 04:29:34 . 2012-06-19 04:31:46 -------- d-----w- C:\Program Files\Total-Uninstall-Professional-5.2.0
2012-06-18 06:17:59 . 2012-06-18 06:18:00 -------- d-----w- C:\Windows\system32\SPReview
2012-06-18 06:17:07 . 2012-06-18 06:17:08 -------- d-----w- C:\Windows\system32\EventProviders
2012-06-18 06:04:03 . 2010-11-05 01:58:18 1130824 ----a-w- C:\Windows\system32\dfshim.dll
2012-06-18 06:02:59 . 2010-11-20 12:36:00 1077248 ----a-w- C:\Windows\system32\Narrator.exe
2012-06-18 06:01:23 . 2010-11-20 12:21:25 189952 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-06-18 06:01:22 . 2010-11-20 12:19:02 606208 ----a-w- C:\Windows\system32\wbem\fastprox.dll
2012-06-18 06:01:07 . 2010-11-20 12:21:25 189952 ----a-w- C:\Windows\system32\sqmapi.dll
2012-06-18 05:39:27 . 2012-06-18 05:39:27 -------- d-----w- C:\Users\JM\AppData\Local\ElevatedDiagnostics
2012-06-18 05:39:25 . 2012-04-26 04:45:55 58880 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-06-18 05:39:25 . 2012-04-26 04:45:54 129536 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-06-18 05:39:24 . 2012-04-26 04:41:16 8192 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2012-06-17 17:44:03 . 2012-06-17 17:44:27 -------- d-----w- C:\Users\JM\AppData\Local\Google
2012-06-17 17:24:00 . 2012-06-17 17:24:03 -------- d-----w- C:\Program Files\EnhanceMySe7en
2012-06-17 17:03:14 . 2012-06-17 17:03:14 -------- d-----w- C:\Users\JM\AppData\Roaming\SeriousBit
2012-06-17 15:33:08 . 2012-06-17 15:33:08 -------- d-----w- C:\Program Files\Common Files\Java
2012-06-17 15:32:31 . 2012-06-17 15:32:31 -------- d-----w- C:\Program Files\Oracle
2012-06-17 15:32:10 . 2012-05-04 17:29:22 772504 ----a-w- C:\Windows\system32\npDeployJava1.dll
2012-06-17 13:51:37 . 2012-06-17 13:51:38 -------- dc-h--w- C:\ProgramData\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-06-17 13:48:57 . 2012-06-17 13:48:58 -------- dc-h--w- C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-17 13:32:54 . 2012-06-17 13:32:57 -------- d-----w- C:\Program Files\PhotomatixPro4
2012-06-17 13:32:54 . 2012-06-17 13:32:54 -------- d-----w- C:\Users\JM\AppData\Roaming\HDRsoft
2012-06-17 10:40:13 . 2012-06-17 10:40:13 -------- d-----w- C:\Users\JM\AppData\Roaming\Malwarebytes
2012-06-17 10:40:04 . 2012-06-17 10:40:04 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-17 10:40:03 . 2012-04-04 13:56:40 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-06-17 10:40:02 . 2012-06-17 10:40:06 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-06-17 08:43:09 . 2012-06-17 08:43:09 -------- d-----w- C:\Users\JM\AppData\Roaming\UVIWorkstation
2012-06-17 08:42:52 . 2012-06-17 08:42:53 -------- d-----w- C:\Users\JM\AppData\Roaming\PACE Anti-Piracy
2012-06-17 08:42:52 . 2012-06-17 08:42:53 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-06-17 08:42:52 . 2012-06-17 08:42:52 -------- d-----w- C:\Users\JM\AppData\Local\PACE Anti-Piracy
2012-06-17 08:42:52 . 2012-06-17 08:42:52 -------- d-----w- C:\Program Files\Common Files\PACE Anti-Piracy
2012-06-17 08:41:48 . 2012-06-17 08:41:48 -------- d-----w- C:\ProgramData\PACE
2012-06-17 08:41:41 . 2012-06-17 08:41:41 -------- d-----w- C:\Program Files\Common Files\PACE
2012-06-17 08:37:16 . 2012-06-17 08:37:16 -------- d-----w- C:\Program Files\Propellerhead
2012-06-17 08:37:09 . 2012-06-17 08:37:13 -------- d-----w- C:\Program Files\UVISoundBanks
2012-06-17 08:36:32 . 2012-06-17 08:37:14 -------- d-----w- C:\Program Files\UVI Workstation
2012-06-17 08:36:32 . 2012-06-17 08:36:32 -------- d-----w- C:\Program Files\Common Files\UVI
2012-06-17 08:36:32 . 2011-10-06 15:22:44 2275328 ----a-w- C:\Windows\system32\libsndfile-1.dll
2012-06-16 20:21:48 . 2012-06-16 20:21:49 -------- dc-h--w- C:\ProgramData\{3006A797-CDFA-44FC-98EF-155579E2CDBF}
2012-06-16 19:28:58 . 2012-06-18 07:35:28 -------- d-----w- C:\Windows\rescache
2012-06-16 17:28:09 . 2012-06-16 18:00:08 70304 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 17:28:09 . 2012-06-16 18:00:08 419488 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-06-16 17:23:12 . 2012-06-16 17:23:12 919040 ----a-w- C:\Windows\system32\rdpcorets.dll
2012-06-16 17:23:12 . 2012-06-16 17:23:12 183808 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-06-16 17:22:02 . 2012-06-16 17:22:02 28672 ----a-w- C:\Windows\system32\profprov.dll
2012-06-16 17:22:02 . 2012-06-16 17:22:02 164352 ----a-w- C:\Windows\system32\profsvc.dll
2012-06-16 17:20:04 . 2012-06-16 17:20:04 140288 ----a-w- C:\Windows\system32\cryptsvc.dll
2012-06-16 17:20:04 . 2012-06-16 17:20:04 1158656 ----a-w- C:\Windows\system32\crypt32.dll
2012-06-16 17:20:04 . 2012-06-16 17:20:04 103936 ----a-w- C:\Windows\system32\cryptnet.dll
2012-06-16 13:34:38 . 2012-06-16 13:34:39 -------- dc-h--w- C:\ProgramData\{27D02406-6F0F-419F-AF2F-A4EE19D2E463}
2012-06-16 13:34:26 . 2012-06-16 13:34:27 -------- dc-h--w- C:\ProgramData\{E9CDB61C-771D-42BB-B441-4CA7622ACA52}
2012-06-16 13:15:45 . 2012-06-16 13:15:45 -------- dc-h--w- C:\ProgramData\{0A583E76-A7A0-45F8-9386-AEE1E529A4DE}
2012-06-16 13:15:09 . 2012-06-16 13:15:09 -------- dc-h--w- C:\ProgramData\{CA03436C-933D-4ADA-9E89-2C39CC03E904}
2012-06-16 13:14:57 . 2012-06-16 13:14:57 -------- dc-h--w- C:\ProgramData\{588D017F-D30B-4C08-8A10-1FEF7D039369}
2012-06-16 13:14:45 . 2012-06-16 13:14:46 -------- dc-h--w- C:\ProgramData\{DC597CF0-DB39-40C2-9F8C-CF9D0A386548}
2012-06-16 13:14:31 . 2012-06-16 13:14:32 -------- dc-h--w- C:\ProgramData\{3DFBC806-D62A-4312-81FF-5F343DDCB5DC}
2012-06-16 13:14:15 . 2012-06-16 13:14:16 -------- dc-h--w- C:\ProgramData\{6E467D89-1963-440B-84F9-852C8150E323}
2012-06-16 13:14:05 . 2012-06-16 13:14:05 -------- dc-h--w- C:\ProgramData\{B0DF9098-245E-479F-A4ED-B5F91EA4948B}
2012-06-16 13:13:53 . 2012-06-16 13:13:53 -------- dc-h--w- C:\ProgramData\{D04E7E60-5F77-4E61-9CD4-7AEC5E15C525}
2012-06-16 13:13:15 . 2012-06-16 13:13:16 -------- dc-h--w- C:\ProgramData\{DE181BBE-2522-484E-A620-BDCFB298DC87}
2012-06-16 13:04:40 . 2012-06-16 13:04:40 -------- dc-h--w- C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-06-16 12:58:07 . 2012-06-16 12:58:07 -------- dc-h--w- C:\ProgramData\{DD2792B0-5B90-4CC3-8D97-1C733D7FB366}
2012-06-16 12:53:12 . 2012-06-16 12:53:13 -------- dc-h--w- C:\ProgramData\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}
2012-05-26 16:18:04 . 2012-05-27 19:01:12 -------- d-----w- C:\ProgramData\tmp
2012-05-26 16:18:03 . 2012-05-27 19:01:43 -------- d-----w- C:\ProgramData\hps
2012-05-26 14:39:50 . 2012-05-26 14:39:50 -------- d-----w- C:\Program Files\Fotolab
2012-05-25 17:48:20 . 2012-05-25 17:48:20 -------- d-----w- C:\Program Files\MSXML 4.0
2012-05-23 16:52:45 . 2009-07-14 00:15:50 1386496 ----a-w- C:\Windows\system32\msvbvm60001.dll
2012-05-23 16:52:39 . 2011-03-30 16:58:40 6536192 ----a-w- C:\Windows\system32\cdintf450_x64.dll
2012-05-23 16:52:36 . 2010-09-20 13:55:34 2335880 ----a-w- C:\Windows\system32\gdpdfplug.dll
2012-05-23 16:52:36 . 2010-09-20 13:55:00 1262216 ----a-w- C:\Windows\system32\GdViewerpro4.ocx
2012-05-23 16:52:35 . 2011-03-30 16:54:58 4835328 ----a-w- C:\Windows\system32\cdintf450.dll
2012-05-23 16:52:23 . 2012-05-23 19:28:19 -------- d-----w- C:\Users\JM\AppData\Roaming\602XML
2012-05-23 16:52:18 . 2012-05-23 16:52:18 -------- d-----w- C:\Users\JM\AppData\Roaming\602Installer
2012-05-23 16:52:09 . 2012-05-23 16:52:25 -------- d-----w- C:\Program Files\Common Files\soft602
2012-05-23 16:52:08 . 2012-05-23 16:52:35 -------- d-----w- C:\Program Files\Software602
2012-05-23 16:52:08 . 2012-05-23 16:52:08 -------- d-----w- C:\Program Files\Common Files\Freedom Scientific
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-06-19 16:01:07 . 2012-03-15 17:27:54 242240 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-06-18 06:26:48 . 2009-07-14 02:05:42 152576 ----a-w- C:\Windows\system32\msclmd.dll
2012-06-16 17:22:51 . 2012-06-16 17:22:51 2343936 ----a-w- C:\Windows\system32\win32k.sys
2012-06-16 17:21:10 . 2012-06-16 17:21:10 1129472 ----a-w- C:\Windows\system32\wininet.dll
2012-05-17 16:22:46 . 2012-05-17 16:22:46 3968368 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2012-05-17 16:22:46 . 2012-05-17 16:22:46 3913072 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-05-17 16:22:11 . 2012-05-17 16:22:11 56176 ----a-w- C:\Windows\system32\drivers\partmgr.sys
2012-05-17 16:21:42 . 2012-05-17 16:21:42 1291632 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-05-17 16:19:01 . 2012-05-17 16:19:01 1077248 ----a-w- C:\Windows\system32\DWrite.dll
2012-05-17 16:16:40 . 2012-05-17 16:16:40 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-05-17 16:16:40 . 2012-05-17 16:16:40 19824 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-05-17 16:16:40 . 2012-05-17 16:16:40 172544 ----a-w- C:\Windows\system32\wintrust.dll
2012-05-17 16:16:40 . 2012-05-17 16:16:40 159232 ----a-w- C:\Windows\system32\imagehlp.dll
2012-05-16 09:14:32 . 2012-05-16 09:14:32 21144 ----a-w- C:\Windows\system32\drivers\iLokDrvr.sys
2012-05-16 09:13:14 . 2012-05-16 09:13:14 93336 ----a-w- C:\Windows\system32\drivers\TPkd.sys
2012-05-04 17:29:16 . 2012-03-16 07:24:04 687504 ----a-w- C:\Windows\system32\deployJava1.dll
2012-03-25 07:01:15 . 2012-03-25 07:01:15 826880 ----a-w- C:\Windows\system32\rdpcore.dll
2012-03-25 07:01:15 . 2012-03-25 07:01:15 24576 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
2012-03-25 07:01:15 . 2012-03-25 07:01:15 18432 ----a-w- C:\Windows\system32\drivers\tdpipe.sys
2012-03-25 07:01:15 . 2012-03-25 07:01:15 15872 ----a-w- C:\Windows\system32\drivers\rdpvideominiport.sys
2012-03-25 07:01:15 . 2012-03-25 07:01:15 134656 ----a-w- C:\Windows\system32\rdpudd.dll
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[-] 2010-11-20 08:39:17 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . C:\Windows\System32\drivers\tdx.sys
[-] 2010-11-20 08:39:17 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[-] 2009-07-13 23:12:11 . D93028EB2B5FD50BF58D4321A65948B6 . 74240 . . [------] . . C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 12:58:52 495616]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 13:19:14 3478336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="C:\Windows\system32\MAFWTray.exe" [2009-07-29 13:28:40 252424]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 01:25:18 37232]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 21:43:26 640376]
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 02:44:40 500208]
"AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 03:57:06 406992]
"SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 12:37:14 517096]
"NeroCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 10:50:42 155648]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-09-23 18:30:48 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-23 18:30:48 173592]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-09-23 18:30:48 150552]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 23:00:00 385024]
"Print2PDF Print Monitor"="C:\Program Files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 08:28:14 220992]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 13:56:38 462408]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 09:07:54 252296]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AirLive 802.11N Wireless Utility.lnk - C:\Program Files\Ovislink\Common\TurboG-UI.exe [2011-11-17 917504]
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 18:00:11 257696]
R3 cpuz134;cpuz134;C:\Users\JM\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 cpuz135;cpuz135;C:\Users\JM\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-03-25 07:01:15 15872]
R3 SwitchBoard;SwitchBoard;C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 12:37:14 517096]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 10:24:41 52224]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-08 17:08:29 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys [2011-02-16 14:52:46 11520]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 16:01:07 242240]
S2 602XML Updater;602Updater;C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 10:55:04 85344]
S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 13:56:40 654408]
S2 NAUpdate;Nero Update;C:\Program Files\Nero\Update\NASvc.exe [2011-03-04 10:39:14 584488]
S2 PaceLicenseDServices;PACE License Services;C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-05-17 23:23:36 2938880]
S2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 09:07:54 238592]
S2 WDFME;WD File Management Engine;C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 09:18:06 1060864]
S2 WDSC;WD File Management Shadow Engine;C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 09:16:56 484352]
S3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 19:08:40 33792]
S3 MAFW;Service for M-Audio FireWire;C:\Windows\system32\DRIVERS\mafw.sys [2009-07-29 13:28:18 192392]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-04-04 13:56:40 22344]
S3 netr28u;AirLive WN-5000USB Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2007-04-30 18:29:12 332800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pdiddcci
besclient
fsks
mcafeeantispyware
TClass2k
vmx86
SaiClass
VRcore
amdk77
askernel
prodrv06
pavagente
CoachVc
msk80service
sit_flt
ps2
se58obex
Machnm32
wm
hf30service
pmounter
VAIOMediaPlatform-MusicServer-UPnP
s217bus
basfipm
lxcccustomerconnect
s117nd5
entertainment
SQTECH9080
tunnelguardservice
CdaC15BA
Spsmqvsm
sp_rssrv
iam
aic78u2
z525mgmt
vmodem
emitray
GENERICDRV
JavaQuickStarterService
se58bus
SeratoUsb
ni_nic
Obsah adresáře 'Naplánované úlohy'
2012-06-20 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 17:28:10 . 2012-06-16 18:00:11]
2012-06-19 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000Core.job
- C:\Users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44:04 . 2012-06-17 17:44:03]
2012-06-20 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000UA.job
- C:\Users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44:04 . 2012-06-17 17:44:03]
------- Doplňkový sken -------
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 62.129.50.20 192.168.0.1
ComboFix 12-06-20.01 - JM 20.06.2012 18:41:41.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2038.1312 [GMT 2:00]
Spuštěný z: C:\Users\JM\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Windows\$NtUninstallKB65161$\3369292820
C:\Windows\$NtUninstallKB65161$ . . . . nemohl být smazán
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-20 do 2012-06-20 )))))))))))))))))))))))))))))))
2012-06-20 16:51:46 . 2012-06-20 16:54:50 -------- d-----w- C:\Users\JM\AppData\Local\temp
2012-06-20 16:51:46 . 2012-06-20 16:51:46 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-06-20 16:51:46 . 2012-06-20 16:51:46 -------- d-----w- C:\Users\Administrator\AppData\Local\temp
2012-06-19 04:29:55 . 2012-06-19 04:29:55 -------- d-----w- C:\ProgramData\Martau
2012-06-19 04:29:34 . 2012-06-19 04:31:46 -------- d-----w- C:\Program Files\Total-Uninstall-Professional-5.2.0
2012-06-18 06:17:59 . 2012-06-18 06:18:00 -------- d-----w- C:\Windows\system32\SPReview
2012-06-18 06:17:07 . 2012-06-18 06:17:08 -------- d-----w- C:\Windows\system32\EventProviders
2012-06-18 06:04:03 . 2010-11-05 01:58:18 1130824 ----a-w- C:\Windows\system32\dfshim.dll
2012-06-18 06:02:59 . 2010-11-20 12:36:00 1077248 ----a-w- C:\Windows\system32\Narrator.exe
2012-06-18 06:01:23 . 2010-11-20 12:21:25 189952 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-06-18 06:01:22 . 2010-11-20 12:19:02 606208 ----a-w- C:\Windows\system32\wbem\fastprox.dll
2012-06-18 06:01:07 . 2010-11-20 12:21:25 189952 ----a-w- C:\Windows\system32\sqmapi.dll
2012-06-18 05:39:27 . 2012-06-18 05:39:27 -------- d-----w- C:\Users\JM\AppData\Local\ElevatedDiagnostics
2012-06-18 05:39:25 . 2012-04-26 04:45:55 58880 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-06-18 05:39:25 . 2012-04-26 04:45:54 129536 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-06-18 05:39:24 . 2012-04-26 04:41:16 8192 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2012-06-17 17:44:03 . 2012-06-17 17:44:27 -------- d-----w- C:\Users\JM\AppData\Local\Google
2012-06-17 17:24:00 . 2012-06-17 17:24:03 -------- d-----w- C:\Program Files\EnhanceMySe7en
2012-06-17 17:03:14 . 2012-06-17 17:03:14 -------- d-----w- C:\Users\JM\AppData\Roaming\SeriousBit
2012-06-17 15:33:08 . 2012-06-17 15:33:08 -------- d-----w- C:\Program Files\Common Files\Java
2012-06-17 15:32:31 . 2012-06-17 15:32:31 -------- d-----w- C:\Program Files\Oracle
2012-06-17 15:32:10 . 2012-05-04 17:29:22 772504 ----a-w- C:\Windows\system32\npDeployJava1.dll
2012-06-17 13:51:37 . 2012-06-17 13:51:38 -------- dc-h--w- C:\ProgramData\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-06-17 13:48:57 . 2012-06-17 13:48:58 -------- dc-h--w- C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-17 13:32:54 . 2012-06-17 13:32:57 -------- d-----w- C:\Program Files\PhotomatixPro4
2012-06-17 13:32:54 . 2012-06-17 13:32:54 -------- d-----w- C:\Users\JM\AppData\Roaming\HDRsoft
2012-06-17 10:40:13 . 2012-06-17 10:40:13 -------- d-----w- C:\Users\JM\AppData\Roaming\Malwarebytes
2012-06-17 10:40:04 . 2012-06-17 10:40:04 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-17 10:40:03 . 2012-04-04 13:56:40 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-06-17 10:40:02 . 2012-06-17 10:40:06 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-06-17 08:43:09 . 2012-06-17 08:43:09 -------- d-----w- C:\Users\JM\AppData\Roaming\UVIWorkstation
2012-06-17 08:42:52 . 2012-06-17 08:42:53 -------- d-----w- C:\Users\JM\AppData\Roaming\PACE Anti-Piracy
2012-06-17 08:42:52 . 2012-06-17 08:42:53 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-06-17 08:42:52 . 2012-06-17 08:42:52 -------- d-----w- C:\Users\JM\AppData\Local\PACE Anti-Piracy
2012-06-17 08:42:52 . 2012-06-17 08:42:52 -------- d-----w- C:\Program Files\Common Files\PACE Anti-Piracy
2012-06-17 08:41:48 . 2012-06-17 08:41:48 -------- d-----w- C:\ProgramData\PACE
2012-06-17 08:41:41 . 2012-06-17 08:41:41 -------- d-----w- C:\Program Files\Common Files\PACE
2012-06-17 08:37:16 . 2012-06-17 08:37:16 -------- d-----w- C:\Program Files\Propellerhead
2012-06-17 08:37:09 . 2012-06-17 08:37:13 -------- d-----w- C:\Program Files\UVISoundBanks
2012-06-17 08:36:32 . 2012-06-17 08:37:14 -------- d-----w- C:\Program Files\UVI Workstation
2012-06-17 08:36:32 . 2012-06-17 08:36:32 -------- d-----w- C:\Program Files\Common Files\UVI
2012-06-17 08:36:32 . 2011-10-06 15:22:44 2275328 ----a-w- C:\Windows\system32\libsndfile-1.dll
2012-06-16 20:21:48 . 2012-06-16 20:21:49 -------- dc-h--w- C:\ProgramData\{3006A797-CDFA-44FC-98EF-155579E2CDBF}
2012-06-16 19:28:58 . 2012-06-18 07:35:28 -------- d-----w- C:\Windows\rescache
2012-06-16 17:28:09 . 2012-06-16 18:00:08 70304 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 17:28:09 . 2012-06-16 18:00:08 419488 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-06-16 17:23:12 . 2012-06-16 17:23:12 919040 ----a-w- C:\Windows\system32\rdpcorets.dll
2012-06-16 17:23:12 . 2012-06-16 17:23:12 183808 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-06-16 17:22:02 . 2012-06-16 17:22:02 28672 ----a-w- C:\Windows\system32\profprov.dll
2012-06-16 17:22:02 . 2012-06-16 17:22:02 164352 ----a-w- C:\Windows\system32\profsvc.dll
2012-06-16 17:20:04 . 2012-06-16 17:20:04 140288 ----a-w- C:\Windows\system32\cryptsvc.dll
2012-06-16 17:20:04 . 2012-06-16 17:20:04 1158656 ----a-w- C:\Windows\system32\crypt32.dll
2012-06-16 17:20:04 . 2012-06-16 17:20:04 103936 ----a-w- C:\Windows\system32\cryptnet.dll
2012-06-16 13:34:38 . 2012-06-16 13:34:39 -------- dc-h--w- C:\ProgramData\{27D02406-6F0F-419F-AF2F-A4EE19D2E463}
2012-06-16 13:34:26 . 2012-06-16 13:34:27 -------- dc-h--w- C:\ProgramData\{E9CDB61C-771D-42BB-B441-4CA7622ACA52}
2012-06-16 13:15:45 . 2012-06-16 13:15:45 -------- dc-h--w- C:\ProgramData\{0A583E76-A7A0-45F8-9386-AEE1E529A4DE}
2012-06-16 13:15:09 . 2012-06-16 13:15:09 -------- dc-h--w- C:\ProgramData\{CA03436C-933D-4ADA-9E89-2C39CC03E904}
2012-06-16 13:14:57 . 2012-06-16 13:14:57 -------- dc-h--w- C:\ProgramData\{588D017F-D30B-4C08-8A10-1FEF7D039369}
2012-06-16 13:14:45 . 2012-06-16 13:14:46 -------- dc-h--w- C:\ProgramData\{DC597CF0-DB39-40C2-9F8C-CF9D0A386548}
2012-06-16 13:14:31 . 2012-06-16 13:14:32 -------- dc-h--w- C:\ProgramData\{3DFBC806-D62A-4312-81FF-5F343DDCB5DC}
2012-06-16 13:14:15 . 2012-06-16 13:14:16 -------- dc-h--w- C:\ProgramData\{6E467D89-1963-440B-84F9-852C8150E323}
2012-06-16 13:14:05 . 2012-06-16 13:14:05 -------- dc-h--w- C:\ProgramData\{B0DF9098-245E-479F-A4ED-B5F91EA4948B}
2012-06-16 13:13:53 . 2012-06-16 13:13:53 -------- dc-h--w- C:\ProgramData\{D04E7E60-5F77-4E61-9CD4-7AEC5E15C525}
2012-06-16 13:13:15 . 2012-06-16 13:13:16 -------- dc-h--w- C:\ProgramData\{DE181BBE-2522-484E-A620-BDCFB298DC87}
2012-06-16 13:04:40 . 2012-06-16 13:04:40 -------- dc-h--w- C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-06-16 12:58:07 . 2012-06-16 12:58:07 -------- dc-h--w- C:\ProgramData\{DD2792B0-5B90-4CC3-8D97-1C733D7FB366}
2012-06-16 12:53:12 . 2012-06-16 12:53:13 -------- dc-h--w- C:\ProgramData\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}
2012-05-26 16:18:04 . 2012-05-27 19:01:12 -------- d-----w- C:\ProgramData\tmp
2012-05-26 16:18:03 . 2012-05-27 19:01:43 -------- d-----w- C:\ProgramData\hps
2012-05-26 14:39:50 . 2012-05-26 14:39:50 -------- d-----w- C:\Program Files\Fotolab
2012-05-25 17:48:20 . 2012-05-25 17:48:20 -------- d-----w- C:\Program Files\MSXML 4.0
2012-05-23 16:52:45 . 2009-07-14 00:15:50 1386496 ----a-w- C:\Windows\system32\msvbvm60001.dll
2012-05-23 16:52:39 . 2011-03-30 16:58:40 6536192 ----a-w- C:\Windows\system32\cdintf450_x64.dll
2012-05-23 16:52:36 . 2010-09-20 13:55:34 2335880 ----a-w- C:\Windows\system32\gdpdfplug.dll
2012-05-23 16:52:36 . 2010-09-20 13:55:00 1262216 ----a-w- C:\Windows\system32\GdViewerpro4.ocx
2012-05-23 16:52:35 . 2011-03-30 16:54:58 4835328 ----a-w- C:\Windows\system32\cdintf450.dll
2012-05-23 16:52:23 . 2012-05-23 19:28:19 -------- d-----w- C:\Users\JM\AppData\Roaming\602XML
2012-05-23 16:52:18 . 2012-05-23 16:52:18 -------- d-----w- C:\Users\JM\AppData\Roaming\602Installer
2012-05-23 16:52:09 . 2012-05-23 16:52:25 -------- d-----w- C:\Program Files\Common Files\soft602
2012-05-23 16:52:08 . 2012-05-23 16:52:35 -------- d-----w- C:\Program Files\Software602
2012-05-23 16:52:08 . 2012-05-23 16:52:08 -------- d-----w- C:\Program Files\Common Files\Freedom Scientific
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-06-19 16:01:07 . 2012-03-15 17:27:54 242240 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-06-18 06:26:48 . 2009-07-14 02:05:42 152576 ----a-w- C:\Windows\system32\msclmd.dll
2012-06-16 17:22:51 . 2012-06-16 17:22:51 2343936 ----a-w- C:\Windows\system32\win32k.sys
2012-06-16 17:21:10 . 2012-06-16 17:21:10 1129472 ----a-w- C:\Windows\system32\wininet.dll
2012-05-17 16:22:46 . 2012-05-17 16:22:46 3968368 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2012-05-17 16:22:46 . 2012-05-17 16:22:46 3913072 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-05-17 16:22:11 . 2012-05-17 16:22:11 56176 ----a-w- C:\Windows\system32\drivers\partmgr.sys
2012-05-17 16:21:42 . 2012-05-17 16:21:42 1291632 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-05-17 16:19:01 . 2012-05-17 16:19:01 1077248 ----a-w- C:\Windows\system32\DWrite.dll
2012-05-17 16:16:40 . 2012-05-17 16:16:40 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-05-17 16:16:40 . 2012-05-17 16:16:40 19824 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-05-17 16:16:40 . 2012-05-17 16:16:40 172544 ----a-w- C:\Windows\system32\wintrust.dll
2012-05-17 16:16:40 . 2012-05-17 16:16:40 159232 ----a-w- C:\Windows\system32\imagehlp.dll
2012-05-16 09:14:32 . 2012-05-16 09:14:32 21144 ----a-w- C:\Windows\system32\drivers\iLokDrvr.sys
2012-05-16 09:13:14 . 2012-05-16 09:13:14 93336 ----a-w- C:\Windows\system32\drivers\TPkd.sys
2012-05-04 17:29:16 . 2012-03-16 07:24:04 687504 ----a-w- C:\Windows\system32\deployJava1.dll
2012-03-25 07:01:15 . 2012-03-25 07:01:15 826880 ----a-w- C:\Windows\system32\rdpcore.dll
2012-03-25 07:01:15 . 2012-03-25 07:01:15 24576 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
2012-03-25 07:01:15 . 2012-03-25 07:01:15 18432 ----a-w- C:\Windows\system32\drivers\tdpipe.sys
2012-03-25 07:01:15 . 2012-03-25 07:01:15 15872 ----a-w- C:\Windows\system32\drivers\rdpvideominiport.sys
2012-03-25 07:01:15 . 2012-03-25 07:01:15 134656 ----a-w- C:\Windows\system32\rdpudd.dll
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[-] 2010-11-20 08:39:17 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . C:\Windows\System32\drivers\tdx.sys
[-] 2010-11-20 08:39:17 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[-] 2009-07-13 23:12:11 . D93028EB2B5FD50BF58D4321A65948B6 . 74240 . . [------] . . C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 12:58:52 495616]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 13:19:14 3478336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="C:\Windows\system32\MAFWTray.exe" [2009-07-29 13:28:40 252424]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 01:25:18 37232]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 21:43:26 640376]
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 02:44:40 500208]
"AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 03:57:06 406992]
"SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 12:37:14 517096]
"NeroCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 10:50:42 155648]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-09-23 18:30:48 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-23 18:30:48 173592]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-09-23 18:30:48 150552]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 23:00:00 385024]
"Print2PDF Print Monitor"="C:\Program Files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 08:28:14 220992]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 13:56:38 462408]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 09:07:54 252296]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AirLive 802.11N Wireless Utility.lnk - C:\Program Files\Ovislink\Common\TurboG-UI.exe [2011-11-17 917504]
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 18:00:11 257696]
R3 cpuz134;cpuz134;C:\Users\JM\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 cpuz135;cpuz135;C:\Users\JM\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-03-25 07:01:15 15872]
R3 SwitchBoard;SwitchBoard;C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 12:37:14 517096]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 10:24:41 52224]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-08 17:08:29 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys [2011-02-16 14:52:46 11520]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 16:01:07 242240]
S2 602XML Updater;602Updater;C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 10:55:04 85344]
S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 13:56:40 654408]
S2 NAUpdate;Nero Update;C:\Program Files\Nero\Update\NASvc.exe [2011-03-04 10:39:14 584488]
S2 PaceLicenseDServices;PACE License Services;C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-05-17 23:23:36 2938880]
S2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 09:07:54 238592]
S2 WDFME;WD File Management Engine;C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 09:18:06 1060864]
S2 WDSC;WD File Management Shadow Engine;C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 09:16:56 484352]
S3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 19:08:40 33792]
S3 MAFW;Service for M-Audio FireWire;C:\Windows\system32\DRIVERS\mafw.sys [2009-07-29 13:28:18 192392]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-04-04 13:56:40 22344]
S3 netr28u;AirLive WN-5000USB Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2007-04-30 18:29:12 332800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pdiddcci
besclient
fsks
mcafeeantispyware
TClass2k
vmx86
SaiClass
VRcore
amdk77
askernel
prodrv06
pavagente
CoachVc
msk80service
sit_flt
ps2
se58obex
Machnm32
wm
hf30service
pmounter
VAIOMediaPlatform-MusicServer-UPnP
s217bus
basfipm
lxcccustomerconnect
s117nd5
entertainment
SQTECH9080
tunnelguardservice
CdaC15BA
Spsmqvsm
sp_rssrv
iam
aic78u2
z525mgmt
vmodem
emitray
GENERICDRV
JavaQuickStarterService
se58bus
SeratoUsb
ni_nic
Obsah adresáře 'Naplánované úlohy'
2012-06-20 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 17:28:10 . 2012-06-16 18:00:11]
2012-06-19 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000Core.job
- C:\Users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44:04 . 2012-06-17 17:44:03]
2012-06-20 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000UA.job
- C:\Users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44:04 . 2012-06-17 17:44:03]
------- Doplňkový sken -------
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 62.129.50.20 192.168.0.1
- Přílohy
-
- TDSSKiller.2.7.40.0_20.06.2012_19.12.34_log.rar
- (21.98 KiB) Staženo 33 x
Re: Objeven jakýsi Rootkit.0Acces.H
Ahoj, to by bylo super. Tak třeba sobota v 16:00? Díky moc
Re: Objeven jakýsi Rootkit.0Acces.H
ComboFix 12-06-23.01 - JM 23.06.2012 6:54.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2038.1242 [GMT 2:00]
Spuštěný z: c:\users\JM\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\JM\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
/wow section - STAGE 48
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.
/wow section - STAGE 50
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\$NtUninstallKB65161$\3369292820
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-23 do 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 05:04 . 2012-06-23 05:07 -------- d-----w- c:\users\JM\AppData\Local\temp
2012-06-23 05:04 . 2012-06-23 05:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 05:04 . 2012-06-23 05:04 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-23 04:20 . 2012-06-23 04:54 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAD1E5B9-919E-4873-AEE6-655946184AD0}\offreg.dll
2012-06-22 04:25 . 2012-06-22 04:45 -------- d-----w- C:\Images
2012-06-21 15:25 . 2012-06-21 15:25 -------- d-----w- c:\program files\Bome's SendSX
2012-06-19 04:29 . 2012-06-19 04:29 -------- d-----w- c:\programdata\Martau
2012-06-19 04:29 . 2012-06-19 04:31 -------- d-----w- c:\program files\Total-Uninstall-Professional-5.2.0
2012-06-18 06:17 . 2012-06-18 06:18 -------- d-----w- c:\windows\system32\SPReview
2012-06-18 06:17 . 2012-06-18 06:17 -------- d-----w- c:\windows\system32\EventProviders
2012-06-18 06:04 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-06-18 06:02 . 2010-11-20 12:36 1077248 ----a-w- c:\windows\system32\Narrator.exe
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-06-18 06:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2012-06-18 06:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2012-06-18 05:39 . 2012-06-18 05:39 -------- d-----w- c:\users\JM\AppData\Local\ElevatedDiagnostics
2012-06-18 05:39 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-18 05:39 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-18 05:39 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-17 17:44 . 2012-06-17 17:44 -------- d-----w- c:\users\JM\AppData\Local\Google
2012-06-17 17:24 . 2012-06-17 17:24 -------- d-----w- c:\program files\EnhanceMySe7en
2012-06-17 17:03 . 2012-06-17 17:03 -------- d-----w- c:\users\JM\AppData\Roaming\SeriousBit
2012-06-17 15:33 . 2012-06-17 15:33 -------- d-----w- c:\program files\Common Files\Java
2012-06-17 15:32 . 2012-06-17 15:32 -------- d-----w- c:\program files\Oracle
2012-06-17 15:32 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-17 13:51 . 2012-06-17 13:51 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-06-17 13:48 . 2012-06-17 13:48 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\program files\PhotomatixPro4
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\users\JM\AppData\Roaming\HDRsoft
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\users\JM\AppData\Roaming\Malwarebytes
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 10:40 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-17 08:43 . 2012-06-17 08:43 -------- d-----w- c:\users\JM\AppData\Roaming\UVIWorkstation
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Roaming\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Local\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\programdata\PACE
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\program files\Common Files\PACE
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\Propellerhead
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVISoundBanks
2012-06-17 08:36 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVI Workstation
2012-06-17 08:36 . 2012-06-17 08:36 -------- d-----w- c:\program files\Common Files\UVI
2012-06-17 08:36 . 2011-10-06 15:22 2275328 ----a-w- c:\windows\system32\libsndfile-1.dll
2012-06-16 20:21 . 2012-06-16 20:21 -------- dc-h--w- c:\programdata\{3006A797-CDFA-44FC-98EF-155579E2CDBF}
2012-06-16 19:28 . 2012-06-18 07:35 -------- d-----w- c:\windows\rescache
2012-06-16 17:28 . 2012-06-16 18:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 17:28 . 2012-06-16 18:00 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-16 17:23 . 2012-06-16 17:23 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-16 17:23 . 2012-06-16 17:23 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 17:22 . 2012-06-16 17:22 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-16 17:22 . 2012-06-16 17:22 28672 ----a-w- c:\windows\system32\profprov.dll
2012-06-16 17:22 . 2012-06-16 17:22 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-16 17:20 . 2012-06-16 17:20 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{27D02406-6F0F-419F-AF2F-A4EE19D2E463}
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{E9CDB61C-771D-42BB-B441-4CA7622ACA52}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{0A583E76-A7A0-45F8-9386-AEE1E529A4DE}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{CA03436C-933D-4ADA-9E89-2C39CC03E904}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{588D017F-D30B-4C08-8A10-1FEF7D039369}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{DC597CF0-DB39-40C2-9F8C-CF9D0A386548}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{3DFBC806-D62A-4312-81FF-5F343DDCB5DC}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{6E467D89-1963-440B-84F9-852C8150E323}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{B0DF9098-245E-479F-A4ED-B5F91EA4948B}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{D04E7E60-5F77-4E61-9CD4-7AEC5E15C525}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{DE181BBE-2522-484E-A620-BDCFB298DC87}
2012-06-16 13:04 . 2012-06-16 13:04 -------- dc-h--w- c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-06-16 12:58 . 2012-06-16 12:58 -------- dc-h--w- c:\programdata\{DD2792B0-5B90-4CC3-8D97-1C733D7FB366}
2012-06-16 12:53 . 2012-06-16 12:53 -------- dc-h--w- c:\programdata\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\tmp
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\hps
2012-05-26 14:39 . 2012-05-26 14:39 -------- d-----w- c:\program files\Fotolab
2012-05-25 17:48 . 2012-05-25 17:48 -------- d-----w- c:\program files\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 16:01 . 2012-03-15 17:27 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-18 06:26 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-17 16:22 . 2012-05-17 16:22 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-17 16:22 . 2012-05-17 16:22 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-17 16:22 . 2012-05-17 16:22 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-17 16:21 . 2012-05-17 16:21 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-17 16:19 . 2012-05-17 16:19 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-17 16:16 . 2012-05-17 16:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-17 16:16 . 2012-05-17 16:16 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-17 16:16 . 2012-05-17 16:16 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-17 16:16 . 2012-05-17 16:16 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-16 09:14 . 2012-05-16 09:14 21144 ----a-w- c:\windows\system32\drivers\iLokDrvr.sys
2012-05-16 09:13 . 2012-05-16 09:13 93336 ----a-w- c:\windows\system32\drivers\TPkd.sys
2012-05-04 17:29 . 2012-03-16 07:24 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-25 07:01 . 2012-03-25 07:01 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-25 07:01 . 2012-03-25 07:01 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-25 07:01 . 2012-03-25 07:01 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2012-03-25 07:01 . 2012-03-25 07:01 15872 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-03-25 07:01 . 2012-03-25 07:01 134656 ----a-w- c:\windows\system32\rdpudd.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 08:39 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . c:\windows\System32\drivers\tdx.sys
[-] 2010-11-20 08:39 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[-] 2009-07-13 23:12 . D93028EB2B5FD50BF58D4321A65948B6 . 74240 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AirLive 802.11N Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2011-11-17 917504]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257696]
R3 cpuz134;cpuz134;c:\users\JM\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 cpuz135;cpuz135;c:\users\JM\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-03-25 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-08 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 242240]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-04 584488]
S2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-05-17 2938880]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netr28u;AirLive WN-5000USB Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-04-30 332800]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 18:00]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000Core.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000UA.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 62.129.50.20 192.168.0.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3004)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\totalcmd\TOTALCMD.EXE
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Celkový čas: 2012-06-23 07:13:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-23 05:13
.
Před spuštěním: Volných bajtů: 77 039 120 384
Po spuštění: Volných bajtů: 76 750 974 976
.
- - End Of File - - 435D48B688F8A3FF88743066EA6D1E35
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2038.1242 [GMT 2:00]
Spuštěný z: c:\users\JM\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\JM\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
/wow section - STAGE 48
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.
/wow section - STAGE 50
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\$NtUninstallKB65161$\3369292820
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-23 do 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 05:04 . 2012-06-23 05:07 -------- d-----w- c:\users\JM\AppData\Local\temp
2012-06-23 05:04 . 2012-06-23 05:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 05:04 . 2012-06-23 05:04 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-23 04:20 . 2012-06-23 04:54 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAD1E5B9-919E-4873-AEE6-655946184AD0}\offreg.dll
2012-06-22 04:25 . 2012-06-22 04:45 -------- d-----w- C:\Images
2012-06-21 15:25 . 2012-06-21 15:25 -------- d-----w- c:\program files\Bome's SendSX
2012-06-19 04:29 . 2012-06-19 04:29 -------- d-----w- c:\programdata\Martau
2012-06-19 04:29 . 2012-06-19 04:31 -------- d-----w- c:\program files\Total-Uninstall-Professional-5.2.0
2012-06-18 06:17 . 2012-06-18 06:18 -------- d-----w- c:\windows\system32\SPReview
2012-06-18 06:17 . 2012-06-18 06:17 -------- d-----w- c:\windows\system32\EventProviders
2012-06-18 06:04 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-06-18 06:02 . 2010-11-20 12:36 1077248 ----a-w- c:\windows\system32\Narrator.exe
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-06-18 06:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2012-06-18 06:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2012-06-18 05:39 . 2012-06-18 05:39 -------- d-----w- c:\users\JM\AppData\Local\ElevatedDiagnostics
2012-06-18 05:39 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-18 05:39 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-18 05:39 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-17 17:44 . 2012-06-17 17:44 -------- d-----w- c:\users\JM\AppData\Local\Google
2012-06-17 17:24 . 2012-06-17 17:24 -------- d-----w- c:\program files\EnhanceMySe7en
2012-06-17 17:03 . 2012-06-17 17:03 -------- d-----w- c:\users\JM\AppData\Roaming\SeriousBit
2012-06-17 15:33 . 2012-06-17 15:33 -------- d-----w- c:\program files\Common Files\Java
2012-06-17 15:32 . 2012-06-17 15:32 -------- d-----w- c:\program files\Oracle
2012-06-17 15:32 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-17 13:51 . 2012-06-17 13:51 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-06-17 13:48 . 2012-06-17 13:48 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\program files\PhotomatixPro4
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\users\JM\AppData\Roaming\HDRsoft
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\users\JM\AppData\Roaming\Malwarebytes
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 10:40 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-17 08:43 . 2012-06-17 08:43 -------- d-----w- c:\users\JM\AppData\Roaming\UVIWorkstation
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Roaming\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Local\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\programdata\PACE
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\program files\Common Files\PACE
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\Propellerhead
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVISoundBanks
2012-06-17 08:36 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVI Workstation
2012-06-17 08:36 . 2012-06-17 08:36 -------- d-----w- c:\program files\Common Files\UVI
2012-06-17 08:36 . 2011-10-06 15:22 2275328 ----a-w- c:\windows\system32\libsndfile-1.dll
2012-06-16 20:21 . 2012-06-16 20:21 -------- dc-h--w- c:\programdata\{3006A797-CDFA-44FC-98EF-155579E2CDBF}
2012-06-16 19:28 . 2012-06-18 07:35 -------- d-----w- c:\windows\rescache
2012-06-16 17:28 . 2012-06-16 18:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 17:28 . 2012-06-16 18:00 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-16 17:23 . 2012-06-16 17:23 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-16 17:23 . 2012-06-16 17:23 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 17:22 . 2012-06-16 17:22 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-16 17:22 . 2012-06-16 17:22 28672 ----a-w- c:\windows\system32\profprov.dll
2012-06-16 17:22 . 2012-06-16 17:22 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-16 17:20 . 2012-06-16 17:20 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{27D02406-6F0F-419F-AF2F-A4EE19D2E463}
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{E9CDB61C-771D-42BB-B441-4CA7622ACA52}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{0A583E76-A7A0-45F8-9386-AEE1E529A4DE}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{CA03436C-933D-4ADA-9E89-2C39CC03E904}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{588D017F-D30B-4C08-8A10-1FEF7D039369}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{DC597CF0-DB39-40C2-9F8C-CF9D0A386548}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{3DFBC806-D62A-4312-81FF-5F343DDCB5DC}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{6E467D89-1963-440B-84F9-852C8150E323}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{B0DF9098-245E-479F-A4ED-B5F91EA4948B}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{D04E7E60-5F77-4E61-9CD4-7AEC5E15C525}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{DE181BBE-2522-484E-A620-BDCFB298DC87}
2012-06-16 13:04 . 2012-06-16 13:04 -------- dc-h--w- c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-06-16 12:58 . 2012-06-16 12:58 -------- dc-h--w- c:\programdata\{DD2792B0-5B90-4CC3-8D97-1C733D7FB366}
2012-06-16 12:53 . 2012-06-16 12:53 -------- dc-h--w- c:\programdata\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\tmp
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\hps
2012-05-26 14:39 . 2012-05-26 14:39 -------- d-----w- c:\program files\Fotolab
2012-05-25 17:48 . 2012-05-25 17:48 -------- d-----w- c:\program files\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 16:01 . 2012-03-15 17:27 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-18 06:26 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-17 16:22 . 2012-05-17 16:22 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-17 16:22 . 2012-05-17 16:22 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-17 16:22 . 2012-05-17 16:22 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-17 16:21 . 2012-05-17 16:21 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-17 16:19 . 2012-05-17 16:19 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-17 16:16 . 2012-05-17 16:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-17 16:16 . 2012-05-17 16:16 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-17 16:16 . 2012-05-17 16:16 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-17 16:16 . 2012-05-17 16:16 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-16 09:14 . 2012-05-16 09:14 21144 ----a-w- c:\windows\system32\drivers\iLokDrvr.sys
2012-05-16 09:13 . 2012-05-16 09:13 93336 ----a-w- c:\windows\system32\drivers\TPkd.sys
2012-05-04 17:29 . 2012-03-16 07:24 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-25 07:01 . 2012-03-25 07:01 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-25 07:01 . 2012-03-25 07:01 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-25 07:01 . 2012-03-25 07:01 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2012-03-25 07:01 . 2012-03-25 07:01 15872 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-03-25 07:01 . 2012-03-25 07:01 134656 ----a-w- c:\windows\system32\rdpudd.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 08:39 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . c:\windows\System32\drivers\tdx.sys
[-] 2010-11-20 08:39 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[-] 2009-07-13 23:12 . D93028EB2B5FD50BF58D4321A65948B6 . 74240 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AirLive 802.11N Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2011-11-17 917504]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257696]
R3 cpuz134;cpuz134;c:\users\JM\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 cpuz135;cpuz135;c:\users\JM\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-03-25 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-08 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 242240]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-04 584488]
S2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-05-17 2938880]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netr28u;AirLive WN-5000USB Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-04-30 332800]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 18:00]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000Core.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000UA.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 62.129.50.20 192.168.0.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3004)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\totalcmd\TOTALCMD.EXE
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Celkový čas: 2012-06-23 07:13:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-23 05:13
.
Před spuštěním: Volných bajtů: 77 039 120 384
Po spuštění: Volných bajtů: 76 750 974 976
.
- - End Of File - - 435D48B688F8A3FF88743066EA6D1E35
Re: Objeven jakýsi Rootkit.0Acces.H
Sem tu nonstop 
ComboFix 12-06-23.05 - JM 23.06.2012 11:55:57.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2038.1299 [GMT 2:00]
Spuštěný z: c:\users\JM\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\JM\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Images
c:\windows\$NtUninstallKB65161$
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-23 do 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 10:06 . 2012-06-23 10:08 -------- d-----w- c:\users\JM\AppData\Local\temp
2012-06-23 10:06 . 2012-06-23 10:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 10:06 . 2012-06-23 10:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-23 04:20 . 2012-06-23 09:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAD1E5B9-919E-4873-AEE6-655946184AD0}\offreg.dll
2012-06-21 15:25 . 2012-06-21 15:25 -------- d-----w- c:\program files\Bome's SendSX
2012-06-19 04:29 . 2012-06-19 04:29 -------- d-----w- c:\programdata\Martau
2012-06-19 04:29 . 2012-06-19 04:31 -------- d-----w- c:\program files\Total-Uninstall-Professional-5.2.0
2012-06-18 06:17 . 2012-06-18 06:18 -------- d-----w- c:\windows\system32\SPReview
2012-06-18 06:17 . 2012-06-18 06:17 -------- d-----w- c:\windows\system32\EventProviders
2012-06-18 06:04 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-06-18 06:02 . 2010-11-20 12:36 1077248 ----a-w- c:\windows\system32\Narrator.exe
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-06-18 06:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2012-06-18 06:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2012-06-18 05:39 . 2012-06-18 05:39 -------- d-----w- c:\users\JM\AppData\Local\ElevatedDiagnostics
2012-06-18 05:39 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-18 05:39 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-18 05:39 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-17 17:44 . 2012-06-17 17:44 -------- d-----w- c:\users\JM\AppData\Local\Google
2012-06-17 17:24 . 2012-06-17 17:24 -------- d-----w- c:\program files\EnhanceMySe7en
2012-06-17 17:03 . 2012-06-17 17:03 -------- d-----w- c:\users\JM\AppData\Roaming\SeriousBit
2012-06-17 15:33 . 2012-06-17 15:33 -------- d-----w- c:\program files\Common Files\Java
2012-06-17 15:32 . 2012-06-17 15:32 -------- d-----w- c:\program files\Oracle
2012-06-17 15:32 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-17 13:51 . 2012-06-17 13:51 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-06-17 13:48 . 2012-06-17 13:48 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\program files\PhotomatixPro4
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\users\JM\AppData\Roaming\HDRsoft
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\users\JM\AppData\Roaming\Malwarebytes
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 10:40 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-17 08:43 . 2012-06-17 08:43 -------- d-----w- c:\users\JM\AppData\Roaming\UVIWorkstation
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Roaming\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Local\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\programdata\PACE
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\program files\Common Files\PACE
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\Propellerhead
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVISoundBanks
2012-06-17 08:36 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVI Workstation
2012-06-17 08:36 . 2012-06-17 08:36 -------- d-----w- c:\program files\Common Files\UVI
2012-06-17 08:36 . 2011-10-06 15:22 2275328 ----a-w- c:\windows\system32\libsndfile-1.dll
2012-06-16 20:21 . 2012-06-16 20:21 -------- dc-h--w- c:\programdata\{3006A797-CDFA-44FC-98EF-155579E2CDBF}
2012-06-16 19:28 . 2012-06-18 07:35 -------- d-----w- c:\windows\rescache
2012-06-16 17:28 . 2012-06-16 18:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 17:28 . 2012-06-16 18:00 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-16 17:23 . 2012-06-16 17:23 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-16 17:23 . 2012-06-16 17:23 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 17:22 . 2012-06-16 17:22 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-16 17:22 . 2012-06-16 17:22 28672 ----a-w- c:\windows\system32\profprov.dll
2012-06-16 17:22 . 2012-06-16 17:22 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-16 17:20 . 2012-06-16 17:20 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{27D02406-6F0F-419F-AF2F-A4EE19D2E463}
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{E9CDB61C-771D-42BB-B441-4CA7622ACA52}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{0A583E76-A7A0-45F8-9386-AEE1E529A4DE}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{CA03436C-933D-4ADA-9E89-2C39CC03E904}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{588D017F-D30B-4C08-8A10-1FEF7D039369}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{DC597CF0-DB39-40C2-9F8C-CF9D0A386548}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{3DFBC806-D62A-4312-81FF-5F343DDCB5DC}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{6E467D89-1963-440B-84F9-852C8150E323}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{B0DF9098-245E-479F-A4ED-B5F91EA4948B}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{D04E7E60-5F77-4E61-9CD4-7AEC5E15C525}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{DE181BBE-2522-484E-A620-BDCFB298DC87}
2012-06-16 13:04 . 2012-06-16 13:04 -------- dc-h--w- c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-06-16 12:58 . 2012-06-16 12:58 -------- dc-h--w- c:\programdata\{DD2792B0-5B90-4CC3-8D97-1C733D7FB366}
2012-06-16 12:53 . 2012-06-16 12:53 -------- dc-h--w- c:\programdata\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\tmp
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\hps
2012-05-26 14:39 . 2012-05-26 14:39 -------- d-----w- c:\program files\Fotolab
2012-05-25 17:48 . 2012-05-25 17:48 -------- d-----w- c:\program files\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 16:01 . 2012-03-15 17:27 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-18 06:26 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-17 16:22 . 2012-05-17 16:22 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-17 16:22 . 2012-05-17 16:22 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-17 16:22 . 2012-05-17 16:22 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-17 16:21 . 2012-05-17 16:21 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-17 16:19 . 2012-05-17 16:19 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-17 16:16 . 2012-05-17 16:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-17 16:16 . 2012-05-17 16:16 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-17 16:16 . 2012-05-17 16:16 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-17 16:16 . 2012-05-17 16:16 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-16 09:14 . 2012-05-16 09:14 21144 ----a-w- c:\windows\system32\drivers\iLokDrvr.sys
2012-05-16 09:13 . 2012-05-16 09:13 93336 ----a-w- c:\windows\system32\drivers\TPkd.sys
2012-05-04 17:29 . 2012-03-16 07:24 687504 ----a-w- c:\windows\system32\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 08:39 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . c:\windows\System32\drivers\tdx.sys
[-] 2010-11-20 08:39 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[-] 2009-07-13 23:12 . D93028EB2B5FD50BF58D4321A65948B6 . 74240 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AirLive 802.11N Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2011-11-17 917504]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257696]
R3 cpuz134;cpuz134;c:\users\JM\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 cpuz135;cpuz135;c:\users\JM\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-03-25 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-08 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 242240]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-04 584488]
S2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-05-17 2938880]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netr28u;AirLive WN-5000USB Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-04-30 332800]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 18:00]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000Core.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000UA.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 62.129.50.20 192.168.0.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2732)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\sppsvc.exe
c:\users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\system32\rundll32.exe
c:\users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2012-06-23 12:15:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-23 10:15
ComboFix2.txt 2012-06-23 05:13
.
Před spuštěním: Volných bajtů: 76 499 787 776
Po spuštění: Volných bajtů: 76 451 516 416
.
- - End Of File - - 306AC7F39A7108414E2B6081DAA627D5
ComboFix 12-06-23.05 - JM 23.06.2012 11:55:57.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2038.1299 [GMT 2:00]
Spuštěný z: c:\users\JM\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\JM\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Images
c:\windows\$NtUninstallKB65161$
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-23 do 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 10:06 . 2012-06-23 10:08 -------- d-----w- c:\users\JM\AppData\Local\temp
2012-06-23 10:06 . 2012-06-23 10:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 10:06 . 2012-06-23 10:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-23 04:20 . 2012-06-23 09:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAD1E5B9-919E-4873-AEE6-655946184AD0}\offreg.dll
2012-06-21 15:25 . 2012-06-21 15:25 -------- d-----w- c:\program files\Bome's SendSX
2012-06-19 04:29 . 2012-06-19 04:29 -------- d-----w- c:\programdata\Martau
2012-06-19 04:29 . 2012-06-19 04:31 -------- d-----w- c:\program files\Total-Uninstall-Professional-5.2.0
2012-06-18 06:17 . 2012-06-18 06:18 -------- d-----w- c:\windows\system32\SPReview
2012-06-18 06:17 . 2012-06-18 06:17 -------- d-----w- c:\windows\system32\EventProviders
2012-06-18 06:04 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-06-18 06:02 . 2010-11-20 12:36 1077248 ----a-w- c:\windows\system32\Narrator.exe
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-06-18 06:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2012-06-18 06:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2012-06-18 05:39 . 2012-06-18 05:39 -------- d-----w- c:\users\JM\AppData\Local\ElevatedDiagnostics
2012-06-18 05:39 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-18 05:39 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-18 05:39 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-17 17:44 . 2012-06-17 17:44 -------- d-----w- c:\users\JM\AppData\Local\Google
2012-06-17 17:24 . 2012-06-17 17:24 -------- d-----w- c:\program files\EnhanceMySe7en
2012-06-17 17:03 . 2012-06-17 17:03 -------- d-----w- c:\users\JM\AppData\Roaming\SeriousBit
2012-06-17 15:33 . 2012-06-17 15:33 -------- d-----w- c:\program files\Common Files\Java
2012-06-17 15:32 . 2012-06-17 15:32 -------- d-----w- c:\program files\Oracle
2012-06-17 15:32 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-17 13:51 . 2012-06-17 13:51 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-06-17 13:48 . 2012-06-17 13:48 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\program files\PhotomatixPro4
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\users\JM\AppData\Roaming\HDRsoft
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\users\JM\AppData\Roaming\Malwarebytes
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 10:40 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-17 08:43 . 2012-06-17 08:43 -------- d-----w- c:\users\JM\AppData\Roaming\UVIWorkstation
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Roaming\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Local\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\programdata\PACE
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\program files\Common Files\PACE
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\Propellerhead
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVISoundBanks
2012-06-17 08:36 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVI Workstation
2012-06-17 08:36 . 2012-06-17 08:36 -------- d-----w- c:\program files\Common Files\UVI
2012-06-17 08:36 . 2011-10-06 15:22 2275328 ----a-w- c:\windows\system32\libsndfile-1.dll
2012-06-16 20:21 . 2012-06-16 20:21 -------- dc-h--w- c:\programdata\{3006A797-CDFA-44FC-98EF-155579E2CDBF}
2012-06-16 19:28 . 2012-06-18 07:35 -------- d-----w- c:\windows\rescache
2012-06-16 17:28 . 2012-06-16 18:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 17:28 . 2012-06-16 18:00 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-16 17:23 . 2012-06-16 17:23 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-16 17:23 . 2012-06-16 17:23 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 17:22 . 2012-06-16 17:22 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-16 17:22 . 2012-06-16 17:22 28672 ----a-w- c:\windows\system32\profprov.dll
2012-06-16 17:22 . 2012-06-16 17:22 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-16 17:20 . 2012-06-16 17:20 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{27D02406-6F0F-419F-AF2F-A4EE19D2E463}
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{E9CDB61C-771D-42BB-B441-4CA7622ACA52}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{0A583E76-A7A0-45F8-9386-AEE1E529A4DE}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{CA03436C-933D-4ADA-9E89-2C39CC03E904}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{588D017F-D30B-4C08-8A10-1FEF7D039369}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{DC597CF0-DB39-40C2-9F8C-CF9D0A386548}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{3DFBC806-D62A-4312-81FF-5F343DDCB5DC}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{6E467D89-1963-440B-84F9-852C8150E323}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{B0DF9098-245E-479F-A4ED-B5F91EA4948B}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{D04E7E60-5F77-4E61-9CD4-7AEC5E15C525}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{DE181BBE-2522-484E-A620-BDCFB298DC87}
2012-06-16 13:04 . 2012-06-16 13:04 -------- dc-h--w- c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-06-16 12:58 . 2012-06-16 12:58 -------- dc-h--w- c:\programdata\{DD2792B0-5B90-4CC3-8D97-1C733D7FB366}
2012-06-16 12:53 . 2012-06-16 12:53 -------- dc-h--w- c:\programdata\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\tmp
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\hps
2012-05-26 14:39 . 2012-05-26 14:39 -------- d-----w- c:\program files\Fotolab
2012-05-25 17:48 . 2012-05-25 17:48 -------- d-----w- c:\program files\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 16:01 . 2012-03-15 17:27 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-18 06:26 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-17 16:22 . 2012-05-17 16:22 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-17 16:22 . 2012-05-17 16:22 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-17 16:22 . 2012-05-17 16:22 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-17 16:21 . 2012-05-17 16:21 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-17 16:19 . 2012-05-17 16:19 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-17 16:16 . 2012-05-17 16:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-17 16:16 . 2012-05-17 16:16 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-17 16:16 . 2012-05-17 16:16 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-17 16:16 . 2012-05-17 16:16 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-16 09:14 . 2012-05-16 09:14 21144 ----a-w- c:\windows\system32\drivers\iLokDrvr.sys
2012-05-16 09:13 . 2012-05-16 09:13 93336 ----a-w- c:\windows\system32\drivers\TPkd.sys
2012-05-04 17:29 . 2012-03-16 07:24 687504 ----a-w- c:\windows\system32\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 08:39 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . c:\windows\System32\drivers\tdx.sys
[-] 2010-11-20 08:39 . AE9E96679923DF875047FD1D35813ACD . 74752 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[-] 2009-07-13 23:12 . D93028EB2B5FD50BF58D4321A65948B6 . 74240 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AirLive 802.11N Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2011-11-17 917504]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257696]
R3 cpuz134;cpuz134;c:\users\JM\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 cpuz135;cpuz135;c:\users\JM\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-03-25 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-08 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 242240]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-04 584488]
S2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-05-17 2938880]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netr28u;AirLive WN-5000USB Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-04-30 332800]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 18:00]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000Core.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000UA.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 62.129.50.20 192.168.0.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2732)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\sppsvc.exe
c:\users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\system32\rundll32.exe
c:\users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2012-06-23 12:15:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-23 10:15
ComboFix2.txt 2012-06-23 05:13
.
Před spuštěním: Volných bajtů: 76 499 787 776
Po spuštění: Volných bajtů: 76 451 516 416
.
- - End Of File - - 306AC7F39A7108414E2B6081DAA627D5
- Přílohy
-
- TDSSKiller.2.7.40.0_23.06.2012_12.16.09_log.rar
- (21.98 KiB) Staženo 38 x
Re: Objeven jakýsi Rootkit.0Acces.H
zde to je
12:34:29.0692 1656 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
12:34:29.0801 1656 ============================================================
12:34:29.0801 1656 Current date / time: 2012/06/23 12:34:29.0801
12:34:29.0801 1656 SystemInfo:
12:34:29.0801 1656
12:34:29.0801 1656 OS Version: 6.1.7601 ServicePack: 1.0
12:34:29.0801 1656 Product type: Workstation
12:34:29.0801 1656 ComputerName: JM-HTPC
12:34:29.0801 1656 UserName: JM
12:34:29.0801 1656 Windows directory: C:\Windows
12:34:29.0801 1656 System windows directory: C:\Windows
12:34:29.0801 1656 Processor architecture: Intel x86
12:34:29.0801 1656 Number of processors: 2
12:34:29.0801 1656 Page size: 0x1000
12:34:29.0801 1656 Boot type: Normal boot
12:34:29.0801 1656 ============================================================
12:34:31.0020 1656 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:34:31.0020 1656 Drive \Device\Harddisk1\DR1 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:34:31.0020 1656 ============================================================
12:34:31.0020 1656 \Device\Harddisk0\DR0:
12:34:31.0020 1656 MBR partitions:
12:34:31.0020 1656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:34:31.0020 1656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
12:34:31.0020 1656 \Device\Harddisk1\DR1:
12:34:31.0020 1656 MBR partitions:
12:34:31.0020 1656 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
12:34:31.0020 1656 ============================================================
12:34:31.0051 1656 C: <-> \Device\Harddisk0\DR0\Partition1
12:34:31.0379 1656 F: <-> \Device\Harddisk1\DR1\Partition0
12:34:31.0379 1656 ============================================================
12:34:31.0379 1656 Initialize success
12:34:31.0379 1656 ============================================================
12:35:12.0805 2528 ============================================================
12:35:12.0805 2528 Scan started
12:35:12.0805 2528 Mode: Manual; SigCheck; TDLFS;
12:35:12.0805 2528 ============================================================
12:35:24.0336 2528 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:35:24.0415 2528 1394ohci - ok
12:35:24.0524 2528 602XML Updater (f11d68e40ed62fdb7c460c445f1ec4e5) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
12:35:24.0555 2528 602XML Updater - ok
12:35:24.0618 2528 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:35:24.0633 2528 ACPI - ok
12:35:24.0680 2528 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:35:24.0696 2528 AcpiPmi - ok
12:35:24.0821 2528 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:35:24.0836 2528 AdobeFlashPlayerUpdateSvc - ok
12:35:24.0899 2528 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:35:24.0946 2528 adp94xx - ok
12:35:24.0993 2528 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:35:25.0024 2528 adpahci - ok
12:35:25.0040 2528 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:35:25.0071 2528 adpu320 - ok
12:35:25.0133 2528 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:35:25.0149 2528 AeLookupSvc - ok
12:35:25.0211 2528 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:35:25.0243 2528 AFD - ok
12:35:25.0290 2528 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:35:25.0305 2528 agp440 - ok
12:35:25.0368 2528 aic78u2 - ok
12:35:25.0399 2528 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:35:25.0415 2528 aic78xx - ok
12:35:25.0461 2528 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:35:25.0477 2528 ALG - ok
12:35:25.0493 2528 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:35:25.0508 2528 aliide - ok
12:35:25.0571 2528 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:35:25.0602 2528 amdagp - ok
12:35:25.0618 2528 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:35:25.0633 2528 amdide - ok
12:35:25.0665 2528 amdk77 - ok
12:35:25.0696 2528 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:35:25.0711 2528 AmdK8 - ok
12:35:25.0727 2528 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:35:25.0758 2528 AmdPPM - ok
12:35:25.0805 2528 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:35:25.0821 2528 amdsata - ok
12:35:25.0836 2528 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:35:25.0868 2528 amdsbs - ok
12:35:25.0883 2528 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:35:25.0899 2528 amdxata - ok
12:35:25.0977 2528 AppHostSvc (d1af38fbac0dc7e6d796b0ed01707ee0) C:\Windows\system32\inetsrv\apphostsvc.dll
12:35:26.0008 2528 AppHostSvc - ok
12:35:26.0071 2528 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:35:26.0102 2528 AppID - ok
12:35:26.0133 2528 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:35:26.0180 2528 AppIDSvc - ok
12:35:26.0227 2528 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
12:35:26.0258 2528 Appinfo - ok
12:35:26.0290 2528 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:35:26.0352 2528 AppMgmt - ok
12:35:26.0383 2528 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:35:26.0399 2528 arc - ok
12:35:26.0430 2528 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:35:26.0446 2528 arcsas - ok
12:35:26.0461 2528 askernel - ok
12:35:26.0508 2528 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:35:26.0540 2528 AsyncMac - ok
12:35:26.0602 2528 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:35:26.0618 2528 atapi - ok
12:35:26.0680 2528 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:35:26.0727 2528 AudioEndpointBuilder - ok
12:35:26.0743 2528 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:35:26.0790 2528 Audiosrv - ok
12:35:26.0852 2528 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
12:35:26.0868 2528 AxInstSV - ok
12:35:26.0915 2528 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:35:26.0946 2528 b06bdrv - ok
12:35:26.0977 2528 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:35:27.0008 2528 b57nd60x - ok
12:35:27.0040 2528 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:35:27.0055 2528 BDESVC - ok
12:35:27.0071 2528 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:35:27.0118 2528 Beep - ok
12:35:27.0133 2528 besclient - ok
12:35:27.0211 2528 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
12:35:27.0258 2528 BFE - ok
12:35:27.0352 2528 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
12:35:27.0415 2528 BITS - ok
12:35:27.0430 2528 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:35:27.0446 2528 blbdrive - ok
12:35:27.0508 2528 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:35:27.0524 2528 bowser - ok
12:35:27.0540 2528 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:35:27.0555 2528 BrFiltLo - ok
12:35:27.0571 2528 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:35:27.0586 2528 BrFiltUp - ok
12:35:27.0633 2528 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
12:35:27.0665 2528 BridgeMP - ok
12:35:27.0727 2528 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
12:35:27.0758 2528 Browser - ok
12:35:27.0790 2528 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:35:27.0821 2528 Brserid - ok
12:35:27.0836 2528 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:35:27.0852 2528 BrSerWdm - ok
12:35:27.0868 2528 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:35:27.0883 2528 BrUsbMdm - ok
12:35:27.0899 2528 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:35:27.0915 2528 BrUsbSer - ok
12:35:27.0946 2528 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:35:27.0961 2528 BTHMODEM - ok
12:35:27.0993 2528 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:35:28.0040 2528 bthserv - ok
12:35:28.0118 2528 catchme - ok
12:35:28.0149 2528 CdaC15BA - ok
12:35:28.0180 2528 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:35:28.0211 2528 cdfs - ok
12:35:28.0274 2528 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:35:28.0290 2528 cdrom - ok
12:35:28.0336 2528 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:35:28.0368 2528 CertPropSvc - ok
12:35:28.0383 2528 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:35:28.0415 2528 circlass - ok
12:35:28.0477 2528 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\Windows\system32\DRIVERS\cledx.sys
12:35:28.0477 2528 CLEDX ( UnsignedFile.Multi.Generic ) - warning
12:35:28.0477 2528 CLEDX - detected UnsignedFile.Multi.Generic (1)
12:35:28.0524 2528 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:35:28.0555 2528 CLFS - ok
12:35:28.0633 2528 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:35:28.0665 2528 clr_optimization_v2.0.50727_32 - ok
12:35:28.0790 2528 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:35:28.0821 2528 clr_optimization_v4.0.30319_32 - ok
12:35:28.0852 2528 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:35:28.0868 2528 CmBatt - ok
12:35:28.0915 2528 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:35:28.0930 2528 cmdide - ok
12:35:28.0993 2528 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
12:35:29.0024 2528 CNG - ok
12:35:29.0040 2528 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:35:29.0055 2528 Compbatt - ok
12:35:29.0118 2528 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:35:29.0133 2528 CompositeBus - ok
12:35:29.0149 2528 COMSysApp - ok
12:35:29.0243 2528 cpuz134 - ok
12:35:29.0243 2528 cpuz135 - ok
12:35:29.0274 2528 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:35:29.0290 2528 crcdisk - ok
12:35:29.0368 2528 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
12:35:29.0383 2528 CryptSvc - ok
12:35:29.0446 2528 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:35:29.0477 2528 CSC - ok
12:35:29.0540 2528 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
12:35:29.0571 2528 CscService - ok
12:35:29.0602 2528 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:35:29.0649 2528 DcomLaunch - ok
12:35:29.0680 2528 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:35:29.0743 2528 defragsvc - ok
12:35:29.0821 2528 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:35:29.0852 2528 DfsC - ok
12:35:29.0915 2528 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
12:35:29.0961 2528 Dhcp - ok
12:35:29.0993 2528 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:35:30.0024 2528 discache - ok
12:35:30.0040 2528 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:35:30.0055 2528 Disk - ok
12:35:30.0118 2528 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
12:35:30.0133 2528 Dnscache - ok
12:35:30.0196 2528 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
12:35:30.0243 2528 dot3svc - ok
12:35:30.0305 2528 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
12:35:30.0336 2528 DPS - ok
12:35:30.0368 2528 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:35:30.0383 2528 drmkaud - ok
12:35:30.0446 2528 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:35:30.0461 2528 dtsoftbus01 - ok
12:35:30.0571 2528 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:35:30.0602 2528 DXGKrnl - ok
12:35:30.0633 2528 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
12:35:30.0649 2528 e1express - ok
12:35:30.0711 2528 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:35:30.0743 2528 EapHost - ok
12:35:31.0008 2528 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:35:31.0118 2528 ebdrv - ok
12:35:31.0258 2528 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
12:35:31.0290 2528 EFS - ok
12:35:31.0399 2528 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
12:35:31.0461 2528 ehRecvr - ok
12:35:31.0493 2528 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:35:31.0508 2528 ehSched - ok
12:35:31.0571 2528 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:35:31.0618 2528 elxstor - ok
12:35:31.0649 2528 emitray - ok
12:35:31.0696 2528 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:35:31.0711 2528 ErrDev - ok
12:35:31.0790 2528 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:35:31.0821 2528 EventSystem - ok
12:35:31.0852 2528 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:35:31.0915 2528 exfat - ok
12:35:31.0930 2528 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:35:31.0993 2528 fastfat - ok
12:35:32.0071 2528 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
12:35:32.0118 2528 Fax - ok
12:35:32.0149 2528 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:35:32.0165 2528 fdc - ok
12:35:32.0180 2528 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:35:32.0227 2528 fdPHost - ok
12:35:32.0243 2528 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:35:32.0290 2528 FDResPub - ok
12:35:32.0321 2528 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:35:32.0336 2528 FileInfo - ok
12:35:32.0352 2528 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:35:32.0399 2528 Filetrace - ok
12:35:32.0540 2528 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:35:32.0586 2528 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:35:32.0586 2528 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:35:32.0586 2528 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:35:32.0618 2528 flpydisk - ok
12:35:32.0633 2528 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:35:32.0665 2528 FltMgr - ok
12:35:32.0758 2528 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
12:35:32.0790 2528 FontCache - ok
12:35:32.0883 2528 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:35:32.0899 2528 FontCache3.0.0.0 - ok
12:35:32.0915 2528 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:35:32.0946 2528 FsDepends - ok
12:35:32.0993 2528 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
12:35:33.0008 2528 Fs_Rec - ok
12:35:33.0055 2528 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:35:33.0086 2528 fvevol - ok
12:35:33.0118 2528 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:35:33.0133 2528 gagp30kx - ok
12:35:33.0165 2528 GENERICDRV - ok
12:35:33.0243 2528 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
12:35:33.0290 2528 gpsvc - ok
12:35:33.0321 2528 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:35:33.0336 2528 hcw85cir - ok
12:35:33.0399 2528 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:35:33.0430 2528 HdAudAddService - ok
12:35:33.0461 2528 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:35:33.0477 2528 HDAudBus - ok
12:35:33.0493 2528 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:35:33.0508 2528 HidBatt - ok
12:35:33.0540 2528 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:35:33.0555 2528 HidBth - ok
12:35:33.0571 2528 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:35:33.0602 2528 HidIr - ok
12:35:33.0633 2528 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
12:35:33.0665 2528 hidserv - ok
12:35:33.0680 2528 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
12:35:33.0696 2528 HidUsb - ok
12:35:33.0758 2528 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
12:35:33.0790 2528 hkmsvc - ok
12:35:33.0821 2528 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
12:35:33.0852 2528 HomeGroupListener - ok
12:35:33.0915 2528 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
12:35:33.0930 2528 HomeGroupProvider - ok
12:35:33.0946 2528 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:35:33.0961 2528 HpSAMD - ok
12:35:34.0040 2528 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:35:34.0086 2528 HTTP - ok
12:35:34.0133 2528 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:35:34.0149 2528 hwpolicy - ok
12:35:34.0165 2528 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:35:34.0196 2528 i8042prt - ok
12:35:34.0211 2528 iam - ok
12:35:34.0243 2528 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
12:35:34.0258 2528 iaStorV - ok
12:35:34.0415 2528 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:35:34.0461 2528 idsvc - ok
12:35:35.0102 2528 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:35:35.0196 2528 igfx - ok
12:35:35.0352 2528 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:35:35.0399 2528 iirsp - ok
12:35:35.0477 2528 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
12:35:35.0540 2528 IKEEXT - ok
12:35:35.0602 2528 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:35:35.0618 2528 intelide - ok
12:35:35.0633 2528 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:35:35.0649 2528 intelppm - ok
12:35:35.0680 2528 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:35:35.0727 2528 IPBusEnum - ok
12:35:35.0743 2528 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:35:35.0790 2528 IpFilterDriver - ok
12:35:35.0899 2528 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
12:35:35.0961 2528 iphlpsvc - ok
12:35:36.0008 2528 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:35:36.0040 2528 IPMIDRV - ok
12:35:36.0071 2528 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:35:36.0102 2528 IPNAT - ok
12:35:36.0118 2528 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:35:36.0149 2528 IRENUM - ok
12:35:36.0180 2528 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:35:36.0211 2528 isapnp - ok
12:35:36.0258 2528 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:35:36.0290 2528 iScsiPrt - ok
12:35:36.0321 2528 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
12:35:36.0336 2528 kbdclass - ok
12:35:36.0352 2528 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
12:35:36.0368 2528 kbdhid - ok
12:35:36.0415 2528 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:35:36.0430 2528 KeyIso - ok
12:35:36.0446 2528 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
12:35:36.0477 2528 KSecDD - ok
12:35:36.0493 2528 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
12:35:36.0508 2528 KSecPkg - ok
12:35:36.0571 2528 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:35:36.0633 2528 KtmRm - ok
12:35:36.0680 2528 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
12:35:36.0743 2528 LanmanServer - ok
12:35:36.0790 2528 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
12:35:36.0836 2528 LanmanWorkstation - ok
12:35:36.0868 2528 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:35:36.0915 2528 lltdio - ok
12:35:36.0946 2528 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:35:37.0008 2528 lltdsvc - ok
12:35:37.0024 2528 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:35:37.0055 2528 lmhosts - ok
12:35:37.0086 2528 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:35:37.0102 2528 LSI_FC - ok
12:35:37.0133 2528 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:35:37.0149 2528 LSI_SAS - ok
12:35:37.0165 2528 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:35:37.0180 2528 LSI_SAS2 - ok
12:35:37.0196 2528 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:35:37.0211 2528 LSI_SCSI - ok
12:35:37.0243 2528 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:35:37.0274 2528 luafv - ok
12:35:37.0336 2528 MAFW (c1d028531ed173ff164f660ff03eb090) C:\Windows\system32\DRIVERS\mafw.sys
12:35:37.0352 2528 MAFW - ok
12:35:37.0399 2528 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
12:35:37.0415 2528 MBAMProtector - ok
12:35:37.0555 2528 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:35:37.0586 2528 MBAMService - ok
12:35:37.0633 2528 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
12:35:37.0649 2528 Mcx2Svc - ok
12:35:37.0665 2528 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:35:37.0680 2528 megasas - ok
12:35:37.0711 2528 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:35:37.0743 2528 MegaSR - ok
12:35:37.0774 2528 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:35:37.0821 2528 MMCSS - ok
12:35:37.0836 2528 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:35:37.0868 2528 Modem - ok
12:35:37.0899 2528 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:35:37.0915 2528 monitor - ok
12:35:37.0961 2528 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
12:35:37.0977 2528 mouclass - ok
12:35:37.0993 2528 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:35:38.0008 2528 mouhid - ok
12:35:38.0071 2528 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:35:38.0086 2528 mountmgr - ok
12:35:38.0133 2528 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:35:38.0165 2528 mpio - ok
12:35:38.0180 2528 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:35:38.0227 2528 mpsdrv - ok
12:35:38.0321 2528 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
12:35:38.0368 2528 MpsSvc - ok
12:35:38.0430 2528 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:35:38.0461 2528 MRxDAV - ok
12:35:38.0524 2528 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:35:38.0540 2528 mrxsmb - ok
12:35:38.0555 2528 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:35:38.0586 2528 mrxsmb10 - ok
12:35:38.0602 2528 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:35:38.0618 2528 mrxsmb20 - ok
12:35:38.0680 2528 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:35:38.0711 2528 msahci - ok
12:35:38.0774 2528 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:35:38.0805 2528 msdsm - ok
12:35:38.0836 2528 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:35:38.0868 2528 MSDTC - ok
12:35:38.0915 2528 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:35:38.0946 2528 Msfs - ok
12:35:38.0961 2528 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:35:39.0008 2528 mshidkmdf - ok
12:35:39.0040 2528 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:35:39.0055 2528 msisadrv - ok
12:35:39.0086 2528 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:35:39.0149 2528 MSiSCSI - ok
12:35:39.0149 2528 msiserver - ok
12:35:39.0180 2528 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:35:39.0211 2528 MSKSSRV - ok
12:35:39.0227 2528 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:35:39.0274 2528 MSPCLOCK - ok
12:35:39.0290 2528 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:35:39.0336 2528 MSPQM - ok
12:35:39.0368 2528 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:35:39.0383 2528 MsRPC - ok
12:35:39.0399 2528 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:35:39.0415 2528 mssmbios - ok
12:35:39.0430 2528 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:35:39.0477 2528 MSTEE - ok
12:35:39.0477 2528 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:35:39.0508 2528 MTConfig - ok
12:35:39.0524 2528 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:35:39.0540 2528 Mup - ok
12:35:39.0602 2528 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:35:39.0665 2528 napagent - ok
12:35:39.0696 2528 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:35:39.0727 2528 NativeWifiP - ok
12:35:39.0836 2528 NAUpdate (0a053f378b53e2a467a852119f91abe1) C:\Program Files\Nero\Update\NASvc.exe
12:35:39.0883 2528 NAUpdate - ok
12:35:39.0946 2528 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:35:39.0977 2528 NDIS - ok
12:35:39.0993 2528 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:35:40.0024 2528 NdisCap - ok
12:35:40.0071 2528 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:35:40.0102 2528 NdisTapi - ok
12:35:40.0165 2528 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:35:40.0196 2528 Ndisuio - ok
12:35:40.0243 2528 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:35:40.0290 2528 NdisWan - ok
12:35:40.0336 2528 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:35:40.0368 2528 NDProxy - ok
12:35:40.0383 2528 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:35:40.0430 2528 NetBIOS - ok
12:35:40.0477 2528 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:35:40.0508 2528 NetBT - ok
12:35:40.0555 2528 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:35:40.0571 2528 Netlogon - ok
12:35:40.0618 2528 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:35:40.0665 2528 Netman - ok
12:35:40.0758 2528 NetMsmqActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:35:40.0774 2528 NetMsmqActivator - ok
12:35:40.0774 2528 NetPipeActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:35:40.0790 2528 NetPipeActivator - ok
12:35:40.0821 2528 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:35:40.0868 2528 netprofm - ok
12:35:40.0930 2528 netr28u (7a60cde3a17a9a2757591e6bc63b9e9a) C:\Windows\system32\DRIVERS\netr28u.sys
12:35:40.0961 2528 netr28u - ok
12:35:40.0961 2528 NetTcpActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:35:40.0977 2528 NetTcpActivator - ok
12:35:40.0993 2528 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:35:41.0008 2528 NetTcpPortSharing - ok
12:35:41.0040 2528 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:35:41.0055 2528 nfrd960 - ok
12:35:41.0086 2528 ni_nic - ok
12:35:41.0149 2528 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:35:41.0180 2528 NlaSvc - ok
12:35:41.0196 2528 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:35:41.0243 2528 Npfs - ok
12:35:41.0258 2528 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:35:41.0305 2528 nsi - ok
12:35:41.0321 2528 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:35:41.0352 2528 nsiproxy - ok
12:35:41.0368 2528 Nsynas32 - ok
12:35:41.0508 2528 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
12:35:41.0586 2528 Ntfs - ok
12:35:41.0602 2528 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:35:41.0649 2528 Null - ok
12:35:41.0696 2528 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
12:35:41.0727 2528 nvraid - ok
12:35:41.0805 2528 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
12:35:41.0836 2528 nvstor - ok
12:35:41.0899 2528 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:35:41.0915 2528 nv_agp - ok
12:35:42.0024 2528 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:35:42.0055 2528 odserv - ok
12:35:42.0102 2528 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:35:42.0118 2528 ohci1394 - ok
12:35:42.0149 2528 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:35:42.0180 2528 ose - ok
12:35:42.0227 2528 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:35:42.0258 2528 p2pimsvc - ok
12:35:42.0290 2528 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:35:42.0321 2528 p2psvc - ok
12:35:42.0571 2528 PaceLicenseDServices (673e36852e2f9fa778d5d3ddcefa591b) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
12:35:42.0649 2528 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - warning
12:35:42.0649 2528 PaceLicenseDServices - detected UnsignedFile.Multi.Generic (1)
12:35:42.0805 2528 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:35:42.0821 2528 Parport - ok
12:35:42.0868 2528 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
12:35:42.0883 2528 partmgr - ok
12:35:42.0899 2528 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:35:42.0930 2528 Parvdm - ok
12:35:42.0961 2528 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:35:42.0977 2528 PcaSvc - ok
12:35:43.0055 2528 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:35:43.0071 2528 pci - ok
12:35:43.0086 2528 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:35:43.0102 2528 pciide - ok
12:35:43.0133 2528 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:35:43.0165 2528 pcmcia - ok
12:35:43.0180 2528 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:35:43.0196 2528 pcw - ok
12:35:43.0211 2528 pdiddcci - ok
12:35:43.0258 2528 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:35:43.0321 2528 PEAUTH - ok
12:35:43.0415 2528 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:35:43.0446 2528 PeerDistSvc - ok
12:35:43.0633 2528 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:35:43.0727 2528 pla - ok
12:35:43.0899 2528 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
12:35:43.0946 2528 PlugPlay - ok
12:35:43.0993 2528 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:35:44.0008 2528 PNRPAutoReg - ok
12:35:44.0040 2528 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:35:44.0071 2528 PNRPsvc - ok
12:35:44.0133 2528 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:35:44.0180 2528 PolicyAgent - ok
12:35:44.0243 2528 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:35:44.0290 2528 Power - ok
12:35:44.0336 2528 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:35:44.0383 2528 PptpMiniport - ok
12:35:44.0399 2528 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:35:44.0415 2528 Processor - ok
12:35:44.0477 2528 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
12:35:44.0493 2528 ProfSvc - ok
12:35:44.0540 2528 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:35:44.0571 2528 ProtectedStorage - ok
12:35:44.0571 2528 ps2 - ok
12:35:44.0602 2528 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:35:44.0649 2528 Psched - ok
12:35:44.0696 2528 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
12:35:44.0711 2528 PxHelp20 - ok
12:35:44.0821 2528 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:35:44.0883 2528 ql2300 - ok
12:35:45.0008 2528 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:35:45.0024 2528 ql40xx - ok
12:35:45.0071 2528 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:35:45.0102 2528 QWAVE - ok
12:35:45.0118 2528 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:35:45.0133 2528 QWAVEdrv - ok
12:35:45.0149 2528 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:35:45.0196 2528 RasAcd - ok
12:35:45.0227 2528 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:35:45.0258 2528 RasAgileVpn - ok
12:35:45.0274 2528 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:35:45.0321 2528 RasAuto - ok
12:35:45.0352 2528 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:35:45.0383 2528 Rasl2tp - ok
12:35:45.0461 2528 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:35:45.0540 2528 RasMan - ok
12:35:45.0555 2528 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:35:45.0602 2528 RasPppoe - ok
12:35:45.0618 2528 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:35:45.0649 2528 RasSstp - ok
12:35:45.0711 2528 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:35:45.0758 2528 rdbss - ok
12:35:45.0774 2528 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:35:45.0790 2528 rdpbus - ok
12:35:45.0836 2528 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:35:45.0868 2528 RDPCDD - ok
12:35:45.0899 2528 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:35:45.0946 2528 RDPDR - ok
12:35:45.0961 2528 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:35:45.0993 2528 RDPENCDD - ok
12:35:46.0008 2528 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:35:46.0055 2528 RDPREFMP - ok
12:35:46.0118 2528 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
12:35:46.0149 2528 RdpVideoMiniport - ok
12:35:46.0211 2528 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
12:35:46.0274 2528 RDPWD - ok
12:35:46.0336 2528 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:35:46.0352 2528 rdyboost - ok
12:35:46.0399 2528 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:35:46.0446 2528 RemoteAccess - ok
12:35:46.0493 2528 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:35:46.0540 2528 RemoteRegistry - ok
12:35:46.0571 2528 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:35:46.0618 2528 RpcEptMapper - ok
12:35:46.0633 2528 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:35:46.0665 2528 RpcLocator - ok
12:35:46.0727 2528 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll
12:35:46.0774 2528 RpcSs - ok
12:35:46.0805 2528 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:35:46.0852 2528 rspndr - ok
12:35:46.0899 2528 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:35:46.0915 2528 s3cap - ok
12:35:46.0930 2528 SaiClass - ok
12:35:46.0977 2528 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:35:46.0993 2528 SamSs - ok
12:35:47.0071 2528 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:35:47.0086 2528 sbp2port - ok
12:35:47.0102 2528 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:35:47.0149 2528 SCardSvr - ok
12:35:47.0196 2528 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:35:47.0227 2528 scfilter - ok
12:35:47.0321 2528 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:35:47.0383 2528 Schedule - ok
12:35:47.0430 2528 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:35:47.0461 2528 SCPolicySvc - ok
12:35:47.0508 2528 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:35:47.0571 2528 SDRSVC - ok
12:35:47.0618 2528 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:35:47.0649 2528 secdrv - ok
12:35:47.0680 2528 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:35:47.0727 2528 seclogon - ok
12:35:47.0743 2528 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
12:35:47.0790 2528 SENS - ok
12:35:47.0805 2528 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:35:47.0836 2528 SensrSvc - ok
12:35:47.0852 2528 SeratoUsb - ok
12:35:47.0868 2528 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:35:47.0899 2528 Serenum - ok
12:35:47.0915 2528 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:35:47.0930 2528 Serial - ok
12:35:47.0993 2528 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:35:48.0008 2528 sermouse - ok
12:35:48.0071 2528 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:35:48.0133 2528 SessionEnv - ok
12:35:48.0180 2528 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:35:48.0227 2528 sffdisk - ok
12:35:48.0243 2528 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:35:48.0258 2528 sffp_mmc - ok
12:35:48.0274 2528 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:35:48.0305 2528 sffp_sd - ok
12:35:48.0321 2528 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:35:48.0336 2528 sfloppy - ok
12:35:48.0399 2528 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:35:48.0446 2528 SharedAccess - ok
12:35:48.0524 2528 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:35:48.0571 2528 ShellHWDetection - ok
12:35:48.0618 2528 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:35:48.0633 2528 sisagp - ok
12:35:48.0649 2528 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:35:48.0665 2528 SiSRaid2 - ok
12:35:48.0696 2528 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:35:48.0711 2528 SiSRaid4 - ok
12:35:48.0727 2528 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:35:48.0758 2528 Smb - ok
12:35:48.0821 2528 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:35:48.0836 2528 SNMPTRAP - ok
12:35:48.0852 2528 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:35:48.0868 2528 spldr - ok
12:35:48.0930 2528 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:35:48.0977 2528 Spooler - ok
12:35:49.0258 2528 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:35:49.0368 2528 sppsvc - ok
12:35:49.0555 2528 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:35:49.0602 2528 sppuinotify - ok
12:35:49.0633 2528 SQTECH9080 - ok
12:35:49.0649 2528 srservice - ok
12:35:49.0727 2528 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:35:49.0758 2528 srv - ok
12:35:49.0790 2528 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:35:49.0805 2528 srv2 - ok
12:35:49.0836 2528 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:35:49.0852 2528 srvnet - ok
12:35:49.0899 2528 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:35:49.0946 2528 SSDPSRV - ok
12:35:49.0977 2528 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:35:50.0008 2528 SstpSvc - ok
12:35:50.0040 2528 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:35:50.0055 2528 stexstor - ok
12:35:50.0133 2528 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:35:50.0165 2528 StiSvc - ok
12:35:50.0211 2528 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:35:50.0227 2528 storflt - ok
12:35:50.0243 2528 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:35:50.0258 2528 storvsc - ok
12:35:50.0305 2528 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:35:50.0321 2528 swenum - ok
12:35:50.0508 2528 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:35:50.0555 2528 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
12:35:50.0555 2528 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
12:35:50.0602 2528 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:35:50.0665 2528 swprv - ok
12:35:50.0711 2528 Synth3dVsc - ok
12:35:50.0852 2528 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:35:50.0899 2528 SysMain - ok
12:35:50.0946 2528 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:35:50.0977 2528 TabletInputService - ok
12:35:51.0040 2528 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:35:51.0071 2528 TapiSrv - ok
12:35:51.0118 2528 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:35:51.0149 2528 TBS - ok
12:35:51.0180 2528 TClass2k - ok
12:35:51.0352 2528 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
12:35:51.0430 2528 Tcpip - ok
12:35:51.0461 2528 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
12:35:51.0508 2528 TCPIP6 - ok
12:35:51.0633 2528 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:35:51.0680 2528 tcpipreg - ok
12:35:51.0727 2528 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:35:51.0758 2528 TDPIPE - ok
12:35:51.0790 2528 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
12:35:51.0821 2528 TDTCP - ok
12:35:51.0852 2528 tdx (ae9e96679923df875047fd1d35813acd) C:\Windows\system32\DRIVERS\tdx.sys
12:35:51.0852 2528 tdx ( Virus.Win32.ZAccess.c ) - infected
12:35:51.0852 2528 tdx - detected Virus.Win32.ZAccess.c (0)
12:35:51.0915 2528 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:35:51.0930 2528 TermDD - ok
12:35:52.0008 2528 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:35:52.0071 2528 TermService - ok
12:35:52.0102 2528 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:35:52.0118 2528 Themes - ok
12:35:52.0165 2528 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:35:52.0196 2528 THREADORDER - ok
12:35:52.0258 2528 TPkd (e830cda96b3c43971874c3bee2d0bb18) C:\Windows\system32\drivers\TPkd.sys
12:35:52.0274 2528 TPkd - ok
12:35:52.0290 2528 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:35:52.0336 2528 TrkWks - ok
12:35:52.0430 2528 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:35:52.0508 2528 TrustedInstaller - ok
12:35:52.0524 2528 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:35:52.0571 2528 tssecsrv - ok
12:35:52.0618 2528 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:35:52.0649 2528 TsUsbFlt - ok
12:35:52.0665 2528 tsusbhub - ok
12:35:52.0727 2528 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:35:52.0758 2528 tunnel - ok
12:35:52.0790 2528 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:35:52.0821 2528 uagp35 - ok
12:35:52.0883 2528 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:35:52.0930 2528 udfs - ok
12:35:52.0977 2528 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:35:52.0993 2528 UI0Detect - ok
12:35:53.0040 2528 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:35:53.0055 2528 uliagpkx - ok
12:35:53.0102 2528 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
12:35:53.0118 2528 umbus - ok
12:35:53.0133 2528 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:35:53.0165 2528 UmPass - ok
12:35:53.0211 2528 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
12:35:53.0243 2528 UmRdpService - ok
12:35:53.0274 2528 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:35:53.0321 2528 upnphost - ok
12:35:53.0352 2528 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
12:35:53.0383 2528 usbccgp - ok
12:35:53.0430 2528 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:35:53.0446 2528 usbcir - ok
12:35:53.0477 2528 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
12:35:53.0493 2528 usbehci - ok
12:35:53.0524 2528 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
12:35:53.0555 2528 usbhub - ok
12:35:53.0571 2528 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
12:35:53.0586 2528 usbohci - ok
12:35:53.0618 2528 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:35:53.0633 2528 usbprint - ok
12:35:53.0665 2528 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
12:35:53.0696 2528 USBSTOR - ok
12:35:53.0743 2528 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:35:53.0758 2528 usbuhci - ok
12:35:53.0805 2528 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
12:35:53.0836 2528 usbvideo - ok
12:35:53.0868 2528 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:35:53.0899 2528 UxSms - ok
12:35:53.0946 2528 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:35:53.0961 2528 VaultSvc - ok
12:35:54.0008 2528 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:35:54.0024 2528 vdrvroot - ok
12:35:54.0086 2528 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:35:54.0149 2528 vds - ok
12:35:54.0180 2528 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:35:54.0196 2528 vga - ok
12:35:54.0211 2528 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:35:54.0258 2528 VgaSave - ok
12:35:54.0274 2528 VGPU - ok
12:35:54.0336 2528 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:35:54.0368 2528 vhdmp - ok
12:35:54.0383 2528 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:35:54.0399 2528 viaagp - ok
12:35:54.0415 2528 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:35:54.0430 2528 ViaC7 - ok
12:35:54.0446 2528 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:35:54.0461 2528 viaide - ok
12:35:54.0493 2528 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:35:54.0524 2528 vmbus - ok
12:35:54.0540 2528 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:35:54.0555 2528 VMBusHID - ok
12:35:54.0602 2528 vmodem - ok
12:35:54.0618 2528 vmx86 - ok
12:35:54.0665 2528 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:35:54.0680 2528 volmgr - ok
12:35:54.0711 2528 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:35:54.0743 2528 volmgrx - ok
12:35:54.0774 2528 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:35:54.0790 2528 volsnap - ok
12:35:54.0805 2528 VRcore - ok
12:35:54.0836 2528 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:35:54.0852 2528 vsmraid - ok
12:35:54.0977 2528 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:35:55.0071 2528 VSS - ok
12:35:55.0086 2528 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
12:35:55.0102 2528 vwifibus - ok
12:35:55.0149 2528 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:35:55.0196 2528 W32Time - ok
12:35:55.0290 2528 W3SVC (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
12:35:55.0336 2528 W3SVC - ok
12:35:55.0368 2528 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:35:55.0383 2528 WacomPen - ok
12:35:55.0430 2528 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:35:55.0477 2528 WANARP - ok
12:35:55.0477 2528 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:35:55.0508 2528 Wanarpv6 - ok
12:35:55.0524 2528 WAS (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
12:35:55.0555 2528 WAS - ok
12:35:55.0774 2528 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:35:55.0852 2528 WatAdminSvc - ok
12:35:55.0977 2528 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:35:56.0071 2528 wbengine - ok
12:35:56.0133 2528 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:35:56.0165 2528 WbioSrvc - ok
12:35:56.0243 2528 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:35:56.0274 2528 wcncsvc - ok
12:35:56.0290 2528 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:35:56.0305 2528 WcsPlugInService - ok
12:35:56.0383 2528 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:35:56.0399 2528 Wd - ok
12:35:56.0461 2528 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
12:35:56.0493 2528 WDC_SAM - ok
12:35:56.0633 2528 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
12:35:56.0649 2528 WDDMService ( UnsignedFile.Multi.Generic ) - warning
12:35:56.0649 2528 WDDMService - detected UnsignedFile.Multi.Generic (1)
12:35:56.0696 2528 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:35:56.0727 2528 Wdf01000 - ok
12:35:56.0930 2528 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
12:35:56.0961 2528 WDFME ( UnsignedFile.Multi.Generic ) - warning
12:35:56.0961 2528 WDFME - detected UnsignedFile.Multi.Generic (1)
12:35:57.0118 2528 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:35:57.0149 2528 WdiServiceHost - ok
12:35:57.0149 2528 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:35:57.0180 2528 WdiSystemHost - ok
12:35:57.0211 2528 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
12:35:57.0227 2528 WDSC ( UnsignedFile.Multi.Generic ) - warning
12:35:57.0227 2528 WDSC - detected UnsignedFile.Multi.Generic (1)
12:35:57.0290 2528 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:35:57.0321 2528 WebClient - ok
12:35:57.0352 2528 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:35:57.0399 2528 Wecsvc - ok
12:35:57.0415 2528 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:35:57.0461 2528 wercplsupport - ok
12:35:57.0477 2528 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:35:57.0524 2528 WerSvc - ok
12:35:57.0586 2528 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:35:57.0633 2528 WfpLwf - ok
12:35:57.0649 2528 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:35:57.0665 2528 WIMMount - ok
12:35:57.0774 2528 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:35:57.0821 2528 WinDefend - ok
12:35:57.0836 2528 WinHttpAutoProxySvc - ok
12:35:57.0899 2528 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:35:57.0961 2528 Winmgmt - ok
12:35:58.0071 2528 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:35:58.0133 2528 WinRM - ok
12:35:58.0227 2528 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
12:35:58.0258 2528 WinUsb - ok
12:35:58.0368 2528 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:35:58.0430 2528 Wlansvc - ok
12:35:58.0649 2528 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:35:58.0711 2528 wlidsvc - ok
12:35:58.0852 2528 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:35:58.0868 2528 WmiAcpi - ok
12:35:58.0961 2528 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:35:58.0993 2528 wmiApSrv - ok
12:35:59.0165 2528 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:35:59.0211 2528 WMPNetworkSvc - ok
12:35:59.0243 2528 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:35:59.0274 2528 WPCSvc - ok
12:35:59.0321 2528 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:35:59.0352 2528 WPDBusEnum - ok
12:35:59.0415 2528 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:35:59.0446 2528 ws2ifsl - ok
12:35:59.0461 2528 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
12:35:59.0493 2528 wscsvc - ok
12:35:59.0508 2528 WSearch - ok
12:35:59.0711 2528 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
12:35:59.0774 2528 wuauserv - ok
12:35:59.0930 2528 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:35:59.0977 2528 WudfPf - ok
12:36:00.0008 2528 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:36:00.0040 2528 WUDFRd - ok
12:36:00.0149 2528 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:36:00.0211 2528 wudfsvc - ok
12:36:00.0258 2528 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:36:00.0305 2528 WwanSvc - ok
12:36:00.0336 2528 z525mgmt - ok
12:36:00.0383 2528 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:36:00.0993 2528 \Device\Harddisk0\DR0 - ok
12:36:00.0993 2528 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:36:01.0118 2528 \Device\Harddisk1\DR1 - ok
12:36:01.0118 2528 Boot (0x1200) (124d45174c417519fdd75160baff0f30) \Device\Harddisk0\DR0\Partition0
12:36:01.0118 2528 \Device\Harddisk0\DR0\Partition0 - ok
12:36:01.0165 2528 Boot (0x1200) (62e00d822149baec080f985234d54873) \Device\Harddisk0\DR0\Partition1
12:36:01.0165 2528 \Device\Harddisk0\DR0\Partition1 - ok
12:36:01.0165 2528 Boot (0x1200) (e106c08c8107be1a082a6be8203dbec8) \Device\Harddisk1\DR1\Partition0
12:36:01.0165 2528 \Device\Harddisk1\DR1\Partition0 - ok
12:36:01.0180 2528 ============================================================
12:36:01.0180 2528 Scan finished
12:36:01.0180 2528 ============================================================
12:36:01.0196 3048 Detected object count: 8
12:36:01.0196 3048 Actual detected object count: 8
12:36:20.0680 3048 CLEDX ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:20.0680 3048 CLEDX ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:36:20.0680 3048 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:20.0680 3048 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:36:20.0680 3048 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:20.0680 3048 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:36:20.0696 3048 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:20.0696 3048 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:36:20.0774 3048 C:\Windows\system32\DRIVERS\tdx.sys - copied to quarantine
12:36:20.0883 3048 Backup copy found, using it..
12:36:20.0915 3048 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
12:36:22.0602 3048 tdx ( Virus.Win32.ZAccess.c ) - User select action: Cure
12:36:22.0602 3048 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:22.0602 3048 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:36:22.0602 3048 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:22.0602 3048 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:36:22.0602 3048 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:22.0602 3048 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:34:29.0692 1656 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
12:34:29.0801 1656 ============================================================
12:34:29.0801 1656 Current date / time: 2012/06/23 12:34:29.0801
12:34:29.0801 1656 SystemInfo:
12:34:29.0801 1656
12:34:29.0801 1656 OS Version: 6.1.7601 ServicePack: 1.0
12:34:29.0801 1656 Product type: Workstation
12:34:29.0801 1656 ComputerName: JM-HTPC
12:34:29.0801 1656 UserName: JM
12:34:29.0801 1656 Windows directory: C:\Windows
12:34:29.0801 1656 System windows directory: C:\Windows
12:34:29.0801 1656 Processor architecture: Intel x86
12:34:29.0801 1656 Number of processors: 2
12:34:29.0801 1656 Page size: 0x1000
12:34:29.0801 1656 Boot type: Normal boot
12:34:29.0801 1656 ============================================================
12:34:31.0020 1656 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:34:31.0020 1656 Drive \Device\Harddisk1\DR1 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:34:31.0020 1656 ============================================================
12:34:31.0020 1656 \Device\Harddisk0\DR0:
12:34:31.0020 1656 MBR partitions:
12:34:31.0020 1656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:34:31.0020 1656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
12:34:31.0020 1656 \Device\Harddisk1\DR1:
12:34:31.0020 1656 MBR partitions:
12:34:31.0020 1656 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
12:34:31.0020 1656 ============================================================
12:34:31.0051 1656 C: <-> \Device\Harddisk0\DR0\Partition1
12:34:31.0379 1656 F: <-> \Device\Harddisk1\DR1\Partition0
12:34:31.0379 1656 ============================================================
12:34:31.0379 1656 Initialize success
12:34:31.0379 1656 ============================================================
12:35:12.0805 2528 ============================================================
12:35:12.0805 2528 Scan started
12:35:12.0805 2528 Mode: Manual; SigCheck; TDLFS;
12:35:12.0805 2528 ============================================================
12:35:24.0336 2528 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:35:24.0415 2528 1394ohci - ok
12:35:24.0524 2528 602XML Updater (f11d68e40ed62fdb7c460c445f1ec4e5) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
12:35:24.0555 2528 602XML Updater - ok
12:35:24.0618 2528 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:35:24.0633 2528 ACPI - ok
12:35:24.0680 2528 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:35:24.0696 2528 AcpiPmi - ok
12:35:24.0821 2528 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:35:24.0836 2528 AdobeFlashPlayerUpdateSvc - ok
12:35:24.0899 2528 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:35:24.0946 2528 adp94xx - ok
12:35:24.0993 2528 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:35:25.0024 2528 adpahci - ok
12:35:25.0040 2528 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:35:25.0071 2528 adpu320 - ok
12:35:25.0133 2528 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:35:25.0149 2528 AeLookupSvc - ok
12:35:25.0211 2528 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:35:25.0243 2528 AFD - ok
12:35:25.0290 2528 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:35:25.0305 2528 agp440 - ok
12:35:25.0368 2528 aic78u2 - ok
12:35:25.0399 2528 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:35:25.0415 2528 aic78xx - ok
12:35:25.0461 2528 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:35:25.0477 2528 ALG - ok
12:35:25.0493 2528 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:35:25.0508 2528 aliide - ok
12:35:25.0571 2528 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:35:25.0602 2528 amdagp - ok
12:35:25.0618 2528 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:35:25.0633 2528 amdide - ok
12:35:25.0665 2528 amdk77 - ok
12:35:25.0696 2528 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:35:25.0711 2528 AmdK8 - ok
12:35:25.0727 2528 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:35:25.0758 2528 AmdPPM - ok
12:35:25.0805 2528 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:35:25.0821 2528 amdsata - ok
12:35:25.0836 2528 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:35:25.0868 2528 amdsbs - ok
12:35:25.0883 2528 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:35:25.0899 2528 amdxata - ok
12:35:25.0977 2528 AppHostSvc (d1af38fbac0dc7e6d796b0ed01707ee0) C:\Windows\system32\inetsrv\apphostsvc.dll
12:35:26.0008 2528 AppHostSvc - ok
12:35:26.0071 2528 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:35:26.0102 2528 AppID - ok
12:35:26.0133 2528 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:35:26.0180 2528 AppIDSvc - ok
12:35:26.0227 2528 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
12:35:26.0258 2528 Appinfo - ok
12:35:26.0290 2528 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:35:26.0352 2528 AppMgmt - ok
12:35:26.0383 2528 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:35:26.0399 2528 arc - ok
12:35:26.0430 2528 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:35:26.0446 2528 arcsas - ok
12:35:26.0461 2528 askernel - ok
12:35:26.0508 2528 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:35:26.0540 2528 AsyncMac - ok
12:35:26.0602 2528 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:35:26.0618 2528 atapi - ok
12:35:26.0680 2528 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:35:26.0727 2528 AudioEndpointBuilder - ok
12:35:26.0743 2528 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:35:26.0790 2528 Audiosrv - ok
12:35:26.0852 2528 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
12:35:26.0868 2528 AxInstSV - ok
12:35:26.0915 2528 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:35:26.0946 2528 b06bdrv - ok
12:35:26.0977 2528 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:35:27.0008 2528 b57nd60x - ok
12:35:27.0040 2528 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:35:27.0055 2528 BDESVC - ok
12:35:27.0071 2528 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:35:27.0118 2528 Beep - ok
12:35:27.0133 2528 besclient - ok
12:35:27.0211 2528 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
12:35:27.0258 2528 BFE - ok
12:35:27.0352 2528 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
12:35:27.0415 2528 BITS - ok
12:35:27.0430 2528 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:35:27.0446 2528 blbdrive - ok
12:35:27.0508 2528 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:35:27.0524 2528 bowser - ok
12:35:27.0540 2528 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:35:27.0555 2528 BrFiltLo - ok
12:35:27.0571 2528 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:35:27.0586 2528 BrFiltUp - ok
12:35:27.0633 2528 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
12:35:27.0665 2528 BridgeMP - ok
12:35:27.0727 2528 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
12:35:27.0758 2528 Browser - ok
12:35:27.0790 2528 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:35:27.0821 2528 Brserid - ok
12:35:27.0836 2528 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:35:27.0852 2528 BrSerWdm - ok
12:35:27.0868 2528 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:35:27.0883 2528 BrUsbMdm - ok
12:35:27.0899 2528 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:35:27.0915 2528 BrUsbSer - ok
12:35:27.0946 2528 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:35:27.0961 2528 BTHMODEM - ok
12:35:27.0993 2528 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:35:28.0040 2528 bthserv - ok
12:35:28.0118 2528 catchme - ok
12:35:28.0149 2528 CdaC15BA - ok
12:35:28.0180 2528 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:35:28.0211 2528 cdfs - ok
12:35:28.0274 2528 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:35:28.0290 2528 cdrom - ok
12:35:28.0336 2528 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:35:28.0368 2528 CertPropSvc - ok
12:35:28.0383 2528 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:35:28.0415 2528 circlass - ok
12:35:28.0477 2528 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\Windows\system32\DRIVERS\cledx.sys
12:35:28.0477 2528 CLEDX ( UnsignedFile.Multi.Generic ) - warning
12:35:28.0477 2528 CLEDX - detected UnsignedFile.Multi.Generic (1)
12:35:28.0524 2528 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:35:28.0555 2528 CLFS - ok
12:35:28.0633 2528 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:35:28.0665 2528 clr_optimization_v2.0.50727_32 - ok
12:35:28.0790 2528 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:35:28.0821 2528 clr_optimization_v4.0.30319_32 - ok
12:35:28.0852 2528 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:35:28.0868 2528 CmBatt - ok
12:35:28.0915 2528 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:35:28.0930 2528 cmdide - ok
12:35:28.0993 2528 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
12:35:29.0024 2528 CNG - ok
12:35:29.0040 2528 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:35:29.0055 2528 Compbatt - ok
12:35:29.0118 2528 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:35:29.0133 2528 CompositeBus - ok
12:35:29.0149 2528 COMSysApp - ok
12:35:29.0243 2528 cpuz134 - ok
12:35:29.0243 2528 cpuz135 - ok
12:35:29.0274 2528 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:35:29.0290 2528 crcdisk - ok
12:35:29.0368 2528 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
12:35:29.0383 2528 CryptSvc - ok
12:35:29.0446 2528 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:35:29.0477 2528 CSC - ok
12:35:29.0540 2528 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
12:35:29.0571 2528 CscService - ok
12:35:29.0602 2528 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:35:29.0649 2528 DcomLaunch - ok
12:35:29.0680 2528 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:35:29.0743 2528 defragsvc - ok
12:35:29.0821 2528 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:35:29.0852 2528 DfsC - ok
12:35:29.0915 2528 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
12:35:29.0961 2528 Dhcp - ok
12:35:29.0993 2528 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:35:30.0024 2528 discache - ok
12:35:30.0040 2528 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:35:30.0055 2528 Disk - ok
12:35:30.0118 2528 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
12:35:30.0133 2528 Dnscache - ok
12:35:30.0196 2528 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
12:35:30.0243 2528 dot3svc - ok
12:35:30.0305 2528 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
12:35:30.0336 2528 DPS - ok
12:35:30.0368 2528 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:35:30.0383 2528 drmkaud - ok
12:35:30.0446 2528 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:35:30.0461 2528 dtsoftbus01 - ok
12:35:30.0571 2528 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:35:30.0602 2528 DXGKrnl - ok
12:35:30.0633 2528 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
12:35:30.0649 2528 e1express - ok
12:35:30.0711 2528 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:35:30.0743 2528 EapHost - ok
12:35:31.0008 2528 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:35:31.0118 2528 ebdrv - ok
12:35:31.0258 2528 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
12:35:31.0290 2528 EFS - ok
12:35:31.0399 2528 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
12:35:31.0461 2528 ehRecvr - ok
12:35:31.0493 2528 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:35:31.0508 2528 ehSched - ok
12:35:31.0571 2528 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:35:31.0618 2528 elxstor - ok
12:35:31.0649 2528 emitray - ok
12:35:31.0696 2528 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:35:31.0711 2528 ErrDev - ok
12:35:31.0790 2528 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:35:31.0821 2528 EventSystem - ok
12:35:31.0852 2528 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:35:31.0915 2528 exfat - ok
12:35:31.0930 2528 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:35:31.0993 2528 fastfat - ok
12:35:32.0071 2528 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
12:35:32.0118 2528 Fax - ok
12:35:32.0149 2528 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:35:32.0165 2528 fdc - ok
12:35:32.0180 2528 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:35:32.0227 2528 fdPHost - ok
12:35:32.0243 2528 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:35:32.0290 2528 FDResPub - ok
12:35:32.0321 2528 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:35:32.0336 2528 FileInfo - ok
12:35:32.0352 2528 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:35:32.0399 2528 Filetrace - ok
12:35:32.0540 2528 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:35:32.0586 2528 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:35:32.0586 2528 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:35:32.0586 2528 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:35:32.0618 2528 flpydisk - ok
12:35:32.0633 2528 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:35:32.0665 2528 FltMgr - ok
12:35:32.0758 2528 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
12:35:32.0790 2528 FontCache - ok
12:35:32.0883 2528 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:35:32.0899 2528 FontCache3.0.0.0 - ok
12:35:32.0915 2528 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:35:32.0946 2528 FsDepends - ok
12:35:32.0993 2528 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
12:35:33.0008 2528 Fs_Rec - ok
12:35:33.0055 2528 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:35:33.0086 2528 fvevol - ok
12:35:33.0118 2528 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:35:33.0133 2528 gagp30kx - ok
12:35:33.0165 2528 GENERICDRV - ok
12:35:33.0243 2528 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
12:35:33.0290 2528 gpsvc - ok
12:35:33.0321 2528 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:35:33.0336 2528 hcw85cir - ok
12:35:33.0399 2528 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:35:33.0430 2528 HdAudAddService - ok
12:35:33.0461 2528 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:35:33.0477 2528 HDAudBus - ok
12:35:33.0493 2528 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:35:33.0508 2528 HidBatt - ok
12:35:33.0540 2528 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:35:33.0555 2528 HidBth - ok
12:35:33.0571 2528 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:35:33.0602 2528 HidIr - ok
12:35:33.0633 2528 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
12:35:33.0665 2528 hidserv - ok
12:35:33.0680 2528 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
12:35:33.0696 2528 HidUsb - ok
12:35:33.0758 2528 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
12:35:33.0790 2528 hkmsvc - ok
12:35:33.0821 2528 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
12:35:33.0852 2528 HomeGroupListener - ok
12:35:33.0915 2528 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
12:35:33.0930 2528 HomeGroupProvider - ok
12:35:33.0946 2528 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:35:33.0961 2528 HpSAMD - ok
12:35:34.0040 2528 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:35:34.0086 2528 HTTP - ok
12:35:34.0133 2528 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:35:34.0149 2528 hwpolicy - ok
12:35:34.0165 2528 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:35:34.0196 2528 i8042prt - ok
12:35:34.0211 2528 iam - ok
12:35:34.0243 2528 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
12:35:34.0258 2528 iaStorV - ok
12:35:34.0415 2528 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:35:34.0461 2528 idsvc - ok
12:35:35.0102 2528 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:35:35.0196 2528 igfx - ok
12:35:35.0352 2528 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:35:35.0399 2528 iirsp - ok
12:35:35.0477 2528 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
12:35:35.0540 2528 IKEEXT - ok
12:35:35.0602 2528 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:35:35.0618 2528 intelide - ok
12:35:35.0633 2528 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:35:35.0649 2528 intelppm - ok
12:35:35.0680 2528 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:35:35.0727 2528 IPBusEnum - ok
12:35:35.0743 2528 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:35:35.0790 2528 IpFilterDriver - ok
12:35:35.0899 2528 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
12:35:35.0961 2528 iphlpsvc - ok
12:35:36.0008 2528 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:35:36.0040 2528 IPMIDRV - ok
12:35:36.0071 2528 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:35:36.0102 2528 IPNAT - ok
12:35:36.0118 2528 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:35:36.0149 2528 IRENUM - ok
12:35:36.0180 2528 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:35:36.0211 2528 isapnp - ok
12:35:36.0258 2528 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:35:36.0290 2528 iScsiPrt - ok
12:35:36.0321 2528 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
12:35:36.0336 2528 kbdclass - ok
12:35:36.0352 2528 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
12:35:36.0368 2528 kbdhid - ok
12:35:36.0415 2528 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:35:36.0430 2528 KeyIso - ok
12:35:36.0446 2528 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
12:35:36.0477 2528 KSecDD - ok
12:35:36.0493 2528 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
12:35:36.0508 2528 KSecPkg - ok
12:35:36.0571 2528 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:35:36.0633 2528 KtmRm - ok
12:35:36.0680 2528 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
12:35:36.0743 2528 LanmanServer - ok
12:35:36.0790 2528 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
12:35:36.0836 2528 LanmanWorkstation - ok
12:35:36.0868 2528 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:35:36.0915 2528 lltdio - ok
12:35:36.0946 2528 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:35:37.0008 2528 lltdsvc - ok
12:35:37.0024 2528 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:35:37.0055 2528 lmhosts - ok
12:35:37.0086 2528 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:35:37.0102 2528 LSI_FC - ok
12:35:37.0133 2528 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:35:37.0149 2528 LSI_SAS - ok
12:35:37.0165 2528 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:35:37.0180 2528 LSI_SAS2 - ok
12:35:37.0196 2528 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:35:37.0211 2528 LSI_SCSI - ok
12:35:37.0243 2528 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:35:37.0274 2528 luafv - ok
12:35:37.0336 2528 MAFW (c1d028531ed173ff164f660ff03eb090) C:\Windows\system32\DRIVERS\mafw.sys
12:35:37.0352 2528 MAFW - ok
12:35:37.0399 2528 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
12:35:37.0415 2528 MBAMProtector - ok
12:35:37.0555 2528 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:35:37.0586 2528 MBAMService - ok
12:35:37.0633 2528 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
12:35:37.0649 2528 Mcx2Svc - ok
12:35:37.0665 2528 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:35:37.0680 2528 megasas - ok
12:35:37.0711 2528 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:35:37.0743 2528 MegaSR - ok
12:35:37.0774 2528 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:35:37.0821 2528 MMCSS - ok
12:35:37.0836 2528 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:35:37.0868 2528 Modem - ok
12:35:37.0899 2528 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:35:37.0915 2528 monitor - ok
12:35:37.0961 2528 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
12:35:37.0977 2528 mouclass - ok
12:35:37.0993 2528 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:35:38.0008 2528 mouhid - ok
12:35:38.0071 2528 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:35:38.0086 2528 mountmgr - ok
12:35:38.0133 2528 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:35:38.0165 2528 mpio - ok
12:35:38.0180 2528 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:35:38.0227 2528 mpsdrv - ok
12:35:38.0321 2528 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
12:35:38.0368 2528 MpsSvc - ok
12:35:38.0430 2528 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:35:38.0461 2528 MRxDAV - ok
12:35:38.0524 2528 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:35:38.0540 2528 mrxsmb - ok
12:35:38.0555 2528 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:35:38.0586 2528 mrxsmb10 - ok
12:35:38.0602 2528 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:35:38.0618 2528 mrxsmb20 - ok
12:35:38.0680 2528 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:35:38.0711 2528 msahci - ok
12:35:38.0774 2528 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:35:38.0805 2528 msdsm - ok
12:35:38.0836 2528 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:35:38.0868 2528 MSDTC - ok
12:35:38.0915 2528 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:35:38.0946 2528 Msfs - ok
12:35:38.0961 2528 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:35:39.0008 2528 mshidkmdf - ok
12:35:39.0040 2528 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:35:39.0055 2528 msisadrv - ok
12:35:39.0086 2528 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:35:39.0149 2528 MSiSCSI - ok
12:35:39.0149 2528 msiserver - ok
12:35:39.0180 2528 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:35:39.0211 2528 MSKSSRV - ok
12:35:39.0227 2528 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:35:39.0274 2528 MSPCLOCK - ok
12:35:39.0290 2528 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:35:39.0336 2528 MSPQM - ok
12:35:39.0368 2528 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:35:39.0383 2528 MsRPC - ok
12:35:39.0399 2528 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:35:39.0415 2528 mssmbios - ok
12:35:39.0430 2528 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:35:39.0477 2528 MSTEE - ok
12:35:39.0477 2528 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:35:39.0508 2528 MTConfig - ok
12:35:39.0524 2528 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:35:39.0540 2528 Mup - ok
12:35:39.0602 2528 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:35:39.0665 2528 napagent - ok
12:35:39.0696 2528 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:35:39.0727 2528 NativeWifiP - ok
12:35:39.0836 2528 NAUpdate (0a053f378b53e2a467a852119f91abe1) C:\Program Files\Nero\Update\NASvc.exe
12:35:39.0883 2528 NAUpdate - ok
12:35:39.0946 2528 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:35:39.0977 2528 NDIS - ok
12:35:39.0993 2528 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:35:40.0024 2528 NdisCap - ok
12:35:40.0071 2528 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:35:40.0102 2528 NdisTapi - ok
12:35:40.0165 2528 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:35:40.0196 2528 Ndisuio - ok
12:35:40.0243 2528 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:35:40.0290 2528 NdisWan - ok
12:35:40.0336 2528 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:35:40.0368 2528 NDProxy - ok
12:35:40.0383 2528 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:35:40.0430 2528 NetBIOS - ok
12:35:40.0477 2528 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:35:40.0508 2528 NetBT - ok
12:35:40.0555 2528 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:35:40.0571 2528 Netlogon - ok
12:35:40.0618 2528 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:35:40.0665 2528 Netman - ok
12:35:40.0758 2528 NetMsmqActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:35:40.0774 2528 NetMsmqActivator - ok
12:35:40.0774 2528 NetPipeActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:35:40.0790 2528 NetPipeActivator - ok
12:35:40.0821 2528 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:35:40.0868 2528 netprofm - ok
12:35:40.0930 2528 netr28u (7a60cde3a17a9a2757591e6bc63b9e9a) C:\Windows\system32\DRIVERS\netr28u.sys
12:35:40.0961 2528 netr28u - ok
12:35:40.0961 2528 NetTcpActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:35:40.0977 2528 NetTcpActivator - ok
12:35:40.0993 2528 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:35:41.0008 2528 NetTcpPortSharing - ok
12:35:41.0040 2528 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:35:41.0055 2528 nfrd960 - ok
12:35:41.0086 2528 ni_nic - ok
12:35:41.0149 2528 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:35:41.0180 2528 NlaSvc - ok
12:35:41.0196 2528 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:35:41.0243 2528 Npfs - ok
12:35:41.0258 2528 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:35:41.0305 2528 nsi - ok
12:35:41.0321 2528 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:35:41.0352 2528 nsiproxy - ok
12:35:41.0368 2528 Nsynas32 - ok
12:35:41.0508 2528 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
12:35:41.0586 2528 Ntfs - ok
12:35:41.0602 2528 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:35:41.0649 2528 Null - ok
12:35:41.0696 2528 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
12:35:41.0727 2528 nvraid - ok
12:35:41.0805 2528 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
12:35:41.0836 2528 nvstor - ok
12:35:41.0899 2528 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:35:41.0915 2528 nv_agp - ok
12:35:42.0024 2528 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:35:42.0055 2528 odserv - ok
12:35:42.0102 2528 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:35:42.0118 2528 ohci1394 - ok
12:35:42.0149 2528 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:35:42.0180 2528 ose - ok
12:35:42.0227 2528 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:35:42.0258 2528 p2pimsvc - ok
12:35:42.0290 2528 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:35:42.0321 2528 p2psvc - ok
12:35:42.0571 2528 PaceLicenseDServices (673e36852e2f9fa778d5d3ddcefa591b) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
12:35:42.0649 2528 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - warning
12:35:42.0649 2528 PaceLicenseDServices - detected UnsignedFile.Multi.Generic (1)
12:35:42.0805 2528 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:35:42.0821 2528 Parport - ok
12:35:42.0868 2528 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
12:35:42.0883 2528 partmgr - ok
12:35:42.0899 2528 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:35:42.0930 2528 Parvdm - ok
12:35:42.0961 2528 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:35:42.0977 2528 PcaSvc - ok
12:35:43.0055 2528 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:35:43.0071 2528 pci - ok
12:35:43.0086 2528 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:35:43.0102 2528 pciide - ok
12:35:43.0133 2528 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:35:43.0165 2528 pcmcia - ok
12:35:43.0180 2528 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:35:43.0196 2528 pcw - ok
12:35:43.0211 2528 pdiddcci - ok
12:35:43.0258 2528 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:35:43.0321 2528 PEAUTH - ok
12:35:43.0415 2528 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:35:43.0446 2528 PeerDistSvc - ok
12:35:43.0633 2528 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:35:43.0727 2528 pla - ok
12:35:43.0899 2528 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
12:35:43.0946 2528 PlugPlay - ok
12:35:43.0993 2528 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:35:44.0008 2528 PNRPAutoReg - ok
12:35:44.0040 2528 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:35:44.0071 2528 PNRPsvc - ok
12:35:44.0133 2528 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:35:44.0180 2528 PolicyAgent - ok
12:35:44.0243 2528 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:35:44.0290 2528 Power - ok
12:35:44.0336 2528 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:35:44.0383 2528 PptpMiniport - ok
12:35:44.0399 2528 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:35:44.0415 2528 Processor - ok
12:35:44.0477 2528 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
12:35:44.0493 2528 ProfSvc - ok
12:35:44.0540 2528 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:35:44.0571 2528 ProtectedStorage - ok
12:35:44.0571 2528 ps2 - ok
12:35:44.0602 2528 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:35:44.0649 2528 Psched - ok
12:35:44.0696 2528 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
12:35:44.0711 2528 PxHelp20 - ok
12:35:44.0821 2528 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:35:44.0883 2528 ql2300 - ok
12:35:45.0008 2528 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:35:45.0024 2528 ql40xx - ok
12:35:45.0071 2528 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:35:45.0102 2528 QWAVE - ok
12:35:45.0118 2528 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:35:45.0133 2528 QWAVEdrv - ok
12:35:45.0149 2528 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:35:45.0196 2528 RasAcd - ok
12:35:45.0227 2528 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:35:45.0258 2528 RasAgileVpn - ok
12:35:45.0274 2528 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:35:45.0321 2528 RasAuto - ok
12:35:45.0352 2528 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:35:45.0383 2528 Rasl2tp - ok
12:35:45.0461 2528 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:35:45.0540 2528 RasMan - ok
12:35:45.0555 2528 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:35:45.0602 2528 RasPppoe - ok
12:35:45.0618 2528 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:35:45.0649 2528 RasSstp - ok
12:35:45.0711 2528 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:35:45.0758 2528 rdbss - ok
12:35:45.0774 2528 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:35:45.0790 2528 rdpbus - ok
12:35:45.0836 2528 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:35:45.0868 2528 RDPCDD - ok
12:35:45.0899 2528 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:35:45.0946 2528 RDPDR - ok
12:35:45.0961 2528 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:35:45.0993 2528 RDPENCDD - ok
12:35:46.0008 2528 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:35:46.0055 2528 RDPREFMP - ok
12:35:46.0118 2528 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
12:35:46.0149 2528 RdpVideoMiniport - ok
12:35:46.0211 2528 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
12:35:46.0274 2528 RDPWD - ok
12:35:46.0336 2528 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:35:46.0352 2528 rdyboost - ok
12:35:46.0399 2528 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:35:46.0446 2528 RemoteAccess - ok
12:35:46.0493 2528 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:35:46.0540 2528 RemoteRegistry - ok
12:35:46.0571 2528 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:35:46.0618 2528 RpcEptMapper - ok
12:35:46.0633 2528 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:35:46.0665 2528 RpcLocator - ok
12:35:46.0727 2528 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll
12:35:46.0774 2528 RpcSs - ok
12:35:46.0805 2528 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:35:46.0852 2528 rspndr - ok
12:35:46.0899 2528 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:35:46.0915 2528 s3cap - ok
12:35:46.0930 2528 SaiClass - ok
12:35:46.0977 2528 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:35:46.0993 2528 SamSs - ok
12:35:47.0071 2528 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:35:47.0086 2528 sbp2port - ok
12:35:47.0102 2528 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:35:47.0149 2528 SCardSvr - ok
12:35:47.0196 2528 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:35:47.0227 2528 scfilter - ok
12:35:47.0321 2528 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:35:47.0383 2528 Schedule - ok
12:35:47.0430 2528 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:35:47.0461 2528 SCPolicySvc - ok
12:35:47.0508 2528 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:35:47.0571 2528 SDRSVC - ok
12:35:47.0618 2528 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:35:47.0649 2528 secdrv - ok
12:35:47.0680 2528 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:35:47.0727 2528 seclogon - ok
12:35:47.0743 2528 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
12:35:47.0790 2528 SENS - ok
12:35:47.0805 2528 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:35:47.0836 2528 SensrSvc - ok
12:35:47.0852 2528 SeratoUsb - ok
12:35:47.0868 2528 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:35:47.0899 2528 Serenum - ok
12:35:47.0915 2528 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:35:47.0930 2528 Serial - ok
12:35:47.0993 2528 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:35:48.0008 2528 sermouse - ok
12:35:48.0071 2528 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:35:48.0133 2528 SessionEnv - ok
12:35:48.0180 2528 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:35:48.0227 2528 sffdisk - ok
12:35:48.0243 2528 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:35:48.0258 2528 sffp_mmc - ok
12:35:48.0274 2528 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:35:48.0305 2528 sffp_sd - ok
12:35:48.0321 2528 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:35:48.0336 2528 sfloppy - ok
12:35:48.0399 2528 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:35:48.0446 2528 SharedAccess - ok
12:35:48.0524 2528 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:35:48.0571 2528 ShellHWDetection - ok
12:35:48.0618 2528 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:35:48.0633 2528 sisagp - ok
12:35:48.0649 2528 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:35:48.0665 2528 SiSRaid2 - ok
12:35:48.0696 2528 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:35:48.0711 2528 SiSRaid4 - ok
12:35:48.0727 2528 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:35:48.0758 2528 Smb - ok
12:35:48.0821 2528 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:35:48.0836 2528 SNMPTRAP - ok
12:35:48.0852 2528 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:35:48.0868 2528 spldr - ok
12:35:48.0930 2528 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:35:48.0977 2528 Spooler - ok
12:35:49.0258 2528 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:35:49.0368 2528 sppsvc - ok
12:35:49.0555 2528 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:35:49.0602 2528 sppuinotify - ok
12:35:49.0633 2528 SQTECH9080 - ok
12:35:49.0649 2528 srservice - ok
12:35:49.0727 2528 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:35:49.0758 2528 srv - ok
12:35:49.0790 2528 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:35:49.0805 2528 srv2 - ok
12:35:49.0836 2528 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:35:49.0852 2528 srvnet - ok
12:35:49.0899 2528 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:35:49.0946 2528 SSDPSRV - ok
12:35:49.0977 2528 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:35:50.0008 2528 SstpSvc - ok
12:35:50.0040 2528 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:35:50.0055 2528 stexstor - ok
12:35:50.0133 2528 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:35:50.0165 2528 StiSvc - ok
12:35:50.0211 2528 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:35:50.0227 2528 storflt - ok
12:35:50.0243 2528 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:35:50.0258 2528 storvsc - ok
12:35:50.0305 2528 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:35:50.0321 2528 swenum - ok
12:35:50.0508 2528 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:35:50.0555 2528 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
12:35:50.0555 2528 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
12:35:50.0602 2528 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:35:50.0665 2528 swprv - ok
12:35:50.0711 2528 Synth3dVsc - ok
12:35:50.0852 2528 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:35:50.0899 2528 SysMain - ok
12:35:50.0946 2528 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:35:50.0977 2528 TabletInputService - ok
12:35:51.0040 2528 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:35:51.0071 2528 TapiSrv - ok
12:35:51.0118 2528 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:35:51.0149 2528 TBS - ok
12:35:51.0180 2528 TClass2k - ok
12:35:51.0352 2528 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
12:35:51.0430 2528 Tcpip - ok
12:35:51.0461 2528 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
12:35:51.0508 2528 TCPIP6 - ok
12:35:51.0633 2528 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:35:51.0680 2528 tcpipreg - ok
12:35:51.0727 2528 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:35:51.0758 2528 TDPIPE - ok
12:35:51.0790 2528 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
12:35:51.0821 2528 TDTCP - ok
12:35:51.0852 2528 tdx (ae9e96679923df875047fd1d35813acd) C:\Windows\system32\DRIVERS\tdx.sys
12:35:51.0852 2528 tdx ( Virus.Win32.ZAccess.c ) - infected
12:35:51.0852 2528 tdx - detected Virus.Win32.ZAccess.c (0)
12:35:51.0915 2528 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:35:51.0930 2528 TermDD - ok
12:35:52.0008 2528 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:35:52.0071 2528 TermService - ok
12:35:52.0102 2528 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:35:52.0118 2528 Themes - ok
12:35:52.0165 2528 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:35:52.0196 2528 THREADORDER - ok
12:35:52.0258 2528 TPkd (e830cda96b3c43971874c3bee2d0bb18) C:\Windows\system32\drivers\TPkd.sys
12:35:52.0274 2528 TPkd - ok
12:35:52.0290 2528 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:35:52.0336 2528 TrkWks - ok
12:35:52.0430 2528 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:35:52.0508 2528 TrustedInstaller - ok
12:35:52.0524 2528 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:35:52.0571 2528 tssecsrv - ok
12:35:52.0618 2528 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:35:52.0649 2528 TsUsbFlt - ok
12:35:52.0665 2528 tsusbhub - ok
12:35:52.0727 2528 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:35:52.0758 2528 tunnel - ok
12:35:52.0790 2528 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:35:52.0821 2528 uagp35 - ok
12:35:52.0883 2528 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:35:52.0930 2528 udfs - ok
12:35:52.0977 2528 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:35:52.0993 2528 UI0Detect - ok
12:35:53.0040 2528 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:35:53.0055 2528 uliagpkx - ok
12:35:53.0102 2528 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
12:35:53.0118 2528 umbus - ok
12:35:53.0133 2528 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:35:53.0165 2528 UmPass - ok
12:35:53.0211 2528 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
12:35:53.0243 2528 UmRdpService - ok
12:35:53.0274 2528 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:35:53.0321 2528 upnphost - ok
12:35:53.0352 2528 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
12:35:53.0383 2528 usbccgp - ok
12:35:53.0430 2528 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:35:53.0446 2528 usbcir - ok
12:35:53.0477 2528 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
12:35:53.0493 2528 usbehci - ok
12:35:53.0524 2528 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
12:35:53.0555 2528 usbhub - ok
12:35:53.0571 2528 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
12:35:53.0586 2528 usbohci - ok
12:35:53.0618 2528 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:35:53.0633 2528 usbprint - ok
12:35:53.0665 2528 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
12:35:53.0696 2528 USBSTOR - ok
12:35:53.0743 2528 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:35:53.0758 2528 usbuhci - ok
12:35:53.0805 2528 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
12:35:53.0836 2528 usbvideo - ok
12:35:53.0868 2528 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:35:53.0899 2528 UxSms - ok
12:35:53.0946 2528 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:35:53.0961 2528 VaultSvc - ok
12:35:54.0008 2528 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:35:54.0024 2528 vdrvroot - ok
12:35:54.0086 2528 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:35:54.0149 2528 vds - ok
12:35:54.0180 2528 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:35:54.0196 2528 vga - ok
12:35:54.0211 2528 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:35:54.0258 2528 VgaSave - ok
12:35:54.0274 2528 VGPU - ok
12:35:54.0336 2528 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:35:54.0368 2528 vhdmp - ok
12:35:54.0383 2528 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:35:54.0399 2528 viaagp - ok
12:35:54.0415 2528 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:35:54.0430 2528 ViaC7 - ok
12:35:54.0446 2528 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:35:54.0461 2528 viaide - ok
12:35:54.0493 2528 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:35:54.0524 2528 vmbus - ok
12:35:54.0540 2528 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:35:54.0555 2528 VMBusHID - ok
12:35:54.0602 2528 vmodem - ok
12:35:54.0618 2528 vmx86 - ok
12:35:54.0665 2528 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:35:54.0680 2528 volmgr - ok
12:35:54.0711 2528 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:35:54.0743 2528 volmgrx - ok
12:35:54.0774 2528 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:35:54.0790 2528 volsnap - ok
12:35:54.0805 2528 VRcore - ok
12:35:54.0836 2528 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:35:54.0852 2528 vsmraid - ok
12:35:54.0977 2528 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:35:55.0071 2528 VSS - ok
12:35:55.0086 2528 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
12:35:55.0102 2528 vwifibus - ok
12:35:55.0149 2528 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:35:55.0196 2528 W32Time - ok
12:35:55.0290 2528 W3SVC (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
12:35:55.0336 2528 W3SVC - ok
12:35:55.0368 2528 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:35:55.0383 2528 WacomPen - ok
12:35:55.0430 2528 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:35:55.0477 2528 WANARP - ok
12:35:55.0477 2528 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:35:55.0508 2528 Wanarpv6 - ok
12:35:55.0524 2528 WAS (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
12:35:55.0555 2528 WAS - ok
12:35:55.0774 2528 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:35:55.0852 2528 WatAdminSvc - ok
12:35:55.0977 2528 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:35:56.0071 2528 wbengine - ok
12:35:56.0133 2528 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:35:56.0165 2528 WbioSrvc - ok
12:35:56.0243 2528 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:35:56.0274 2528 wcncsvc - ok
12:35:56.0290 2528 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:35:56.0305 2528 WcsPlugInService - ok
12:35:56.0383 2528 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:35:56.0399 2528 Wd - ok
12:35:56.0461 2528 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
12:35:56.0493 2528 WDC_SAM - ok
12:35:56.0633 2528 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
12:35:56.0649 2528 WDDMService ( UnsignedFile.Multi.Generic ) - warning
12:35:56.0649 2528 WDDMService - detected UnsignedFile.Multi.Generic (1)
12:35:56.0696 2528 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:35:56.0727 2528 Wdf01000 - ok
12:35:56.0930 2528 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
12:35:56.0961 2528 WDFME ( UnsignedFile.Multi.Generic ) - warning
12:35:56.0961 2528 WDFME - detected UnsignedFile.Multi.Generic (1)
12:35:57.0118 2528 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:35:57.0149 2528 WdiServiceHost - ok
12:35:57.0149 2528 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:35:57.0180 2528 WdiSystemHost - ok
12:35:57.0211 2528 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
12:35:57.0227 2528 WDSC ( UnsignedFile.Multi.Generic ) - warning
12:35:57.0227 2528 WDSC - detected UnsignedFile.Multi.Generic (1)
12:35:57.0290 2528 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:35:57.0321 2528 WebClient - ok
12:35:57.0352 2528 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:35:57.0399 2528 Wecsvc - ok
12:35:57.0415 2528 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:35:57.0461 2528 wercplsupport - ok
12:35:57.0477 2528 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:35:57.0524 2528 WerSvc - ok
12:35:57.0586 2528 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:35:57.0633 2528 WfpLwf - ok
12:35:57.0649 2528 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:35:57.0665 2528 WIMMount - ok
12:35:57.0774 2528 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:35:57.0821 2528 WinDefend - ok
12:35:57.0836 2528 WinHttpAutoProxySvc - ok
12:35:57.0899 2528 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:35:57.0961 2528 Winmgmt - ok
12:35:58.0071 2528 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:35:58.0133 2528 WinRM - ok
12:35:58.0227 2528 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
12:35:58.0258 2528 WinUsb - ok
12:35:58.0368 2528 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:35:58.0430 2528 Wlansvc - ok
12:35:58.0649 2528 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:35:58.0711 2528 wlidsvc - ok
12:35:58.0852 2528 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:35:58.0868 2528 WmiAcpi - ok
12:35:58.0961 2528 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:35:58.0993 2528 wmiApSrv - ok
12:35:59.0165 2528 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:35:59.0211 2528 WMPNetworkSvc - ok
12:35:59.0243 2528 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:35:59.0274 2528 WPCSvc - ok
12:35:59.0321 2528 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:35:59.0352 2528 WPDBusEnum - ok
12:35:59.0415 2528 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:35:59.0446 2528 ws2ifsl - ok
12:35:59.0461 2528 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
12:35:59.0493 2528 wscsvc - ok
12:35:59.0508 2528 WSearch - ok
12:35:59.0711 2528 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
12:35:59.0774 2528 wuauserv - ok
12:35:59.0930 2528 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:35:59.0977 2528 WudfPf - ok
12:36:00.0008 2528 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:36:00.0040 2528 WUDFRd - ok
12:36:00.0149 2528 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:36:00.0211 2528 wudfsvc - ok
12:36:00.0258 2528 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:36:00.0305 2528 WwanSvc - ok
12:36:00.0336 2528 z525mgmt - ok
12:36:00.0383 2528 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:36:00.0993 2528 \Device\Harddisk0\DR0 - ok
12:36:00.0993 2528 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:36:01.0118 2528 \Device\Harddisk1\DR1 - ok
12:36:01.0118 2528 Boot (0x1200) (124d45174c417519fdd75160baff0f30) \Device\Harddisk0\DR0\Partition0
12:36:01.0118 2528 \Device\Harddisk0\DR0\Partition0 - ok
12:36:01.0165 2528 Boot (0x1200) (62e00d822149baec080f985234d54873) \Device\Harddisk0\DR0\Partition1
12:36:01.0165 2528 \Device\Harddisk0\DR0\Partition1 - ok
12:36:01.0165 2528 Boot (0x1200) (e106c08c8107be1a082a6be8203dbec8) \Device\Harddisk1\DR1\Partition0
12:36:01.0165 2528 \Device\Harddisk1\DR1\Partition0 - ok
12:36:01.0180 2528 ============================================================
12:36:01.0180 2528 Scan finished
12:36:01.0180 2528 ============================================================
12:36:01.0196 3048 Detected object count: 8
12:36:01.0196 3048 Actual detected object count: 8
12:36:20.0680 3048 CLEDX ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:20.0680 3048 CLEDX ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:36:20.0680 3048 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:20.0680 3048 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:36:20.0680 3048 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:20.0680 3048 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:36:20.0696 3048 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:20.0696 3048 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:36:20.0774 3048 C:\Windows\system32\DRIVERS\tdx.sys - copied to quarantine
12:36:20.0883 3048 Backup copy found, using it..
12:36:20.0915 3048 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
12:36:22.0602 3048 tdx ( Virus.Win32.ZAccess.c ) - User select action: Cure
12:36:22.0602 3048 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:22.0602 3048 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:36:22.0602 3048 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:22.0602 3048 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:36:22.0602 3048 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:22.0602 3048 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
Re: Objeven jakýsi Rootkit.0Acces.H
že by
12:53:04.0165 3240 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
12:53:04.0243 3240 ============================================================
12:53:04.0243 3240 Current date / time: 2012/06/23 12:53:04.0243
12:53:04.0243 3240 SystemInfo:
12:53:04.0243 3240
12:53:04.0243 3240 OS Version: 6.1.7601 ServicePack: 1.0
12:53:04.0243 3240 Product type: Workstation
12:53:04.0243 3240 ComputerName: JM-HTPC
12:53:04.0243 3240 UserName: JM
12:53:04.0243 3240 Windows directory: C:\Windows
12:53:04.0243 3240 System windows directory: C:\Windows
12:53:04.0243 3240 Processor architecture: Intel x86
12:53:04.0243 3240 Number of processors: 2
12:53:04.0243 3240 Page size: 0x1000
12:53:04.0243 3240 Boot type: Normal boot
12:53:04.0243 3240 ============================================================
12:53:06.0399 3240 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:53:06.0399 3240 Drive \Device\Harddisk1\DR1 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:53:06.0711 3240 ============================================================
12:53:06.0711 3240 \Device\Harddisk0\DR0:
12:53:06.0711 3240 MBR partitions:
12:53:06.0711 3240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:53:06.0711 3240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
12:53:06.0711 3240 \Device\Harddisk1\DR1:
12:53:06.0711 3240 MBR partitions:
12:53:06.0711 3240 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
12:53:06.0711 3240 ============================================================
12:53:06.0790 3240 C: <-> \Device\Harddisk0\DR0\Partition1
12:53:06.0790 3240 F: <-> \Device\Harddisk1\DR1\Partition0
12:53:06.0790 3240 ============================================================
12:53:06.0790 3240 Initialize success
12:53:06.0805 3240 ============================================================
12:53:14.0711 3388 ============================================================
12:53:14.0711 3388 Scan started
12:53:14.0711 3388 Mode: Manual; SigCheck; TDLFS;
12:53:14.0711 3388 ============================================================
12:53:15.0977 3388 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:53:16.0118 3388 1394ohci - ok
12:53:16.0211 3388 602XML Updater (f11d68e40ed62fdb7c460c445f1ec4e5) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
12:53:16.0243 3388 602XML Updater - ok
12:53:16.0321 3388 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:53:16.0336 3388 ACPI - ok
12:53:16.0383 3388 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:53:16.0493 3388 AcpiPmi - ok
12:53:16.0602 3388 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:53:16.0649 3388 AdobeFlashPlayerUpdateSvc - ok
12:53:16.0696 3388 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:53:16.0743 3388 adp94xx - ok
12:53:16.0774 3388 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:53:16.0805 3388 adpahci - ok
12:53:16.0821 3388 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:53:16.0836 3388 adpu320 - ok
12:53:16.0899 3388 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:53:16.0977 3388 AeLookupSvc - ok
12:53:17.0040 3388 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:53:17.0102 3388 AFD - ok
12:53:17.0149 3388 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:53:17.0165 3388 agp440 - ok
12:53:17.0211 3388 aic78u2 - ok
12:53:17.0243 3388 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:53:17.0258 3388 aic78xx - ok
12:53:17.0305 3388 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:53:17.0368 3388 ALG - ok
12:53:17.0399 3388 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:53:17.0415 3388 aliide - ok
12:53:17.0461 3388 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:53:17.0477 3388 amdagp - ok
12:53:17.0508 3388 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:53:17.0524 3388 amdide - ok
12:53:17.0571 3388 amdk77 - ok
12:53:17.0602 3388 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:53:17.0649 3388 AmdK8 - ok
12:53:17.0665 3388 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:53:17.0711 3388 AmdPPM - ok
12:53:17.0758 3388 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:53:17.0774 3388 amdsata - ok
12:53:17.0790 3388 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:53:17.0821 3388 amdsbs - ok
12:53:17.0836 3388 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:53:17.0852 3388 amdxata - ok
12:53:17.0915 3388 AppHostSvc (d1af38fbac0dc7e6d796b0ed01707ee0) C:\Windows\system32\inetsrv\apphostsvc.dll
12:53:17.0993 3388 AppHostSvc - ok
12:53:18.0040 3388 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:53:18.0180 3388 AppID - ok
12:53:18.0227 3388 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:53:18.0274 3388 AppIDSvc - ok
12:53:18.0321 3388 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
12:53:18.0383 3388 Appinfo - ok
12:53:18.0430 3388 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:53:18.0508 3388 AppMgmt - ok
12:53:18.0524 3388 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:53:18.0540 3388 arc - ok
12:53:18.0571 3388 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:53:18.0586 3388 arcsas - ok
12:53:18.0602 3388 askernel - ok
12:53:18.0633 3388 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:53:18.0758 3388 AsyncMac - ok
12:53:18.0821 3388 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:53:18.0836 3388 atapi - ok
12:53:18.0899 3388 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:53:18.0993 3388 AudioEndpointBuilder - ok
12:53:18.0993 3388 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:53:19.0040 3388 Audiosrv - ok
12:53:19.0102 3388 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
12:53:19.0180 3388 AxInstSV - ok
12:53:19.0227 3388 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:53:19.0305 3388 b06bdrv - ok
12:53:19.0336 3388 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:53:19.0383 3388 b57nd60x - ok
12:53:19.0430 3388 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:53:19.0493 3388 BDESVC - ok
12:53:19.0524 3388 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:53:19.0571 3388 Beep - ok
12:53:19.0602 3388 besclient - ok
12:53:19.0711 3388 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
12:53:19.0774 3388 BFE - ok
12:53:19.0805 3388 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
12:53:19.0883 3388 BITS - ok
12:53:19.0915 3388 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:53:19.0946 3388 blbdrive - ok
12:53:20.0008 3388 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:53:20.0040 3388 bowser - ok
12:53:20.0071 3388 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:53:20.0165 3388 BrFiltLo - ok
12:53:20.0180 3388 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:53:20.0227 3388 BrFiltUp - ok
12:53:20.0274 3388 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
12:53:20.0321 3388 BridgeMP - ok
12:53:20.0383 3388 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
12:53:20.0430 3388 Browser - ok
12:53:20.0477 3388 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:53:20.0540 3388 Brserid - ok
12:53:20.0555 3388 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:53:20.0602 3388 BrSerWdm - ok
12:53:20.0633 3388 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:53:20.0680 3388 BrUsbMdm - ok
12:53:20.0711 3388 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:53:20.0727 3388 BrUsbSer - ok
12:53:20.0758 3388 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:53:20.0805 3388 BTHMODEM - ok
12:53:20.0852 3388 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:53:20.0915 3388 bthserv - ok
12:53:21.0008 3388 catchme - ok
12:53:21.0040 3388 CdaC15BA - ok
12:53:21.0071 3388 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:53:21.0118 3388 cdfs - ok
12:53:21.0180 3388 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:53:21.0211 3388 cdrom - ok
12:53:21.0243 3388 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:53:21.0305 3388 CertPropSvc - ok
12:53:21.0336 3388 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:53:21.0352 3388 circlass - ok
12:53:21.0399 3388 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\Windows\system32\DRIVERS\cledx.sys
12:53:21.0415 3388 CLEDX ( UnsignedFile.Multi.Generic ) - warning
12:53:21.0415 3388 CLEDX - detected UnsignedFile.Multi.Generic (1)
12:53:21.0461 3388 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:53:21.0493 3388 CLFS - ok
12:53:21.0571 3388 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:53:21.0586 3388 clr_optimization_v2.0.50727_32 - ok
12:53:21.0711 3388 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:53:21.0743 3388 clr_optimization_v4.0.30319_32 - ok
12:53:21.0774 3388 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:53:21.0805 3388 CmBatt - ok
12:53:21.0836 3388 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:53:21.0852 3388 cmdide - ok
12:53:21.0930 3388 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
12:53:21.0993 3388 CNG - ok
12:53:21.0993 3388 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:53:22.0024 3388 Compbatt - ok
12:53:22.0071 3388 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:53:22.0102 3388 CompositeBus - ok
12:53:22.0118 3388 COMSysApp - ok
12:53:22.0227 3388 cpuz134 - ok
12:53:22.0227 3388 cpuz135 - ok
12:53:22.0258 3388 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:53:22.0274 3388 crcdisk - ok
12:53:22.0336 3388 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
12:53:22.0415 3388 CryptSvc - ok
12:53:22.0477 3388 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:53:22.0540 3388 CSC - ok
12:53:22.0618 3388 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
12:53:22.0696 3388 CscService - ok
12:53:22.0743 3388 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:53:22.0790 3388 DcomLaunch - ok
12:53:22.0836 3388 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:53:22.0899 3388 defragsvc - ok
12:53:22.0993 3388 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:53:23.0040 3388 DfsC - ok
12:53:23.0102 3388 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
12:53:23.0165 3388 Dhcp - ok
12:53:23.0196 3388 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:53:23.0258 3388 discache - ok
12:53:23.0274 3388 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:53:23.0290 3388 Disk - ok
12:53:23.0352 3388 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
12:53:23.0430 3388 Dnscache - ok
12:53:23.0493 3388 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
12:53:23.0555 3388 dot3svc - ok
12:53:23.0602 3388 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
12:53:23.0680 3388 DPS - ok
12:53:23.0711 3388 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:53:23.0743 3388 drmkaud - ok
12:53:23.0805 3388 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:53:23.0836 3388 dtsoftbus01 - ok
12:53:23.0915 3388 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:53:23.0961 3388 DXGKrnl - ok
12:53:23.0977 3388 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
12:53:24.0024 3388 e1express - ok
12:53:24.0071 3388 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:53:24.0133 3388 EapHost - ok
12:53:24.0336 3388 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:53:24.0446 3388 ebdrv - ok
12:53:24.0586 3388 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
12:53:24.0649 3388 EFS - ok
12:53:24.0743 3388 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
12:53:24.0821 3388 ehRecvr - ok
12:53:24.0852 3388 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:53:24.0915 3388 ehSched - ok
12:53:24.0993 3388 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:53:25.0024 3388 elxstor - ok
12:53:25.0055 3388 emitray - ok
12:53:25.0102 3388 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:53:25.0149 3388 ErrDev - ok
12:53:25.0211 3388 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:53:25.0290 3388 EventSystem - ok
12:53:25.0321 3388 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:53:25.0415 3388 exfat - ok
12:53:25.0446 3388 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:53:25.0508 3388 fastfat - ok
12:53:25.0586 3388 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
12:53:25.0665 3388 Fax - ok
12:53:25.0696 3388 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:53:25.0743 3388 fdc - ok
12:53:25.0774 3388 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:53:25.0836 3388 fdPHost - ok
12:53:25.0852 3388 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:53:25.0915 3388 FDResPub - ok
12:53:25.0946 3388 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:53:25.0961 3388 FileInfo - ok
12:53:25.0977 3388 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:53:26.0024 3388 Filetrace - ok
12:53:26.0149 3388 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:53:26.0227 3388 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:53:26.0227 3388 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:53:26.0258 3388 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:53:26.0290 3388 flpydisk - ok
12:53:26.0321 3388 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:53:26.0352 3388 FltMgr - ok
12:53:26.0461 3388 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
12:53:26.0571 3388 FontCache - ok
12:53:26.0649 3388 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:53:26.0680 3388 FontCache3.0.0.0 - ok
12:53:26.0711 3388 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:53:26.0727 3388 FsDepends - ok
12:53:26.0758 3388 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
12:53:26.0774 3388 Fs_Rec - ok
12:53:26.0836 3388 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:53:26.0868 3388 fvevol - ok
12:53:26.0899 3388 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:53:26.0915 3388 gagp30kx - ok
12:53:26.0946 3388 GENERICDRV - ok
12:53:27.0040 3388 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
12:53:27.0118 3388 gpsvc - ok
12:53:27.0149 3388 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:53:27.0211 3388 hcw85cir - ok
12:53:27.0274 3388 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:53:27.0321 3388 HdAudAddService - ok
12:53:27.0336 3388 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:53:27.0383 3388 HDAudBus - ok
12:53:27.0415 3388 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:53:27.0461 3388 HidBatt - ok
12:53:27.0493 3388 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:53:27.0524 3388 HidBth - ok
12:53:27.0555 3388 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:53:27.0586 3388 HidIr - ok
12:53:27.0618 3388 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
12:53:27.0680 3388 hidserv - ok
12:53:27.0711 3388 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
12:53:27.0758 3388 HidUsb - ok
12:53:27.0805 3388 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
12:53:27.0836 3388 hkmsvc - ok
12:53:27.0899 3388 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
12:53:27.0977 3388 HomeGroupListener - ok
12:53:28.0024 3388 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
12:53:28.0086 3388 HomeGroupProvider - ok
12:53:28.0118 3388 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:53:28.0133 3388 HpSAMD - ok
12:53:28.0211 3388 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:53:28.0258 3388 HTTP - ok
12:53:28.0305 3388 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:53:28.0321 3388 hwpolicy - ok
12:53:28.0383 3388 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:53:28.0430 3388 i8042prt - ok
12:53:28.0446 3388 iam - ok
12:53:28.0493 3388 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
12:53:28.0508 3388 iaStorV - ok
12:53:28.0665 3388 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:53:28.0696 3388 idsvc - ok
12:53:29.0118 3388 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:53:29.0321 3388 igfx - ok
12:53:29.0477 3388 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:53:29.0508 3388 iirsp - ok
12:53:29.0618 3388 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
12:53:29.0711 3388 IKEEXT - ok
12:53:29.0758 3388 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:53:29.0774 3388 intelide - ok
12:53:29.0805 3388 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:53:29.0821 3388 intelppm - ok
12:53:29.0852 3388 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:53:29.0930 3388 IPBusEnum - ok
12:53:29.0961 3388 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:53:29.0993 3388 IpFilterDriver - ok
12:53:30.0118 3388 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
12:53:30.0180 3388 iphlpsvc - ok
12:53:30.0243 3388 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:53:30.0258 3388 IPMIDRV - ok
12:53:30.0290 3388 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:53:30.0336 3388 IPNAT - ok
12:53:30.0368 3388 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:53:30.0383 3388 IRENUM - ok
12:53:30.0430 3388 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:53:30.0446 3388 isapnp - ok
12:53:30.0508 3388 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:53:30.0540 3388 iScsiPrt - ok
12:53:30.0555 3388 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
12:53:30.0571 3388 kbdclass - ok
12:53:30.0586 3388 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
12:53:30.0618 3388 kbdhid - ok
12:53:30.0665 3388 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:53:30.0680 3388 KeyIso - ok
12:53:30.0711 3388 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
12:53:30.0727 3388 KSecDD - ok
12:53:30.0758 3388 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
12:53:30.0774 3388 KSecPkg - ok
12:53:30.0821 3388 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:53:30.0883 3388 KtmRm - ok
12:53:30.0946 3388 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
12:53:31.0008 3388 LanmanServer - ok
12:53:31.0071 3388 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
12:53:31.0133 3388 LanmanWorkstation - ok
12:53:31.0165 3388 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:53:31.0227 3388 lltdio - ok
12:53:31.0258 3388 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:53:31.0321 3388 lltdsvc - ok
12:53:31.0352 3388 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:53:31.0383 3388 lmhosts - ok
12:53:31.0415 3388 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:53:31.0430 3388 LSI_FC - ok
12:53:31.0461 3388 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:53:31.0477 3388 LSI_SAS - ok
12:53:31.0508 3388 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:53:31.0524 3388 LSI_SAS2 - ok
12:53:31.0540 3388 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:53:31.0555 3388 LSI_SCSI - ok
12:53:31.0586 3388 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:53:31.0633 3388 luafv - ok
12:53:31.0696 3388 MAFW (c1d028531ed173ff164f660ff03eb090) C:\Windows\system32\DRIVERS\mafw.sys
12:53:31.0711 3388 MAFW - ok
12:53:31.0774 3388 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
12:53:31.0790 3388 MBAMProtector - ok
12:53:31.0915 3388 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:53:31.0946 3388 MBAMService - ok
12:53:31.0993 3388 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
12:53:32.0024 3388 Mcx2Svc - ok
12:53:32.0040 3388 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:53:32.0055 3388 megasas - ok
12:53:32.0086 3388 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:53:32.0118 3388 MegaSR - ok
12:53:32.0149 3388 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:53:32.0211 3388 MMCSS - ok
12:53:32.0227 3388 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:53:32.0321 3388 Modem - ok
12:53:32.0352 3388 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:53:32.0415 3388 monitor - ok
12:53:32.0508 3388 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
12:53:32.0540 3388 mouclass - ok
12:53:32.0711 3388 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:53:32.0774 3388 mouhid - ok
12:53:32.0899 3388 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:53:32.0930 3388 mountmgr - ok
12:53:32.0977 3388 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:53:33.0008 3388 mpio - ok
12:53:33.0040 3388 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:53:33.0086 3388 mpsdrv - ok
12:53:33.0258 3388 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
12:53:33.0336 3388 MpsSvc - ok
12:53:33.0399 3388 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:53:33.0415 3388 MRxDAV - ok
12:53:33.0477 3388 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:53:33.0540 3388 mrxsmb - ok
12:53:33.0571 3388 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:53:33.0618 3388 mrxsmb10 - ok
12:53:33.0665 3388 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:53:33.0711 3388 mrxsmb20 - ok
12:53:33.0774 3388 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:53:33.0790 3388 msahci - ok
12:53:33.0868 3388 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:53:33.0915 3388 msdsm - ok
12:53:34.0243 3388 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:53:34.0415 3388 MSDTC - ok
12:53:34.0555 3388 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:53:34.0821 3388 Msfs - ok
12:53:34.0836 3388 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:53:34.0883 3388 mshidkmdf - ok
12:53:34.0961 3388 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:53:34.0977 3388 msisadrv - ok
12:53:35.0071 3388 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:53:35.0196 3388 MSiSCSI - ok
12:53:35.0211 3388 msiserver - ok
12:53:35.0243 3388 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:53:35.0305 3388 MSKSSRV - ok
12:53:35.0321 3388 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:53:35.0399 3388 MSPCLOCK - ok
12:53:35.0430 3388 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:53:35.0540 3388 MSPQM - ok
12:53:35.0571 3388 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:53:35.0586 3388 MsRPC - ok
12:53:35.0633 3388 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:53:35.0665 3388 mssmbios - ok
12:53:35.0774 3388 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:53:35.0821 3388 MSTEE - ok
12:53:35.0852 3388 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:53:35.0868 3388 MTConfig - ok
12:53:35.0883 3388 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:53:35.0899 3388 Mup - ok
12:53:35.0993 3388 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:53:36.0071 3388 napagent - ok
12:53:36.0118 3388 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:53:36.0133 3388 NativeWifiP - ok
12:53:36.0352 3388 NAUpdate (0a053f378b53e2a467a852119f91abe1) C:\Program Files\Nero\Update\NASvc.exe
12:53:36.0383 3388 NAUpdate - ok
12:53:36.0790 3388 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:53:36.0821 3388 NDIS - ok
12:53:36.0883 3388 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:53:36.0930 3388 NdisCap - ok
12:53:36.0961 3388 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:53:37.0055 3388 NdisTapi - ok
12:53:37.0086 3388 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:53:37.0133 3388 Ndisuio - ok
12:53:37.0211 3388 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:53:37.0258 3388 NdisWan - ok
12:53:37.0305 3388 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:53:37.0399 3388 NDProxy - ok
12:53:37.0477 3388 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:53:37.0540 3388 NetBIOS - ok
12:53:37.0586 3388 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:53:37.0665 3388 NetBT - ok
12:53:37.0774 3388 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:53:37.0790 3388 Netlogon - ok
12:53:37.0836 3388 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:53:37.0915 3388 Netman - ok
12:53:38.0086 3388 NetMsmqActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:53:38.0102 3388 NetMsmqActivator - ok
12:53:38.0102 3388 NetPipeActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:53:38.0118 3388 NetPipeActivator - ok
12:53:38.0165 3388 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:53:38.0227 3388 netprofm - ok
12:53:38.0290 3388 netr28u (7a60cde3a17a9a2757591e6bc63b9e9a) C:\Windows\system32\DRIVERS\netr28u.sys
12:53:38.0352 3388 netr28u - ok
12:53:38.0368 3388 NetTcpActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:53:38.0383 3388 NetTcpActivator - ok
12:53:38.0399 3388 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:53:38.0415 3388 NetTcpPortSharing - ok
12:53:38.0493 3388 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:53:38.0524 3388 nfrd960 - ok
12:53:38.0571 3388 ni_nic - ok
12:53:38.0649 3388 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:53:38.0836 3388 NlaSvc - ok
12:53:38.0868 3388 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:53:38.0930 3388 Npfs - ok
12:53:39.0149 3388 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:53:39.0196 3388 nsi - ok
12:53:39.0227 3388 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:53:39.0290 3388 nsiproxy - ok
12:53:39.0305 3388 Nsynas32 - ok
12:53:39.0477 3388 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
12:53:39.0540 3388 Ntfs - ok
12:53:39.0586 3388 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:53:39.0633 3388 Null - ok
12:53:39.0743 3388 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
12:53:39.0790 3388 nvraid - ok
12:53:39.0836 3388 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
12:53:39.0852 3388 nvstor - ok
12:53:39.0899 3388 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:53:39.0915 3388 nv_agp - ok
12:53:40.0071 3388 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:53:40.0102 3388 odserv - ok
12:53:40.0165 3388 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:53:40.0196 3388 ohci1394 - ok
12:53:40.0258 3388 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:53:40.0274 3388 ose - ok
12:53:40.0352 3388 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:53:40.0446 3388 p2pimsvc - ok
12:53:40.0477 3388 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:53:40.0524 3388 p2psvc - ok
12:53:40.0852 3388 PaceLicenseDServices (673e36852e2f9fa778d5d3ddcefa591b) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
12:53:41.0024 3388 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - warning
12:53:41.0024 3388 PaceLicenseDServices - detected UnsignedFile.Multi.Generic (1)
12:53:41.0258 3388 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:53:41.0274 3388 Parport - ok
12:53:41.0336 3388 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
12:53:41.0352 3388 partmgr - ok
12:53:41.0368 3388 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:53:41.0383 3388 Parvdm - ok
12:53:41.0446 3388 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:53:41.0493 3388 PcaSvc - ok
12:53:41.0571 3388 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:53:41.0586 3388 pci - ok
12:53:41.0633 3388 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:53:41.0649 3388 pciide - ok
12:53:41.0743 3388 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:53:41.0774 3388 pcmcia - ok
12:53:41.0790 3388 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:53:41.0805 3388 pcw - ok
12:53:41.0805 3388 pdiddcci - ok
12:53:41.0883 3388 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:53:41.0961 3388 PEAUTH - ok
12:53:42.0086 3388 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:53:42.0227 3388 PeerDistSvc - ok
12:53:42.0571 3388 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:53:42.0680 3388 pla - ok
12:53:42.0899 3388 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
12:53:43.0008 3388 PlugPlay - ok
12:53:43.0055 3388 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:53:43.0071 3388 PNRPAutoReg - ok
12:53:43.0118 3388 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:53:43.0149 3388 PNRPsvc - ok
12:53:43.0227 3388 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:53:43.0274 3388 PolicyAgent - ok
12:53:43.0336 3388 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:53:43.0399 3388 Power - ok
12:53:43.0461 3388 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:53:43.0524 3388 PptpMiniport - ok
12:53:43.0555 3388 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:53:43.0586 3388 Processor - ok
12:53:43.0649 3388 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
12:53:43.0758 3388 ProfSvc - ok
12:53:43.0821 3388 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:53:43.0836 3388 ProtectedStorage - ok
12:53:43.0852 3388 ps2 - ok
12:53:43.0899 3388 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:53:43.0946 3388 Psched - ok
12:53:43.0977 3388 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
12:53:44.0008 3388 PxHelp20 - ok
12:53:44.0133 3388 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:53:44.0211 3388 ql2300 - ok
12:53:44.0368 3388 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:53:44.0383 3388 ql40xx - ok
12:53:44.0430 3388 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:53:44.0477 3388 QWAVE - ok
12:53:44.0493 3388 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:53:44.0524 3388 QWAVEdrv - ok
12:53:44.0555 3388 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:53:44.0618 3388 RasAcd - ok
12:53:44.0727 3388 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:53:44.0774 3388 RasAgileVpn - ok
12:53:44.0790 3388 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:53:44.0868 3388 RasAuto - ok
12:53:44.0899 3388 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:53:44.0961 3388 Rasl2tp - ok
12:53:45.0024 3388 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:53:45.0102 3388 RasMan - ok
12:53:45.0133 3388 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:53:45.0180 3388 RasPppoe - ok
12:53:45.0211 3388 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:53:45.0258 3388 RasSstp - ok
12:53:45.0305 3388 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:53:45.0368 3388 rdbss - ok
12:53:45.0399 3388 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:53:45.0446 3388 rdpbus - ok
12:53:45.0493 3388 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:53:45.0540 3388 RDPCDD - ok
12:53:45.0586 3388 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:53:45.0649 3388 RDPDR - ok
12:53:45.0727 3388 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:53:45.0774 3388 RDPENCDD - ok
12:53:45.0805 3388 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:53:45.0852 3388 RDPREFMP - ok
12:53:45.0915 3388 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
12:53:45.0977 3388 RdpVideoMiniport - ok
12:53:46.0040 3388 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
12:53:46.0102 3388 RDPWD - ok
12:53:46.0165 3388 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:53:46.0180 3388 rdyboost - ok
12:53:46.0243 3388 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:53:46.0290 3388 RemoteAccess - ok
12:53:46.0352 3388 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:53:46.0430 3388 RemoteRegistry - ok
12:53:46.0446 3388 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:53:46.0524 3388 RpcEptMapper - ok
12:53:46.0571 3388 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:53:46.0602 3388 RpcLocator - ok
12:53:46.0696 3388 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll
12:53:46.0758 3388 RpcSs - ok
12:53:46.0805 3388 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:53:46.0868 3388 rspndr - ok
12:53:46.0930 3388 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:53:46.0993 3388 s3cap - ok
12:53:47.0040 3388 SaiClass - ok
12:53:47.0102 3388 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:53:47.0118 3388 SamSs - ok
12:53:47.0211 3388 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:53:47.0243 3388 sbp2port - ok
12:53:47.0305 3388 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:53:47.0383 3388 SCardSvr - ok
12:53:47.0430 3388 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:53:47.0477 3388 scfilter - ok
12:53:47.0633 3388 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:53:47.0758 3388 Schedule - ok
12:53:47.0821 3388 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:53:47.0868 3388 SCPolicySvc - ok
12:53:47.0977 3388 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:53:48.0071 3388 SDRSVC - ok
12:53:48.0133 3388 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:53:48.0180 3388 secdrv - ok
12:53:48.0227 3388 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:53:48.0290 3388 seclogon - ok
12:53:48.0336 3388 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
12:53:48.0415 3388 SENS - ok
12:53:48.0461 3388 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:53:48.0524 3388 SensrSvc - ok
12:53:48.0555 3388 SeratoUsb - ok
12:53:48.0602 3388 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:53:48.0649 3388 Serenum - ok
12:53:48.0774 3388 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:53:48.0821 3388 Serial - ok
12:53:48.0883 3388 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:53:48.0930 3388 sermouse - ok
12:53:49.0055 3388 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:53:49.0133 3388 SessionEnv - ok
12:53:49.0180 3388 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:53:49.0227 3388 sffdisk - ok
12:53:49.0243 3388 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:53:49.0258 3388 sffp_mmc - ok
12:53:49.0274 3388 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:53:49.0321 3388 sffp_sd - ok
12:53:49.0368 3388 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:53:49.0399 3388 sfloppy - ok
12:53:49.0477 3388 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:53:49.0540 3388 SharedAccess - ok
12:53:49.0618 3388 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:53:49.0680 3388 ShellHWDetection - ok
12:53:49.0758 3388 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:53:49.0774 3388 sisagp - ok
12:53:49.0821 3388 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:53:49.0836 3388 SiSRaid2 - ok
12:53:49.0852 3388 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:53:49.0868 3388 SiSRaid4 - ok
12:53:49.0883 3388 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:53:49.0915 3388 Smb - ok
12:53:49.0977 3388 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:53:49.0993 3388 SNMPTRAP - ok
12:53:50.0008 3388 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:53:50.0024 3388 spldr - ok
12:53:50.0086 3388 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:53:50.0149 3388 Spooler - ok
12:53:50.0399 3388 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:53:50.0540 3388 sppsvc - ok
12:53:50.0696 3388 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:53:50.0758 3388 sppuinotify - ok
12:53:50.0790 3388 SQTECH9080 - ok
12:53:50.0805 3388 srservice - ok
12:53:50.0883 3388 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:53:50.0946 3388 srv - ok
12:53:50.0961 3388 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:53:51.0024 3388 srv2 - ok
12:53:51.0055 3388 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:53:51.0102 3388 srvnet - ok
12:53:51.0180 3388 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:53:51.0243 3388 SSDPSRV - ok
12:53:51.0274 3388 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:53:51.0336 3388 SstpSvc - ok
12:53:51.0383 3388 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:53:51.0399 3388 stexstor - ok
12:53:51.0461 3388 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:53:51.0524 3388 StiSvc - ok
12:53:51.0555 3388 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:53:51.0571 3388 storflt - ok
12:53:51.0602 3388 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:53:51.0618 3388 storvsc - ok
12:53:51.0727 3388 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:53:51.0743 3388 swenum - ok
12:53:51.0915 3388 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:53:51.0977 3388 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
12:53:51.0977 3388 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
12:53:52.0040 3388 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:53:52.0102 3388 swprv - ok
12:53:52.0133 3388 Synth3dVsc - ok
12:53:52.0274 3388 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:53:52.0352 3388 SysMain - ok
12:53:52.0415 3388 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:53:52.0446 3388 TabletInputService - ok
12:53:52.0508 3388 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:53:52.0571 3388 TapiSrv - ok
12:53:52.0602 3388 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:53:52.0649 3388 TBS - ok
12:53:52.0665 3388 TClass2k - ok
12:53:52.0899 3388 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
12:53:52.0961 3388 Tcpip - ok
12:53:52.0977 3388 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
12:53:53.0024 3388 TCPIP6 - ok
12:53:53.0071 3388 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:53:53.0118 3388 tcpipreg - ok
12:53:53.0180 3388 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:53:53.0243 3388 TDPIPE - ok
12:53:53.0305 3388 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
12:53:53.0352 3388 TDTCP - ok
12:53:53.0399 3388 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:53:53.0461 3388 tdx - ok
12:53:53.0508 3388 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:53:53.0524 3388 TermDD - ok
12:53:53.0602 3388 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:53:53.0665 3388 TermService - ok
12:53:53.0758 3388 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:53:53.0821 3388 Themes - ok
12:53:53.0836 3388 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:53:53.0883 3388 THREADORDER - ok
12:53:53.0946 3388 TPkd (e830cda96b3c43971874c3bee2d0bb18) C:\Windows\system32\drivers\TPkd.sys
12:53:53.0961 3388 TPkd - ok
12:53:53.0977 3388 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:53:54.0040 3388 TrkWks - ok
12:53:54.0133 3388 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:53:54.0227 3388 TrustedInstaller - ok
12:53:54.0258 3388 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:53:54.0305 3388 tssecsrv - ok
12:53:54.0352 3388 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:53:54.0399 3388 TsUsbFlt - ok
12:53:54.0399 3388 tsusbhub - ok
12:53:54.0446 3388 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:53:54.0493 3388 tunnel - ok
12:53:54.0524 3388 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:53:54.0540 3388 uagp35 - ok
12:53:54.0602 3388 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:53:54.0665 3388 udfs - ok
12:53:54.0743 3388 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:53:54.0774 3388 UI0Detect - ok
12:53:54.0805 3388 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:53:54.0836 3388 uliagpkx - ok
12:53:54.0868 3388 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
12:53:54.0930 3388 umbus - ok
12:53:54.0946 3388 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:53:54.0993 3388 UmPass - ok
12:53:55.0040 3388 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
12:53:55.0086 3388 UmRdpService - ok
12:53:55.0118 3388 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:53:55.0180 3388 upnphost - ok
12:53:55.0211 3388 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
12:53:55.0258 3388 usbccgp - ok
12:53:55.0290 3388 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:53:55.0321 3388 usbcir - ok
12:53:55.0336 3388 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
12:53:55.0368 3388 usbehci - ok
12:53:55.0399 3388 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
12:53:55.0415 3388 usbhub - ok
12:53:55.0446 3388 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
12:53:55.0477 3388 usbohci - ok
12:53:55.0508 3388 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:53:55.0540 3388 usbprint - ok
12:53:55.0555 3388 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
12:53:55.0602 3388 USBSTOR - ok
12:53:55.0649 3388 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:53:55.0665 3388 usbuhci - ok
12:53:55.0758 3388 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
12:53:55.0836 3388 usbvideo - ok
12:53:55.0868 3388 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:53:55.0930 3388 UxSms - ok
12:53:55.0977 3388 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:53:55.0993 3388 VaultSvc - ok
12:53:56.0055 3388 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:53:56.0071 3388 vdrvroot - ok
12:53:56.0133 3388 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:53:56.0196 3388 vds - ok
12:53:56.0227 3388 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:53:56.0258 3388 vga - ok
12:53:56.0290 3388 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:53:56.0336 3388 VgaSave - ok
12:53:56.0352 3388 VGPU - ok
12:53:56.0415 3388 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:53:56.0446 3388 vhdmp - ok
12:53:56.0461 3388 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:53:56.0477 3388 viaagp - ok
12:53:56.0493 3388 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:53:56.0540 3388 ViaC7 - ok
12:53:56.0571 3388 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:53:56.0586 3388 viaide - ok
12:53:56.0602 3388 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:53:56.0618 3388 vmbus - ok
12:53:56.0633 3388 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:53:56.0665 3388 VMBusHID - ok
12:53:56.0743 3388 vmodem - ok
12:53:56.0774 3388 vmx86 - ok
12:53:56.0836 3388 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:53:56.0868 3388 volmgr - ok
12:53:56.0899 3388 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:53:56.0915 3388 volmgrx - ok
12:53:56.0946 3388 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:53:56.0977 3388 volsnap - ok
12:53:56.0977 3388 VRcore - ok
12:53:57.0008 3388 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:53:57.0040 3388 vsmraid - ok
12:53:57.0165 3388 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:53:57.0243 3388 VSS - ok
12:53:57.0274 3388 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
12:53:57.0305 3388 vwifibus - ok
12:53:57.0352 3388 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:53:57.0415 3388 W32Time - ok
12:53:57.0493 3388 W3SVC (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
12:53:57.0540 3388 W3SVC - ok
12:53:57.0571 3388 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:53:57.0602 3388 WacomPen - ok
12:53:57.0649 3388 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:53:57.0680 3388 WANARP - ok
12:53:57.0696 3388 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:53:57.0727 3388 Wanarpv6 - ok
12:53:57.0743 3388 WAS (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
12:53:57.0774 3388 WAS - ok
12:53:57.0915 3388 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:53:57.0993 3388 WatAdminSvc - ok
12:53:58.0133 3388 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:53:58.0211 3388 wbengine - ok
12:53:58.0258 3388 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:53:58.0305 3388 WbioSrvc - ok
12:53:58.0352 3388 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:53:58.0415 3388 wcncsvc - ok
12:53:58.0446 3388 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:53:58.0508 3388 WcsPlugInService - ok
12:53:58.0571 3388 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:53:58.0586 3388 Wd - ok
12:53:58.0649 3388 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
12:53:58.0680 3388 WDC_SAM - ok
12:53:58.0852 3388 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
12:53:58.0868 3388 WDDMService ( UnsignedFile.Multi.Generic ) - warning
12:53:58.0868 3388 WDDMService - detected UnsignedFile.Multi.Generic (1)
12:53:58.0915 3388 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:53:58.0946 3388 Wdf01000 - ok
12:53:59.0165 3388 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
12:53:59.0227 3388 WDFME ( UnsignedFile.Multi.Generic ) - warning
12:53:59.0227 3388 WDFME - detected UnsignedFile.Multi.Generic (1)
12:53:59.0368 3388 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:53:59.0477 3388 WdiServiceHost - ok
12:53:59.0477 3388 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:53:59.0508 3388 WdiSystemHost - ok
12:53:59.0571 3388 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
12:53:59.0586 3388 WDSC ( UnsignedFile.Multi.Generic ) - warning
12:53:59.0586 3388 WDSC - detected UnsignedFile.Multi.Generic (1)
12:53:59.0649 3388 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:53:59.0680 3388 WebClient - ok
12:53:59.0727 3388 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:53:59.0790 3388 Wecsvc - ok
12:53:59.0821 3388 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:53:59.0883 3388 wercplsupport - ok
12:53:59.0915 3388 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:53:59.0946 3388 WerSvc - ok
12:54:00.0008 3388 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:54:00.0071 3388 WfpLwf - ok
12:54:00.0086 3388 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:54:00.0118 3388 WIMMount - ok
12:54:00.0227 3388 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:54:00.0305 3388 WinDefend - ok
12:54:00.0305 3388 WinHttpAutoProxySvc - ok
12:54:00.0415 3388 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:54:00.0508 3388 Winmgmt - ok
12:54:00.0633 3388 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:54:00.0758 3388 WinRM - ok
12:54:00.0836 3388 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
12:54:00.0852 3388 WinUsb - ok
12:54:00.0946 3388 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:54:01.0024 3388 Wlansvc - ok
12:54:01.0227 3388 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:54:01.0290 3388 wlidsvc - ok
12:54:01.0446 3388 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:54:01.0461 3388 WmiAcpi - ok
12:54:01.0555 3388 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:54:01.0602 3388 wmiApSrv - ok
12:54:01.0836 3388 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:54:01.0930 3388 WMPNetworkSvc - ok
12:54:01.0946 3388 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:54:02.0008 3388 WPCSvc - ok
12:54:02.0055 3388 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:54:02.0102 3388 WPDBusEnum - ok
12:54:02.0180 3388 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:54:02.0243 3388 ws2ifsl - ok
12:54:02.0258 3388 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
12:54:02.0305 3388 wscsvc - ok
12:54:02.0305 3388 WSearch - ok
12:54:02.0477 3388 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
12:54:02.0555 3388 wuauserv - ok
12:54:02.0758 3388 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:54:02.0821 3388 WudfPf - ok
12:54:02.0868 3388 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:54:02.0930 3388 WUDFRd - ok
12:54:02.0993 3388 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:54:03.0024 3388 wudfsvc - ok
12:54:03.0071 3388 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:54:03.0102 3388 WwanSvc - ok
12:54:03.0149 3388 z525mgmt - ok
12:54:03.0196 3388 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:54:03.0774 3388 \Device\Harddisk0\DR0 - ok
12:54:03.0790 3388 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:54:04.0227 3388 \Device\Harddisk1\DR1 - ok
12:54:04.0243 3388 Boot (0x1200) (124d45174c417519fdd75160baff0f30) \Device\Harddisk0\DR0\Partition0
12:54:04.0243 3388 \Device\Harddisk0\DR0\Partition0 - ok
12:54:04.0305 3388 Boot (0x1200) (62e00d822149baec080f985234d54873) \Device\Harddisk0\DR0\Partition1
12:54:04.0321 3388 \Device\Harddisk0\DR0\Partition1 - ok
12:54:04.0321 3388 Boot (0x1200) (e106c08c8107be1a082a6be8203dbec8) \Device\Harddisk1\DR1\Partition0
12:54:04.0336 3388 \Device\Harddisk1\DR1\Partition0 - ok
12:54:04.0336 3388 ============================================================
12:54:04.0336 3388 Scan finished
12:54:04.0336 3388 ============================================================
12:54:04.0352 3380 Detected object count: 7
12:54:04.0352 3380 Actual detected object count: 7
12:54:20.0274 3380 CLEDX ( UnsignedFile.Multi.Generic ) - skipped by user
12:54:20.0274 3380 CLEDX ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:54:20.0290 3380 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:54:20.0290 3380 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:54:20.0290 3380 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - skipped by user
12:54:20.0290 3380 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:54:20.0305 3380 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
12:54:20.0305 3380 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:54:20.0305 3380 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
12:54:20.0305 3380 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:54:20.0305 3380 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
12:54:20.0305 3380 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:54:20.0305 3380 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
12:54:20.0305 3380 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:53:04.0165 3240 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
12:53:04.0243 3240 ============================================================
12:53:04.0243 3240 Current date / time: 2012/06/23 12:53:04.0243
12:53:04.0243 3240 SystemInfo:
12:53:04.0243 3240
12:53:04.0243 3240 OS Version: 6.1.7601 ServicePack: 1.0
12:53:04.0243 3240 Product type: Workstation
12:53:04.0243 3240 ComputerName: JM-HTPC
12:53:04.0243 3240 UserName: JM
12:53:04.0243 3240 Windows directory: C:\Windows
12:53:04.0243 3240 System windows directory: C:\Windows
12:53:04.0243 3240 Processor architecture: Intel x86
12:53:04.0243 3240 Number of processors: 2
12:53:04.0243 3240 Page size: 0x1000
12:53:04.0243 3240 Boot type: Normal boot
12:53:04.0243 3240 ============================================================
12:53:06.0399 3240 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:53:06.0399 3240 Drive \Device\Harddisk1\DR1 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:53:06.0711 3240 ============================================================
12:53:06.0711 3240 \Device\Harddisk0\DR0:
12:53:06.0711 3240 MBR partitions:
12:53:06.0711 3240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:53:06.0711 3240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
12:53:06.0711 3240 \Device\Harddisk1\DR1:
12:53:06.0711 3240 MBR partitions:
12:53:06.0711 3240 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
12:53:06.0711 3240 ============================================================
12:53:06.0790 3240 C: <-> \Device\Harddisk0\DR0\Partition1
12:53:06.0790 3240 F: <-> \Device\Harddisk1\DR1\Partition0
12:53:06.0790 3240 ============================================================
12:53:06.0790 3240 Initialize success
12:53:06.0805 3240 ============================================================
12:53:14.0711 3388 ============================================================
12:53:14.0711 3388 Scan started
12:53:14.0711 3388 Mode: Manual; SigCheck; TDLFS;
12:53:14.0711 3388 ============================================================
12:53:15.0977 3388 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:53:16.0118 3388 1394ohci - ok
12:53:16.0211 3388 602XML Updater (f11d68e40ed62fdb7c460c445f1ec4e5) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
12:53:16.0243 3388 602XML Updater - ok
12:53:16.0321 3388 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:53:16.0336 3388 ACPI - ok
12:53:16.0383 3388 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:53:16.0493 3388 AcpiPmi - ok
12:53:16.0602 3388 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:53:16.0649 3388 AdobeFlashPlayerUpdateSvc - ok
12:53:16.0696 3388 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:53:16.0743 3388 adp94xx - ok
12:53:16.0774 3388 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:53:16.0805 3388 adpahci - ok
12:53:16.0821 3388 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:53:16.0836 3388 adpu320 - ok
12:53:16.0899 3388 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:53:16.0977 3388 AeLookupSvc - ok
12:53:17.0040 3388 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:53:17.0102 3388 AFD - ok
12:53:17.0149 3388 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:53:17.0165 3388 agp440 - ok
12:53:17.0211 3388 aic78u2 - ok
12:53:17.0243 3388 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:53:17.0258 3388 aic78xx - ok
12:53:17.0305 3388 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:53:17.0368 3388 ALG - ok
12:53:17.0399 3388 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:53:17.0415 3388 aliide - ok
12:53:17.0461 3388 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:53:17.0477 3388 amdagp - ok
12:53:17.0508 3388 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:53:17.0524 3388 amdide - ok
12:53:17.0571 3388 amdk77 - ok
12:53:17.0602 3388 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:53:17.0649 3388 AmdK8 - ok
12:53:17.0665 3388 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:53:17.0711 3388 AmdPPM - ok
12:53:17.0758 3388 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:53:17.0774 3388 amdsata - ok
12:53:17.0790 3388 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:53:17.0821 3388 amdsbs - ok
12:53:17.0836 3388 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:53:17.0852 3388 amdxata - ok
12:53:17.0915 3388 AppHostSvc (d1af38fbac0dc7e6d796b0ed01707ee0) C:\Windows\system32\inetsrv\apphostsvc.dll
12:53:17.0993 3388 AppHostSvc - ok
12:53:18.0040 3388 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:53:18.0180 3388 AppID - ok
12:53:18.0227 3388 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:53:18.0274 3388 AppIDSvc - ok
12:53:18.0321 3388 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
12:53:18.0383 3388 Appinfo - ok
12:53:18.0430 3388 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:53:18.0508 3388 AppMgmt - ok
12:53:18.0524 3388 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:53:18.0540 3388 arc - ok
12:53:18.0571 3388 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:53:18.0586 3388 arcsas - ok
12:53:18.0602 3388 askernel - ok
12:53:18.0633 3388 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:53:18.0758 3388 AsyncMac - ok
12:53:18.0821 3388 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:53:18.0836 3388 atapi - ok
12:53:18.0899 3388 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:53:18.0993 3388 AudioEndpointBuilder - ok
12:53:18.0993 3388 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:53:19.0040 3388 Audiosrv - ok
12:53:19.0102 3388 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
12:53:19.0180 3388 AxInstSV - ok
12:53:19.0227 3388 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:53:19.0305 3388 b06bdrv - ok
12:53:19.0336 3388 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:53:19.0383 3388 b57nd60x - ok
12:53:19.0430 3388 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:53:19.0493 3388 BDESVC - ok
12:53:19.0524 3388 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:53:19.0571 3388 Beep - ok
12:53:19.0602 3388 besclient - ok
12:53:19.0711 3388 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
12:53:19.0774 3388 BFE - ok
12:53:19.0805 3388 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
12:53:19.0883 3388 BITS - ok
12:53:19.0915 3388 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:53:19.0946 3388 blbdrive - ok
12:53:20.0008 3388 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:53:20.0040 3388 bowser - ok
12:53:20.0071 3388 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:53:20.0165 3388 BrFiltLo - ok
12:53:20.0180 3388 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:53:20.0227 3388 BrFiltUp - ok
12:53:20.0274 3388 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
12:53:20.0321 3388 BridgeMP - ok
12:53:20.0383 3388 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
12:53:20.0430 3388 Browser - ok
12:53:20.0477 3388 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:53:20.0540 3388 Brserid - ok
12:53:20.0555 3388 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:53:20.0602 3388 BrSerWdm - ok
12:53:20.0633 3388 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:53:20.0680 3388 BrUsbMdm - ok
12:53:20.0711 3388 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:53:20.0727 3388 BrUsbSer - ok
12:53:20.0758 3388 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:53:20.0805 3388 BTHMODEM - ok
12:53:20.0852 3388 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:53:20.0915 3388 bthserv - ok
12:53:21.0008 3388 catchme - ok
12:53:21.0040 3388 CdaC15BA - ok
12:53:21.0071 3388 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:53:21.0118 3388 cdfs - ok
12:53:21.0180 3388 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:53:21.0211 3388 cdrom - ok
12:53:21.0243 3388 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:53:21.0305 3388 CertPropSvc - ok
12:53:21.0336 3388 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:53:21.0352 3388 circlass - ok
12:53:21.0399 3388 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\Windows\system32\DRIVERS\cledx.sys
12:53:21.0415 3388 CLEDX ( UnsignedFile.Multi.Generic ) - warning
12:53:21.0415 3388 CLEDX - detected UnsignedFile.Multi.Generic (1)
12:53:21.0461 3388 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:53:21.0493 3388 CLFS - ok
12:53:21.0571 3388 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:53:21.0586 3388 clr_optimization_v2.0.50727_32 - ok
12:53:21.0711 3388 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:53:21.0743 3388 clr_optimization_v4.0.30319_32 - ok
12:53:21.0774 3388 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:53:21.0805 3388 CmBatt - ok
12:53:21.0836 3388 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:53:21.0852 3388 cmdide - ok
12:53:21.0930 3388 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
12:53:21.0993 3388 CNG - ok
12:53:21.0993 3388 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:53:22.0024 3388 Compbatt - ok
12:53:22.0071 3388 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:53:22.0102 3388 CompositeBus - ok
12:53:22.0118 3388 COMSysApp - ok
12:53:22.0227 3388 cpuz134 - ok
12:53:22.0227 3388 cpuz135 - ok
12:53:22.0258 3388 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:53:22.0274 3388 crcdisk - ok
12:53:22.0336 3388 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
12:53:22.0415 3388 CryptSvc - ok
12:53:22.0477 3388 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:53:22.0540 3388 CSC - ok
12:53:22.0618 3388 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
12:53:22.0696 3388 CscService - ok
12:53:22.0743 3388 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:53:22.0790 3388 DcomLaunch - ok
12:53:22.0836 3388 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:53:22.0899 3388 defragsvc - ok
12:53:22.0993 3388 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:53:23.0040 3388 DfsC - ok
12:53:23.0102 3388 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
12:53:23.0165 3388 Dhcp - ok
12:53:23.0196 3388 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:53:23.0258 3388 discache - ok
12:53:23.0274 3388 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:53:23.0290 3388 Disk - ok
12:53:23.0352 3388 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
12:53:23.0430 3388 Dnscache - ok
12:53:23.0493 3388 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
12:53:23.0555 3388 dot3svc - ok
12:53:23.0602 3388 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
12:53:23.0680 3388 DPS - ok
12:53:23.0711 3388 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:53:23.0743 3388 drmkaud - ok
12:53:23.0805 3388 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:53:23.0836 3388 dtsoftbus01 - ok
12:53:23.0915 3388 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:53:23.0961 3388 DXGKrnl - ok
12:53:23.0977 3388 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
12:53:24.0024 3388 e1express - ok
12:53:24.0071 3388 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:53:24.0133 3388 EapHost - ok
12:53:24.0336 3388 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:53:24.0446 3388 ebdrv - ok
12:53:24.0586 3388 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
12:53:24.0649 3388 EFS - ok
12:53:24.0743 3388 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
12:53:24.0821 3388 ehRecvr - ok
12:53:24.0852 3388 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:53:24.0915 3388 ehSched - ok
12:53:24.0993 3388 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:53:25.0024 3388 elxstor - ok
12:53:25.0055 3388 emitray - ok
12:53:25.0102 3388 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:53:25.0149 3388 ErrDev - ok
12:53:25.0211 3388 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:53:25.0290 3388 EventSystem - ok
12:53:25.0321 3388 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:53:25.0415 3388 exfat - ok
12:53:25.0446 3388 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:53:25.0508 3388 fastfat - ok
12:53:25.0586 3388 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
12:53:25.0665 3388 Fax - ok
12:53:25.0696 3388 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:53:25.0743 3388 fdc - ok
12:53:25.0774 3388 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:53:25.0836 3388 fdPHost - ok
12:53:25.0852 3388 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:53:25.0915 3388 FDResPub - ok
12:53:25.0946 3388 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:53:25.0961 3388 FileInfo - ok
12:53:25.0977 3388 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:53:26.0024 3388 Filetrace - ok
12:53:26.0149 3388 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:53:26.0227 3388 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:53:26.0227 3388 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:53:26.0258 3388 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:53:26.0290 3388 flpydisk - ok
12:53:26.0321 3388 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:53:26.0352 3388 FltMgr - ok
12:53:26.0461 3388 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
12:53:26.0571 3388 FontCache - ok
12:53:26.0649 3388 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:53:26.0680 3388 FontCache3.0.0.0 - ok
12:53:26.0711 3388 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:53:26.0727 3388 FsDepends - ok
12:53:26.0758 3388 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
12:53:26.0774 3388 Fs_Rec - ok
12:53:26.0836 3388 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:53:26.0868 3388 fvevol - ok
12:53:26.0899 3388 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:53:26.0915 3388 gagp30kx - ok
12:53:26.0946 3388 GENERICDRV - ok
12:53:27.0040 3388 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
12:53:27.0118 3388 gpsvc - ok
12:53:27.0149 3388 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:53:27.0211 3388 hcw85cir - ok
12:53:27.0274 3388 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:53:27.0321 3388 HdAudAddService - ok
12:53:27.0336 3388 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:53:27.0383 3388 HDAudBus - ok
12:53:27.0415 3388 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:53:27.0461 3388 HidBatt - ok
12:53:27.0493 3388 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:53:27.0524 3388 HidBth - ok
12:53:27.0555 3388 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:53:27.0586 3388 HidIr - ok
12:53:27.0618 3388 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
12:53:27.0680 3388 hidserv - ok
12:53:27.0711 3388 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
12:53:27.0758 3388 HidUsb - ok
12:53:27.0805 3388 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
12:53:27.0836 3388 hkmsvc - ok
12:53:27.0899 3388 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
12:53:27.0977 3388 HomeGroupListener - ok
12:53:28.0024 3388 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
12:53:28.0086 3388 HomeGroupProvider - ok
12:53:28.0118 3388 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:53:28.0133 3388 HpSAMD - ok
12:53:28.0211 3388 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:53:28.0258 3388 HTTP - ok
12:53:28.0305 3388 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:53:28.0321 3388 hwpolicy - ok
12:53:28.0383 3388 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:53:28.0430 3388 i8042prt - ok
12:53:28.0446 3388 iam - ok
12:53:28.0493 3388 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
12:53:28.0508 3388 iaStorV - ok
12:53:28.0665 3388 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:53:28.0696 3388 idsvc - ok
12:53:29.0118 3388 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:53:29.0321 3388 igfx - ok
12:53:29.0477 3388 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:53:29.0508 3388 iirsp - ok
12:53:29.0618 3388 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
12:53:29.0711 3388 IKEEXT - ok
12:53:29.0758 3388 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:53:29.0774 3388 intelide - ok
12:53:29.0805 3388 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:53:29.0821 3388 intelppm - ok
12:53:29.0852 3388 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:53:29.0930 3388 IPBusEnum - ok
12:53:29.0961 3388 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:53:29.0993 3388 IpFilterDriver - ok
12:53:30.0118 3388 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
12:53:30.0180 3388 iphlpsvc - ok
12:53:30.0243 3388 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:53:30.0258 3388 IPMIDRV - ok
12:53:30.0290 3388 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:53:30.0336 3388 IPNAT - ok
12:53:30.0368 3388 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:53:30.0383 3388 IRENUM - ok
12:53:30.0430 3388 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:53:30.0446 3388 isapnp - ok
12:53:30.0508 3388 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:53:30.0540 3388 iScsiPrt - ok
12:53:30.0555 3388 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
12:53:30.0571 3388 kbdclass - ok
12:53:30.0586 3388 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
12:53:30.0618 3388 kbdhid - ok
12:53:30.0665 3388 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:53:30.0680 3388 KeyIso - ok
12:53:30.0711 3388 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
12:53:30.0727 3388 KSecDD - ok
12:53:30.0758 3388 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
12:53:30.0774 3388 KSecPkg - ok
12:53:30.0821 3388 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:53:30.0883 3388 KtmRm - ok
12:53:30.0946 3388 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
12:53:31.0008 3388 LanmanServer - ok
12:53:31.0071 3388 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
12:53:31.0133 3388 LanmanWorkstation - ok
12:53:31.0165 3388 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:53:31.0227 3388 lltdio - ok
12:53:31.0258 3388 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:53:31.0321 3388 lltdsvc - ok
12:53:31.0352 3388 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:53:31.0383 3388 lmhosts - ok
12:53:31.0415 3388 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:53:31.0430 3388 LSI_FC - ok
12:53:31.0461 3388 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:53:31.0477 3388 LSI_SAS - ok
12:53:31.0508 3388 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:53:31.0524 3388 LSI_SAS2 - ok
12:53:31.0540 3388 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:53:31.0555 3388 LSI_SCSI - ok
12:53:31.0586 3388 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:53:31.0633 3388 luafv - ok
12:53:31.0696 3388 MAFW (c1d028531ed173ff164f660ff03eb090) C:\Windows\system32\DRIVERS\mafw.sys
12:53:31.0711 3388 MAFW - ok
12:53:31.0774 3388 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
12:53:31.0790 3388 MBAMProtector - ok
12:53:31.0915 3388 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:53:31.0946 3388 MBAMService - ok
12:53:31.0993 3388 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
12:53:32.0024 3388 Mcx2Svc - ok
12:53:32.0040 3388 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:53:32.0055 3388 megasas - ok
12:53:32.0086 3388 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:53:32.0118 3388 MegaSR - ok
12:53:32.0149 3388 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:53:32.0211 3388 MMCSS - ok
12:53:32.0227 3388 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:53:32.0321 3388 Modem - ok
12:53:32.0352 3388 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:53:32.0415 3388 monitor - ok
12:53:32.0508 3388 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
12:53:32.0540 3388 mouclass - ok
12:53:32.0711 3388 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:53:32.0774 3388 mouhid - ok
12:53:32.0899 3388 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:53:32.0930 3388 mountmgr - ok
12:53:32.0977 3388 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:53:33.0008 3388 mpio - ok
12:53:33.0040 3388 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:53:33.0086 3388 mpsdrv - ok
12:53:33.0258 3388 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
12:53:33.0336 3388 MpsSvc - ok
12:53:33.0399 3388 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:53:33.0415 3388 MRxDAV - ok
12:53:33.0477 3388 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:53:33.0540 3388 mrxsmb - ok
12:53:33.0571 3388 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:53:33.0618 3388 mrxsmb10 - ok
12:53:33.0665 3388 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:53:33.0711 3388 mrxsmb20 - ok
12:53:33.0774 3388 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:53:33.0790 3388 msahci - ok
12:53:33.0868 3388 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:53:33.0915 3388 msdsm - ok
12:53:34.0243 3388 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:53:34.0415 3388 MSDTC - ok
12:53:34.0555 3388 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:53:34.0821 3388 Msfs - ok
12:53:34.0836 3388 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:53:34.0883 3388 mshidkmdf - ok
12:53:34.0961 3388 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:53:34.0977 3388 msisadrv - ok
12:53:35.0071 3388 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:53:35.0196 3388 MSiSCSI - ok
12:53:35.0211 3388 msiserver - ok
12:53:35.0243 3388 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:53:35.0305 3388 MSKSSRV - ok
12:53:35.0321 3388 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:53:35.0399 3388 MSPCLOCK - ok
12:53:35.0430 3388 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:53:35.0540 3388 MSPQM - ok
12:53:35.0571 3388 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:53:35.0586 3388 MsRPC - ok
12:53:35.0633 3388 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:53:35.0665 3388 mssmbios - ok
12:53:35.0774 3388 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:53:35.0821 3388 MSTEE - ok
12:53:35.0852 3388 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:53:35.0868 3388 MTConfig - ok
12:53:35.0883 3388 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:53:35.0899 3388 Mup - ok
12:53:35.0993 3388 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:53:36.0071 3388 napagent - ok
12:53:36.0118 3388 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:53:36.0133 3388 NativeWifiP - ok
12:53:36.0352 3388 NAUpdate (0a053f378b53e2a467a852119f91abe1) C:\Program Files\Nero\Update\NASvc.exe
12:53:36.0383 3388 NAUpdate - ok
12:53:36.0790 3388 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:53:36.0821 3388 NDIS - ok
12:53:36.0883 3388 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:53:36.0930 3388 NdisCap - ok
12:53:36.0961 3388 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:53:37.0055 3388 NdisTapi - ok
12:53:37.0086 3388 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:53:37.0133 3388 Ndisuio - ok
12:53:37.0211 3388 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:53:37.0258 3388 NdisWan - ok
12:53:37.0305 3388 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:53:37.0399 3388 NDProxy - ok
12:53:37.0477 3388 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:53:37.0540 3388 NetBIOS - ok
12:53:37.0586 3388 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:53:37.0665 3388 NetBT - ok
12:53:37.0774 3388 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:53:37.0790 3388 Netlogon - ok
12:53:37.0836 3388 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:53:37.0915 3388 Netman - ok
12:53:38.0086 3388 NetMsmqActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:53:38.0102 3388 NetMsmqActivator - ok
12:53:38.0102 3388 NetPipeActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:53:38.0118 3388 NetPipeActivator - ok
12:53:38.0165 3388 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:53:38.0227 3388 netprofm - ok
12:53:38.0290 3388 netr28u (7a60cde3a17a9a2757591e6bc63b9e9a) C:\Windows\system32\DRIVERS\netr28u.sys
12:53:38.0352 3388 netr28u - ok
12:53:38.0368 3388 NetTcpActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:53:38.0383 3388 NetTcpActivator - ok
12:53:38.0399 3388 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:53:38.0415 3388 NetTcpPortSharing - ok
12:53:38.0493 3388 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:53:38.0524 3388 nfrd960 - ok
12:53:38.0571 3388 ni_nic - ok
12:53:38.0649 3388 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:53:38.0836 3388 NlaSvc - ok
12:53:38.0868 3388 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:53:38.0930 3388 Npfs - ok
12:53:39.0149 3388 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:53:39.0196 3388 nsi - ok
12:53:39.0227 3388 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:53:39.0290 3388 nsiproxy - ok
12:53:39.0305 3388 Nsynas32 - ok
12:53:39.0477 3388 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
12:53:39.0540 3388 Ntfs - ok
12:53:39.0586 3388 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:53:39.0633 3388 Null - ok
12:53:39.0743 3388 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
12:53:39.0790 3388 nvraid - ok
12:53:39.0836 3388 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
12:53:39.0852 3388 nvstor - ok
12:53:39.0899 3388 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:53:39.0915 3388 nv_agp - ok
12:53:40.0071 3388 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:53:40.0102 3388 odserv - ok
12:53:40.0165 3388 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:53:40.0196 3388 ohci1394 - ok
12:53:40.0258 3388 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:53:40.0274 3388 ose - ok
12:53:40.0352 3388 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:53:40.0446 3388 p2pimsvc - ok
12:53:40.0477 3388 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:53:40.0524 3388 p2psvc - ok
12:53:40.0852 3388 PaceLicenseDServices (673e36852e2f9fa778d5d3ddcefa591b) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
12:53:41.0024 3388 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - warning
12:53:41.0024 3388 PaceLicenseDServices - detected UnsignedFile.Multi.Generic (1)
12:53:41.0258 3388 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:53:41.0274 3388 Parport - ok
12:53:41.0336 3388 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
12:53:41.0352 3388 partmgr - ok
12:53:41.0368 3388 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:53:41.0383 3388 Parvdm - ok
12:53:41.0446 3388 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:53:41.0493 3388 PcaSvc - ok
12:53:41.0571 3388 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:53:41.0586 3388 pci - ok
12:53:41.0633 3388 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:53:41.0649 3388 pciide - ok
12:53:41.0743 3388 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:53:41.0774 3388 pcmcia - ok
12:53:41.0790 3388 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:53:41.0805 3388 pcw - ok
12:53:41.0805 3388 pdiddcci - ok
12:53:41.0883 3388 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:53:41.0961 3388 PEAUTH - ok
12:53:42.0086 3388 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:53:42.0227 3388 PeerDistSvc - ok
12:53:42.0571 3388 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:53:42.0680 3388 pla - ok
12:53:42.0899 3388 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
12:53:43.0008 3388 PlugPlay - ok
12:53:43.0055 3388 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:53:43.0071 3388 PNRPAutoReg - ok
12:53:43.0118 3388 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:53:43.0149 3388 PNRPsvc - ok
12:53:43.0227 3388 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:53:43.0274 3388 PolicyAgent - ok
12:53:43.0336 3388 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:53:43.0399 3388 Power - ok
12:53:43.0461 3388 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:53:43.0524 3388 PptpMiniport - ok
12:53:43.0555 3388 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:53:43.0586 3388 Processor - ok
12:53:43.0649 3388 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
12:53:43.0758 3388 ProfSvc - ok
12:53:43.0821 3388 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:53:43.0836 3388 ProtectedStorage - ok
12:53:43.0852 3388 ps2 - ok
12:53:43.0899 3388 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:53:43.0946 3388 Psched - ok
12:53:43.0977 3388 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
12:53:44.0008 3388 PxHelp20 - ok
12:53:44.0133 3388 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:53:44.0211 3388 ql2300 - ok
12:53:44.0368 3388 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:53:44.0383 3388 ql40xx - ok
12:53:44.0430 3388 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:53:44.0477 3388 QWAVE - ok
12:53:44.0493 3388 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:53:44.0524 3388 QWAVEdrv - ok
12:53:44.0555 3388 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:53:44.0618 3388 RasAcd - ok
12:53:44.0727 3388 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:53:44.0774 3388 RasAgileVpn - ok
12:53:44.0790 3388 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:53:44.0868 3388 RasAuto - ok
12:53:44.0899 3388 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:53:44.0961 3388 Rasl2tp - ok
12:53:45.0024 3388 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:53:45.0102 3388 RasMan - ok
12:53:45.0133 3388 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:53:45.0180 3388 RasPppoe - ok
12:53:45.0211 3388 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:53:45.0258 3388 RasSstp - ok
12:53:45.0305 3388 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:53:45.0368 3388 rdbss - ok
12:53:45.0399 3388 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:53:45.0446 3388 rdpbus - ok
12:53:45.0493 3388 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:53:45.0540 3388 RDPCDD - ok
12:53:45.0586 3388 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:53:45.0649 3388 RDPDR - ok
12:53:45.0727 3388 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:53:45.0774 3388 RDPENCDD - ok
12:53:45.0805 3388 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:53:45.0852 3388 RDPREFMP - ok
12:53:45.0915 3388 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
12:53:45.0977 3388 RdpVideoMiniport - ok
12:53:46.0040 3388 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
12:53:46.0102 3388 RDPWD - ok
12:53:46.0165 3388 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:53:46.0180 3388 rdyboost - ok
12:53:46.0243 3388 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:53:46.0290 3388 RemoteAccess - ok
12:53:46.0352 3388 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:53:46.0430 3388 RemoteRegistry - ok
12:53:46.0446 3388 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:53:46.0524 3388 RpcEptMapper - ok
12:53:46.0571 3388 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:53:46.0602 3388 RpcLocator - ok
12:53:46.0696 3388 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll
12:53:46.0758 3388 RpcSs - ok
12:53:46.0805 3388 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:53:46.0868 3388 rspndr - ok
12:53:46.0930 3388 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:53:46.0993 3388 s3cap - ok
12:53:47.0040 3388 SaiClass - ok
12:53:47.0102 3388 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:53:47.0118 3388 SamSs - ok
12:53:47.0211 3388 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:53:47.0243 3388 sbp2port - ok
12:53:47.0305 3388 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:53:47.0383 3388 SCardSvr - ok
12:53:47.0430 3388 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:53:47.0477 3388 scfilter - ok
12:53:47.0633 3388 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:53:47.0758 3388 Schedule - ok
12:53:47.0821 3388 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:53:47.0868 3388 SCPolicySvc - ok
12:53:47.0977 3388 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:53:48.0071 3388 SDRSVC - ok
12:53:48.0133 3388 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:53:48.0180 3388 secdrv - ok
12:53:48.0227 3388 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:53:48.0290 3388 seclogon - ok
12:53:48.0336 3388 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
12:53:48.0415 3388 SENS - ok
12:53:48.0461 3388 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:53:48.0524 3388 SensrSvc - ok
12:53:48.0555 3388 SeratoUsb - ok
12:53:48.0602 3388 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:53:48.0649 3388 Serenum - ok
12:53:48.0774 3388 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:53:48.0821 3388 Serial - ok
12:53:48.0883 3388 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:53:48.0930 3388 sermouse - ok
12:53:49.0055 3388 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:53:49.0133 3388 SessionEnv - ok
12:53:49.0180 3388 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:53:49.0227 3388 sffdisk - ok
12:53:49.0243 3388 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:53:49.0258 3388 sffp_mmc - ok
12:53:49.0274 3388 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:53:49.0321 3388 sffp_sd - ok
12:53:49.0368 3388 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:53:49.0399 3388 sfloppy - ok
12:53:49.0477 3388 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:53:49.0540 3388 SharedAccess - ok
12:53:49.0618 3388 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:53:49.0680 3388 ShellHWDetection - ok
12:53:49.0758 3388 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:53:49.0774 3388 sisagp - ok
12:53:49.0821 3388 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:53:49.0836 3388 SiSRaid2 - ok
12:53:49.0852 3388 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:53:49.0868 3388 SiSRaid4 - ok
12:53:49.0883 3388 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:53:49.0915 3388 Smb - ok
12:53:49.0977 3388 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:53:49.0993 3388 SNMPTRAP - ok
12:53:50.0008 3388 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:53:50.0024 3388 spldr - ok
12:53:50.0086 3388 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:53:50.0149 3388 Spooler - ok
12:53:50.0399 3388 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:53:50.0540 3388 sppsvc - ok
12:53:50.0696 3388 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:53:50.0758 3388 sppuinotify - ok
12:53:50.0790 3388 SQTECH9080 - ok
12:53:50.0805 3388 srservice - ok
12:53:50.0883 3388 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:53:50.0946 3388 srv - ok
12:53:50.0961 3388 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:53:51.0024 3388 srv2 - ok
12:53:51.0055 3388 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:53:51.0102 3388 srvnet - ok
12:53:51.0180 3388 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:53:51.0243 3388 SSDPSRV - ok
12:53:51.0274 3388 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:53:51.0336 3388 SstpSvc - ok
12:53:51.0383 3388 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:53:51.0399 3388 stexstor - ok
12:53:51.0461 3388 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:53:51.0524 3388 StiSvc - ok
12:53:51.0555 3388 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:53:51.0571 3388 storflt - ok
12:53:51.0602 3388 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:53:51.0618 3388 storvsc - ok
12:53:51.0727 3388 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:53:51.0743 3388 swenum - ok
12:53:51.0915 3388 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:53:51.0977 3388 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
12:53:51.0977 3388 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
12:53:52.0040 3388 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:53:52.0102 3388 swprv - ok
12:53:52.0133 3388 Synth3dVsc - ok
12:53:52.0274 3388 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:53:52.0352 3388 SysMain - ok
12:53:52.0415 3388 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:53:52.0446 3388 TabletInputService - ok
12:53:52.0508 3388 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:53:52.0571 3388 TapiSrv - ok
12:53:52.0602 3388 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:53:52.0649 3388 TBS - ok
12:53:52.0665 3388 TClass2k - ok
12:53:52.0899 3388 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
12:53:52.0961 3388 Tcpip - ok
12:53:52.0977 3388 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
12:53:53.0024 3388 TCPIP6 - ok
12:53:53.0071 3388 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:53:53.0118 3388 tcpipreg - ok
12:53:53.0180 3388 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:53:53.0243 3388 TDPIPE - ok
12:53:53.0305 3388 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
12:53:53.0352 3388 TDTCP - ok
12:53:53.0399 3388 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:53:53.0461 3388 tdx - ok
12:53:53.0508 3388 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:53:53.0524 3388 TermDD - ok
12:53:53.0602 3388 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:53:53.0665 3388 TermService - ok
12:53:53.0758 3388 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:53:53.0821 3388 Themes - ok
12:53:53.0836 3388 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:53:53.0883 3388 THREADORDER - ok
12:53:53.0946 3388 TPkd (e830cda96b3c43971874c3bee2d0bb18) C:\Windows\system32\drivers\TPkd.sys
12:53:53.0961 3388 TPkd - ok
12:53:53.0977 3388 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:53:54.0040 3388 TrkWks - ok
12:53:54.0133 3388 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:53:54.0227 3388 TrustedInstaller - ok
12:53:54.0258 3388 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:53:54.0305 3388 tssecsrv - ok
12:53:54.0352 3388 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:53:54.0399 3388 TsUsbFlt - ok
12:53:54.0399 3388 tsusbhub - ok
12:53:54.0446 3388 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:53:54.0493 3388 tunnel - ok
12:53:54.0524 3388 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:53:54.0540 3388 uagp35 - ok
12:53:54.0602 3388 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:53:54.0665 3388 udfs - ok
12:53:54.0743 3388 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:53:54.0774 3388 UI0Detect - ok
12:53:54.0805 3388 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:53:54.0836 3388 uliagpkx - ok
12:53:54.0868 3388 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
12:53:54.0930 3388 umbus - ok
12:53:54.0946 3388 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:53:54.0993 3388 UmPass - ok
12:53:55.0040 3388 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
12:53:55.0086 3388 UmRdpService - ok
12:53:55.0118 3388 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:53:55.0180 3388 upnphost - ok
12:53:55.0211 3388 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
12:53:55.0258 3388 usbccgp - ok
12:53:55.0290 3388 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:53:55.0321 3388 usbcir - ok
12:53:55.0336 3388 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
12:53:55.0368 3388 usbehci - ok
12:53:55.0399 3388 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
12:53:55.0415 3388 usbhub - ok
12:53:55.0446 3388 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
12:53:55.0477 3388 usbohci - ok
12:53:55.0508 3388 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:53:55.0540 3388 usbprint - ok
12:53:55.0555 3388 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
12:53:55.0602 3388 USBSTOR - ok
12:53:55.0649 3388 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:53:55.0665 3388 usbuhci - ok
12:53:55.0758 3388 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
12:53:55.0836 3388 usbvideo - ok
12:53:55.0868 3388 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:53:55.0930 3388 UxSms - ok
12:53:55.0977 3388 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:53:55.0993 3388 VaultSvc - ok
12:53:56.0055 3388 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:53:56.0071 3388 vdrvroot - ok
12:53:56.0133 3388 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:53:56.0196 3388 vds - ok
12:53:56.0227 3388 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:53:56.0258 3388 vga - ok
12:53:56.0290 3388 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:53:56.0336 3388 VgaSave - ok
12:53:56.0352 3388 VGPU - ok
12:53:56.0415 3388 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:53:56.0446 3388 vhdmp - ok
12:53:56.0461 3388 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:53:56.0477 3388 viaagp - ok
12:53:56.0493 3388 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:53:56.0540 3388 ViaC7 - ok
12:53:56.0571 3388 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:53:56.0586 3388 viaide - ok
12:53:56.0602 3388 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:53:56.0618 3388 vmbus - ok
12:53:56.0633 3388 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:53:56.0665 3388 VMBusHID - ok
12:53:56.0743 3388 vmodem - ok
12:53:56.0774 3388 vmx86 - ok
12:53:56.0836 3388 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:53:56.0868 3388 volmgr - ok
12:53:56.0899 3388 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:53:56.0915 3388 volmgrx - ok
12:53:56.0946 3388 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:53:56.0977 3388 volsnap - ok
12:53:56.0977 3388 VRcore - ok
12:53:57.0008 3388 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:53:57.0040 3388 vsmraid - ok
12:53:57.0165 3388 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:53:57.0243 3388 VSS - ok
12:53:57.0274 3388 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
12:53:57.0305 3388 vwifibus - ok
12:53:57.0352 3388 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:53:57.0415 3388 W32Time - ok
12:53:57.0493 3388 W3SVC (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
12:53:57.0540 3388 W3SVC - ok
12:53:57.0571 3388 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:53:57.0602 3388 WacomPen - ok
12:53:57.0649 3388 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:53:57.0680 3388 WANARP - ok
12:53:57.0696 3388 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:53:57.0727 3388 Wanarpv6 - ok
12:53:57.0743 3388 WAS (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
12:53:57.0774 3388 WAS - ok
12:53:57.0915 3388 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:53:57.0993 3388 WatAdminSvc - ok
12:53:58.0133 3388 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:53:58.0211 3388 wbengine - ok
12:53:58.0258 3388 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:53:58.0305 3388 WbioSrvc - ok
12:53:58.0352 3388 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:53:58.0415 3388 wcncsvc - ok
12:53:58.0446 3388 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:53:58.0508 3388 WcsPlugInService - ok
12:53:58.0571 3388 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:53:58.0586 3388 Wd - ok
12:53:58.0649 3388 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
12:53:58.0680 3388 WDC_SAM - ok
12:53:58.0852 3388 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
12:53:58.0868 3388 WDDMService ( UnsignedFile.Multi.Generic ) - warning
12:53:58.0868 3388 WDDMService - detected UnsignedFile.Multi.Generic (1)
12:53:58.0915 3388 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:53:58.0946 3388 Wdf01000 - ok
12:53:59.0165 3388 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
12:53:59.0227 3388 WDFME ( UnsignedFile.Multi.Generic ) - warning
12:53:59.0227 3388 WDFME - detected UnsignedFile.Multi.Generic (1)
12:53:59.0368 3388 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:53:59.0477 3388 WdiServiceHost - ok
12:53:59.0477 3388 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:53:59.0508 3388 WdiSystemHost - ok
12:53:59.0571 3388 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
12:53:59.0586 3388 WDSC ( UnsignedFile.Multi.Generic ) - warning
12:53:59.0586 3388 WDSC - detected UnsignedFile.Multi.Generic (1)
12:53:59.0649 3388 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:53:59.0680 3388 WebClient - ok
12:53:59.0727 3388 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:53:59.0790 3388 Wecsvc - ok
12:53:59.0821 3388 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:53:59.0883 3388 wercplsupport - ok
12:53:59.0915 3388 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:53:59.0946 3388 WerSvc - ok
12:54:00.0008 3388 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:54:00.0071 3388 WfpLwf - ok
12:54:00.0086 3388 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:54:00.0118 3388 WIMMount - ok
12:54:00.0227 3388 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:54:00.0305 3388 WinDefend - ok
12:54:00.0305 3388 WinHttpAutoProxySvc - ok
12:54:00.0415 3388 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:54:00.0508 3388 Winmgmt - ok
12:54:00.0633 3388 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:54:00.0758 3388 WinRM - ok
12:54:00.0836 3388 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
12:54:00.0852 3388 WinUsb - ok
12:54:00.0946 3388 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:54:01.0024 3388 Wlansvc - ok
12:54:01.0227 3388 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:54:01.0290 3388 wlidsvc - ok
12:54:01.0446 3388 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:54:01.0461 3388 WmiAcpi - ok
12:54:01.0555 3388 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:54:01.0602 3388 wmiApSrv - ok
12:54:01.0836 3388 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:54:01.0930 3388 WMPNetworkSvc - ok
12:54:01.0946 3388 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:54:02.0008 3388 WPCSvc - ok
12:54:02.0055 3388 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:54:02.0102 3388 WPDBusEnum - ok
12:54:02.0180 3388 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:54:02.0243 3388 ws2ifsl - ok
12:54:02.0258 3388 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
12:54:02.0305 3388 wscsvc - ok
12:54:02.0305 3388 WSearch - ok
12:54:02.0477 3388 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
12:54:02.0555 3388 wuauserv - ok
12:54:02.0758 3388 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:54:02.0821 3388 WudfPf - ok
12:54:02.0868 3388 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:54:02.0930 3388 WUDFRd - ok
12:54:02.0993 3388 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:54:03.0024 3388 wudfsvc - ok
12:54:03.0071 3388 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:54:03.0102 3388 WwanSvc - ok
12:54:03.0149 3388 z525mgmt - ok
12:54:03.0196 3388 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:54:03.0774 3388 \Device\Harddisk0\DR0 - ok
12:54:03.0790 3388 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:54:04.0227 3388 \Device\Harddisk1\DR1 - ok
12:54:04.0243 3388 Boot (0x1200) (124d45174c417519fdd75160baff0f30) \Device\Harddisk0\DR0\Partition0
12:54:04.0243 3388 \Device\Harddisk0\DR0\Partition0 - ok
12:54:04.0305 3388 Boot (0x1200) (62e00d822149baec080f985234d54873) \Device\Harddisk0\DR0\Partition1
12:54:04.0321 3388 \Device\Harddisk0\DR0\Partition1 - ok
12:54:04.0321 3388 Boot (0x1200) (e106c08c8107be1a082a6be8203dbec8) \Device\Harddisk1\DR1\Partition0
12:54:04.0336 3388 \Device\Harddisk1\DR1\Partition0 - ok
12:54:04.0336 3388 ============================================================
12:54:04.0336 3388 Scan finished
12:54:04.0336 3388 ============================================================
12:54:04.0352 3380 Detected object count: 7
12:54:04.0352 3380 Actual detected object count: 7
12:54:20.0274 3380 CLEDX ( UnsignedFile.Multi.Generic ) - skipped by user
12:54:20.0274 3380 CLEDX ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:54:20.0290 3380 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:54:20.0290 3380 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:54:20.0290 3380 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - skipped by user
12:54:20.0290 3380 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:54:20.0305 3380 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
12:54:20.0305 3380 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:54:20.0305 3380 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
12:54:20.0305 3380 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:54:20.0305 3380 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
12:54:20.0305 3380 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:54:20.0305 3380 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
12:54:20.0305 3380 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
Re: Objeven jakýsi Rootkit.0Acces.H
ComboFix 12-06-23.05 - JM 23.06.2012 13:07:54.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2038.1120 [GMT 2:00]
Spuštěný z: c:\users\JM\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-23 do 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 11:19 . 2012-06-23 11:19 -------- d-----w- c:\users\JM\AppData\Local\temp
2012-06-23 11:19 . 2012-06-23 11:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 11:19 . 2012-06-23 11:19 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-23 10:36 . 2012-06-23 10:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-23 10:33 . 2012-06-23 10:52 -------- d-----w- C:\!smazat
2012-06-23 04:20 . 2012-06-23 10:52 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAD1E5B9-919E-4873-AEE6-655946184AD0}\offreg.dll
2012-06-21 15:25 . 2012-06-21 15:25 -------- d-----w- c:\program files\Bome's SendSX
2012-06-19 04:29 . 2012-06-19 04:29 -------- d-----w- c:\programdata\Martau
2012-06-19 04:29 . 2012-06-19 04:31 -------- d-----w- c:\program files\Total-Uninstall-Professional-5.2.0
2012-06-18 06:17 . 2012-06-18 06:18 -------- d-----w- c:\windows\system32\SPReview
2012-06-18 06:17 . 2012-06-18 06:17 -------- d-----w- c:\windows\system32\EventProviders
2012-06-18 06:04 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-06-18 06:02 . 2010-11-20 12:36 1077248 ----a-w- c:\windows\system32\Narrator.exe
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-06-18 06:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2012-06-18 06:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2012-06-18 05:39 . 2012-06-18 05:39 -------- d-----w- c:\users\JM\AppData\Local\ElevatedDiagnostics
2012-06-18 05:39 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-18 05:39 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-18 05:39 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-17 17:44 . 2012-06-17 17:44 -------- d-----w- c:\users\JM\AppData\Local\Google
2012-06-17 17:24 . 2012-06-17 17:24 -------- d-----w- c:\program files\EnhanceMySe7en
2012-06-17 17:03 . 2012-06-17 17:03 -------- d-----w- c:\users\JM\AppData\Roaming\SeriousBit
2012-06-17 15:33 . 2012-06-17 15:33 -------- d-----w- c:\program files\Common Files\Java
2012-06-17 15:32 . 2012-06-17 15:32 -------- d-----w- c:\program files\Oracle
2012-06-17 15:32 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-17 13:51 . 2012-06-17 13:51 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-06-17 13:48 . 2012-06-17 13:48 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\program files\PhotomatixPro4
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\users\JM\AppData\Roaming\HDRsoft
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\users\JM\AppData\Roaming\Malwarebytes
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 10:40 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-17 08:43 . 2012-06-17 08:43 -------- d-----w- c:\users\JM\AppData\Roaming\UVIWorkstation
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Roaming\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Local\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\programdata\PACE
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\program files\Common Files\PACE
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\Propellerhead
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVISoundBanks
2012-06-17 08:36 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVI Workstation
2012-06-17 08:36 . 2012-06-17 08:36 -------- d-----w- c:\program files\Common Files\UVI
2012-06-17 08:36 . 2011-10-06 15:22 2275328 ----a-w- c:\windows\system32\libsndfile-1.dll
2012-06-16 20:21 . 2012-06-16 20:21 -------- dc-h--w- c:\programdata\{3006A797-CDFA-44FC-98EF-155579E2CDBF}
2012-06-16 19:28 . 2012-06-18 07:35 -------- d-----w- c:\windows\rescache
2012-06-16 17:28 . 2012-06-23 11:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 17:28 . 2012-06-23 11:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-16 17:23 . 2012-06-16 17:23 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-16 17:23 . 2012-06-16 17:23 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 17:22 . 2012-06-16 17:22 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-16 17:22 . 2012-06-16 17:22 28672 ----a-w- c:\windows\system32\profprov.dll
2012-06-16 17:22 . 2012-06-16 17:22 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-16 17:20 . 2012-06-16 17:20 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{27D02406-6F0F-419F-AF2F-A4EE19D2E463}
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{E9CDB61C-771D-42BB-B441-4CA7622ACA52}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{0A583E76-A7A0-45F8-9386-AEE1E529A4DE}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{CA03436C-933D-4ADA-9E89-2C39CC03E904}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{588D017F-D30B-4C08-8A10-1FEF7D039369}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{DC597CF0-DB39-40C2-9F8C-CF9D0A386548}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{3DFBC806-D62A-4312-81FF-5F343DDCB5DC}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{6E467D89-1963-440B-84F9-852C8150E323}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{B0DF9098-245E-479F-A4ED-B5F91EA4948B}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{D04E7E60-5F77-4E61-9CD4-7AEC5E15C525}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{DE181BBE-2522-484E-A620-BDCFB298DC87}
2012-06-16 13:04 . 2012-06-16 13:04 -------- dc-h--w- c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-06-16 12:58 . 2012-06-16 12:58 -------- dc-h--w- c:\programdata\{DD2792B0-5B90-4CC3-8D97-1C733D7FB366}
2012-06-16 12:53 . 2012-06-16 12:53 -------- dc-h--w- c:\programdata\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\tmp
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\hps
2012-05-26 14:39 . 2012-05-26 14:39 -------- d-----w- c:\program files\Fotolab
2012-05-25 17:48 . 2012-05-25 17:48 -------- d-----w- c:\program files\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 16:01 . 2012-03-15 17:27 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-18 06:26 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-17 16:22 . 2012-05-17 16:22 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-17 16:22 . 2012-05-17 16:22 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-17 16:22 . 2012-05-17 16:22 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-17 16:21 . 2012-05-17 16:21 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-17 16:19 . 2012-05-17 16:19 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-17 16:16 . 2012-05-17 16:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-17 16:16 . 2012-05-17 16:16 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-17 16:16 . 2012-05-17 16:16 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-17 16:16 . 2012-05-17 16:16 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-16 09:14 . 2012-05-16 09:14 21144 ----a-w- c:\windows\system32\drivers\iLokDrvr.sys
2012-05-16 09:13 . 2012-05-16 09:13 93336 ----a-w- c:\windows\system32\drivers\TPkd.sys
2012-05-04 17:29 . 2012-03-16 07:24 687504 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AirLive 802.11N Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2011-11-17 917504]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 cpuz134;cpuz134;c:\users\JM\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 cpuz135;cpuz135;c:\users\JM\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-03-25 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-08 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 242240]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-04 584488]
S2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-05-17 2938880]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netr28u;AirLive WN-5000USB Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-04-30 332800]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 39459754
*NewlyCreated* - 59984837
*Deregistered* - 39459754
*Deregistered* - 59984837
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 11:00]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000Core.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000UA.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 62.129.50.20 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-57395192.sys
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-06-23 13:22:27
ComboFix-quarantined-files.txt 2012-06-23 11:22
ComboFix2.txt 2012-06-23 05:13
.
Před spuštěním: Volných bajtů: 76 516 798 464
Po spuštění: Volných bajtů: 76 467 777 536
.
- - End Of File - - C29F2C8DB5B2D68650D924C3E3E2D3DB
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2038.1120 [GMT 2:00]
Spuštěný z: c:\users\JM\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-23 do 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 11:19 . 2012-06-23 11:19 -------- d-----w- c:\users\JM\AppData\Local\temp
2012-06-23 11:19 . 2012-06-23 11:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 11:19 . 2012-06-23 11:19 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-23 10:36 . 2012-06-23 10:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-23 10:33 . 2012-06-23 10:52 -------- d-----w- C:\!smazat
2012-06-23 04:20 . 2012-06-23 10:52 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAD1E5B9-919E-4873-AEE6-655946184AD0}\offreg.dll
2012-06-21 15:25 . 2012-06-21 15:25 -------- d-----w- c:\program files\Bome's SendSX
2012-06-19 04:29 . 2012-06-19 04:29 -------- d-----w- c:\programdata\Martau
2012-06-19 04:29 . 2012-06-19 04:31 -------- d-----w- c:\program files\Total-Uninstall-Professional-5.2.0
2012-06-18 06:17 . 2012-06-18 06:18 -------- d-----w- c:\windows\system32\SPReview
2012-06-18 06:17 . 2012-06-18 06:17 -------- d-----w- c:\windows\system32\EventProviders
2012-06-18 06:04 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-06-18 06:02 . 2010-11-20 12:36 1077248 ----a-w- c:\windows\system32\Narrator.exe
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-06-18 06:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2012-06-18 06:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-06-18 06:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2012-06-18 05:39 . 2012-06-18 05:39 -------- d-----w- c:\users\JM\AppData\Local\ElevatedDiagnostics
2012-06-18 05:39 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-18 05:39 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-18 05:39 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-17 17:44 . 2012-06-17 17:44 -------- d-----w- c:\users\JM\AppData\Local\Google
2012-06-17 17:24 . 2012-06-17 17:24 -------- d-----w- c:\program files\EnhanceMySe7en
2012-06-17 17:03 . 2012-06-17 17:03 -------- d-----w- c:\users\JM\AppData\Roaming\SeriousBit
2012-06-17 15:33 . 2012-06-17 15:33 -------- d-----w- c:\program files\Common Files\Java
2012-06-17 15:32 . 2012-06-17 15:32 -------- d-----w- c:\program files\Oracle
2012-06-17 15:32 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-17 13:51 . 2012-06-17 13:51 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-06-17 13:48 . 2012-06-17 13:48 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\program files\PhotomatixPro4
2012-06-17 13:32 . 2012-06-17 13:32 -------- d-----w- c:\users\JM\AppData\Roaming\HDRsoft
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\users\JM\AppData\Roaming\Malwarebytes
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 10:40 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 10:40 . 2012-06-17 10:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-17 08:43 . 2012-06-17 08:43 -------- d-----w- c:\users\JM\AppData\Roaming\UVIWorkstation
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Roaming\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\users\JM\AppData\Local\PACE Anti-Piracy
2012-06-17 08:42 . 2012-06-17 08:42 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\programdata\PACE
2012-06-17 08:41 . 2012-06-17 08:41 -------- d-----w- c:\program files\Common Files\PACE
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\Propellerhead
2012-06-17 08:37 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVISoundBanks
2012-06-17 08:36 . 2012-06-17 08:37 -------- d-----w- c:\program files\UVI Workstation
2012-06-17 08:36 . 2012-06-17 08:36 -------- d-----w- c:\program files\Common Files\UVI
2012-06-17 08:36 . 2011-10-06 15:22 2275328 ----a-w- c:\windows\system32\libsndfile-1.dll
2012-06-16 20:21 . 2012-06-16 20:21 -------- dc-h--w- c:\programdata\{3006A797-CDFA-44FC-98EF-155579E2CDBF}
2012-06-16 19:28 . 2012-06-18 07:35 -------- d-----w- c:\windows\rescache
2012-06-16 17:28 . 2012-06-23 11:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 17:28 . 2012-06-23 11:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-16 17:23 . 2012-06-16 17:23 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-16 17:23 . 2012-06-16 17:23 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 17:22 . 2012-06-16 17:22 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-16 17:22 . 2012-06-16 17:22 28672 ----a-w- c:\windows\system32\profprov.dll
2012-06-16 17:22 . 2012-06-16 17:22 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-16 17:20 . 2012-06-16 17:20 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-16 17:20 . 2012-06-16 17:20 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{27D02406-6F0F-419F-AF2F-A4EE19D2E463}
2012-06-16 13:34 . 2012-06-16 13:34 -------- dc-h--w- c:\programdata\{E9CDB61C-771D-42BB-B441-4CA7622ACA52}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{0A583E76-A7A0-45F8-9386-AEE1E529A4DE}
2012-06-16 13:15 . 2012-06-16 13:15 -------- dc-h--w- c:\programdata\{CA03436C-933D-4ADA-9E89-2C39CC03E904}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{588D017F-D30B-4C08-8A10-1FEF7D039369}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{DC597CF0-DB39-40C2-9F8C-CF9D0A386548}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{3DFBC806-D62A-4312-81FF-5F343DDCB5DC}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{6E467D89-1963-440B-84F9-852C8150E323}
2012-06-16 13:14 . 2012-06-16 13:14 -------- dc-h--w- c:\programdata\{B0DF9098-245E-479F-A4ED-B5F91EA4948B}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{D04E7E60-5F77-4E61-9CD4-7AEC5E15C525}
2012-06-16 13:13 . 2012-06-16 13:13 -------- dc-h--w- c:\programdata\{DE181BBE-2522-484E-A620-BDCFB298DC87}
2012-06-16 13:04 . 2012-06-16 13:04 -------- dc-h--w- c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2012-06-16 12:58 . 2012-06-16 12:58 -------- dc-h--w- c:\programdata\{DD2792B0-5B90-4CC3-8D97-1C733D7FB366}
2012-06-16 12:53 . 2012-06-16 12:53 -------- dc-h--w- c:\programdata\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\tmp
2012-05-26 16:18 . 2012-05-27 19:01 -------- d-----w- c:\programdata\hps
2012-05-26 14:39 . 2012-05-26 14:39 -------- d-----w- c:\program files\Fotolab
2012-05-25 17:48 . 2012-05-25 17:48 -------- d-----w- c:\program files\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 16:01 . 2012-03-15 17:27 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-18 06:26 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-17 16:22 . 2012-05-17 16:22 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-17 16:22 . 2012-05-17 16:22 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-17 16:22 . 2012-05-17 16:22 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-17 16:21 . 2012-05-17 16:21 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-17 16:19 . 2012-05-17 16:19 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-17 16:16 . 2012-05-17 16:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-17 16:16 . 2012-05-17 16:16 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-17 16:16 . 2012-05-17 16:16 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-17 16:16 . 2012-05-17 16:16 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-16 09:14 . 2012-05-16 09:14 21144 ----a-w- c:\windows\system32\drivers\iLokDrvr.sys
2012-05-16 09:13 . 2012-05-16 09:13 93336 ----a-w- c:\windows\system32\drivers\TPkd.sys
2012-05-04 17:29 . 2012-03-16 07:24 687504 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AirLive 802.11N Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2011-11-17 917504]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 cpuz134;cpuz134;c:\users\JM\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 cpuz135;cpuz135;c:\users\JM\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-03-25 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-08 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 242240]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-04 584488]
S2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-05-17 2938880]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netr28u;AirLive WN-5000USB Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-04-30 332800]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 39459754
*NewlyCreated* - 59984837
*Deregistered* - 39459754
*Deregistered* - 59984837
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 11:00]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000Core.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000UA.job
- c:\users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 17:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 62.129.50.20 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-57395192.sys
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-06-23 13:22:27
ComboFix-quarantined-files.txt 2012-06-23 11:22
ComboFix2.txt 2012-06-23 05:13
.
Před spuštěním: Volných bajtů: 76 516 798 464
Po spuštění: Volných bajtů: 76 467 777 536
.
- - End Of File - - C29F2C8DB5B2D68650D924C3E3E2D3DB
Re: Objeven jakýsi Rootkit.0Acces.H
MBA už hodinu jede. Zatím je čisto
Naposledy upravil(a) Michal I dne 23 čer 2012 15:55, celkem upraveno 1 x.
Re: Objeven jakýsi Rootkit.0Acces.H
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org
Verze databáze: v2012.06.23.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
JM :: JM-HTPC [administrátor]
Ochrana: Zakázána
23.6.2012 15:07:28
mbam-log-2012-06-23 (15-07-28).txt
Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 557453
Uplynulý čas: 1 hodin, 31 minut, 48 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
No já sem totiž ty adresáře myslím že včera smazal. Netušil sem, že ještě k něčemu budou..
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
www.malwarebytes.org
Verze databáze: v2012.06.23.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
JM :: JM-HTPC [administrátor]
Ochrana: Zakázána
23.6.2012 15:07:28
mbam-log-2012-06-23 (15-07-28).txt
Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 557453
Uplynulý čas: 1 hodin, 31 minut, 48 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
No já sem totiž ty adresáře myslím že včera smazal. Netušil sem, že ještě k něčemu budou..
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
Re: Objeven jakýsi Rootkit.0Acces.H
No já sem totiž ty adresáře myslím že včera smazal. Netušil sem, že ještě k něčemu budou..
Přispějete na provoz fóra?