zdravim, po přečtení posledních témat přikládám log z Rsit, Rkill a Combofixu.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Gocik at 2012-11-06 10:21:03
Microsoft Windows XP Professional Service Pack 3
System drive C: has 19 GB (55%) free of 35 GB
Total RAM: 2046 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:05, on 6.11.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Gocik\Desktop\RSIT.exe
C:\Program Files\trend micro\Gocik.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2012\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
--
End of file - 13095 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\Automatic troubleshooting.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\PMTask.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Gocik\Application Data\Mozilla\Firefox\Profiles\dx04kuyk.default
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.278 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Gocik\Application Data\Mozilla\Firefox\Profiles\dx04kuyk.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-10 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-10 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-10 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}]
CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2007-08-03 795960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2009-07-23 185688]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2009-07-23 124248]
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-09-30 2295080]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"LenovoAutoScrollUtility"=C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [2010-04-01 43960]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2011-03-29 337256]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-11-08 128920]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
""= []
"T-Mobile Communication Centre"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2012-08-22 1368768]
"Infium"=C:\Program Files\QIP 2012\qip.exe [2012-01-12 7320528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2010-09-17 425984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2010-09-17 176128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files\Ask.com\Updater\Updater.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2007-08-03 2630968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2005-11-08 128920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [2012-02-01 1083264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe [2008-11-03 2540800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe [2010-09-22 607584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2010-09-17 32768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-29 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2010-12-07 100176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DC Strong\StrongDC.exe"="C:\Program Files\DC Strong\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\QIP 2012\qip.exe"="C:\Program Files\QIP 2012\qip.exe:*:Enabled:QIP 2012"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Graphisoft\ArchiCAD 13\ArchiCAD.exe"="C:\Program Files\Graphisoft\ArchiCAD 13\ArchiCAD.exe:*:Enabled:ArchiCAD 13.0.0 Component"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.xvid"=xvidvfw.dll
"vidc.DIVX"=DivX.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll
======List of files/folders created in the last 1 month======
2012-11-06 10:20:23 ----D---- C:\rsit
2012-11-06 10:20:23 ----D---- C:\Program Files\trend micro
2012-11-06 10:15:48 ----A---- C:\Documents and Settings\Gocik\Application Data\17.exe
2012-11-06 10:01:34 ----A---- C:\Documents and Settings\Gocik\Application Data\14.exe
======List of files/folders modified in the last 1 month======
2012-11-06 10:21:04 ----D---- C:\WINDOWS\Temp
2012-11-06 10:20:23 ----RD---- C:\Program Files
2012-11-06 10:14:44 ----D---- C:\WINDOWS
2012-11-06 10:13:30 ----D---- C:\Documents and Settings\Gocik\Application Data\Skype
2012-11-06 10:12:41 ----A---- C:\WINDOWS\wincmd.ini
2012-11-06 09:42:45 ----D---- C:\WINDOWS\Prefetch
2012-11-05 17:38:19 ----D---- C:\Documents and Settings\Gocik\Application Data\Dofus
2012-11-05 12:56:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-11-05 08:12:54 ----D---- C:\WINDOWS\system32\CatRoot2
2012-11-05 08:12:52 ----SD---- C:\WINDOWS\Tasks
2012-11-05 08:10:35 ----A---- C:\WINDOWS\system32\PROCDB.INI
2012-11-05 08:09:18 ----D---- C:\WINDOWS\system32
2012-11-05 08:09:18 ----A---- C:\WINDOWS\system32\IPSCtrl.INI
2012-10-31 16:36:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-10-31 16:33:06 ----SHD---- C:\Config.Msi
2012-10-31 16:33:06 ----D---- C:\Program Files\Mozilla Maintenance Service
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 DozeHDD;DozeHDD; C:\WINDOWS\System32\DRIVERS\DozeHDD.sys [2011-04-19 25968]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 Shockprf;Shockprf; C:\WINDOWS\System32\DRIVERS\Apsx86.sys [2011-03-29 122992]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-02-06 664064]
R0 TPDIGIMN;TPDIGIMN; C:\WINDOWS\System32\DRIVERS\ApsHM86.sys [2011-03-29 20592]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-08-21 25256]
R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-09-28 11520]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-08-21 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 lenovo.smi;Lenovo System Interface Driver; C:\WINDOWS\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2011-04-19 12144]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2012-02-03 21361]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-08-21 97608]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2010-06-02 19384]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PROCDD;IPS Helper Driver; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-11-20 12288]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2006-11-22 72704]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-20 178688]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-29 3565056]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-05-02 161792]
R3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2009-09-18 533152]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2010-09-23 993576]
R3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
R3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2008-02-04 37032]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2010-09-16 51752]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2012-02-06 223128]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2010-06-02 993464]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2010-06-02 217016]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2011-08-11 32368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2012-02-03 21376]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2009-05-14 80384]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2011-09-30 296112]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2009-12-08 52112]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w29n51;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-07-25 2210048]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2010-06-02 738360]
S3 massfilter;Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [2010-02-22 9216]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-11-01 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-11-01 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-11-01 8192]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-11-01 8192]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2010-03-02 105856]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2010-03-02 105856]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2010-03-02 105856]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2010-09-17 98304]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2010-09-17 237568]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2012-08-22 123320]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-29 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2010-09-22 349528]
R2 DozeSvc;Lenovo Doze Mode Service; C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE [2011-04-19 292200]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-11-19 794624]
R2 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2011-08-11 38760]
R2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE [2007-01-30 108080]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-04-10 153376]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-11-03 1332480]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-04-19 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-04-19 143360]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-11-19 483328]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-11-19 1183744]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2011-07-25 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2007-08-03 722232]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-22 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 250288]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-22 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-24 114144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2011-03-29 40048]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2012-02-04 435016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 11/06/2012 10:23:10 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* System Restore Disabled
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001
Checking Windows Service Integrity:
* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic
* System Restore Filter Driver (sr) is not Running.
Startup Type set to: Disabled
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 11/06/2012 10:23:46 AM
Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)
ComboFix 12-10-04.02 - Gocik 06.11.2012 10:29:57.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2046.1188 [GMT 1:00]
Spuštěný z: c:\documents and settings\Gocik\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Gocik\Application Data\14.exe
c:\documents and settings\Gocik\Application Data\17.exe
c:\documents and settings\Gocik\Application Data\app
c:\documents and settings\Gocik\Application Data\app\Jerakine_lang.dat
c:\documents and settings\Gocik\Application Data\app\Jerakine_lang_vesrion.dat
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-06 do 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 09:32 . 2012-11-06 09:32 61440 ----a-w- c:\documents and settings\Gocik\Application Data\20.exe
2012-11-06 09:32 . 2012-11-06 09:32 947200 ----a-w- c:\documents and settings\Gocik\Application Data\Bpfmfn.exe
2012-11-06 09:20 . 2012-11-06 09:21 -------- d-----w- C:\rsit
2012-11-06 09:20 . 2012-11-06 09:21 -------- d-----w- c:\program files\trend micro
2012-11-05 07:49 . 2012-09-18 22:59 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{761483E7-2480-4E96-ADAD-E6097A3E0B34}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-23 11:01 . 2012-04-01 17:42 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-23 11:01 . 2012-02-02 22:55 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-18 22:59 . 2012-02-03 20:20 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-30 20:29 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:29 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:29 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-28 13:00 . 2008-04-14 12:00 369664 ----a-w- c:\windows\system32\html.iec
2012-08-21 09:13 . 2012-02-02 17:35 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-02-02 17:35 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-02 17:35 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-02 17:35 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-02-02 17:35 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-02-02 17:35 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-02-02 17:35 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-02-02 17:35 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-02-02 17:34 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-02-02 17:34 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-24 10:18 . 2012-02-02 18:33 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2012-08-22 1368768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Infium"="c:\program files\QIP 2012\qip.exe" [2012-01-12 7320528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-09-30 2295080]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-04-19 759144]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-12-07 15:27 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2010-09-17 16:54 425984 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
2010-09-17 16:51 176128 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 15:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-08-03 15:35 2630968 ----a-w- c:\program files\Lenovo\Client Security Solution\cssauth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-02-01 07:11 1083264 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2008-11-03 10:45 2540800 ----a-w- c:\windows\system32\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-02-16 09:54 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"MP10_EnsureFileVer"=c:\windows\inf\unregmp2.exe /EnsureFileVersions
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC Strong\\StrongDC.exe"=
"c:\\Program Files\\QIP 2012\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 13\\ArchiCAD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [3.2.2012 9:48 25968]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2012 11:28 664064]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [29.3.2011 19:12 20592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.2.2012 18:35 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.2.2012 18:35 355632]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [3.2.2012 9:49 13680]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [22.8.2012 15:59 123320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.2.2012 18:35 21256]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [3.2.2012 9:48 292200]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [3.2.2012 9:48 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [3.2.2012 9:48 143360]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13.3.2009 13:47 12560]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [3.2.2012 9:49 99328]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [3.2.2012 9:49 64440]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.11.2009 10:34 1021256]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.5.2007 15:59 30336]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22.7.2012 0:11 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [3.2.2012 9:49 45496]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1.4.2012 18:42 250288]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22.7.2012 0:11 136176]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [9.5.2012 18:59 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [20.5.2012 11:44 114144]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25.2.2012 9:12 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25.2.2012 9:12 8576]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 11:01]
.
2012-11-06 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-17 09:40]
.
2012-11-06 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-21 09:12]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-21 23:11]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-21 23:11]
.
2012-11-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2012-11-06 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2012-02-03 00:39]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.172.1 213.192.60.6 213.192.60.5
FF - ProfilePath - c:\documents and settings\Gocik\Application Data\Mozilla\Firefox\Profiles\dx04kuyk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-ACNotify - ACNotify.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-06 10:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="E35BBEF69AA3E712A59CAEB3D111D26563DF050052CCB0D91F931AF487E8B21C905548663D34690DE62E371702FD70B856E16DF8626FE9677D4C370570EBCFAE11D258961C110AA6DDE191635DB35E9B9C78F4FA2AFD2E5B8BC88C5A41918194E669CC1040BBDE38230F57E9914682FB81DC92BE9B3FD0E06BC30E38516D274EAA72363D08BC773C634FD660A1CB3671E689F1E1FDFA9644D3B9E444CD1B1384878C5BEE259DD0D45E8293DD63DF463242C072FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808C038D530D6EB3452C038D530D6EB34528FD727B66A5C85D9D02ACA6C19D71E06A21167648A3DF357F2FC87E5A78EC6493ACA4329DD548C32AE2B02FE17AFCC5788DDD2514538F3525436576F7C2CC54551F730A9A0F460DF6AFC0E3A1AF3C234B2ADC10B25A3EF597DCB65B6AA0A1F627C0890EF2AF4751EF2ECA3A4B39156B4F9169702F544C48153B7E7BAD4DE4DCF477A0D289423075A1E20F9B5988925A19C7E3C9CA46E8C92994799EDC1780D75219F4E7323DC17B7A38B4D5CA0F20F7D3B229CB4438D2B09FC9936B6DCB261EB5D1E0365B798E48B9FFA5DF74A74B7FA5A122B19869FC3960AA58171B403108033EF5E845A5DFA62130D6CDD354D860065B0590BCAB5401EB432BFEC7C70A3B5BEE118CE37C72179E133C3D6274DAAA92936A3410CF84DB853DC3A6B0C15EA407E16E8339D09E944D5B6AD210A5B904756AE83656DA05D341F96BFA5DBA27609D5828F9682E3A6E619307B6CE76F6F5C0379FA15B47C248E37A322C30CD99CAF8DF0514FFCB1EDBEBE8F7E5E73983DA0A74B8EE24AEE1C7F9D1E3567E01378044F7FF02B495E1CD93817901002F5377EA22B47D43D6E806C39F0D423BEB9680CAB9FBCE9C769D0F8605D0D8E0CBCDC96357431E4BE8354F3D3DDDCFB33CC8D811696813F7B696D94724E525A2D38F33C04D75D80A6CEDCE59CF930EF6B604F51647F91D20D049AD50EA74469284582F699595F8A6C01A14626ADB3EB391AD69D54C6444047F6429CB9FB4C2461D3D48163CFD1D830E0EF4FE5B45154963692BB832FF4999B92947A5C335367DF697D4D31E64FB431C85BEB36A177FE9C84B335F5CD01E01CB904B5C287CB84D3A0CEFBB99EF9DD58A6B5BCD65996B70A67B147930CCB0F03E6C8491D0728BF0CA46066964B7684AD7D1B176812A5BD4257C663A629BA0FAAA45DE38016DE54FDB98F96C3156C4F5EE2E503F25B1C424C5DEF305FB5BA431214806864E9ECEC42327B4DA47688593E813ABCDF15F96F529AF006D097387E5F69B5ECA50ED2AB16F8897DFDBF7C2FC297FA367D733FDC2442CD7372892707596C44BB846112255B0B61CFF7947CD285F55192FE7FF29CB3"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1436)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
.
- - - - - - - > 'lsass.exe'(1552)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(4792)
c:\windows\system32\netprovcredman.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-11-06 10:48:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-06 09:48
.
Před spuštěním: 20 254 576 640 bytes free
Po spuštění: 19 964 379 136 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3C1FC87724741C8776A4DE1C437518DC
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Skype virus Rsit,Rkill, Combofix
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Skype virus Rsit,Rkill, Combofix
Zdravim 
Budte tak laskav a ctete pravidla fora http://forum.viry.cz/viewtopic.php?f=12&t=5601
Co se tyce ComboFixu, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?
licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Nebezpeci CFka
Budte tak laskav a ctete pravidla fora http://forum.viry.cz/viewtopic.php?f=12&t=5601
2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je. Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.
3. Zvláště utilitu ComboFix nespouštějte i když Vám mi poradil kamarád\nějaký rádoby odborný web. Naše fórum je jediné z CZ-SK antivirových fór, která mají právo luštit logy z ComboFixu a mámě též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.
Co se tyce ComboFixu, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)? licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby" Nebezpeci CFka
- Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
- Maze stopy po haveti, takze v logu z RSIT neni nic videt
- Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
- CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
- CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Skype virus Rsit,Rkill, Combofix
Zdravím,
neovládám čtení logů, nebo jejich psaní.
Pouze jsem provedl kroky, které se opakovaly ve všech tématech týkajících se Skype viru.
Pokud jsem se tím dopustil chyby, nebo prohřešku proti pravidlům - opravdu nerad, omlouvám se a prosím o radu jak se zbavit viru.
Čekám na Vaše pokyny.
Jednotlivé logy byly vytvořeny v poradí Rsit,Rkill,Combofix
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
neovládám čtení logů, nebo jejich psaní.
Pouze jsem provedl kroky, které se opakovaly ve všech tématech týkajících se Skype viru.
Pokud jsem se tím dopustil chyby, nebo prohřešku proti pravidlům - opravdu nerad, omlouvám se a prosím o radu jak se zbavit viru.
Čekám na Vaše pokyny.
Jednotlivé logy byly vytvořeny v poradí Rsit,Rkill,Combofix
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exeVypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
Re: Skype virus Rsit,Rkill, Combofix
Pravidla si tedy prectete cele a dukladne, ja jsem Vam tam dal poruseni tech nejdulezitejsich Poprosim o log z DDS
- Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/Beta/dds.exe a ulozte na plochu
- Spustte a kliknete na Start
- Po chvili vyskoci log, ten rad uvidim
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Skype virus Rsit,Rkill, Combofix
přikládám log s DDS, pravidla pročítám.
DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31
Run by Gocik at 11:21:01 on 2012-11-06
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2046.882 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\QIP 2012\qip.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TotalCMD\TOTALCMD.EXE
C:\Program Files\Dofus\app\UpLauncher.exe
C:\Program Files\Dofus\app\DofusMod.exe
C:\Program Files\Dofus\app\reg\Reg.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {F040E541-A427-4CF7-85D8-75E3E0F476C5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
uRun: [T-Mobile Communication Centre] "c:\program files\t-mobile\web'n'walk manager\Manager.exe" -autorun
uRun: [Infium] "c:\program files\qip 2012\qip.exe" /autorun
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TpShocks] TpShocks.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TP4EX] tp4ex.exe
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.172.1 213.192.60.6 213.192.60.5
TCP: Interfaces\{49DEB7CC-EBFE-4C69-9374-D63384F9F18F} : DHCPNameServer = 192.168.172.1 213.192.60.6 213.192.60.5
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gocik\application data\mozilla\firefox\profiles\dx04kuyk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2012-2-3 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-2 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-2 355632]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012-2-3 13680]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\t-mobile\web'n'walk manager\ameisvc.exe [2012-8-22 123320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-2 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-2 44808]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2012-2-3 292200]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2012-2-3 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2012-2-3 143360]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-2-3 99328]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-2-3 64440]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2008-4-14 69120]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-22 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-2-3 45496]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 250288]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-22 136176]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-5-9 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-20 114144]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-2-25 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-2-25 8576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-06 10:14:17 -------- d-----w- c:\documents and settings\gocik\application data\app
2012-11-06 09:32:20 61440 ----a-w- c:\documents and settings\gocik\application data\20.exe
2012-11-06 09:28:32 -------- d-sha-r- C:\cmdcons
2012-11-06 09:25:07 98816 ----a-w- c:\windows\sed.exe
2012-11-06 09:25:07 256000 ----a-w- c:\windows\PEV.exe
2012-11-06 09:25:07 208896 ----a-w- c:\windows\MBR.exe
2012-11-06 09:20:23 -------- d-----w- c:\program files\trend micro
2012-11-05 07:49:58 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{761483e7-2480-4e96-adad-e6097a3e0b34}\mpengine.dll
.
==================== Find3M ====================
.
2012-09-23 11:01:18 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-23 11:01:18 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-30 20:29:36 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:29:36 667136 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:29:36 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-28 13:00:25 369664 ----a-w- c:\windows\system32\html.iec
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541010G9SA00 rev.MBZIC60H -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x89E090E8]<<
_asm { MOV EAX, 0x89e09008; XCHG [ESP], EAX; PUSH EAX; PUSH 0x89e57c94; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\Harddisk0\DR0[0x89DC0AB8]
\Driver\Disk[0x89D32A08] -> IRP_MJ_CREATE -> 0x89E090E8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x89e090e8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 11:21:18,62 ===============
DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31
Run by Gocik at 11:21:01 on 2012-11-06
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2046.882 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\QIP 2012\qip.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TotalCMD\TOTALCMD.EXE
C:\Program Files\Dofus\app\UpLauncher.exe
C:\Program Files\Dofus\app\DofusMod.exe
C:\Program Files\Dofus\app\reg\Reg.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {F040E541-A427-4CF7-85D8-75E3E0F476C5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
uRun: [T-Mobile Communication Centre] "c:\program files\t-mobile\web'n'walk manager\Manager.exe" -autorun
uRun: [Infium] "c:\program files\qip 2012\qip.exe" /autorun
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TpShocks] TpShocks.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TP4EX] tp4ex.exe
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.172.1 213.192.60.6 213.192.60.5
TCP: Interfaces\{49DEB7CC-EBFE-4C69-9374-D63384F9F18F} : DHCPNameServer = 192.168.172.1 213.192.60.6 213.192.60.5
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gocik\application data\mozilla\firefox\profiles\dx04kuyk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2012-2-3 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-2 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-2 355632]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012-2-3 13680]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\t-mobile\web'n'walk manager\ameisvc.exe [2012-8-22 123320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-2 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-2 44808]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2012-2-3 292200]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2012-2-3 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2012-2-3 143360]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-2-3 99328]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-2-3 64440]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2008-4-14 69120]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-22 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-2-3 45496]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 250288]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-22 136176]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-5-9 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-20 114144]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-2-25 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-2-25 8576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-06 10:14:17 -------- d-----w- c:\documents and settings\gocik\application data\app
2012-11-06 09:32:20 61440 ----a-w- c:\documents and settings\gocik\application data\20.exe
2012-11-06 09:28:32 -------- d-sha-r- C:\cmdcons
2012-11-06 09:25:07 98816 ----a-w- c:\windows\sed.exe
2012-11-06 09:25:07 256000 ----a-w- c:\windows\PEV.exe
2012-11-06 09:25:07 208896 ----a-w- c:\windows\MBR.exe
2012-11-06 09:20:23 -------- d-----w- c:\program files\trend micro
2012-11-05 07:49:58 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{761483e7-2480-4e96-adad-e6097a3e0b34}\mpengine.dll
.
==================== Find3M ====================
.
2012-09-23 11:01:18 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-23 11:01:18 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-30 20:29:36 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:29:36 667136 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:29:36 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-28 13:00:25 369664 ----a-w- c:\windows\system32\html.iec
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541010G9SA00 rev.MBZIC60H -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x89E090E8]<<
_asm { MOV EAX, 0x89e09008; XCHG [ESP], EAX; PUSH EAX; PUSH 0x89e57c94; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\Harddisk0\DR0[0x89DC0AB8]
\Driver\Disk[0x89D32A08] -> IRP_MJ_CREATE -> 0x89E090E8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x89e090e8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 11:21:18,62 ===============
Re: Skype virus Rsit,Rkill, Combofix
Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- Kliknete na volbu Change parametrs
- V okne Additional Option zakliknete vsechny moznosti
- Kliknete na OK
- Utilite prikazte, at skenuje - klik na Start Scan
- Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
- Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
- Pokud mate vsude Skip, kliknete na Continue
- Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Skype virus Rsit,Rkill, Combofix
Zpráva obsahuje příliš mnoho znaků - proto zasílám na 2x.
11:27:08.0625 3576 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:27:08.0703 3576 ============================================================
11:27:08.0703 3576 Current date / time: 2012/11/06 11:27:08.0703
11:27:08.0703 3576 SystemInfo:
11:27:08.0703 3576
11:27:08.0703 3576 OS Version: 5.1.2600 ServicePack: 3.0
11:27:08.0703 3576 Product type: Workstation
11:27:08.0703 3576 ComputerName: GOCA
11:27:08.0703 3576 UserName: Gocik
11:27:08.0703 3576 Windows directory: C:\WINDOWS
11:27:08.0703 3576 System windows directory: C:\WINDOWS
11:27:08.0703 3576 Processor architecture: Intel x86
11:27:08.0703 3576 Number of processors: 1
11:27:08.0703 3576 Page size: 0x1000
11:27:08.0703 3576 Boot type: Normal boot
11:27:08.0703 3576 ============================================================
11:27:10.0218 3576 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:27:10.0218 3576 Drive \Device\Harddisk1\DR3 - Size: 0x1CDC7E800 (7.22 Gb), SectorSize: 0x200, Cylinders: 0x3AD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:27:10.0234 3576 ============================================================
11:27:10.0234 3576 \Device\Harddisk0\DR0:
11:27:10.0234 3576 MBR partitions:
11:27:10.0234 3576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x445CF11
11:27:10.0234 3576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445CF8F, BlocksNum 0x75F3B01
11:27:10.0234 3576 \Device\Harddisk1\DR3:
11:27:10.0234 3576 MBR partitions:
11:27:10.0250 3576 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE6DDA1
11:27:10.0250 3576 ============================================================
11:27:10.0281 3576 C: <-> \Device\Harddisk0\DR0\Partition1
11:27:10.0359 3576 D: <-> \Device\Harddisk0\DR0\Partition2
11:27:10.0359 3576 ============================================================
11:27:10.0359 3576 Initialize success
11:27:10.0359 3576 ============================================================
11:27:37.0234 4364 ============================================================
11:27:37.0234 4364 Scan started
11:27:37.0234 4364 Mode: Manual; SigCheck; TDLFS;
11:27:37.0234 4364 ============================================================
11:27:37.0546 4364 ================ Scan system memory ========================
11:27:37.0546 4364 System memory - ok
11:27:37.0562 4364 ================ Scan services =============================
11:27:37.0687 4364 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
11:27:37.0859 4364 Aavmker4 - ok
11:27:37.0875 4364 Abiosdsk - ok
11:27:37.0875 4364 abp480n5 - ok
11:27:37.0921 4364 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:27:38.0250 4364 ACPI - ok
11:27:38.0265 4364 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:27:38.0421 4364 ACPIEC - ok
11:27:38.0531 4364 [ DC9BD0C95EE1B49435AFE89D523B20B7 ] AcPrfMgrSvc C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
11:27:38.0546 4364 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
11:27:38.0546 4364 AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
11:27:38.0578 4364 [ A8F0AD2868194B78DFE2FFEED8311581 ] AcSvc C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
11:27:38.0593 4364 AcSvc ( UnsignedFile.Multi.Generic ) - warning
11:27:38.0593 4364 AcSvc - detected UnsignedFile.Multi.Generic (1)
11:27:38.0625 4364 [ BEEE84A79710F705864685B05F1BB172 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:27:38.0656 4364 ADIHdAudAddService - ok
11:27:38.0750 4364 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:27:38.0781 4364 AdobeFlashPlayerUpdateSvc - ok
11:27:38.0796 4364 adpu160m - ok
11:27:38.0812 4364 [ 358063AB6C1C4173B735525CDFA65F94 ] AEAudioService C:\WINDOWS\system32\drivers\AEAudio.sys
11:27:38.0828 4364 AEAudioService - ok
11:27:38.0875 4364 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:27:39.0015 4364 aec - ok
11:27:39.0062 4364 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:27:39.0078 4364 AegisP - ok
11:27:39.0125 4364 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:27:39.0156 4364 AFD - ok
11:27:39.0156 4364 Aha154x - ok
11:27:39.0171 4364 aic78u2 - ok
11:27:39.0171 4364 aic78xx - ok
11:27:39.0250 4364 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:27:39.0390 4364 Alerter - ok
11:27:39.0468 4364 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:27:39.0546 4364 ALG - ok
11:27:39.0562 4364 AliIde - ok
11:27:39.0593 4364 [ E4EDE40F326B3B815EC06FF03A8697D6 ] ameisvc C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
11:27:39.0625 4364 ameisvc - ok
11:27:39.0625 4364 amsint - ok
11:27:39.0656 4364 [ 11AB185A7AF224800BBFB5B836974A17 ] ANC C:\WINDOWS\system32\drivers\ANC.SYS
11:27:39.0671 4364 ANC ( UnsignedFile.Multi.Generic ) - warning
11:27:39.0671 4364 ANC - detected UnsignedFile.Multi.Generic (1)
11:27:39.0687 4364 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:27:39.0765 4364 AppMgmt - ok
11:27:39.0781 4364 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:27:39.0921 4364 Arp1394 - ok
11:27:39.0937 4364 asc - ok
11:27:39.0937 4364 asc3350p - ok
11:27:39.0953 4364 asc3550 - ok
11:27:40.0062 4364 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:27:40.0078 4364 aspnet_state - ok
11:27:40.0109 4364 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:27:40.0125 4364 aswFsBlk - ok
11:27:40.0140 4364 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
11:27:40.0156 4364 aswMon2 - ok
11:27:40.0171 4364 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
11:27:40.0187 4364 aswRdr - ok
11:27:40.0234 4364 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
11:27:40.0281 4364 aswSnx - ok
11:27:40.0328 4364 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
11:27:40.0359 4364 aswSP - ok
11:27:40.0406 4364 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
11:27:40.0421 4364 aswTdi - ok
11:27:40.0453 4364 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:27:40.0609 4364 AsyncMac - ok
11:27:40.0687 4364 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:27:40.0875 4364 atapi - ok
11:27:40.0890 4364 Atdisk - ok
11:27:41.0015 4364 [ B921D1790A8EF84B2DBDEEEF4909FBA1 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:27:41.0125 4364 Ati HotKey Poller - ok
11:27:41.0265 4364 [ 5A13723FB8BFDD2090DEFB2D0CB98A27 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:27:41.0437 4364 ati2mtag - ok
11:27:41.0468 4364 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:27:41.0609 4364 Atmarpc - ok
11:27:41.0671 4364 [ DBF0D7E2DF33B469EB55406FEA759350 ] atmeltpm C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
11:27:41.0687 4364 atmeltpm - ok
11:27:41.0718 4364 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:27:41.0890 4364 AudioSrv - ok
11:27:42.0000 4364 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:27:42.0125 4364 audstub - ok
11:27:42.0203 4364 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:27:42.0218 4364 avast! Antivirus - ok
11:27:42.0265 4364 [ 66DD574749C38153C6067EBBA929BEFC ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:27:42.0296 4364 b57w2k - ok
11:27:42.0343 4364 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:27:42.0484 4364 Beep - ok
11:27:42.0609 4364 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:27:42.0781 4364 BITS - ok
11:27:42.0812 4364 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:27:42.0859 4364 Browser - ok
11:27:42.0906 4364 [ 9E8CF88D340E32FCB3C53955B2DF388F ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
11:27:42.0937 4364 btaudio - ok
11:27:43.0000 4364 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
11:27:43.0015 4364 BTDriver - ok
11:27:43.0093 4364 [ D26B5B9A40A2B2191B35C76D5CBF5D2A ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
11:27:43.0156 4364 BTKRNL - ok
11:27:43.0218 4364 [ C261E704B5558BA04DD643A0D998327D ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
11:27:43.0250 4364 btwdins - ok
11:27:43.0281 4364 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
11:27:43.0312 4364 BTWDNDIS - ok
11:27:43.0343 4364 [ 5922BAE0CD84924B9CD7E6BB515EE070 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
11:27:43.0359 4364 btwmodem - ok
11:27:43.0375 4364 [ 7696F6F2E63086EEEDB76B71BB7BB455 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
11:27:43.0406 4364 BTWUSB - ok
11:27:43.0406 4364 catchme - ok
11:27:43.0437 4364 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:27:43.0593 4364 cbidf2k - ok
11:27:43.0593 4364 cd20xrnt - ok
11:27:43.0671 4364 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:27:43.0828 4364 Cdaudio - ok
11:27:43.0875 4364 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:27:44.0015 4364 Cdfs - ok
11:27:44.0062 4364 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:27:44.0218 4364 Cdrom - ok
11:27:44.0234 4364 Changer - ok
11:27:44.0250 4364 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:27:44.0406 4364 CiSvc - ok
11:27:44.0484 4364 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:27:44.0640 4364 ClipSrv - ok
11:27:44.0687 4364 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:27:44.0718 4364 clr_optimization_v2.0.50727_32 - ok
11:27:44.0781 4364 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:27:44.0812 4364 clr_optimization_v4.0.30319_32 - ok
11:27:44.0843 4364 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:27:45.0000 4364 CmBatt - ok
11:27:45.0015 4364 CmdIde - ok
11:27:45.0015 4364 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:27:45.0171 4364 Compbatt - ok
11:27:45.0171 4364 COMSysApp - ok
11:27:45.0203 4364 Cpqarray - ok
11:27:45.0218 4364 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:27:45.0375 4364 CryptSvc - ok
11:27:45.0375 4364 dac2w2k - ok
11:27:45.0390 4364 dac960nt - ok
11:27:45.0500 4364 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:27:45.0562 4364 DcomLaunch - ok
11:27:45.0578 4364 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:27:45.0718 4364 Dhcp - ok
11:27:45.0781 4364 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:27:45.0937 4364 Disk - ok
11:27:45.0937 4364 dmadmin - ok
11:27:46.0015 4364 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:27:46.0234 4364 dmboot - ok
11:27:46.0250 4364 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:27:46.0390 4364 dmio - ok
11:27:46.0468 4364 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:27:46.0625 4364 dmload - ok
11:27:46.0640 4364 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:27:46.0796 4364 dmserver - ok
11:27:46.0843 4364 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:27:46.0984 4364 DMusic - ok
11:27:47.0093 4364 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:27:47.0109 4364 Dnscache - ok
11:27:47.0140 4364 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:27:47.0281 4364 Dot3svc - ok
11:27:47.0390 4364 [ 6D279BB0DE1D8E34F454E1B353F4D738 ] DozeHDD C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
11:27:47.0406 4364 DozeHDD - ok
11:27:47.0437 4364 [ 092AE9D762B115A2A05BE187BC3FFAB7 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
11:27:47.0468 4364 DozeSvc - ok
11:27:47.0468 4364 dpti2o - ok
11:27:47.0500 4364 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:27:47.0625 4364 drmkaud - ok
11:27:47.0671 4364 [ 6461E57BB51A848AAE26F52427B7CF9E ] dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys
11:27:47.0687 4364 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 6461E57BB51A848AAE26F52427B7CF9E
11:27:47.0687 4364 dtscsi ( LockedFile.Multi.Generic ) - warning
11:27:47.0687 4364 dtscsi - detected LockedFile.Multi.Generic (1)
11:27:47.0703 4364 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:27:47.0875 4364 EapHost - ok
11:27:47.0968 4364 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:27:48.0109 4364 ERSvc - ok
11:27:48.0156 4364 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:27:48.0187 4364 Eventlog - ok
11:27:48.0234 4364 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:27:48.0281 4364 EventSystem - ok
11:27:48.0390 4364 [ 344AA81113481E615E366BC1C36DFE0C ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
11:27:48.0406 4364 EvtEng ( UnsignedFile.Multi.Generic ) - warning
11:27:48.0421 4364 EvtEng - detected UnsignedFile.Multi.Generic (1)
11:27:48.0515 4364 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:27:48.0671 4364 Fastfat - ok
11:27:48.0812 4364 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:27:48.0843 4364 FastUserSwitchingCompatibility - ok
11:27:48.0859 4364 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:27:49.0031 4364 Fdc - ok
11:27:49.0062 4364 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:27:49.0203 4364 Fips - ok
11:27:49.0265 4364 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:27:49.0390 4364 Flpydisk - ok
11:27:49.0453 4364 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:27:49.0609 4364 FltMgr - ok
11:27:49.0671 4364 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:27:49.0687 4364 FontCache3.0.0.0 - ok
11:27:49.0734 4364 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:27:49.0875 4364 Fs_Rec - ok
11:27:49.0968 4364 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:27:50.0109 4364 Ftdisk - ok
11:27:50.0125 4364 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:27:50.0328 4364 Gpc - ok
11:27:50.0359 4364 gupdate - ok
11:27:50.0359 4364 gupdatem - ok
11:27:50.0406 4364 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:27:50.0546 4364 HDAudBus - ok
11:27:50.0578 4364 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:27:50.0734 4364 helpsvc - ok
11:27:50.0750 4364 HidServ - ok
11:27:50.0750 4364 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:27:50.0906 4364 hidusb - ok
11:27:50.0937 4364 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:27:51.0109 4364 hkmsvc - ok
11:27:51.0125 4364 hpn - ok
11:27:51.0171 4364 [ 702A7E1B3C9263EFBD6AEDE3B6919761 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
11:27:51.0203 4364 HSFHWAZL - ok
11:27:51.0250 4364 [ 8D02CB68D53AA36189FAF86FED438884 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:27:51.0296 4364 HSF_DPV - ok
11:27:51.0359 4364 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:27:51.0375 4364 HTTP - ok
11:27:51.0406 4364 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:27:51.0578 4364 HTTPFilter - ok
11:27:51.0593 4364 i2omgmt - ok
11:27:51.0593 4364 i2omp - ok
11:27:51.0687 4364 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:27:51.0843 4364 i8042prt - ok
11:27:51.0875 4364 [ E3FFC8CB45B3F55264EE10F084B2731B ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
11:27:51.0890 4364 IBMPMDRV - ok
11:27:51.0906 4364 [ 5565982522EE9D4E8921FEB304D4226F ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
11:27:51.0921 4364 IBMPMSVC - ok
11:27:51.0937 4364 [ 3A7DBE81EC5EDB96A0A61C7D4AF3198D ] IBMTPCHK C:\WINDOWS\system32\Drivers\IBMBLDID.sys
11:27:51.0953 4364 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
11:27:51.0953 4364 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
11:27:52.0031 4364 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:27:52.0093 4364 idsvc - ok
11:27:52.0109 4364 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:27:52.0265 4364 Imapi - ok
11:27:52.0296 4364 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:27:52.0453 4364 ImapiService - ok
11:27:52.0468 4364 ini910u - ok
11:27:52.0578 4364 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:27:52.0734 4364 IntelIde - ok
11:27:52.0765 4364 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:27:52.0921 4364 intelppm - ok
11:27:52.0953 4364 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:27:53.0109 4364 Ip6Fw - ok
11:27:53.0140 4364 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:27:53.0281 4364 IpFilterDriver - ok
11:27:53.0296 4364 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:27:53.0437 4364 IpInIp - ok
11:27:53.0468 4364 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:27:53.0625 4364 IpNat - ok
11:27:53.0671 4364 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:27:53.0812 4364 IPSec - ok
11:27:53.0859 4364 [ 00D8E9DAEBE72A5DF3986FD418A995EB ] IPSSVC C:\WINDOWS\system32\IPSSVC.EXE
11:27:53.0875 4364 IPSSVC - ok
11:27:53.0890 4364 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
11:27:53.0968 4364 irda - ok
11:27:54.0000 4364 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:27:54.0062 4364 IRENUM - ok
11:27:54.0078 4364 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
11:27:54.0171 4364 Irmon - ok
11:27:54.0218 4364 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:27:54.0343 4364 isapnp - ok
11:27:54.0437 4364 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:27:54.0453 4364 JavaQuickStarterService - ok
11:27:54.0500 4364 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:27:54.0640 4364 Kbdclass - ok
11:27:54.0671 4364 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:27:54.0812 4364 kmixer - ok
11:27:54.0843 4364 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:27:54.0906 4364 KSecDD - ok
11:27:54.0937 4364 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:27:54.0984 4364 LanmanServer - ok
11:27:55.0031 4364 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:27:55.0062 4364 lanmanworkstation - ok
11:27:55.0078 4364 lbrtfdc - ok
11:27:55.0156 4364 [ FCE735941DA27929DBFC1918F286FFD8 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
11:27:55.0171 4364 LENOVO.MICMUTE - ok
11:27:55.0203 4364 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\WINDOWS\system32\DRIVERS\smiif32.sys
11:27:55.0234 4364 lenovo.smi - ok
11:27:55.0250 4364 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:27:55.0390 4364 LmHosts - ok
11:27:55.0437 4364 [ 0B058116D3D4ECCA7DED38F16E0581B2 ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
11:27:55.0468 4364 massfilter - ok
11:27:55.0500 4364 [ A027DE1E6C11BD2DAF61F6F276B2299F ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:27:55.0515 4364 mdmxsdk - ok
11:27:55.0546 4364 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:27:55.0703 4364 Messenger - ok
11:27:55.0843 4364 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:27:55.0859 4364 Microsoft Office Groove Audit Service - ok
11:27:55.0890 4364 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:27:56.0062 4364 mnmdd - ok
11:27:56.0093 4364 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:27:56.0265 4364 mnmsrvc - ok
11:27:56.0359 4364 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:27:56.0500 4364 Modem - ok
11:27:56.0515 4364 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:27:56.0671 4364 Mouclass - ok
11:27:56.0750 4364 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:27:56.0921 4364 mouhid - ok
11:27:56.0937 4364 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:27:57.0078 4364 MountMgr - ok
11:27:57.0203 4364 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:27:57.0218 4364 MozillaMaintenance - ok
11:27:57.0234 4364 mraid35x - ok
11:27:57.0265 4364 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:27:57.0406 4364 MRxDAV - ok
11:27:57.0453 4364 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:27:57.0484 4364 MRxSmb - ok
11:27:57.0500 4364 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:27:57.0671 4364 MSDTC - ok
11:27:57.0750 4364 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:27:57.0906 4364 Msfs - ok
11:27:57.0906 4364 MSIServer - ok
11:27:57.0937 4364 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:27:58.0078 4364 MSKSSRV - ok
11:27:58.0078 4364 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:27:58.0296 4364 MSPCLOCK - ok
11:27:58.0312 4364 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:27:58.0453 4364 MSPQM - ok
11:27:58.0578 4364 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:27:58.0734 4364 mssmbios - ok
11:27:58.0765 4364 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:27:58.0781 4364 Mup - ok
11:27:58.0812 4364 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:27:58.0968 4364 napagent - ok
11:27:58.0984 4364 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:27:59.0187 4364 NDIS - ok
11:27:59.0218 4364 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:27:59.0234 4364 NdisTapi - ok
11:27:59.0265 4364 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:27:59.0406 4364 Ndisuio - ok
11:27:59.0421 4364 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:27:59.0562 4364 NdisWan - ok
11:27:59.0671 4364 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:27:59.0718 4364 NDProxy - ok
11:27:59.0765 4364 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:27:59.0890 4364 NetBIOS - ok
11:27:59.0906 4364 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:28:00.0062 4364 NetBT - ok
11:28:00.0140 4364 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:28:00.0312 4364 NetDDE - ok
11:28:00.0328 4364 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:28:00.0484 4364 NetDDEdsdm - ok
11:28:00.0562 4364 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:28:00.0703 4364 Netlogon - ok
11:28:00.0781 4364 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:28:00.0906 4364 Netman - ok
11:28:00.0953 4364 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:28:00.0984 4364 NetTcpPortSharing - ok
11:28:01.0015 4364 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:28:01.0156 4364 NIC1394 - ok
11:28:01.0250 4364 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:28:01.0312 4364 Nla - ok
11:28:01.0406 4364 [ 8DD0CDB0C700992D10169D8769EF5F43 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
11:28:01.0421 4364 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
11:28:01.0421 4364 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
11:28:01.0453 4364 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
11:28:01.0531 4364 nmwcd - ok
11:28:01.0578 4364 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
11:28:01.0656 4364 nmwcdc - ok
11:28:01.0703 4364 [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys
11:28:01.0781 4364 nmwcdnsu - ok
11:28:01.0796 4364 [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
11:28:01.0875 4364 nmwcdnsuc - ok
11:28:01.0906 4364 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:28:02.0046 4364 Npfs - ok
11:28:02.0078 4364 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
11:28:02.0156 4364 NSCIRDA - ok
11:28:02.0218 4364 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:28:02.0375 4364 Ntfs - ok
11:28:02.0406 4364 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:28:02.0546 4364 NtLmSsp - ok
11:28:02.0656 4364 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:28:02.0812 4364 NtmsSvc - ok
11:28:02.0828 4364 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:28:02.0984 4364 Null - ok
11:28:03.0031 4364 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:28:03.0171 4364 NwlnkFlt - ok
11:28:03.0234 4364 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:28:03.0390 4364 NwlnkFwd - ok
11:28:03.0484 4364 [ C4E28CEF489AAFD0E4CA734DC78CA77D ] O&O Defrag C:\WINDOWS\system32\oodag.exe
11:28:03.0546 4364 O&O Defrag - ok
11:28:03.0671 4364 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:28:03.0703 4364 odserv - ok
11:28:03.0765 4364 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:28:03.0906 4364 ohci1394 - ok
11:28:03.0953 4364 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:28:03.0984 4364 ose - ok
11:28:04.0000 4364 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:28:04.0156 4364 Parport - ok
11:28:04.0250 4364 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:28:04.0390 4364 PartMgr - ok
11:28:04.0437 4364 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:28:04.0593 4364 ParVdm - ok
11:28:04.0625 4364 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
11:28:04.0656 4364 pccsmcfd - ok
11:28:04.0671 4364 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:28:04.0828 4364 PCI - ok
11:28:04.0843 4364 PCIDump - ok
11:28:04.0859 4364 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:28:05.0000 4364 PCIIde - ok
11:28:05.0062 4364 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:28:05.0203 4364 Pcmcia - ok
11:28:05.0218 4364 PDCOMP - ok
11:28:05.0218 4364 PDFRAME - ok
11:28:05.0234 4364 PDRELI - ok
11:28:05.0250 4364 PDRFRAME - ok
11:28:05.0250 4364 perc2 - ok
11:28:05.0265 4364 perc2hib - ok
11:28:05.0312 4364 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:28:05.0343 4364 PlugPlay - ok
11:28:05.0375 4364 [ DEDEF40E1D05842639491365CB2C069E ] pmem C:\WINDOWS\System32\drivers\pmemnt.sys
11:28:05.0375 4364 pmem ( UnsignedFile.Multi.Generic ) - warning
11:28:05.0375 4364 pmem - detected UnsignedFile.Multi.Generic (1)
11:28:05.0390 4364 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:28:05.0531 4364 PolicyAgent - ok
11:28:05.0578 4364 [ EB719C46A32D17C34D52E6C726F1CF8C ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
11:28:05.0578 4364 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - warning
11:28:05.0578 4364 Power Manager DBC Service - detected UnsignedFile.Multi.Generic (1)
11:28:05.0609 4364 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:28:05.0750 4364 PptpMiniport - ok
11:28:05.0796 4364 [ 1D80309FED4BABF8EA9E7B84A394348B ] PROCDD C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
11:28:05.0812 4364 PROCDD - ok
11:28:05.0812 4364 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:28:05.0953 4364 ProtectedStorage - ok
11:28:06.0062 4364 [ AAC08DEFB15AAAB00B30341C716EFA35 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys
11:28:06.0078 4364 psadd - ok
11:28:06.0109 4364 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:28:06.0234 4364 PSched - ok
11:28:06.0343 4364 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:28:06.0484 4364 Ptilink - ok
11:28:06.0500 4364 [ 93C49354CEB0828F5D286E50BB767EB2 ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
11:28:06.0515 4364 PwmEWSvc ( UnsignedFile.Multi.Generic ) - warning
11:28:06.0515 4364 PwmEWSvc - detected UnsignedFile.Multi.Generic (1)
11:28:06.0515 4364 ql1080 - ok
11:28:06.0531 4364 Ql10wnt - ok
11:28:06.0546 4364 ql12160 - ok
11:28:06.0546 4364 ql1240 - ok
11:28:06.0562 4364 ql1280 - ok
11:28:06.0578 4364 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:28:06.0734 4364 RasAcd - ok
11:28:06.0968 4364 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:28:07.0140 4364 RasAuto - ok
11:28:07.0234 4364 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:28:07.0296 4364 Rasirda - ok
11:28:07.0312 4364 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:28:07.0453 4364 Rasl2tp - ok
11:28:07.0531 4364 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:28:07.0687 4364 RasMan - ok
11:28:07.0703 4364 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:28:07.0890 4364 RasPppoe - ok
11:28:07.0906 4364 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:28:08.0062 4364 Raspti - ok
11:28:08.0140 4364 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:28:08.0281 4364 Rdbss - ok
11:28:08.0296 4364 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:28:08.0437 4364 RDPCDD - ok
11:28:08.0562 4364 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:28:08.0687 4364 rdpdr - ok
11:28:08.0765 4364 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:28:08.0796 4364 RDPWD - ok
11:28:08.0828 4364 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:28:08.0984 4364 RDSessMgr - ok
11:28:09.0000 4364 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:28:09.0140 4364 redbook - ok
11:28:09.0187 4364 [ 89CBF999FC5FCAF3C8B2C79B0594434F ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
11:28:09.0203 4364 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
11:28:09.0203 4364 RegSrvc - detected UnsignedFile.Multi.Generic (1)
11:28:09.0250 4364 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:28:09.0421 4364 RemoteAccess - ok
11:28:09.0453 4364 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:28:09.0609 4364 RemoteRegistry - ok
11:28:09.0640 4364 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
11:28:09.0671 4364 rimsptsk - ok
11:28:09.0703 4364 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:28:09.0843 4364 RpcLocator - ok
11:28:09.0937 4364 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:28:09.0984 4364 RpcSs - ok
11:28:10.0000 4364 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:28:10.0171 4364 RSVP - ok
11:28:10.0296 4364 [ E118CF6BC4949D4A389026F15A9F3C95 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
11:28:10.0390 4364 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
11:28:10.0390 4364 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
11:28:10.0406 4364 [ F275EE6061E444CAA7137AEFB2C27A03 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:28:10.0437 4364 s24trans - ok
11:28:10.0453 4364 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:28:10.0593 4364 SamSs - ok
11:28:10.0656 4364 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:28:10.0796 4364 SCardSvr - ok
11:28:10.0828 4364 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:28:11.0000 4364 Schedule - ok
11:28:11.0031 4364 [ D1FACB3C7D12F439C18EF01AA88C2A9D ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:28:11.0062 4364 sdbus - ok
11:28:11.0078 4364 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:28:11.0156 4364 Secdrv - ok
11:28:11.0187 4364 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:28:11.0359 4364 seclogon - ok
11:28:11.0437 4364 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:28:11.0578 4364 SENS - ok
11:28:11.0609 4364 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
11:28:11.0750 4364 Serial - ok
11:28:11.0828 4364 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
11:28:11.0875 4364 ServiceLayer - ok
11:28:11.0921 4364 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:28:12.0062 4364 Sfloppy - ok
11:28:12.0109 4364 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:28:12.0250 4364 SharedAccess - ok
11:28:12.0328 4364 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:28:12.0359 4364 ShellHWDetection - ok
11:28:12.0406 4364 [ 1624530D05155F4E5A4736531523BFF5 ] Shockprf C:\WINDOWS\system32\DRIVERS\Apsx86.sys
11:28:12.0421 4364 Shockprf - ok
11:28:12.0421 4364 Simbad - ok
11:28:12.0484 4364 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
11:28:12.0500 4364 SkypeUpdate - ok
11:28:12.0531 4364 [ 26341D0DD225D19FD50E0EE3C3C77502 ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
11:28:12.0546 4364 Smapint ( UnsignedFile.Multi.Generic ) - warning
11:28:12.0546 4364 Smapint - detected UnsignedFile.Multi.Generic (1)
11:28:12.0625 4364 [ 0B9C01236D25BDCB37AA79DC59DFB7D3 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
11:28:12.0640 4364 smihlp - ok
11:28:12.0640 4364 Sparrow - ok
11:28:12.0703 4364 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:28:12.0875 4364 splitter - ok
11:28:12.0906 4364 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:28:12.0937 4364 Spooler - ok
11:28:13.0000 4364 [ 15B827792F8E8B96E1B4D148103E3186 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
11:28:13.0000 4364 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 15B827792F8E8B96E1B4D148103E3186
11:28:13.0000 4364 sptd ( LockedFile.Multi.Generic ) - warning
11:28:13.0000 4364 sptd - detected LockedFile.Multi.Generic (1)
11:28:13.0031 4364 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:28:13.0109 4364 sr - ok
11:28:13.0125 4364 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:28:13.0203 4364 srservice - ok
11:28:13.0218 4364 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:28:13.0250 4364 Srv - ok
11:28:13.0296 4364 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:28:13.0359 4364 SSDPSRV - ok
11:28:13.0406 4364 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:28:13.0546 4364 stisvc - ok
11:28:13.0671 4364 [ C2191C1A5DFED0795E3D3B68905B195B ] SUService c:\program files\lenovo\system update\suservice.exe
11:28:13.0687 4364 SUService ( UnsignedFile.Multi.Generic ) - warning
11:28:13.0687 4364 SUService - detected UnsignedFile.Multi.Generic (1)
11:28:13.0734 4364 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:28:13.0875 4364 swenum - ok
11:28:13.0906 4364 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:28:14.0046 4364 swmidi - ok
11:28:14.0062 4364 SwPrv - ok
11:28:14.0078 4364 symc810 - ok
11:28:14.0093 4364 symc8xx - ok
11:28:14.0093 4364 sym_hi - ok
11:28:14.0109 4364 sym_u3 - ok
11:28:14.0140 4364 [ 003358D830A76DFE3803FB353B8FD87B ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:28:14.0187 4364 SynTP - ok
11:28:14.0203 4364 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:28:14.0343 4364 sysaudio - ok
11:28:14.0421 4364 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:28:14.0578 4364 SysmonLog - ok
11:28:14.0609 4364 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:28:14.0750 4364 TapiSrv - ok
11:28:14.0796 4364 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:28:14.0828 4364 Tcpip - ok
11:28:14.0859 4364 [ 58E3EB5A5C78740C5870EEE6648CCC46 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
11:28:14.0875 4364 TcUsb - ok
11:28:14.0906 4364 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:28:15.0078 4364 TDPIPE - ok
11:28:15.0109 4364 [ 564B337034271B7BDDCABFDDC91C6B7A ] TDSMAPI C:\WINDOWS\system32\drivers\TDSMAPI.SYS
11:28:15.0125 4364 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
11:28:15.0125 4364 TDSMAPI - detected UnsignedFile.Multi.Generic (1)
11:28:15.0140 4364 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:28:15.0281 4364 TDTCP - ok
11:28:15.0328 4364 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:28:15.0484 4364 TermDD - ok
11:28:15.0515 4364 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:28:15.0687 4364 TermService - ok
11:28:15.0703 4364 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:28:15.0734 4364 Themes - ok
11:28:15.0828 4364 [ 9626746A9B120D2ED537DD8D76278405 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
11:28:15.0875 4364 ThinkVantage Registry Monitor Service - ok
11:28:15.0968 4364 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:28:16.0031 4364 TlntSvr - ok
11:28:16.0046 4364 TosIde - ok
11:28:16.0062 4364 [ D2378FBBD668D9FE9B6B5E3139D506D3 ] TPDIGIMN C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
11:28:16.0078 4364 TPDIGIMN - ok
11:28:16.0125 4364 [ A34A1E6B5461273846D30F5898602A72 ] TPHDEXLGSVC C:\WINDOWS\system32\TPHDEXLG.exe
11:28:16.0156 4364 TPHDEXLGSVC - ok
11:28:16.0187 4364 [ 8AEF2188630F5ECD79AD9ABBA630630B ] TPHKDRV C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
11:28:16.0203 4364 TPHKDRV - ok
11:28:16.0234 4364 [ 88D609BFDEB7E013E9E491434190BA43 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
11:28:16.0234 4364 TPHKLOAD ( UnsignedFile.Multi.Generic ) - warning
11:28:16.0234 4364 TPHKLOAD - detected UnsignedFile.Multi.Generic (1)
11:28:16.0265 4364 [ 9E6E4A9789F76593CC5A6A5AF8FC5929 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
11:28:16.0281 4364 TPHKSVC - ok
11:28:16.0312 4364 [ DFB268FF0A6DCB9280015FF527F892FF ] TpKmpSVC C:\WINDOWS\system32\TpKmpSVC.exe
11:28:16.0343 4364 TpKmpSVC ( UnsignedFile.Multi.Generic ) - warning
11:28:16.0343 4364 TpKmpSVC - detected UnsignedFile.Multi.Generic (1)
11:28:16.0375 4364 [ C037817E2498D9DB736E4BA355B1F4E7 ] TPPWRIF C:\WINDOWS\system32\drivers\Tppwrif.sys
11:28:16.0390 4364 TPPWRIF - ok
11:28:16.0406 4364 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:28:16.0562 4364 TrkWks - ok
11:28:16.0671 4364 [ 44D5BE1651390476C5EDB3B5DF28DE30 ] TSSCoreService C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
11:28:16.0718 4364 TSSCoreService - ok
11:28:16.0843 4364 [ 6658D32CBEBC606E4BACCCF4A6B4FD63 ] TuneUp.Defrag C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
11:28:16.0875 4364 TuneUp.Defrag - ok
11:28:16.0953 4364 [ 243F1C2CF7CAE07F035FE45E5B855C8E ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
11:28:17.0000 4364 TuneUp.UtilitiesSvc - ok
11:28:17.0062 4364 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
11:28:17.0078 4364 TuneUpUtilitiesDrv - ok
11:28:17.0156 4364 [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
11:28:17.0250 4364 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
11:28:17.0250 4364 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
11:28:17.0296 4364 [ 8AB24D4B7DA715C2C80455137910E792 ] TVTI2C C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
11:28:17.0328 4364 TVTI2C - ok
11:28:17.0359 4364 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:28:17.0515 4364 Udfs - ok
11:28:17.0531 4364 ultra - ok
11:28:17.0656 4364 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:28:17.0812 4364 Update - ok
11:28:17.0828 4364 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:28:17.0921 4364 upnphost - ok
11:28:17.0953 4364 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
11:28:18.0062 4364 upperdev - ok
11:28:18.0093 4364 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:28:18.0250 4364 UPS - ok
11:28:18.0296 4364 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:28:18.0453 4364 usbccgp - ok
11:28:18.0546 4364 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:28:18.0687 4364 usbehci - ok
11:28:18.0703 4364 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:28:18.0843 4364 usbhub - ok
11:28:18.0921 4364 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
11:28:19.0062 4364 usbser - ok
11:28:19.0078 4364 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
11:28:19.0187 4364 UsbserFilt - ok
11:28:19.0218 4364 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:28:19.0359 4364 USBSTOR - ok
11:28:19.0359 4364 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:28:19.0515 4364 usbuhci - ok
11:28:19.0562 4364 [ E7B2EF9B4A4A177CCDEC670E348AF633 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
11:28:19.0593 4364 UxTuneUp - ok
11:28:19.0625 4364 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:28:19.0765 4364 VgaSave - ok
11:28:19.0781 4364 ViaIde - ok
11:28:19.0812 4364 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:28:19.0953 4364 VolSnap - ok
11:28:20.0000 4364 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:28:20.0156 4364 VSS - ok
11:28:20.0281 4364 [ A22ABD73E0D6BA666CBA4E86EEB001B3 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
11:28:20.0390 4364 w29n51 - ok
11:28:20.0453 4364 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:28:20.0609 4364 W32Time - ok
11:28:20.0625 4364 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:28:20.0765 4364 Wanarp - ok
11:28:20.0812 4364 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
11:28:20.0843 4364 Wdf01000 - ok
11:28:20.0859 4364 WDICA - ok
11:28:20.0906 4364 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:28:21.0046 4364 wdmaud - ok
11:28:21.0062 4364 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:28:21.0218 4364 WebClient - ok
11:28:21.0328 4364 [ AFCEA7939925378F867DDE6AF76F3924 ] WIBUKEY C:\WINDOWS\system32\DRIVERS\WibuKey.sys
11:28:21.0343 4364 WIBUKEY ( UnsignedFile.Multi.Generic ) - warning
11:28:21.0343 4364 WIBUKEY - detected UnsignedFile.Multi.Generic (1)
11:28:21.0390 4364 [ 115946A53B62A6B171FD0ED197C71D52 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:28:21.0437 4364 winachsf - ok
11:28:21.0515 4364 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
11:28:21.0531 4364 WinDefend - ok
11:28:21.0593 4364 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:28:21.0734 4364 winmgmt - ok
11:28:21.0796 4364 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:28:21.0828 4364 WmdmPmSN - ok
11:28:21.0890 4364 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:28:21.0968 4364 Wmi - ok
11:28:22.0015 4364 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:28:22.0171 4364 WmiApSrv - ok
11:28:22.0187 4364 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
11:28:22.0203 4364 WpdUsb - ok
11:28:22.0296 4364 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:28:22.0359 4364 WPFFontCache_v0400 - ok
11:28:22.0406 4364 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:28:22.0546 4364 WS2IFSL - ok
11:28:22.0625 4364 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:28:22.0765 4364 wscsvc - ok
11:28:22.0812 4364 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:28:22.0968 4364 wuauserv - ok
11:28:23.0015 4364 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:28:23.0046 4364 WudfPf - ok
11:28:23.0062 4364 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:28:23.0093 4364 WudfRd - ok
11:28:23.0109 4364 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:28:23.0156 4364 WudfSvc - ok
11:28:23.0203 4364 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:28:23.0390 4364 WZCSVC - ok
11:28:23.0437 4364 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:28:23.0593 4364 xmlprov - ok
11:28:23.0625 4364 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
11:28:23.0656 4364 ZTEusbmdm6k - ok
11:28:23.0687 4364 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
11:28:23.0703 4364 ZTEusbnmea - ok
11:28:23.0718 4364 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
11:28:23.0734 4364 ZTEusbser6k - ok
11:28:23.0765 4364 ================ Scan global ===============================
11:28:23.0796 4364 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:28:23.0843 4364 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:28:23.0875 4364 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:28:23.0890 4364 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:28:23.0890 4364 [Global] - ok
11:28:23.0906 4364 ================ Scan MBR ==================================
11:28:23.0921 4364 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:28:24.0234 4364 \Device\Harddisk0\DR0 - ok
11:28:24.0234 4364 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR3
11:28:24.0375 4364 \Device\Harddisk1\DR3 - ok
11:28:24.0375 4364 ================ Scan VBR ==================================
11:28:24.0390 4364 [ AA27011B77C32F7CCDA01D32CEA1975F ] \Device\Harddisk0\DR0\Partition1
11:28:24.0390 4364 \Device\Harddisk0\DR0\Partition1 - ok
11:28:24.0406 4364 [ 45F435EBA7F7CCBCF9237C00B54C55F9 ] \Device\Harddisk0\DR0\Partition2
11:28:24.0406 4364 \Device\Harddisk0\DR0\Partition2 - ok
11:28:24.0421 4364 [ 130BE5B70ED19ACC8AC7CE77FD27A9CD ] \Device\Harddisk1\DR3\Partition1
11:28:24.0421 4364 \Device\Harddisk1\DR3\Partition1 - ok
11:28:24.0437 4364 ============================================================
11:28:24.0437 4364 Scan finished
11:28:24.0437 4364 ============================================================
11:28:24.0546 4136 Detected object count: 20
11:28:24.0546 4136 Actual detected object count: 20
11:28:38.0250 4136 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0250 4136 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0250 4136 AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0250 4136 AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0250 4136 ANC ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0250 4136 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0265 4136 dtscsi ( LockedFile.Multi.Generic ) - skipped by user
11:28:38.0265 4136 dtscsi ( LockedFile.Multi.Generic ) - User select action: Skip
11:28:38.0265 4136 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0265 4136 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0265 4136 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0265 4136 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0265 4136 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0265 4136 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0265 4136 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0265 4136 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0265 4136 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0265 4136 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0265 4136 PwmEWSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0265 4136 PwmEWSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0281 4136 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0281 4136 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0281 4136 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0281 4136 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0281 4136 Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0281 4136 Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0281 4136 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:28:38.0281 4136 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:28:38.0281 4136 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0281 4136 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0296 4136 TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0296 4136 TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0296 4136 TPHKLOAD ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0296 4136 TPHKLOAD ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0296 4136 TpKmpSVC ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0296 4136 TpKmpSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0296 4136 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0296 4136 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0296 4136 WIBUKEY ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0296 4136 WIBUKEY ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:52.0484 5292 ============================================================
11:28:52.0484 5292 Scan started
11:28:52.0484 5292 Mode: Manual; SigCheck; TDLFS;
11:28:52.0484 5292 ============================================================
11:28:52.0812 5292 ================ Scan system memory ========================
11:28:52.0812 5292 System memory - ok
11:28:52.0828 5292 ================ Scan services =============================
11:28:52.0953 5292 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
11:28:53.0000 5292 Aavmker4 - ok
11:28:53.0000 5292 Abiosdsk - ok
11:28:53.0015 5292 abp480n5 - ok
11:28:53.0046 5292 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:28:53.0187 5292 ACPI - ok
11:28:53.0265 5292 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:28:53.0406 5292 ACPIEC - ok
11:28:53.0500 5292 [ DC9BD0C95EE1B49435AFE89D523B20B7 ] AcPrfMgrSvc C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
11:28:53.0515 5292 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
11:28:53.0515 5292 AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
11:28:53.0546 5292 [ A8F0AD2868194B78DFE2FFEED8311581 ] AcSvc C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
11:28:53.0562 5292 AcSvc ( UnsignedFile.Multi.Generic ) - warning
11:28:53.0562 5292 AcSvc - detected UnsignedFile.Multi.Generic (1)
11:28:53.0578 5292 [ BEEE84A79710F705864685B05F1BB172 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:28:53.0609 5292 ADIHdAudAddService - ok
11:28:53.0671 5292 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:28:53.0703 5292 AdobeFlashPlayerUpdateSvc - ok
11:28:53.0703 5292 adpu160m - ok
11:28:53.0718 5292 [ 358063AB6C1C4173B735525CDFA65F94 ] AEAudioService C:\WINDOWS\system32\drivers\AEAudio.sys
11:28:53.0765 5292 AEAudioService - ok
11:28:53.0812 5292 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:28:53.0937 5292 aec - ok
11:28:54.0000 5292 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:28:54.0015 5292 AegisP - ok
11:28:54.0062 5292 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:28:54.0078 5292 AFD - ok
11:28:54.0093 5292 Aha154x - ok
11:28:54.0093 5292 aic78u2 - ok
11:28:54.0109 5292 aic78xx - ok
11:28:54.0140 5292 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:28:54.0281 5292 Alerter - ok
11:28:54.0359 5292 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:28:54.0437 5292 ALG - ok
11:28:54.0437 5292 AliIde - ok
11:28:54.0500 5292 [ E4EDE40F326B3B815EC06FF03A8697D6 ] ameisvc C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
11:28:54.0515 5292 ameisvc - ok
11:28:54.0531 5292 amsint - ok
11:28:54.0562 5292 [ 11AB185A7AF224800BBFB5B836974A17 ] ANC C:\WINDOWS\system32\drivers\ANC.SYS
11:28:54.0562 5292 ANC ( UnsignedFile.Multi.Generic ) - warning
11:28:54.0562 5292 ANC - detected UnsignedFile.Multi.Generic (1)
11:28:54.0593 5292 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:28:54.0656 5292 AppMgmt - ok
11:28:54.0671 5292 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:28:54.0828 5292 Arp1394 - ok
11:28:54.0843 5292 asc - ok
11:28:54.0843 5292 asc3350p - ok
11:28:54.0859 5292 asc3550 - ok
11:28:55.0125 5292 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:28:55.0140 5292 aspnet_state - ok
11:28:55.0171 5292 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:28:55.0187 5292 aswFsBlk - ok
11:28:55.0203 5292 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
11:28:55.0218 5292 aswMon2 - ok
11:28:55.0234 5292 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
11:28:55.0250 5292 aswRdr - ok
11:28:55.0296 5292 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
11:28:55.0343 5292 aswSnx - ok
11:28:55.0406 5292 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
11:28:55.0437 5292 aswSP - ok
11:28:55.0453 5292 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
11:28:55.0484 5292 aswTdi - ok
11:28:55.0515 5292 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:28:55.0656 5292 AsyncMac - ok
11:28:55.0687 5292 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:28:55.0828 5292 atapi - ok
11:28:55.0843 5292 Atdisk - ok
11:28:55.0921 5292 [ B921D1790A8EF84B2DBDEEEF4909FBA1 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:28:56.0015 5292 Ati HotKey Poller - ok
11:28:56.0203 5292 [ 5A13723FB8BFDD2090DEFB2D0CB98A27 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:28:56.0375 5292 ati2mtag - ok
11:28:56.0421 5292 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:28:56.0578 5292 Atmarpc - ok
11:28:56.0671 5292 [ DBF0D7E2DF33B469EB55406FEA759350 ] atmeltpm C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
11:28:56.0687 5292 atmeltpm - ok
11:28:56.0718 5292 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:28:56.0875 5292 AudioSrv - ok
11:28:56.0984 5292 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:28:57.0125 5292 audstub - ok
11:28:57.0187 5292 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:28:57.0203 5292 avast! Antivirus - ok
11:28:57.0250 5292 [ 66DD574749C38153C6067EBBA929BEFC ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:28:57.0281 5292 b57w2k - ok
11:28:57.0328 5292 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:28:57.0453 5292 Beep - ok
11:28:57.0500 5292 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:28:57.0687 5292 BITS - ok
11:28:57.0765 5292 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:28:57.0796 5292 Browser - ok
11:28:57.0843 5292 [ 9E8CF88D340E32FCB3C53955B2DF388F ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
11:28:57.0875 5292 btaudio - ok
11:28:57.0921 5292 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
11:28:57.0937 5292 BTDriver - ok
11:28:58.0046 5292 [ D26B5B9A40A2B2191B35C76D5CBF5D2A ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
11:28:58.0109 5292 BTKRNL - ok
11:28:58.0187 5292 [ C261E704B5558BA04DD643A0D998327D ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
11:28:58.0203 5292 btwdins - ok
11:28:58.0250 5292 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
11:28:58.0265 5292 BTWDNDIS - ok
11:28:58.0296 5292 [ 5922BAE0CD84924B9CD7E6BB515EE070 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
11:28:58.0312 5292 btwmodem - ok
11:28:58.0328 5292 [ 7696F6F2E63086EEEDB76B71BB7BB455 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
11:28:58.0343 5292 BTWUSB - ok
11:28:58.0359 5292 catchme - ok
11:28:58.0390 5292 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:28:58.0562 5292 cbidf2k - ok
11:28:58.0578 5292 cd20xrnt - ok
11:28:58.0656 5292 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:28:58.0796 5292 Cdaudio - ok
11:28:58.0843 5292 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:28:58.0984 5292 Cdfs - ok
11:28:59.0015 5292 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:28:59.0171 5292 Cdrom - ok
11:28:59.0171 5292 Changer - ok
11:28:59.0250 5292 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:28:59.0406 5292 CiSvc - ok
11:28:59.0437 5292 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:28:59.0578 5292 ClipSrv - ok
11:28:59.0671 5292 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:28:59.0687 5292 clr_optimization_v2.0.50727_32 - ok
11:28:59.0734 5292 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:28:59.0750 5292 clr_optimization_v4.0.30319_32 - ok
11:28:59.0796 5292 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:28:59.0953 5292 CmBatt - ok
11:28:59.0953 5292 CmdIde - ok
11:28:59.0968 5292 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:29:00.0109 5292 Compbatt - ok
11:29:00.0125 5292 COMSysApp - ok
11:29:00.0140 5292 Cpqarray - ok
11:29:00.0187 5292 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:29:00.0312 5292 CryptSvc - ok
11:29:00.0312 5292 dac2w2k - ok
11:29:00.0328 5292 dac960nt - ok
11:29:00.0375 5292 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:29:00.0421 5292 DcomLaunch - ok
11:29:00.0453 5292 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:29:00.0578 5292 Dhcp - ok
11:29:00.0609 5292 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:29:00.0765 5292 Disk - ok
11:29:00.0765 5292 dmadmin - ok
11:29:00.0890 5292 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:29:01.0046 5292 dmboot - ok
11:29:01.0062 5292 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:29:01.0234 5292 dmio - ok
11:29:01.0265 5292 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:29:01.0406 5292 dmload - ok
11:29:01.0437 5292 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:29:01.0593 5292 dmserver - ok
11:29:01.0640 5292 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:29:01.0796 5292 DMusic - ok
11:29:01.0828 5292 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:29:01.0859 5292 Dnscache - ok
11:29:01.0906 5292 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:29:02.0093 5292 Dot3svc - ok
11:29:02.0171 5292 [ 6D279BB0DE1D8E34F454E1B353F4D738 ] DozeHDD C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
11:29:02.0187 5292 DozeHDD - ok
11:29:02.0218 5292 [ 092AE9D762B115A2A05BE187BC3FFAB7 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
11:29:02.0234 5292 DozeSvc - ok
11:29:02.0250 5292 dpti2o - ok
11:29:02.0265 5292 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:29:02.0406 5292 drmkaud - ok
11:29:02.0453 5292 [ 6461E57BB51A848AAE26F52427B7CF9E ] dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys
11:29:02.0453 5292 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 6461E57BB51A848AAE26F52427B7CF9E
11:29:02.0453 5292 dtscsi ( LockedFile.Multi.Generic ) - warning
11:29:02.0453 5292 dtscsi - detected LockedFile.Multi.Generic (1)
11:29:02.0484 5292 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:29:02.0625 5292 EapHost - ok
11:29:02.0656 5292 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:29:02.0781 5292 ERSvc - ok
11:29:02.0828 5292 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:29:02.0859 5292 Eventlog - ok
11:29:02.0906 5292 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:29:02.0937 5292 EventSystem - ok
11:29:03.0062 5292 [ 344AA81113481E615E366BC1C36DFE0C ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
11:29:03.0093 5292 EvtEng ( UnsignedFile.Multi.Generic ) - warning
11:29:03.0093 5292 EvtEng - detected UnsignedFile.Multi.Generic (1)
11:29:03.0171 5292 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:29:03.0312 5292 Fastfat - ok
11:29:03.0359 5292 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:29:03.0390 5292 FastUserSwitchingCompatibility - ok
11:29:03.0437 5292 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:29:03.0593 5292 Fdc - ok
11:29:03.0609 5292 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:29:03.0750 5292 Fips - ok
11:29:03.0750 5292 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:29:03.0890 5292 Flpydisk - ok
11:29:03.0937 5292 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:29:04.0109 5292 FltMgr - ok
11:29:04.0171 5292 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:29:04.0187 5292 FontCache3.0.0.0 - ok
11:29:04.0203 5292 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:29:04.0343 5292 Fs_Rec - ok
11:29:04.0359 5292 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:29:04.0515 5292 Ftdisk - ok
11:29:04.0531 5292 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:29:04.0671 5292 Gpc - ok
11:29:04.0750 5292 gupdate - ok
11:29:04.0750 5292 gupdatem - ok
11:29:04.0796 5292 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:29:04.0937 5292 HDAudBus - ok
11:29:05.0000 5292 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:29:05.0156 5292 helpsvc - ok
11:29:05.0171 5292 HidServ - ok
11:29:05.0171 5292 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:29:05.0328 5292 hidusb - ok
11:29:05.0343 5292 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:29:05.0500 5292 hkmsvc - ok
11:29:05.0500 5292 hpn - ok
11:29:05.0562 5292 [ 702A7E1B3C9263EFBD6AEDE3B6919761 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
11:29:05.0578 5292 HSFHWAZL - ok
11:29:05.0625 5292 [ 8D02CB68D53AA36189FAF86FED438884 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:29:05.0671 5292 HSF_DPV - ok
11:29:05.0734 5292 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:29:05.0750 5292 HTTP - ok
11:29:05.0781 5292 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:29:05.0953 5292 HTTPFilter - ok
11:29:05.0953 5292 i2omgmt - ok
11:29:05.0968 5292 i2omp - ok
11:29:06.0000 5292 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:29:06.0140 5292 i8042prt - ok
11:29:06.0171 5292 [ E3FFC8CB45B3F55264EE10F084B2731B ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
11:29:06.0187 5292 IBMPMDRV - ok
11:29:06.0203 5292 [ 5565982522EE9D4E8921FEB304D4226F ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
11:29:06.0234 5292 IBMPMSVC - ok
11:29:06.0250 5292 [ 3A7DBE81EC5EDB96A0A61C7D4AF3198D ] IBMTPCHK C:\WINDOWS\system32\Drivers\IBMBLDID.sys
11:29:06.0250 5292 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
11:29:06.0250 5292 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
11:29:06.0343 5292 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:29:06.0390 5292 idsvc - ok
11:29:06.0390 5292 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:29:06.0546 5292 Imapi - ok
11:29:06.0593 5292 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:29:06.0734 5292 ImapiService - ok
11:29:06.0750 5292 ini910u - ok
11:29:06.0812 5292 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:29:06.0953 5292 IntelIde - ok
11:29:07.0000 5292 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:29:07.0140 5292 intelppm - ok
11:29:07.0156 5292 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:29:07.0312 5292 Ip6Fw - ok
11:29:07.0343 5292 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:29:07.0484 5292 IpFilterDriver - ok
11:29:07.0500 5292 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:29:07.0640 5292 IpInIp - ok
11:29:07.0671 5292 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:29:07.0843 5292 IpNat - ok
11:29:07.0906 5292 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:29:08.0062 5292 IPSec - ok
11:29:08.0125 5292 [ 00D8E9DAEBE72A5DF3986FD418A995EB ] IPSSVC C:\WINDOWS\system32\IPSSVC.EXE
11:29:08.0140 5292 IPSSVC - ok
11:29:08.0171 5292 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
11:29:08.0250 5292 irda - ok
11:29:08.0296 5292 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:29:08.0359 5292 IRENUM - ok
11:29:08.0390 5292 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
11:29:08.0453 5292 Irmon - ok
11:27:08.0625 3576 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:27:08.0703 3576 ============================================================
11:27:08.0703 3576 Current date / time: 2012/11/06 11:27:08.0703
11:27:08.0703 3576 SystemInfo:
11:27:08.0703 3576
11:27:08.0703 3576 OS Version: 5.1.2600 ServicePack: 3.0
11:27:08.0703 3576 Product type: Workstation
11:27:08.0703 3576 ComputerName: GOCA
11:27:08.0703 3576 UserName: Gocik
11:27:08.0703 3576 Windows directory: C:\WINDOWS
11:27:08.0703 3576 System windows directory: C:\WINDOWS
11:27:08.0703 3576 Processor architecture: Intel x86
11:27:08.0703 3576 Number of processors: 1
11:27:08.0703 3576 Page size: 0x1000
11:27:08.0703 3576 Boot type: Normal boot
11:27:08.0703 3576 ============================================================
11:27:10.0218 3576 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:27:10.0218 3576 Drive \Device\Harddisk1\DR3 - Size: 0x1CDC7E800 (7.22 Gb), SectorSize: 0x200, Cylinders: 0x3AD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:27:10.0234 3576 ============================================================
11:27:10.0234 3576 \Device\Harddisk0\DR0:
11:27:10.0234 3576 MBR partitions:
11:27:10.0234 3576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x445CF11
11:27:10.0234 3576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445CF8F, BlocksNum 0x75F3B01
11:27:10.0234 3576 \Device\Harddisk1\DR3:
11:27:10.0234 3576 MBR partitions:
11:27:10.0250 3576 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE6DDA1
11:27:10.0250 3576 ============================================================
11:27:10.0281 3576 C: <-> \Device\Harddisk0\DR0\Partition1
11:27:10.0359 3576 D: <-> \Device\Harddisk0\DR0\Partition2
11:27:10.0359 3576 ============================================================
11:27:10.0359 3576 Initialize success
11:27:10.0359 3576 ============================================================
11:27:37.0234 4364 ============================================================
11:27:37.0234 4364 Scan started
11:27:37.0234 4364 Mode: Manual; SigCheck; TDLFS;
11:27:37.0234 4364 ============================================================
11:27:37.0546 4364 ================ Scan system memory ========================
11:27:37.0546 4364 System memory - ok
11:27:37.0562 4364 ================ Scan services =============================
11:27:37.0687 4364 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
11:27:37.0859 4364 Aavmker4 - ok
11:27:37.0875 4364 Abiosdsk - ok
11:27:37.0875 4364 abp480n5 - ok
11:27:37.0921 4364 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:27:38.0250 4364 ACPI - ok
11:27:38.0265 4364 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:27:38.0421 4364 ACPIEC - ok
11:27:38.0531 4364 [ DC9BD0C95EE1B49435AFE89D523B20B7 ] AcPrfMgrSvc C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
11:27:38.0546 4364 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
11:27:38.0546 4364 AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
11:27:38.0578 4364 [ A8F0AD2868194B78DFE2FFEED8311581 ] AcSvc C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
11:27:38.0593 4364 AcSvc ( UnsignedFile.Multi.Generic ) - warning
11:27:38.0593 4364 AcSvc - detected UnsignedFile.Multi.Generic (1)
11:27:38.0625 4364 [ BEEE84A79710F705864685B05F1BB172 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:27:38.0656 4364 ADIHdAudAddService - ok
11:27:38.0750 4364 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:27:38.0781 4364 AdobeFlashPlayerUpdateSvc - ok
11:27:38.0796 4364 adpu160m - ok
11:27:38.0812 4364 [ 358063AB6C1C4173B735525CDFA65F94 ] AEAudioService C:\WINDOWS\system32\drivers\AEAudio.sys
11:27:38.0828 4364 AEAudioService - ok
11:27:38.0875 4364 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:27:39.0015 4364 aec - ok
11:27:39.0062 4364 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:27:39.0078 4364 AegisP - ok
11:27:39.0125 4364 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:27:39.0156 4364 AFD - ok
11:27:39.0156 4364 Aha154x - ok
11:27:39.0171 4364 aic78u2 - ok
11:27:39.0171 4364 aic78xx - ok
11:27:39.0250 4364 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:27:39.0390 4364 Alerter - ok
11:27:39.0468 4364 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:27:39.0546 4364 ALG - ok
11:27:39.0562 4364 AliIde - ok
11:27:39.0593 4364 [ E4EDE40F326B3B815EC06FF03A8697D6 ] ameisvc C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
11:27:39.0625 4364 ameisvc - ok
11:27:39.0625 4364 amsint - ok
11:27:39.0656 4364 [ 11AB185A7AF224800BBFB5B836974A17 ] ANC C:\WINDOWS\system32\drivers\ANC.SYS
11:27:39.0671 4364 ANC ( UnsignedFile.Multi.Generic ) - warning
11:27:39.0671 4364 ANC - detected UnsignedFile.Multi.Generic (1)
11:27:39.0687 4364 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:27:39.0765 4364 AppMgmt - ok
11:27:39.0781 4364 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:27:39.0921 4364 Arp1394 - ok
11:27:39.0937 4364 asc - ok
11:27:39.0937 4364 asc3350p - ok
11:27:39.0953 4364 asc3550 - ok
11:27:40.0062 4364 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:27:40.0078 4364 aspnet_state - ok
11:27:40.0109 4364 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:27:40.0125 4364 aswFsBlk - ok
11:27:40.0140 4364 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
11:27:40.0156 4364 aswMon2 - ok
11:27:40.0171 4364 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
11:27:40.0187 4364 aswRdr - ok
11:27:40.0234 4364 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
11:27:40.0281 4364 aswSnx - ok
11:27:40.0328 4364 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
11:27:40.0359 4364 aswSP - ok
11:27:40.0406 4364 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
11:27:40.0421 4364 aswTdi - ok
11:27:40.0453 4364 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:27:40.0609 4364 AsyncMac - ok
11:27:40.0687 4364 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:27:40.0875 4364 atapi - ok
11:27:40.0890 4364 Atdisk - ok
11:27:41.0015 4364 [ B921D1790A8EF84B2DBDEEEF4909FBA1 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:27:41.0125 4364 Ati HotKey Poller - ok
11:27:41.0265 4364 [ 5A13723FB8BFDD2090DEFB2D0CB98A27 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:27:41.0437 4364 ati2mtag - ok
11:27:41.0468 4364 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:27:41.0609 4364 Atmarpc - ok
11:27:41.0671 4364 [ DBF0D7E2DF33B469EB55406FEA759350 ] atmeltpm C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
11:27:41.0687 4364 atmeltpm - ok
11:27:41.0718 4364 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:27:41.0890 4364 AudioSrv - ok
11:27:42.0000 4364 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:27:42.0125 4364 audstub - ok
11:27:42.0203 4364 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:27:42.0218 4364 avast! Antivirus - ok
11:27:42.0265 4364 [ 66DD574749C38153C6067EBBA929BEFC ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:27:42.0296 4364 b57w2k - ok
11:27:42.0343 4364 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:27:42.0484 4364 Beep - ok
11:27:42.0609 4364 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:27:42.0781 4364 BITS - ok
11:27:42.0812 4364 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:27:42.0859 4364 Browser - ok
11:27:42.0906 4364 [ 9E8CF88D340E32FCB3C53955B2DF388F ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
11:27:42.0937 4364 btaudio - ok
11:27:43.0000 4364 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
11:27:43.0015 4364 BTDriver - ok
11:27:43.0093 4364 [ D26B5B9A40A2B2191B35C76D5CBF5D2A ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
11:27:43.0156 4364 BTKRNL - ok
11:27:43.0218 4364 [ C261E704B5558BA04DD643A0D998327D ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
11:27:43.0250 4364 btwdins - ok
11:27:43.0281 4364 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
11:27:43.0312 4364 BTWDNDIS - ok
11:27:43.0343 4364 [ 5922BAE0CD84924B9CD7E6BB515EE070 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
11:27:43.0359 4364 btwmodem - ok
11:27:43.0375 4364 [ 7696F6F2E63086EEEDB76B71BB7BB455 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
11:27:43.0406 4364 BTWUSB - ok
11:27:43.0406 4364 catchme - ok
11:27:43.0437 4364 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:27:43.0593 4364 cbidf2k - ok
11:27:43.0593 4364 cd20xrnt - ok
11:27:43.0671 4364 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:27:43.0828 4364 Cdaudio - ok
11:27:43.0875 4364 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:27:44.0015 4364 Cdfs - ok
11:27:44.0062 4364 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:27:44.0218 4364 Cdrom - ok
11:27:44.0234 4364 Changer - ok
11:27:44.0250 4364 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:27:44.0406 4364 CiSvc - ok
11:27:44.0484 4364 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:27:44.0640 4364 ClipSrv - ok
11:27:44.0687 4364 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:27:44.0718 4364 clr_optimization_v2.0.50727_32 - ok
11:27:44.0781 4364 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:27:44.0812 4364 clr_optimization_v4.0.30319_32 - ok
11:27:44.0843 4364 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:27:45.0000 4364 CmBatt - ok
11:27:45.0015 4364 CmdIde - ok
11:27:45.0015 4364 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:27:45.0171 4364 Compbatt - ok
11:27:45.0171 4364 COMSysApp - ok
11:27:45.0203 4364 Cpqarray - ok
11:27:45.0218 4364 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:27:45.0375 4364 CryptSvc - ok
11:27:45.0375 4364 dac2w2k - ok
11:27:45.0390 4364 dac960nt - ok
11:27:45.0500 4364 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:27:45.0562 4364 DcomLaunch - ok
11:27:45.0578 4364 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:27:45.0718 4364 Dhcp - ok
11:27:45.0781 4364 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:27:45.0937 4364 Disk - ok
11:27:45.0937 4364 dmadmin - ok
11:27:46.0015 4364 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:27:46.0234 4364 dmboot - ok
11:27:46.0250 4364 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:27:46.0390 4364 dmio - ok
11:27:46.0468 4364 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:27:46.0625 4364 dmload - ok
11:27:46.0640 4364 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:27:46.0796 4364 dmserver - ok
11:27:46.0843 4364 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:27:46.0984 4364 DMusic - ok
11:27:47.0093 4364 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:27:47.0109 4364 Dnscache - ok
11:27:47.0140 4364 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:27:47.0281 4364 Dot3svc - ok
11:27:47.0390 4364 [ 6D279BB0DE1D8E34F454E1B353F4D738 ] DozeHDD C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
11:27:47.0406 4364 DozeHDD - ok
11:27:47.0437 4364 [ 092AE9D762B115A2A05BE187BC3FFAB7 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
11:27:47.0468 4364 DozeSvc - ok
11:27:47.0468 4364 dpti2o - ok
11:27:47.0500 4364 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:27:47.0625 4364 drmkaud - ok
11:27:47.0671 4364 [ 6461E57BB51A848AAE26F52427B7CF9E ] dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys
11:27:47.0687 4364 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 6461E57BB51A848AAE26F52427B7CF9E
11:27:47.0687 4364 dtscsi ( LockedFile.Multi.Generic ) - warning
11:27:47.0687 4364 dtscsi - detected LockedFile.Multi.Generic (1)
11:27:47.0703 4364 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:27:47.0875 4364 EapHost - ok
11:27:47.0968 4364 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:27:48.0109 4364 ERSvc - ok
11:27:48.0156 4364 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:27:48.0187 4364 Eventlog - ok
11:27:48.0234 4364 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:27:48.0281 4364 EventSystem - ok
11:27:48.0390 4364 [ 344AA81113481E615E366BC1C36DFE0C ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
11:27:48.0406 4364 EvtEng ( UnsignedFile.Multi.Generic ) - warning
11:27:48.0421 4364 EvtEng - detected UnsignedFile.Multi.Generic (1)
11:27:48.0515 4364 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:27:48.0671 4364 Fastfat - ok
11:27:48.0812 4364 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:27:48.0843 4364 FastUserSwitchingCompatibility - ok
11:27:48.0859 4364 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:27:49.0031 4364 Fdc - ok
11:27:49.0062 4364 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:27:49.0203 4364 Fips - ok
11:27:49.0265 4364 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:27:49.0390 4364 Flpydisk - ok
11:27:49.0453 4364 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:27:49.0609 4364 FltMgr - ok
11:27:49.0671 4364 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:27:49.0687 4364 FontCache3.0.0.0 - ok
11:27:49.0734 4364 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:27:49.0875 4364 Fs_Rec - ok
11:27:49.0968 4364 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:27:50.0109 4364 Ftdisk - ok
11:27:50.0125 4364 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:27:50.0328 4364 Gpc - ok
11:27:50.0359 4364 gupdate - ok
11:27:50.0359 4364 gupdatem - ok
11:27:50.0406 4364 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:27:50.0546 4364 HDAudBus - ok
11:27:50.0578 4364 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:27:50.0734 4364 helpsvc - ok
11:27:50.0750 4364 HidServ - ok
11:27:50.0750 4364 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:27:50.0906 4364 hidusb - ok
11:27:50.0937 4364 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:27:51.0109 4364 hkmsvc - ok
11:27:51.0125 4364 hpn - ok
11:27:51.0171 4364 [ 702A7E1B3C9263EFBD6AEDE3B6919761 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
11:27:51.0203 4364 HSFHWAZL - ok
11:27:51.0250 4364 [ 8D02CB68D53AA36189FAF86FED438884 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:27:51.0296 4364 HSF_DPV - ok
11:27:51.0359 4364 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:27:51.0375 4364 HTTP - ok
11:27:51.0406 4364 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:27:51.0578 4364 HTTPFilter - ok
11:27:51.0593 4364 i2omgmt - ok
11:27:51.0593 4364 i2omp - ok
11:27:51.0687 4364 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:27:51.0843 4364 i8042prt - ok
11:27:51.0875 4364 [ E3FFC8CB45B3F55264EE10F084B2731B ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
11:27:51.0890 4364 IBMPMDRV - ok
11:27:51.0906 4364 [ 5565982522EE9D4E8921FEB304D4226F ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
11:27:51.0921 4364 IBMPMSVC - ok
11:27:51.0937 4364 [ 3A7DBE81EC5EDB96A0A61C7D4AF3198D ] IBMTPCHK C:\WINDOWS\system32\Drivers\IBMBLDID.sys
11:27:51.0953 4364 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
11:27:51.0953 4364 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
11:27:52.0031 4364 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:27:52.0093 4364 idsvc - ok
11:27:52.0109 4364 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:27:52.0265 4364 Imapi - ok
11:27:52.0296 4364 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:27:52.0453 4364 ImapiService - ok
11:27:52.0468 4364 ini910u - ok
11:27:52.0578 4364 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:27:52.0734 4364 IntelIde - ok
11:27:52.0765 4364 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:27:52.0921 4364 intelppm - ok
11:27:52.0953 4364 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:27:53.0109 4364 Ip6Fw - ok
11:27:53.0140 4364 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:27:53.0281 4364 IpFilterDriver - ok
11:27:53.0296 4364 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:27:53.0437 4364 IpInIp - ok
11:27:53.0468 4364 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:27:53.0625 4364 IpNat - ok
11:27:53.0671 4364 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:27:53.0812 4364 IPSec - ok
11:27:53.0859 4364 [ 00D8E9DAEBE72A5DF3986FD418A995EB ] IPSSVC C:\WINDOWS\system32\IPSSVC.EXE
11:27:53.0875 4364 IPSSVC - ok
11:27:53.0890 4364 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
11:27:53.0968 4364 irda - ok
11:27:54.0000 4364 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:27:54.0062 4364 IRENUM - ok
11:27:54.0078 4364 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
11:27:54.0171 4364 Irmon - ok
11:27:54.0218 4364 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:27:54.0343 4364 isapnp - ok
11:27:54.0437 4364 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:27:54.0453 4364 JavaQuickStarterService - ok
11:27:54.0500 4364 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:27:54.0640 4364 Kbdclass - ok
11:27:54.0671 4364 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:27:54.0812 4364 kmixer - ok
11:27:54.0843 4364 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:27:54.0906 4364 KSecDD - ok
11:27:54.0937 4364 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:27:54.0984 4364 LanmanServer - ok
11:27:55.0031 4364 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:27:55.0062 4364 lanmanworkstation - ok
11:27:55.0078 4364 lbrtfdc - ok
11:27:55.0156 4364 [ FCE735941DA27929DBFC1918F286FFD8 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
11:27:55.0171 4364 LENOVO.MICMUTE - ok
11:27:55.0203 4364 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\WINDOWS\system32\DRIVERS\smiif32.sys
11:27:55.0234 4364 lenovo.smi - ok
11:27:55.0250 4364 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:27:55.0390 4364 LmHosts - ok
11:27:55.0437 4364 [ 0B058116D3D4ECCA7DED38F16E0581B2 ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
11:27:55.0468 4364 massfilter - ok
11:27:55.0500 4364 [ A027DE1E6C11BD2DAF61F6F276B2299F ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:27:55.0515 4364 mdmxsdk - ok
11:27:55.0546 4364 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:27:55.0703 4364 Messenger - ok
11:27:55.0843 4364 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:27:55.0859 4364 Microsoft Office Groove Audit Service - ok
11:27:55.0890 4364 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:27:56.0062 4364 mnmdd - ok
11:27:56.0093 4364 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:27:56.0265 4364 mnmsrvc - ok
11:27:56.0359 4364 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:27:56.0500 4364 Modem - ok
11:27:56.0515 4364 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:27:56.0671 4364 Mouclass - ok
11:27:56.0750 4364 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:27:56.0921 4364 mouhid - ok
11:27:56.0937 4364 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:27:57.0078 4364 MountMgr - ok
11:27:57.0203 4364 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:27:57.0218 4364 MozillaMaintenance - ok
11:27:57.0234 4364 mraid35x - ok
11:27:57.0265 4364 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:27:57.0406 4364 MRxDAV - ok
11:27:57.0453 4364 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:27:57.0484 4364 MRxSmb - ok
11:27:57.0500 4364 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:27:57.0671 4364 MSDTC - ok
11:27:57.0750 4364 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:27:57.0906 4364 Msfs - ok
11:27:57.0906 4364 MSIServer - ok
11:27:57.0937 4364 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:27:58.0078 4364 MSKSSRV - ok
11:27:58.0078 4364 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:27:58.0296 4364 MSPCLOCK - ok
11:27:58.0312 4364 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:27:58.0453 4364 MSPQM - ok
11:27:58.0578 4364 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:27:58.0734 4364 mssmbios - ok
11:27:58.0765 4364 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:27:58.0781 4364 Mup - ok
11:27:58.0812 4364 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:27:58.0968 4364 napagent - ok
11:27:58.0984 4364 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:27:59.0187 4364 NDIS - ok
11:27:59.0218 4364 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:27:59.0234 4364 NdisTapi - ok
11:27:59.0265 4364 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:27:59.0406 4364 Ndisuio - ok
11:27:59.0421 4364 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:27:59.0562 4364 NdisWan - ok
11:27:59.0671 4364 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:27:59.0718 4364 NDProxy - ok
11:27:59.0765 4364 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:27:59.0890 4364 NetBIOS - ok
11:27:59.0906 4364 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:28:00.0062 4364 NetBT - ok
11:28:00.0140 4364 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:28:00.0312 4364 NetDDE - ok
11:28:00.0328 4364 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:28:00.0484 4364 NetDDEdsdm - ok
11:28:00.0562 4364 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:28:00.0703 4364 Netlogon - ok
11:28:00.0781 4364 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:28:00.0906 4364 Netman - ok
11:28:00.0953 4364 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:28:00.0984 4364 NetTcpPortSharing - ok
11:28:01.0015 4364 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:28:01.0156 4364 NIC1394 - ok
11:28:01.0250 4364 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:28:01.0312 4364 Nla - ok
11:28:01.0406 4364 [ 8DD0CDB0C700992D10169D8769EF5F43 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
11:28:01.0421 4364 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
11:28:01.0421 4364 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
11:28:01.0453 4364 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
11:28:01.0531 4364 nmwcd - ok
11:28:01.0578 4364 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
11:28:01.0656 4364 nmwcdc - ok
11:28:01.0703 4364 [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys
11:28:01.0781 4364 nmwcdnsu - ok
11:28:01.0796 4364 [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
11:28:01.0875 4364 nmwcdnsuc - ok
11:28:01.0906 4364 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:28:02.0046 4364 Npfs - ok
11:28:02.0078 4364 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
11:28:02.0156 4364 NSCIRDA - ok
11:28:02.0218 4364 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:28:02.0375 4364 Ntfs - ok
11:28:02.0406 4364 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:28:02.0546 4364 NtLmSsp - ok
11:28:02.0656 4364 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:28:02.0812 4364 NtmsSvc - ok
11:28:02.0828 4364 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:28:02.0984 4364 Null - ok
11:28:03.0031 4364 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:28:03.0171 4364 NwlnkFlt - ok
11:28:03.0234 4364 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:28:03.0390 4364 NwlnkFwd - ok
11:28:03.0484 4364 [ C4E28CEF489AAFD0E4CA734DC78CA77D ] O&O Defrag C:\WINDOWS\system32\oodag.exe
11:28:03.0546 4364 O&O Defrag - ok
11:28:03.0671 4364 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:28:03.0703 4364 odserv - ok
11:28:03.0765 4364 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:28:03.0906 4364 ohci1394 - ok
11:28:03.0953 4364 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:28:03.0984 4364 ose - ok
11:28:04.0000 4364 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:28:04.0156 4364 Parport - ok
11:28:04.0250 4364 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:28:04.0390 4364 PartMgr - ok
11:28:04.0437 4364 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:28:04.0593 4364 ParVdm - ok
11:28:04.0625 4364 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
11:28:04.0656 4364 pccsmcfd - ok
11:28:04.0671 4364 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:28:04.0828 4364 PCI - ok
11:28:04.0843 4364 PCIDump - ok
11:28:04.0859 4364 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:28:05.0000 4364 PCIIde - ok
11:28:05.0062 4364 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:28:05.0203 4364 Pcmcia - ok
11:28:05.0218 4364 PDCOMP - ok
11:28:05.0218 4364 PDFRAME - ok
11:28:05.0234 4364 PDRELI - ok
11:28:05.0250 4364 PDRFRAME - ok
11:28:05.0250 4364 perc2 - ok
11:28:05.0265 4364 perc2hib - ok
11:28:05.0312 4364 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:28:05.0343 4364 PlugPlay - ok
11:28:05.0375 4364 [ DEDEF40E1D05842639491365CB2C069E ] pmem C:\WINDOWS\System32\drivers\pmemnt.sys
11:28:05.0375 4364 pmem ( UnsignedFile.Multi.Generic ) - warning
11:28:05.0375 4364 pmem - detected UnsignedFile.Multi.Generic (1)
11:28:05.0390 4364 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:28:05.0531 4364 PolicyAgent - ok
11:28:05.0578 4364 [ EB719C46A32D17C34D52E6C726F1CF8C ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
11:28:05.0578 4364 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - warning
11:28:05.0578 4364 Power Manager DBC Service - detected UnsignedFile.Multi.Generic (1)
11:28:05.0609 4364 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:28:05.0750 4364 PptpMiniport - ok
11:28:05.0796 4364 [ 1D80309FED4BABF8EA9E7B84A394348B ] PROCDD C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
11:28:05.0812 4364 PROCDD - ok
11:28:05.0812 4364 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:28:05.0953 4364 ProtectedStorage - ok
11:28:06.0062 4364 [ AAC08DEFB15AAAB00B30341C716EFA35 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys
11:28:06.0078 4364 psadd - ok
11:28:06.0109 4364 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:28:06.0234 4364 PSched - ok
11:28:06.0343 4364 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:28:06.0484 4364 Ptilink - ok
11:28:06.0500 4364 [ 93C49354CEB0828F5D286E50BB767EB2 ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
11:28:06.0515 4364 PwmEWSvc ( UnsignedFile.Multi.Generic ) - warning
11:28:06.0515 4364 PwmEWSvc - detected UnsignedFile.Multi.Generic (1)
11:28:06.0515 4364 ql1080 - ok
11:28:06.0531 4364 Ql10wnt - ok
11:28:06.0546 4364 ql12160 - ok
11:28:06.0546 4364 ql1240 - ok
11:28:06.0562 4364 ql1280 - ok
11:28:06.0578 4364 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:28:06.0734 4364 RasAcd - ok
11:28:06.0968 4364 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:28:07.0140 4364 RasAuto - ok
11:28:07.0234 4364 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:28:07.0296 4364 Rasirda - ok
11:28:07.0312 4364 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:28:07.0453 4364 Rasl2tp - ok
11:28:07.0531 4364 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:28:07.0687 4364 RasMan - ok
11:28:07.0703 4364 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:28:07.0890 4364 RasPppoe - ok
11:28:07.0906 4364 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:28:08.0062 4364 Raspti - ok
11:28:08.0140 4364 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:28:08.0281 4364 Rdbss - ok
11:28:08.0296 4364 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:28:08.0437 4364 RDPCDD - ok
11:28:08.0562 4364 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:28:08.0687 4364 rdpdr - ok
11:28:08.0765 4364 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:28:08.0796 4364 RDPWD - ok
11:28:08.0828 4364 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:28:08.0984 4364 RDSessMgr - ok
11:28:09.0000 4364 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:28:09.0140 4364 redbook - ok
11:28:09.0187 4364 [ 89CBF999FC5FCAF3C8B2C79B0594434F ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
11:28:09.0203 4364 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
11:28:09.0203 4364 RegSrvc - detected UnsignedFile.Multi.Generic (1)
11:28:09.0250 4364 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:28:09.0421 4364 RemoteAccess - ok
11:28:09.0453 4364 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:28:09.0609 4364 RemoteRegistry - ok
11:28:09.0640 4364 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
11:28:09.0671 4364 rimsptsk - ok
11:28:09.0703 4364 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:28:09.0843 4364 RpcLocator - ok
11:28:09.0937 4364 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:28:09.0984 4364 RpcSs - ok
11:28:10.0000 4364 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:28:10.0171 4364 RSVP - ok
11:28:10.0296 4364 [ E118CF6BC4949D4A389026F15A9F3C95 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
11:28:10.0390 4364 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
11:28:10.0390 4364 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
11:28:10.0406 4364 [ F275EE6061E444CAA7137AEFB2C27A03 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:28:10.0437 4364 s24trans - ok
11:28:10.0453 4364 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:28:10.0593 4364 SamSs - ok
11:28:10.0656 4364 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:28:10.0796 4364 SCardSvr - ok
11:28:10.0828 4364 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:28:11.0000 4364 Schedule - ok
11:28:11.0031 4364 [ D1FACB3C7D12F439C18EF01AA88C2A9D ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:28:11.0062 4364 sdbus - ok
11:28:11.0078 4364 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:28:11.0156 4364 Secdrv - ok
11:28:11.0187 4364 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:28:11.0359 4364 seclogon - ok
11:28:11.0437 4364 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:28:11.0578 4364 SENS - ok
11:28:11.0609 4364 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
11:28:11.0750 4364 Serial - ok
11:28:11.0828 4364 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
11:28:11.0875 4364 ServiceLayer - ok
11:28:11.0921 4364 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:28:12.0062 4364 Sfloppy - ok
11:28:12.0109 4364 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:28:12.0250 4364 SharedAccess - ok
11:28:12.0328 4364 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:28:12.0359 4364 ShellHWDetection - ok
11:28:12.0406 4364 [ 1624530D05155F4E5A4736531523BFF5 ] Shockprf C:\WINDOWS\system32\DRIVERS\Apsx86.sys
11:28:12.0421 4364 Shockprf - ok
11:28:12.0421 4364 Simbad - ok
11:28:12.0484 4364 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
11:28:12.0500 4364 SkypeUpdate - ok
11:28:12.0531 4364 [ 26341D0DD225D19FD50E0EE3C3C77502 ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
11:28:12.0546 4364 Smapint ( UnsignedFile.Multi.Generic ) - warning
11:28:12.0546 4364 Smapint - detected UnsignedFile.Multi.Generic (1)
11:28:12.0625 4364 [ 0B9C01236D25BDCB37AA79DC59DFB7D3 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
11:28:12.0640 4364 smihlp - ok
11:28:12.0640 4364 Sparrow - ok
11:28:12.0703 4364 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:28:12.0875 4364 splitter - ok
11:28:12.0906 4364 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:28:12.0937 4364 Spooler - ok
11:28:13.0000 4364 [ 15B827792F8E8B96E1B4D148103E3186 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
11:28:13.0000 4364 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 15B827792F8E8B96E1B4D148103E3186
11:28:13.0000 4364 sptd ( LockedFile.Multi.Generic ) - warning
11:28:13.0000 4364 sptd - detected LockedFile.Multi.Generic (1)
11:28:13.0031 4364 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:28:13.0109 4364 sr - ok
11:28:13.0125 4364 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:28:13.0203 4364 srservice - ok
11:28:13.0218 4364 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:28:13.0250 4364 Srv - ok
11:28:13.0296 4364 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:28:13.0359 4364 SSDPSRV - ok
11:28:13.0406 4364 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:28:13.0546 4364 stisvc - ok
11:28:13.0671 4364 [ C2191C1A5DFED0795E3D3B68905B195B ] SUService c:\program files\lenovo\system update\suservice.exe
11:28:13.0687 4364 SUService ( UnsignedFile.Multi.Generic ) - warning
11:28:13.0687 4364 SUService - detected UnsignedFile.Multi.Generic (1)
11:28:13.0734 4364 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:28:13.0875 4364 swenum - ok
11:28:13.0906 4364 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:28:14.0046 4364 swmidi - ok
11:28:14.0062 4364 SwPrv - ok
11:28:14.0078 4364 symc810 - ok
11:28:14.0093 4364 symc8xx - ok
11:28:14.0093 4364 sym_hi - ok
11:28:14.0109 4364 sym_u3 - ok
11:28:14.0140 4364 [ 003358D830A76DFE3803FB353B8FD87B ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:28:14.0187 4364 SynTP - ok
11:28:14.0203 4364 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:28:14.0343 4364 sysaudio - ok
11:28:14.0421 4364 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:28:14.0578 4364 SysmonLog - ok
11:28:14.0609 4364 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:28:14.0750 4364 TapiSrv - ok
11:28:14.0796 4364 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:28:14.0828 4364 Tcpip - ok
11:28:14.0859 4364 [ 58E3EB5A5C78740C5870EEE6648CCC46 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
11:28:14.0875 4364 TcUsb - ok
11:28:14.0906 4364 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:28:15.0078 4364 TDPIPE - ok
11:28:15.0109 4364 [ 564B337034271B7BDDCABFDDC91C6B7A ] TDSMAPI C:\WINDOWS\system32\drivers\TDSMAPI.SYS
11:28:15.0125 4364 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
11:28:15.0125 4364 TDSMAPI - detected UnsignedFile.Multi.Generic (1)
11:28:15.0140 4364 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:28:15.0281 4364 TDTCP - ok
11:28:15.0328 4364 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:28:15.0484 4364 TermDD - ok
11:28:15.0515 4364 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:28:15.0687 4364 TermService - ok
11:28:15.0703 4364 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:28:15.0734 4364 Themes - ok
11:28:15.0828 4364 [ 9626746A9B120D2ED537DD8D76278405 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
11:28:15.0875 4364 ThinkVantage Registry Monitor Service - ok
11:28:15.0968 4364 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:28:16.0031 4364 TlntSvr - ok
11:28:16.0046 4364 TosIde - ok
11:28:16.0062 4364 [ D2378FBBD668D9FE9B6B5E3139D506D3 ] TPDIGIMN C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
11:28:16.0078 4364 TPDIGIMN - ok
11:28:16.0125 4364 [ A34A1E6B5461273846D30F5898602A72 ] TPHDEXLGSVC C:\WINDOWS\system32\TPHDEXLG.exe
11:28:16.0156 4364 TPHDEXLGSVC - ok
11:28:16.0187 4364 [ 8AEF2188630F5ECD79AD9ABBA630630B ] TPHKDRV C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
11:28:16.0203 4364 TPHKDRV - ok
11:28:16.0234 4364 [ 88D609BFDEB7E013E9E491434190BA43 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
11:28:16.0234 4364 TPHKLOAD ( UnsignedFile.Multi.Generic ) - warning
11:28:16.0234 4364 TPHKLOAD - detected UnsignedFile.Multi.Generic (1)
11:28:16.0265 4364 [ 9E6E4A9789F76593CC5A6A5AF8FC5929 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
11:28:16.0281 4364 TPHKSVC - ok
11:28:16.0312 4364 [ DFB268FF0A6DCB9280015FF527F892FF ] TpKmpSVC C:\WINDOWS\system32\TpKmpSVC.exe
11:28:16.0343 4364 TpKmpSVC ( UnsignedFile.Multi.Generic ) - warning
11:28:16.0343 4364 TpKmpSVC - detected UnsignedFile.Multi.Generic (1)
11:28:16.0375 4364 [ C037817E2498D9DB736E4BA355B1F4E7 ] TPPWRIF C:\WINDOWS\system32\drivers\Tppwrif.sys
11:28:16.0390 4364 TPPWRIF - ok
11:28:16.0406 4364 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:28:16.0562 4364 TrkWks - ok
11:28:16.0671 4364 [ 44D5BE1651390476C5EDB3B5DF28DE30 ] TSSCoreService C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
11:28:16.0718 4364 TSSCoreService - ok
11:28:16.0843 4364 [ 6658D32CBEBC606E4BACCCF4A6B4FD63 ] TuneUp.Defrag C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
11:28:16.0875 4364 TuneUp.Defrag - ok
11:28:16.0953 4364 [ 243F1C2CF7CAE07F035FE45E5B855C8E ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
11:28:17.0000 4364 TuneUp.UtilitiesSvc - ok
11:28:17.0062 4364 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
11:28:17.0078 4364 TuneUpUtilitiesDrv - ok
11:28:17.0156 4364 [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
11:28:17.0250 4364 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
11:28:17.0250 4364 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
11:28:17.0296 4364 [ 8AB24D4B7DA715C2C80455137910E792 ] TVTI2C C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
11:28:17.0328 4364 TVTI2C - ok
11:28:17.0359 4364 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:28:17.0515 4364 Udfs - ok
11:28:17.0531 4364 ultra - ok
11:28:17.0656 4364 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:28:17.0812 4364 Update - ok
11:28:17.0828 4364 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:28:17.0921 4364 upnphost - ok
11:28:17.0953 4364 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
11:28:18.0062 4364 upperdev - ok
11:28:18.0093 4364 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:28:18.0250 4364 UPS - ok
11:28:18.0296 4364 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:28:18.0453 4364 usbccgp - ok
11:28:18.0546 4364 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:28:18.0687 4364 usbehci - ok
11:28:18.0703 4364 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:28:18.0843 4364 usbhub - ok
11:28:18.0921 4364 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
11:28:19.0062 4364 usbser - ok
11:28:19.0078 4364 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
11:28:19.0187 4364 UsbserFilt - ok
11:28:19.0218 4364 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:28:19.0359 4364 USBSTOR - ok
11:28:19.0359 4364 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:28:19.0515 4364 usbuhci - ok
11:28:19.0562 4364 [ E7B2EF9B4A4A177CCDEC670E348AF633 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
11:28:19.0593 4364 UxTuneUp - ok
11:28:19.0625 4364 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:28:19.0765 4364 VgaSave - ok
11:28:19.0781 4364 ViaIde - ok
11:28:19.0812 4364 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:28:19.0953 4364 VolSnap - ok
11:28:20.0000 4364 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:28:20.0156 4364 VSS - ok
11:28:20.0281 4364 [ A22ABD73E0D6BA666CBA4E86EEB001B3 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
11:28:20.0390 4364 w29n51 - ok
11:28:20.0453 4364 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:28:20.0609 4364 W32Time - ok
11:28:20.0625 4364 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:28:20.0765 4364 Wanarp - ok
11:28:20.0812 4364 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
11:28:20.0843 4364 Wdf01000 - ok
11:28:20.0859 4364 WDICA - ok
11:28:20.0906 4364 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:28:21.0046 4364 wdmaud - ok
11:28:21.0062 4364 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:28:21.0218 4364 WebClient - ok
11:28:21.0328 4364 [ AFCEA7939925378F867DDE6AF76F3924 ] WIBUKEY C:\WINDOWS\system32\DRIVERS\WibuKey.sys
11:28:21.0343 4364 WIBUKEY ( UnsignedFile.Multi.Generic ) - warning
11:28:21.0343 4364 WIBUKEY - detected UnsignedFile.Multi.Generic (1)
11:28:21.0390 4364 [ 115946A53B62A6B171FD0ED197C71D52 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:28:21.0437 4364 winachsf - ok
11:28:21.0515 4364 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
11:28:21.0531 4364 WinDefend - ok
11:28:21.0593 4364 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:28:21.0734 4364 winmgmt - ok
11:28:21.0796 4364 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:28:21.0828 4364 WmdmPmSN - ok
11:28:21.0890 4364 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:28:21.0968 4364 Wmi - ok
11:28:22.0015 4364 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:28:22.0171 4364 WmiApSrv - ok
11:28:22.0187 4364 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
11:28:22.0203 4364 WpdUsb - ok
11:28:22.0296 4364 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:28:22.0359 4364 WPFFontCache_v0400 - ok
11:28:22.0406 4364 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:28:22.0546 4364 WS2IFSL - ok
11:28:22.0625 4364 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:28:22.0765 4364 wscsvc - ok
11:28:22.0812 4364 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:28:22.0968 4364 wuauserv - ok
11:28:23.0015 4364 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:28:23.0046 4364 WudfPf - ok
11:28:23.0062 4364 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:28:23.0093 4364 WudfRd - ok
11:28:23.0109 4364 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:28:23.0156 4364 WudfSvc - ok
11:28:23.0203 4364 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:28:23.0390 4364 WZCSVC - ok
11:28:23.0437 4364 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:28:23.0593 4364 xmlprov - ok
11:28:23.0625 4364 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
11:28:23.0656 4364 ZTEusbmdm6k - ok
11:28:23.0687 4364 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
11:28:23.0703 4364 ZTEusbnmea - ok
11:28:23.0718 4364 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
11:28:23.0734 4364 ZTEusbser6k - ok
11:28:23.0765 4364 ================ Scan global ===============================
11:28:23.0796 4364 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:28:23.0843 4364 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:28:23.0875 4364 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:28:23.0890 4364 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:28:23.0890 4364 [Global] - ok
11:28:23.0906 4364 ================ Scan MBR ==================================
11:28:23.0921 4364 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:28:24.0234 4364 \Device\Harddisk0\DR0 - ok
11:28:24.0234 4364 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR3
11:28:24.0375 4364 \Device\Harddisk1\DR3 - ok
11:28:24.0375 4364 ================ Scan VBR ==================================
11:28:24.0390 4364 [ AA27011B77C32F7CCDA01D32CEA1975F ] \Device\Harddisk0\DR0\Partition1
11:28:24.0390 4364 \Device\Harddisk0\DR0\Partition1 - ok
11:28:24.0406 4364 [ 45F435EBA7F7CCBCF9237C00B54C55F9 ] \Device\Harddisk0\DR0\Partition2
11:28:24.0406 4364 \Device\Harddisk0\DR0\Partition2 - ok
11:28:24.0421 4364 [ 130BE5B70ED19ACC8AC7CE77FD27A9CD ] \Device\Harddisk1\DR3\Partition1
11:28:24.0421 4364 \Device\Harddisk1\DR3\Partition1 - ok
11:28:24.0437 4364 ============================================================
11:28:24.0437 4364 Scan finished
11:28:24.0437 4364 ============================================================
11:28:24.0546 4136 Detected object count: 20
11:28:24.0546 4136 Actual detected object count: 20
11:28:38.0250 4136 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0250 4136 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0250 4136 AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0250 4136 AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0250 4136 ANC ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0250 4136 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0265 4136 dtscsi ( LockedFile.Multi.Generic ) - skipped by user
11:28:38.0265 4136 dtscsi ( LockedFile.Multi.Generic ) - User select action: Skip
11:28:38.0265 4136 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0265 4136 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0265 4136 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0265 4136 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0265 4136 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0265 4136 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0265 4136 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0265 4136 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0265 4136 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0265 4136 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0265 4136 PwmEWSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0265 4136 PwmEWSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0281 4136 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0281 4136 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0281 4136 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0281 4136 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0281 4136 Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0281 4136 Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0281 4136 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:28:38.0281 4136 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:28:38.0281 4136 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0281 4136 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0296 4136 TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0296 4136 TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0296 4136 TPHKLOAD ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0296 4136 TPHKLOAD ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0296 4136 TpKmpSVC ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0296 4136 TpKmpSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0296 4136 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0296 4136 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:38.0296 4136 WIBUKEY ( UnsignedFile.Multi.Generic ) - skipped by user
11:28:38.0296 4136 WIBUKEY ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:28:52.0484 5292 ============================================================
11:28:52.0484 5292 Scan started
11:28:52.0484 5292 Mode: Manual; SigCheck; TDLFS;
11:28:52.0484 5292 ============================================================
11:28:52.0812 5292 ================ Scan system memory ========================
11:28:52.0812 5292 System memory - ok
11:28:52.0828 5292 ================ Scan services =============================
11:28:52.0953 5292 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
11:28:53.0000 5292 Aavmker4 - ok
11:28:53.0000 5292 Abiosdsk - ok
11:28:53.0015 5292 abp480n5 - ok
11:28:53.0046 5292 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:28:53.0187 5292 ACPI - ok
11:28:53.0265 5292 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:28:53.0406 5292 ACPIEC - ok
11:28:53.0500 5292 [ DC9BD0C95EE1B49435AFE89D523B20B7 ] AcPrfMgrSvc C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
11:28:53.0515 5292 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
11:28:53.0515 5292 AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
11:28:53.0546 5292 [ A8F0AD2868194B78DFE2FFEED8311581 ] AcSvc C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
11:28:53.0562 5292 AcSvc ( UnsignedFile.Multi.Generic ) - warning
11:28:53.0562 5292 AcSvc - detected UnsignedFile.Multi.Generic (1)
11:28:53.0578 5292 [ BEEE84A79710F705864685B05F1BB172 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:28:53.0609 5292 ADIHdAudAddService - ok
11:28:53.0671 5292 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:28:53.0703 5292 AdobeFlashPlayerUpdateSvc - ok
11:28:53.0703 5292 adpu160m - ok
11:28:53.0718 5292 [ 358063AB6C1C4173B735525CDFA65F94 ] AEAudioService C:\WINDOWS\system32\drivers\AEAudio.sys
11:28:53.0765 5292 AEAudioService - ok
11:28:53.0812 5292 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:28:53.0937 5292 aec - ok
11:28:54.0000 5292 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:28:54.0015 5292 AegisP - ok
11:28:54.0062 5292 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:28:54.0078 5292 AFD - ok
11:28:54.0093 5292 Aha154x - ok
11:28:54.0093 5292 aic78u2 - ok
11:28:54.0109 5292 aic78xx - ok
11:28:54.0140 5292 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:28:54.0281 5292 Alerter - ok
11:28:54.0359 5292 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:28:54.0437 5292 ALG - ok
11:28:54.0437 5292 AliIde - ok
11:28:54.0500 5292 [ E4EDE40F326B3B815EC06FF03A8697D6 ] ameisvc C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
11:28:54.0515 5292 ameisvc - ok
11:28:54.0531 5292 amsint - ok
11:28:54.0562 5292 [ 11AB185A7AF224800BBFB5B836974A17 ] ANC C:\WINDOWS\system32\drivers\ANC.SYS
11:28:54.0562 5292 ANC ( UnsignedFile.Multi.Generic ) - warning
11:28:54.0562 5292 ANC - detected UnsignedFile.Multi.Generic (1)
11:28:54.0593 5292 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:28:54.0656 5292 AppMgmt - ok
11:28:54.0671 5292 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:28:54.0828 5292 Arp1394 - ok
11:28:54.0843 5292 asc - ok
11:28:54.0843 5292 asc3350p - ok
11:28:54.0859 5292 asc3550 - ok
11:28:55.0125 5292 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:28:55.0140 5292 aspnet_state - ok
11:28:55.0171 5292 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:28:55.0187 5292 aswFsBlk - ok
11:28:55.0203 5292 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
11:28:55.0218 5292 aswMon2 - ok
11:28:55.0234 5292 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
11:28:55.0250 5292 aswRdr - ok
11:28:55.0296 5292 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
11:28:55.0343 5292 aswSnx - ok
11:28:55.0406 5292 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
11:28:55.0437 5292 aswSP - ok
11:28:55.0453 5292 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
11:28:55.0484 5292 aswTdi - ok
11:28:55.0515 5292 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:28:55.0656 5292 AsyncMac - ok
11:28:55.0687 5292 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:28:55.0828 5292 atapi - ok
11:28:55.0843 5292 Atdisk - ok
11:28:55.0921 5292 [ B921D1790A8EF84B2DBDEEEF4909FBA1 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:28:56.0015 5292 Ati HotKey Poller - ok
11:28:56.0203 5292 [ 5A13723FB8BFDD2090DEFB2D0CB98A27 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:28:56.0375 5292 ati2mtag - ok
11:28:56.0421 5292 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:28:56.0578 5292 Atmarpc - ok
11:28:56.0671 5292 [ DBF0D7E2DF33B469EB55406FEA759350 ] atmeltpm C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
11:28:56.0687 5292 atmeltpm - ok
11:28:56.0718 5292 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:28:56.0875 5292 AudioSrv - ok
11:28:56.0984 5292 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:28:57.0125 5292 audstub - ok
11:28:57.0187 5292 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:28:57.0203 5292 avast! Antivirus - ok
11:28:57.0250 5292 [ 66DD574749C38153C6067EBBA929BEFC ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:28:57.0281 5292 b57w2k - ok
11:28:57.0328 5292 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:28:57.0453 5292 Beep - ok
11:28:57.0500 5292 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:28:57.0687 5292 BITS - ok
11:28:57.0765 5292 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:28:57.0796 5292 Browser - ok
11:28:57.0843 5292 [ 9E8CF88D340E32FCB3C53955B2DF388F ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
11:28:57.0875 5292 btaudio - ok
11:28:57.0921 5292 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
11:28:57.0937 5292 BTDriver - ok
11:28:58.0046 5292 [ D26B5B9A40A2B2191B35C76D5CBF5D2A ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
11:28:58.0109 5292 BTKRNL - ok
11:28:58.0187 5292 [ C261E704B5558BA04DD643A0D998327D ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
11:28:58.0203 5292 btwdins - ok
11:28:58.0250 5292 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
11:28:58.0265 5292 BTWDNDIS - ok
11:28:58.0296 5292 [ 5922BAE0CD84924B9CD7E6BB515EE070 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
11:28:58.0312 5292 btwmodem - ok
11:28:58.0328 5292 [ 7696F6F2E63086EEEDB76B71BB7BB455 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
11:28:58.0343 5292 BTWUSB - ok
11:28:58.0359 5292 catchme - ok
11:28:58.0390 5292 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:28:58.0562 5292 cbidf2k - ok
11:28:58.0578 5292 cd20xrnt - ok
11:28:58.0656 5292 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:28:58.0796 5292 Cdaudio - ok
11:28:58.0843 5292 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:28:58.0984 5292 Cdfs - ok
11:28:59.0015 5292 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:28:59.0171 5292 Cdrom - ok
11:28:59.0171 5292 Changer - ok
11:28:59.0250 5292 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:28:59.0406 5292 CiSvc - ok
11:28:59.0437 5292 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:28:59.0578 5292 ClipSrv - ok
11:28:59.0671 5292 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:28:59.0687 5292 clr_optimization_v2.0.50727_32 - ok
11:28:59.0734 5292 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:28:59.0750 5292 clr_optimization_v4.0.30319_32 - ok
11:28:59.0796 5292 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:28:59.0953 5292 CmBatt - ok
11:28:59.0953 5292 CmdIde - ok
11:28:59.0968 5292 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:29:00.0109 5292 Compbatt - ok
11:29:00.0125 5292 COMSysApp - ok
11:29:00.0140 5292 Cpqarray - ok
11:29:00.0187 5292 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:29:00.0312 5292 CryptSvc - ok
11:29:00.0312 5292 dac2w2k - ok
11:29:00.0328 5292 dac960nt - ok
11:29:00.0375 5292 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:29:00.0421 5292 DcomLaunch - ok
11:29:00.0453 5292 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:29:00.0578 5292 Dhcp - ok
11:29:00.0609 5292 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:29:00.0765 5292 Disk - ok
11:29:00.0765 5292 dmadmin - ok
11:29:00.0890 5292 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:29:01.0046 5292 dmboot - ok
11:29:01.0062 5292 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:29:01.0234 5292 dmio - ok
11:29:01.0265 5292 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:29:01.0406 5292 dmload - ok
11:29:01.0437 5292 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:29:01.0593 5292 dmserver - ok
11:29:01.0640 5292 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:29:01.0796 5292 DMusic - ok
11:29:01.0828 5292 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:29:01.0859 5292 Dnscache - ok
11:29:01.0906 5292 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:29:02.0093 5292 Dot3svc - ok
11:29:02.0171 5292 [ 6D279BB0DE1D8E34F454E1B353F4D738 ] DozeHDD C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
11:29:02.0187 5292 DozeHDD - ok
11:29:02.0218 5292 [ 092AE9D762B115A2A05BE187BC3FFAB7 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
11:29:02.0234 5292 DozeSvc - ok
11:29:02.0250 5292 dpti2o - ok
11:29:02.0265 5292 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:29:02.0406 5292 drmkaud - ok
11:29:02.0453 5292 [ 6461E57BB51A848AAE26F52427B7CF9E ] dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys
11:29:02.0453 5292 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 6461E57BB51A848AAE26F52427B7CF9E
11:29:02.0453 5292 dtscsi ( LockedFile.Multi.Generic ) - warning
11:29:02.0453 5292 dtscsi - detected LockedFile.Multi.Generic (1)
11:29:02.0484 5292 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:29:02.0625 5292 EapHost - ok
11:29:02.0656 5292 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:29:02.0781 5292 ERSvc - ok
11:29:02.0828 5292 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:29:02.0859 5292 Eventlog - ok
11:29:02.0906 5292 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:29:02.0937 5292 EventSystem - ok
11:29:03.0062 5292 [ 344AA81113481E615E366BC1C36DFE0C ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
11:29:03.0093 5292 EvtEng ( UnsignedFile.Multi.Generic ) - warning
11:29:03.0093 5292 EvtEng - detected UnsignedFile.Multi.Generic (1)
11:29:03.0171 5292 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:29:03.0312 5292 Fastfat - ok
11:29:03.0359 5292 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:29:03.0390 5292 FastUserSwitchingCompatibility - ok
11:29:03.0437 5292 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:29:03.0593 5292 Fdc - ok
11:29:03.0609 5292 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:29:03.0750 5292 Fips - ok
11:29:03.0750 5292 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:29:03.0890 5292 Flpydisk - ok
11:29:03.0937 5292 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:29:04.0109 5292 FltMgr - ok
11:29:04.0171 5292 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:29:04.0187 5292 FontCache3.0.0.0 - ok
11:29:04.0203 5292 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:29:04.0343 5292 Fs_Rec - ok
11:29:04.0359 5292 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:29:04.0515 5292 Ftdisk - ok
11:29:04.0531 5292 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:29:04.0671 5292 Gpc - ok
11:29:04.0750 5292 gupdate - ok
11:29:04.0750 5292 gupdatem - ok
11:29:04.0796 5292 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:29:04.0937 5292 HDAudBus - ok
11:29:05.0000 5292 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:29:05.0156 5292 helpsvc - ok
11:29:05.0171 5292 HidServ - ok
11:29:05.0171 5292 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:29:05.0328 5292 hidusb - ok
11:29:05.0343 5292 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:29:05.0500 5292 hkmsvc - ok
11:29:05.0500 5292 hpn - ok
11:29:05.0562 5292 [ 702A7E1B3C9263EFBD6AEDE3B6919761 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
11:29:05.0578 5292 HSFHWAZL - ok
11:29:05.0625 5292 [ 8D02CB68D53AA36189FAF86FED438884 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:29:05.0671 5292 HSF_DPV - ok
11:29:05.0734 5292 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:29:05.0750 5292 HTTP - ok
11:29:05.0781 5292 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:29:05.0953 5292 HTTPFilter - ok
11:29:05.0953 5292 i2omgmt - ok
11:29:05.0968 5292 i2omp - ok
11:29:06.0000 5292 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:29:06.0140 5292 i8042prt - ok
11:29:06.0171 5292 [ E3FFC8CB45B3F55264EE10F084B2731B ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
11:29:06.0187 5292 IBMPMDRV - ok
11:29:06.0203 5292 [ 5565982522EE9D4E8921FEB304D4226F ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
11:29:06.0234 5292 IBMPMSVC - ok
11:29:06.0250 5292 [ 3A7DBE81EC5EDB96A0A61C7D4AF3198D ] IBMTPCHK C:\WINDOWS\system32\Drivers\IBMBLDID.sys
11:29:06.0250 5292 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
11:29:06.0250 5292 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
11:29:06.0343 5292 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:29:06.0390 5292 idsvc - ok
11:29:06.0390 5292 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:29:06.0546 5292 Imapi - ok
11:29:06.0593 5292 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:29:06.0734 5292 ImapiService - ok
11:29:06.0750 5292 ini910u - ok
11:29:06.0812 5292 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:29:06.0953 5292 IntelIde - ok
11:29:07.0000 5292 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:29:07.0140 5292 intelppm - ok
11:29:07.0156 5292 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:29:07.0312 5292 Ip6Fw - ok
11:29:07.0343 5292 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:29:07.0484 5292 IpFilterDriver - ok
11:29:07.0500 5292 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:29:07.0640 5292 IpInIp - ok
11:29:07.0671 5292 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:29:07.0843 5292 IpNat - ok
11:29:07.0906 5292 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:29:08.0062 5292 IPSec - ok
11:29:08.0125 5292 [ 00D8E9DAEBE72A5DF3986FD418A995EB ] IPSSVC C:\WINDOWS\system32\IPSSVC.EXE
11:29:08.0140 5292 IPSSVC - ok
11:29:08.0171 5292 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
11:29:08.0250 5292 irda - ok
11:29:08.0296 5292 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:29:08.0359 5292 IRENUM - ok
11:29:08.0390 5292 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
11:29:08.0453 5292 Irmon - ok
Re: Skype virus Rsit,Rkill, Combofix
11:29:08.0500 5292 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:29:08.0640 5292 isapnp - ok
11:29:08.0718 5292 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:29:08.0750 5292 JavaQuickStarterService - ok
11:29:08.0781 5292 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:29:08.0937 5292 Kbdclass - ok
11:29:08.0984 5292 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:29:09.0140 5292 kmixer - ok
11:29:09.0187 5292 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:29:09.0218 5292 KSecDD - ok
11:29:09.0265 5292 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:29:09.0312 5292 LanmanServer - ok
11:29:09.0359 5292 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:29:09.0406 5292 lanmanworkstation - ok
11:29:09.0406 5292 lbrtfdc - ok
11:29:09.0500 5292 [ FCE735941DA27929DBFC1918F286FFD8 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
11:29:09.0515 5292 LENOVO.MICMUTE - ok
11:29:09.0531 5292 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\WINDOWS\system32\DRIVERS\smiif32.sys
11:29:09.0546 5292 lenovo.smi - ok
11:29:09.0562 5292 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:29:09.0703 5292 LmHosts - ok
11:29:09.0734 5292 [ 0B058116D3D4ECCA7DED38F16E0581B2 ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
11:29:09.0765 5292 massfilter - ok
11:29:09.0796 5292 [ A027DE1E6C11BD2DAF61F6F276B2299F ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:29:09.0812 5292 mdmxsdk - ok
11:29:09.0859 5292 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:29:09.0984 5292 Messenger - ok
11:29:10.0062 5292 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:29:10.0078 5292 Microsoft Office Groove Audit Service - ok
11:29:10.0125 5292 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:29:10.0265 5292 mnmdd - ok
11:29:10.0296 5292 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:29:10.0437 5292 mnmsrvc - ok
11:29:10.0468 5292 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:29:10.0609 5292 Modem - ok
11:29:10.0625 5292 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:29:10.0765 5292 Mouclass - ok
11:29:10.0796 5292 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:29:10.0937 5292 mouhid - ok
11:29:11.0000 5292 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:29:11.0125 5292 MountMgr - ok
11:29:11.0203 5292 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:29:11.0218 5292 MozillaMaintenance - ok
11:29:11.0218 5292 mraid35x - ok
11:29:11.0250 5292 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:29:11.0390 5292 MRxDAV - ok
11:29:11.0437 5292 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:29:11.0468 5292 MRxSmb - ok
11:29:11.0515 5292 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:29:11.0687 5292 MSDTC - ok
11:29:11.0718 5292 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:29:11.0859 5292 Msfs - ok
11:29:11.0875 5292 MSIServer - ok
11:29:11.0906 5292 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:29:12.0062 5292 MSKSSRV - ok
11:29:12.0078 5292 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:29:12.0218 5292 MSPCLOCK - ok
11:29:12.0234 5292 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:29:12.0406 5292 MSPQM - ok
11:29:12.0437 5292 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:29:12.0578 5292 mssmbios - ok
11:29:12.0593 5292 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:29:12.0609 5292 Mup - ok
11:29:12.0640 5292 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:29:12.0765 5292 napagent - ok
11:29:12.0781 5292 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:29:12.0937 5292 NDIS - ok
11:29:13.0000 5292 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:29:13.0031 5292 NdisTapi - ok
11:29:13.0046 5292 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:29:13.0187 5292 Ndisuio - ok
11:29:13.0218 5292 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:29:13.0343 5292 NdisWan - ok
11:29:13.0406 5292 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:29:13.0421 5292 NDProxy - ok
11:29:13.0453 5292 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:29:13.0578 5292 NetBIOS - ok
11:29:13.0609 5292 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:29:13.0750 5292 NetBT - ok
11:29:13.0781 5292 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:29:13.0921 5292 NetDDE - ok
11:29:13.0937 5292 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:29:14.0109 5292 NetDDEdsdm - ok
11:29:14.0156 5292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:29:14.0296 5292 Netlogon - ok
11:29:14.0343 5292 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:29:14.0484 5292 Netman - ok
11:29:14.0531 5292 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:29:14.0546 5292 NetTcpPortSharing - ok
11:29:14.0578 5292 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:29:14.0718 5292 NIC1394 - ok
11:29:14.0750 5292 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:29:14.0796 5292 Nla - ok
11:29:14.0875 5292 [ 8DD0CDB0C700992D10169D8769EF5F43 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
11:29:14.0906 5292 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
11:29:14.0906 5292 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
11:29:14.0968 5292 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
11:29:15.0031 5292 nmwcd - ok
11:29:15.0078 5292 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
11:29:15.0171 5292 nmwcdc - ok
11:29:15.0203 5292 [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys
11:29:15.0296 5292 nmwcdnsu - ok
11:29:15.0312 5292 [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
11:29:15.0390 5292 nmwcdnsuc - ok
11:29:15.0406 5292 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:29:15.0546 5292 Npfs - ok
11:29:15.0593 5292 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
11:29:15.0656 5292 NSCIRDA - ok
11:29:15.0718 5292 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:29:15.0859 5292 Ntfs - ok
11:29:15.0890 5292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:29:16.0031 5292 NtLmSsp - ok
11:29:16.0078 5292 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:29:16.0218 5292 NtmsSvc - ok
11:29:16.0234 5292 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:29:16.0390 5292 Null - ok
11:29:16.0421 5292 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:29:16.0578 5292 NwlnkFlt - ok
11:29:16.0593 5292 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:29:16.0750 5292 NwlnkFwd - ok
11:29:16.0859 5292 [ C4E28CEF489AAFD0E4CA734DC78CA77D ] O&O Defrag C:\WINDOWS\system32\oodag.exe
11:29:16.0921 5292 O&O Defrag - ok
11:29:17.0046 5292 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:29:17.0078 5292 odserv - ok
11:29:17.0125 5292 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:29:17.0265 5292 ohci1394 - ok
11:29:17.0328 5292 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:29:17.0343 5292 ose - ok
11:29:17.0375 5292 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:29:17.0500 5292 Parport - ok
11:29:17.0515 5292 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:29:17.0656 5292 PartMgr - ok
11:29:17.0703 5292 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:29:17.0843 5292 ParVdm - ok
11:29:17.0890 5292 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
11:29:17.0921 5292 pccsmcfd - ok
11:29:17.0968 5292 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:29:18.0109 5292 PCI - ok
11:29:18.0125 5292 PCIDump - ok
11:29:18.0156 5292 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:29:18.0281 5292 PCIIde - ok
11:29:18.0343 5292 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:29:18.0468 5292 Pcmcia - ok
11:29:18.0484 5292 PDCOMP - ok
11:29:18.0484 5292 PDFRAME - ok
11:29:18.0500 5292 PDRELI - ok
11:29:18.0515 5292 PDRFRAME - ok
11:29:18.0515 5292 perc2 - ok
11:29:18.0531 5292 perc2hib - ok
11:29:18.0578 5292 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:29:18.0609 5292 PlugPlay - ok
11:29:18.0640 5292 [ DEDEF40E1D05842639491365CB2C069E ] pmem C:\WINDOWS\System32\drivers\pmemnt.sys
11:29:18.0640 5292 pmem ( UnsignedFile.Multi.Generic ) - warning
11:29:18.0640 5292 pmem - detected UnsignedFile.Multi.Generic (1)
11:29:18.0656 5292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:29:18.0843 5292 PolicyAgent - ok
11:29:18.0890 5292 [ EB719C46A32D17C34D52E6C726F1CF8C ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
11:29:18.0890 5292 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - warning
11:29:18.0890 5292 Power Manager DBC Service - detected UnsignedFile.Multi.Generic (1)
11:29:18.0906 5292 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:29:19.0046 5292 PptpMiniport - ok
11:29:19.0093 5292 [ 1D80309FED4BABF8EA9E7B84A394348B ] PROCDD C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
11:29:19.0109 5292 PROCDD - ok
11:29:19.0109 5292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:29:19.0250 5292 ProtectedStorage - ok
11:29:19.0296 5292 [ AAC08DEFB15AAAB00B30341C716EFA35 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys
11:29:19.0328 5292 psadd - ok
11:29:19.0343 5292 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:29:19.0484 5292 PSched - ok
11:29:19.0500 5292 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:29:19.0640 5292 Ptilink - ok
11:29:19.0656 5292 [ 93C49354CEB0828F5D286E50BB767EB2 ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
11:29:19.0671 5292 PwmEWSvc ( UnsignedFile.Multi.Generic ) - warning
11:29:19.0671 5292 PwmEWSvc - detected UnsignedFile.Multi.Generic (1)
11:29:19.0671 5292 ql1080 - ok
11:29:19.0687 5292 Ql10wnt - ok
11:29:19.0703 5292 ql12160 - ok
11:29:19.0718 5292 ql1240 - ok
11:29:19.0718 5292 ql1280 - ok
11:29:19.0750 5292 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:29:19.0875 5292 RasAcd - ok
11:29:19.0921 5292 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:29:20.0093 5292 RasAuto - ok
11:29:20.0125 5292 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:29:20.0187 5292 Rasirda - ok
11:29:20.0203 5292 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:29:20.0343 5292 Rasl2tp - ok
11:29:20.0375 5292 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:29:20.0515 5292 RasMan - ok
11:29:20.0531 5292 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:29:20.0671 5292 RasPppoe - ok
11:29:20.0687 5292 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:29:20.0828 5292 Raspti - ok
11:29:20.0859 5292 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:29:21.0015 5292 Rdbss - ok
11:29:21.0031 5292 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:29:21.0156 5292 RDPCDD - ok
11:29:21.0203 5292 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:29:21.0343 5292 rdpdr - ok
11:29:21.0390 5292 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:29:21.0421 5292 RDPWD - ok
11:29:21.0468 5292 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:29:21.0609 5292 RDSessMgr - ok
11:29:21.0625 5292 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:29:21.0750 5292 redbook - ok
11:29:21.0812 5292 [ 89CBF999FC5FCAF3C8B2C79B0594434F ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
11:29:21.0828 5292 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
11:29:21.0828 5292 RegSrvc - detected UnsignedFile.Multi.Generic (1)
11:29:21.0890 5292 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:29:22.0046 5292 RemoteAccess - ok
11:29:22.0062 5292 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:29:22.0203 5292 RemoteRegistry - ok
11:29:22.0250 5292 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
11:29:22.0281 5292 rimsptsk - ok
11:29:22.0312 5292 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:29:22.0453 5292 RpcLocator - ok
11:29:22.0484 5292 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:29:22.0531 5292 RpcSs - ok
11:29:22.0546 5292 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:29:22.0703 5292 RSVP - ok
11:29:22.0765 5292 [ E118CF6BC4949D4A389026F15A9F3C95 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
11:29:22.0859 5292 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
11:29:22.0859 5292 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
11:29:22.0890 5292 [ F275EE6061E444CAA7137AEFB2C27A03 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:29:22.0921 5292 s24trans - ok
11:29:22.0953 5292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:29:23.0093 5292 SamSs - ok
11:29:23.0125 5292 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:29:23.0265 5292 SCardSvr - ok
11:29:23.0312 5292 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:29:23.0453 5292 Schedule - ok
11:29:23.0484 5292 [ D1FACB3C7D12F439C18EF01AA88C2A9D ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:29:23.0515 5292 sdbus - ok
11:29:23.0531 5292 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:29:23.0593 5292 Secdrv - ok
11:29:23.0640 5292 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:29:23.0781 5292 seclogon - ok
11:29:23.0812 5292 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:29:23.0968 5292 SENS - ok
11:29:23.0984 5292 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
11:29:24.0125 5292 Serial - ok
11:29:24.0218 5292 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
11:29:24.0250 5292 ServiceLayer - ok
11:29:24.0296 5292 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:29:24.0437 5292 Sfloppy - ok
11:29:24.0484 5292 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:29:24.0609 5292 SharedAccess - ok
11:29:24.0656 5292 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:29:24.0687 5292 ShellHWDetection - ok
11:29:24.0718 5292 [ 1624530D05155F4E5A4736531523BFF5 ] Shockprf C:\WINDOWS\system32\DRIVERS\Apsx86.sys
11:29:24.0750 5292 Shockprf - ok
11:29:24.0750 5292 Simbad - ok
11:29:24.0796 5292 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
11:29:24.0828 5292 SkypeUpdate - ok
11:29:24.0859 5292 [ 26341D0DD225D19FD50E0EE3C3C77502 ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
11:29:24.0859 5292 Smapint ( UnsignedFile.Multi.Generic ) - warning
11:29:24.0859 5292 Smapint - detected UnsignedFile.Multi.Generic (1)
11:29:24.0937 5292 [ 0B9C01236D25BDCB37AA79DC59DFB7D3 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
11:29:24.0953 5292 smihlp - ok
11:29:24.0968 5292 Sparrow - ok
11:29:25.0031 5292 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:29:25.0171 5292 splitter - ok
11:29:25.0218 5292 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:29:25.0250 5292 Spooler - ok
11:29:25.0328 5292 [ 15B827792F8E8B96E1B4D148103E3186 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
11:29:25.0328 5292 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 15B827792F8E8B96E1B4D148103E3186
11:29:25.0328 5292 sptd ( LockedFile.Multi.Generic ) - warning
11:29:25.0328 5292 sptd - detected LockedFile.Multi.Generic (1)
11:29:25.0375 5292 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:29:25.0453 5292 sr - ok
11:29:25.0484 5292 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:29:25.0546 5292 srservice - ok
11:29:25.0578 5292 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:29:25.0609 5292 Srv - ok
11:29:25.0640 5292 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:29:25.0718 5292 SSDPSRV - ok
11:29:25.0781 5292 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:29:25.0921 5292 stisvc - ok
11:29:26.0062 5292 [ C2191C1A5DFED0795E3D3B68905B195B ] SUService c:\program files\lenovo\system update\suservice.exe
11:29:26.0062 5292 SUService ( UnsignedFile.Multi.Generic ) - warning
11:29:26.0062 5292 SUService - detected UnsignedFile.Multi.Generic (1)
11:29:26.0093 5292 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:29:26.0218 5292 swenum - ok
11:29:26.0265 5292 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:29:26.0406 5292 swmidi - ok
11:29:26.0421 5292 SwPrv - ok
11:29:26.0437 5292 symc810 - ok
11:29:26.0437 5292 symc8xx - ok
11:29:26.0453 5292 sym_hi - ok
11:29:26.0468 5292 sym_u3 - ok
11:29:26.0500 5292 [ 003358D830A76DFE3803FB353B8FD87B ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:29:26.0531 5292 SynTP - ok
11:29:26.0546 5292 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:29:26.0671 5292 sysaudio - ok
11:29:26.0703 5292 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:29:26.0843 5292 SysmonLog - ok
11:29:26.0890 5292 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:29:27.0031 5292 TapiSrv - ok
11:29:27.0062 5292 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:29:27.0093 5292 Tcpip - ok
11:29:27.0125 5292 [ 58E3EB5A5C78740C5870EEE6648CCC46 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
11:29:27.0140 5292 TcUsb - ok
11:29:27.0171 5292 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:29:27.0328 5292 TDPIPE - ok
11:29:27.0375 5292 [ 564B337034271B7BDDCABFDDC91C6B7A ] TDSMAPI C:\WINDOWS\system32\drivers\TDSMAPI.SYS
11:29:27.0375 5292 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
11:29:27.0375 5292 TDSMAPI - detected UnsignedFile.Multi.Generic (1)
11:29:27.0390 5292 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:29:27.0515 5292 TDTCP - ok
11:29:27.0578 5292 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:29:27.0703 5292 TermDD - ok
11:29:27.0734 5292 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:29:27.0890 5292 TermService - ok
11:29:27.0906 5292 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:29:27.0937 5292 Themes - ok
11:29:28.0062 5292 [ 9626746A9B120D2ED537DD8D76278405 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
11:29:28.0109 5292 ThinkVantage Registry Monitor Service - ok
11:29:28.0156 5292 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:29:28.0218 5292 TlntSvr - ok
11:29:28.0234 5292 TosIde - ok
11:29:28.0250 5292 [ D2378FBBD668D9FE9B6B5E3139D506D3 ] TPDIGIMN C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
11:29:28.0265 5292 TPDIGIMN - ok
11:29:28.0312 5292 [ A34A1E6B5461273846D30F5898602A72 ] TPHDEXLGSVC C:\WINDOWS\system32\TPHDEXLG.exe
11:29:28.0328 5292 TPHDEXLGSVC - ok
11:29:28.0359 5292 [ 8AEF2188630F5ECD79AD9ABBA630630B ] TPHKDRV C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
11:29:28.0390 5292 TPHKDRV - ok
11:29:28.0437 5292 [ 88D609BFDEB7E013E9E491434190BA43 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
11:29:28.0437 5292 TPHKLOAD ( UnsignedFile.Multi.Generic ) - warning
11:29:28.0437 5292 TPHKLOAD - detected UnsignedFile.Multi.Generic (1)
11:29:28.0468 5292 [ 9E6E4A9789F76593CC5A6A5AF8FC5929 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
11:29:28.0484 5292 TPHKSVC - ok
11:29:28.0515 5292 [ DFB268FF0A6DCB9280015FF527F892FF ] TpKmpSVC C:\WINDOWS\system32\TpKmpSVC.exe
11:29:28.0531 5292 TpKmpSVC ( UnsignedFile.Multi.Generic ) - warning
11:29:28.0531 5292 TpKmpSVC - detected UnsignedFile.Multi.Generic (1)
11:29:28.0562 5292 [ C037817E2498D9DB736E4BA355B1F4E7 ] TPPWRIF C:\WINDOWS\system32\drivers\Tppwrif.sys
11:29:28.0578 5292 TPPWRIF - ok
11:29:28.0609 5292 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:29:28.0750 5292 TrkWks - ok
11:29:28.0859 5292 [ 44D5BE1651390476C5EDB3B5DF28DE30 ] TSSCoreService C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
11:29:28.0890 5292 TSSCoreService - ok
11:29:29.0046 5292 [ 6658D32CBEBC606E4BACCCF4A6B4FD63 ] TuneUp.Defrag C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
11:29:29.0062 5292 TuneUp.Defrag - ok
11:29:29.0125 5292 [ 243F1C2CF7CAE07F035FE45E5B855C8E ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
11:29:29.0171 5292 TuneUp.UtilitiesSvc - ok
11:29:29.0218 5292 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
11:29:29.0234 5292 TuneUpUtilitiesDrv - ok
11:29:29.0312 5292 [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
11:29:29.0421 5292 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
11:29:29.0421 5292 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
11:29:29.0468 5292 [ 8AB24D4B7DA715C2C80455137910E792 ] TVTI2C C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
11:29:29.0515 5292 TVTI2C - ok
11:29:29.0562 5292 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:29:29.0687 5292 Udfs - ok
11:29:29.0703 5292 ultra - ok
11:29:29.0765 5292 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:29:29.0906 5292 Update - ok
11:29:29.0921 5292 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:29:30.0015 5292 upnphost - ok
11:29:30.0062 5292 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
11:29:30.0140 5292 upperdev - ok
11:29:30.0171 5292 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:29:30.0328 5292 UPS - ok
11:29:30.0359 5292 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:29:30.0484 5292 usbccgp - ok
11:29:30.0531 5292 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:29:30.0671 5292 usbehci - ok
11:29:30.0687 5292 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:29:30.0843 5292 usbhub - ok
11:29:30.0890 5292 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
11:29:31.0031 5292 usbser - ok
11:29:31.0062 5292 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
11:29:31.0140 5292 UsbserFilt - ok
11:29:31.0203 5292 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:29:31.0359 5292 USBSTOR - ok
11:29:31.0375 5292 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:29:31.0531 5292 usbuhci - ok
11:29:31.0578 5292 [ E7B2EF9B4A4A177CCDEC670E348AF633 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
11:29:31.0609 5292 UxTuneUp - ok
11:29:31.0640 5292 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:29:31.0781 5292 VgaSave - ok
11:29:31.0796 5292 ViaIde - ok
11:29:31.0828 5292 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:29:31.0968 5292 VolSnap - ok
11:29:32.0015 5292 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:29:32.0125 5292 VSS - ok
11:29:32.0234 5292 [ A22ABD73E0D6BA666CBA4E86EEB001B3 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
11:29:32.0312 5292 w29n51 - ok
11:29:32.0375 5292 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:29:32.0531 5292 W32Time - ok
11:29:32.0562 5292 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:29:32.0703 5292 Wanarp - ok
11:29:32.0765 5292 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
11:29:32.0812 5292 Wdf01000 - ok
11:29:32.0812 5292 WDICA - ok
11:29:32.0859 5292 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:29:33.0015 5292 wdmaud - ok
11:29:33.0031 5292 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:29:33.0187 5292 WebClient - ok
11:29:33.0234 5292 [ AFCEA7939925378F867DDE6AF76F3924 ] WIBUKEY C:\WINDOWS\system32\DRIVERS\WibuKey.sys
11:29:33.0250 5292 WIBUKEY ( UnsignedFile.Multi.Generic ) - warning
11:29:33.0250 5292 WIBUKEY - detected UnsignedFile.Multi.Generic (1)
11:29:33.0296 5292 [ 115946A53B62A6B171FD0ED197C71D52 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:29:33.0328 5292 winachsf - ok
11:29:33.0406 5292 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
11:29:33.0421 5292 WinDefend - ok
11:29:33.0500 5292 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:29:33.0640 5292 winmgmt - ok
11:29:33.0687 5292 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:29:33.0718 5292 WmdmPmSN - ok
11:29:33.0781 5292 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:29:33.0859 5292 Wmi - ok
11:29:33.0890 5292 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:29:34.0046 5292 WmiApSrv - ok
11:29:34.0078 5292 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
11:29:34.0093 5292 WpdUsb - ok
11:29:34.0171 5292 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:29:34.0218 5292 WPFFontCache_v0400 - ok
11:29:34.0296 5292 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:29:34.0421 5292 WS2IFSL - ok
11:29:34.0468 5292 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:29:34.0609 5292 wscsvc - ok
11:29:34.0656 5292 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:29:34.0796 5292 wuauserv - ok
11:29:34.0828 5292 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:29:34.0859 5292 WudfPf - ok
11:29:34.0890 5292 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:29:34.0921 5292 WudfRd - ok
11:29:34.0937 5292 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:29:34.0968 5292 WudfSvc - ok
11:29:35.0015 5292 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:29:35.0203 5292 WZCSVC - ok
11:29:35.0250 5292 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:29:35.0406 5292 xmlprov - ok
11:29:35.0453 5292 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
11:29:35.0484 5292 ZTEusbmdm6k - ok
11:29:35.0515 5292 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
11:29:35.0531 5292 ZTEusbnmea - ok
11:29:35.0546 5292 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
11:29:35.0578 5292 ZTEusbser6k - ok
11:29:35.0593 5292 ================ Scan global ===============================
11:29:35.0625 5292 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:29:35.0671 5292 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:29:35.0687 5292 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:29:35.0703 5292 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:29:35.0718 5292 [Global] - ok
11:29:35.0718 5292 ================ Scan MBR ==================================
11:29:35.0734 5292 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:29:36.0046 5292 \Device\Harddisk0\DR0 - ok
11:29:36.0062 5292 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR3
11:29:36.0203 5292 \Device\Harddisk1\DR3 - ok
11:29:36.0203 5292 ================ Scan VBR ==================================
11:29:36.0203 5292 [ AA27011B77C32F7CCDA01D32CEA1975F ] \Device\Harddisk0\DR0\Partition1
11:29:36.0203 5292 \Device\Harddisk0\DR0\Partition1 - ok
11:29:36.0234 5292 [ 45F435EBA7F7CCBCF9237C00B54C55F9 ] \Device\Harddisk0\DR0\Partition2
11:29:36.0234 5292 \Device\Harddisk0\DR0\Partition2 - ok
11:29:36.0250 5292 [ 130BE5B70ED19ACC8AC7CE77FD27A9CD ] \Device\Harddisk1\DR3\Partition1
11:29:36.0250 5292 \Device\Harddisk1\DR3\Partition1 - ok
11:29:36.0250 5292 ============================================================
11:29:36.0250 5292 Scan finished
11:29:36.0250 5292 ============================================================
11:29:36.0265 1236 Detected object count: 20
11:29:36.0265 1236 Actual detected object count: 20
11:29:08.0640 5292 isapnp - ok
11:29:08.0718 5292 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:29:08.0750 5292 JavaQuickStarterService - ok
11:29:08.0781 5292 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:29:08.0937 5292 Kbdclass - ok
11:29:08.0984 5292 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:29:09.0140 5292 kmixer - ok
11:29:09.0187 5292 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:29:09.0218 5292 KSecDD - ok
11:29:09.0265 5292 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:29:09.0312 5292 LanmanServer - ok
11:29:09.0359 5292 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:29:09.0406 5292 lanmanworkstation - ok
11:29:09.0406 5292 lbrtfdc - ok
11:29:09.0500 5292 [ FCE735941DA27929DBFC1918F286FFD8 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
11:29:09.0515 5292 LENOVO.MICMUTE - ok
11:29:09.0531 5292 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\WINDOWS\system32\DRIVERS\smiif32.sys
11:29:09.0546 5292 lenovo.smi - ok
11:29:09.0562 5292 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:29:09.0703 5292 LmHosts - ok
11:29:09.0734 5292 [ 0B058116D3D4ECCA7DED38F16E0581B2 ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
11:29:09.0765 5292 massfilter - ok
11:29:09.0796 5292 [ A027DE1E6C11BD2DAF61F6F276B2299F ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:29:09.0812 5292 mdmxsdk - ok
11:29:09.0859 5292 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:29:09.0984 5292 Messenger - ok
11:29:10.0062 5292 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:29:10.0078 5292 Microsoft Office Groove Audit Service - ok
11:29:10.0125 5292 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:29:10.0265 5292 mnmdd - ok
11:29:10.0296 5292 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:29:10.0437 5292 mnmsrvc - ok
11:29:10.0468 5292 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:29:10.0609 5292 Modem - ok
11:29:10.0625 5292 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:29:10.0765 5292 Mouclass - ok
11:29:10.0796 5292 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:29:10.0937 5292 mouhid - ok
11:29:11.0000 5292 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:29:11.0125 5292 MountMgr - ok
11:29:11.0203 5292 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:29:11.0218 5292 MozillaMaintenance - ok
11:29:11.0218 5292 mraid35x - ok
11:29:11.0250 5292 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:29:11.0390 5292 MRxDAV - ok
11:29:11.0437 5292 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:29:11.0468 5292 MRxSmb - ok
11:29:11.0515 5292 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:29:11.0687 5292 MSDTC - ok
11:29:11.0718 5292 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:29:11.0859 5292 Msfs - ok
11:29:11.0875 5292 MSIServer - ok
11:29:11.0906 5292 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:29:12.0062 5292 MSKSSRV - ok
11:29:12.0078 5292 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:29:12.0218 5292 MSPCLOCK - ok
11:29:12.0234 5292 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:29:12.0406 5292 MSPQM - ok
11:29:12.0437 5292 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:29:12.0578 5292 mssmbios - ok
11:29:12.0593 5292 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:29:12.0609 5292 Mup - ok
11:29:12.0640 5292 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:29:12.0765 5292 napagent - ok
11:29:12.0781 5292 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:29:12.0937 5292 NDIS - ok
11:29:13.0000 5292 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:29:13.0031 5292 NdisTapi - ok
11:29:13.0046 5292 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:29:13.0187 5292 Ndisuio - ok
11:29:13.0218 5292 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:29:13.0343 5292 NdisWan - ok
11:29:13.0406 5292 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:29:13.0421 5292 NDProxy - ok
11:29:13.0453 5292 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:29:13.0578 5292 NetBIOS - ok
11:29:13.0609 5292 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:29:13.0750 5292 NetBT - ok
11:29:13.0781 5292 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:29:13.0921 5292 NetDDE - ok
11:29:13.0937 5292 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:29:14.0109 5292 NetDDEdsdm - ok
11:29:14.0156 5292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:29:14.0296 5292 Netlogon - ok
11:29:14.0343 5292 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:29:14.0484 5292 Netman - ok
11:29:14.0531 5292 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:29:14.0546 5292 NetTcpPortSharing - ok
11:29:14.0578 5292 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:29:14.0718 5292 NIC1394 - ok
11:29:14.0750 5292 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:29:14.0796 5292 Nla - ok
11:29:14.0875 5292 [ 8DD0CDB0C700992D10169D8769EF5F43 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
11:29:14.0906 5292 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
11:29:14.0906 5292 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
11:29:14.0968 5292 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
11:29:15.0031 5292 nmwcd - ok
11:29:15.0078 5292 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
11:29:15.0171 5292 nmwcdc - ok
11:29:15.0203 5292 [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys
11:29:15.0296 5292 nmwcdnsu - ok
11:29:15.0312 5292 [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
11:29:15.0390 5292 nmwcdnsuc - ok
11:29:15.0406 5292 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:29:15.0546 5292 Npfs - ok
11:29:15.0593 5292 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
11:29:15.0656 5292 NSCIRDA - ok
11:29:15.0718 5292 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:29:15.0859 5292 Ntfs - ok
11:29:15.0890 5292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:29:16.0031 5292 NtLmSsp - ok
11:29:16.0078 5292 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:29:16.0218 5292 NtmsSvc - ok
11:29:16.0234 5292 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:29:16.0390 5292 Null - ok
11:29:16.0421 5292 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:29:16.0578 5292 NwlnkFlt - ok
11:29:16.0593 5292 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:29:16.0750 5292 NwlnkFwd - ok
11:29:16.0859 5292 [ C4E28CEF489AAFD0E4CA734DC78CA77D ] O&O Defrag C:\WINDOWS\system32\oodag.exe
11:29:16.0921 5292 O&O Defrag - ok
11:29:17.0046 5292 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:29:17.0078 5292 odserv - ok
11:29:17.0125 5292 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:29:17.0265 5292 ohci1394 - ok
11:29:17.0328 5292 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:29:17.0343 5292 ose - ok
11:29:17.0375 5292 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:29:17.0500 5292 Parport - ok
11:29:17.0515 5292 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:29:17.0656 5292 PartMgr - ok
11:29:17.0703 5292 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:29:17.0843 5292 ParVdm - ok
11:29:17.0890 5292 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
11:29:17.0921 5292 pccsmcfd - ok
11:29:17.0968 5292 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:29:18.0109 5292 PCI - ok
11:29:18.0125 5292 PCIDump - ok
11:29:18.0156 5292 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:29:18.0281 5292 PCIIde - ok
11:29:18.0343 5292 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:29:18.0468 5292 Pcmcia - ok
11:29:18.0484 5292 PDCOMP - ok
11:29:18.0484 5292 PDFRAME - ok
11:29:18.0500 5292 PDRELI - ok
11:29:18.0515 5292 PDRFRAME - ok
11:29:18.0515 5292 perc2 - ok
11:29:18.0531 5292 perc2hib - ok
11:29:18.0578 5292 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:29:18.0609 5292 PlugPlay - ok
11:29:18.0640 5292 [ DEDEF40E1D05842639491365CB2C069E ] pmem C:\WINDOWS\System32\drivers\pmemnt.sys
11:29:18.0640 5292 pmem ( UnsignedFile.Multi.Generic ) - warning
11:29:18.0640 5292 pmem - detected UnsignedFile.Multi.Generic (1)
11:29:18.0656 5292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:29:18.0843 5292 PolicyAgent - ok
11:29:18.0890 5292 [ EB719C46A32D17C34D52E6C726F1CF8C ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
11:29:18.0890 5292 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - warning
11:29:18.0890 5292 Power Manager DBC Service - detected UnsignedFile.Multi.Generic (1)
11:29:18.0906 5292 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:29:19.0046 5292 PptpMiniport - ok
11:29:19.0093 5292 [ 1D80309FED4BABF8EA9E7B84A394348B ] PROCDD C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
11:29:19.0109 5292 PROCDD - ok
11:29:19.0109 5292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:29:19.0250 5292 ProtectedStorage - ok
11:29:19.0296 5292 [ AAC08DEFB15AAAB00B30341C716EFA35 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys
11:29:19.0328 5292 psadd - ok
11:29:19.0343 5292 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:29:19.0484 5292 PSched - ok
11:29:19.0500 5292 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:29:19.0640 5292 Ptilink - ok
11:29:19.0656 5292 [ 93C49354CEB0828F5D286E50BB767EB2 ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
11:29:19.0671 5292 PwmEWSvc ( UnsignedFile.Multi.Generic ) - warning
11:29:19.0671 5292 PwmEWSvc - detected UnsignedFile.Multi.Generic (1)
11:29:19.0671 5292 ql1080 - ok
11:29:19.0687 5292 Ql10wnt - ok
11:29:19.0703 5292 ql12160 - ok
11:29:19.0718 5292 ql1240 - ok
11:29:19.0718 5292 ql1280 - ok
11:29:19.0750 5292 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:29:19.0875 5292 RasAcd - ok
11:29:19.0921 5292 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:29:20.0093 5292 RasAuto - ok
11:29:20.0125 5292 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:29:20.0187 5292 Rasirda - ok
11:29:20.0203 5292 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:29:20.0343 5292 Rasl2tp - ok
11:29:20.0375 5292 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:29:20.0515 5292 RasMan - ok
11:29:20.0531 5292 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:29:20.0671 5292 RasPppoe - ok
11:29:20.0687 5292 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:29:20.0828 5292 Raspti - ok
11:29:20.0859 5292 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:29:21.0015 5292 Rdbss - ok
11:29:21.0031 5292 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:29:21.0156 5292 RDPCDD - ok
11:29:21.0203 5292 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:29:21.0343 5292 rdpdr - ok
11:29:21.0390 5292 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:29:21.0421 5292 RDPWD - ok
11:29:21.0468 5292 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:29:21.0609 5292 RDSessMgr - ok
11:29:21.0625 5292 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:29:21.0750 5292 redbook - ok
11:29:21.0812 5292 [ 89CBF999FC5FCAF3C8B2C79B0594434F ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
11:29:21.0828 5292 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
11:29:21.0828 5292 RegSrvc - detected UnsignedFile.Multi.Generic (1)
11:29:21.0890 5292 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:29:22.0046 5292 RemoteAccess - ok
11:29:22.0062 5292 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:29:22.0203 5292 RemoteRegistry - ok
11:29:22.0250 5292 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
11:29:22.0281 5292 rimsptsk - ok
11:29:22.0312 5292 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:29:22.0453 5292 RpcLocator - ok
11:29:22.0484 5292 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:29:22.0531 5292 RpcSs - ok
11:29:22.0546 5292 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:29:22.0703 5292 RSVP - ok
11:29:22.0765 5292 [ E118CF6BC4949D4A389026F15A9F3C95 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
11:29:22.0859 5292 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
11:29:22.0859 5292 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
11:29:22.0890 5292 [ F275EE6061E444CAA7137AEFB2C27A03 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:29:22.0921 5292 s24trans - ok
11:29:22.0953 5292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:29:23.0093 5292 SamSs - ok
11:29:23.0125 5292 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:29:23.0265 5292 SCardSvr - ok
11:29:23.0312 5292 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:29:23.0453 5292 Schedule - ok
11:29:23.0484 5292 [ D1FACB3C7D12F439C18EF01AA88C2A9D ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:29:23.0515 5292 sdbus - ok
11:29:23.0531 5292 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:29:23.0593 5292 Secdrv - ok
11:29:23.0640 5292 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:29:23.0781 5292 seclogon - ok
11:29:23.0812 5292 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:29:23.0968 5292 SENS - ok
11:29:23.0984 5292 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
11:29:24.0125 5292 Serial - ok
11:29:24.0218 5292 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
11:29:24.0250 5292 ServiceLayer - ok
11:29:24.0296 5292 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:29:24.0437 5292 Sfloppy - ok
11:29:24.0484 5292 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:29:24.0609 5292 SharedAccess - ok
11:29:24.0656 5292 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:29:24.0687 5292 ShellHWDetection - ok
11:29:24.0718 5292 [ 1624530D05155F4E5A4736531523BFF5 ] Shockprf C:\WINDOWS\system32\DRIVERS\Apsx86.sys
11:29:24.0750 5292 Shockprf - ok
11:29:24.0750 5292 Simbad - ok
11:29:24.0796 5292 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
11:29:24.0828 5292 SkypeUpdate - ok
11:29:24.0859 5292 [ 26341D0DD225D19FD50E0EE3C3C77502 ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
11:29:24.0859 5292 Smapint ( UnsignedFile.Multi.Generic ) - warning
11:29:24.0859 5292 Smapint - detected UnsignedFile.Multi.Generic (1)
11:29:24.0937 5292 [ 0B9C01236D25BDCB37AA79DC59DFB7D3 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
11:29:24.0953 5292 smihlp - ok
11:29:24.0968 5292 Sparrow - ok
11:29:25.0031 5292 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:29:25.0171 5292 splitter - ok
11:29:25.0218 5292 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:29:25.0250 5292 Spooler - ok
11:29:25.0328 5292 [ 15B827792F8E8B96E1B4D148103E3186 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
11:29:25.0328 5292 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 15B827792F8E8B96E1B4D148103E3186
11:29:25.0328 5292 sptd ( LockedFile.Multi.Generic ) - warning
11:29:25.0328 5292 sptd - detected LockedFile.Multi.Generic (1)
11:29:25.0375 5292 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:29:25.0453 5292 sr - ok
11:29:25.0484 5292 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:29:25.0546 5292 srservice - ok
11:29:25.0578 5292 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:29:25.0609 5292 Srv - ok
11:29:25.0640 5292 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:29:25.0718 5292 SSDPSRV - ok
11:29:25.0781 5292 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:29:25.0921 5292 stisvc - ok
11:29:26.0062 5292 [ C2191C1A5DFED0795E3D3B68905B195B ] SUService c:\program files\lenovo\system update\suservice.exe
11:29:26.0062 5292 SUService ( UnsignedFile.Multi.Generic ) - warning
11:29:26.0062 5292 SUService - detected UnsignedFile.Multi.Generic (1)
11:29:26.0093 5292 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:29:26.0218 5292 swenum - ok
11:29:26.0265 5292 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:29:26.0406 5292 swmidi - ok
11:29:26.0421 5292 SwPrv - ok
11:29:26.0437 5292 symc810 - ok
11:29:26.0437 5292 symc8xx - ok
11:29:26.0453 5292 sym_hi - ok
11:29:26.0468 5292 sym_u3 - ok
11:29:26.0500 5292 [ 003358D830A76DFE3803FB353B8FD87B ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:29:26.0531 5292 SynTP - ok
11:29:26.0546 5292 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:29:26.0671 5292 sysaudio - ok
11:29:26.0703 5292 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:29:26.0843 5292 SysmonLog - ok
11:29:26.0890 5292 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:29:27.0031 5292 TapiSrv - ok
11:29:27.0062 5292 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:29:27.0093 5292 Tcpip - ok
11:29:27.0125 5292 [ 58E3EB5A5C78740C5870EEE6648CCC46 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
11:29:27.0140 5292 TcUsb - ok
11:29:27.0171 5292 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:29:27.0328 5292 TDPIPE - ok
11:29:27.0375 5292 [ 564B337034271B7BDDCABFDDC91C6B7A ] TDSMAPI C:\WINDOWS\system32\drivers\TDSMAPI.SYS
11:29:27.0375 5292 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
11:29:27.0375 5292 TDSMAPI - detected UnsignedFile.Multi.Generic (1)
11:29:27.0390 5292 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:29:27.0515 5292 TDTCP - ok
11:29:27.0578 5292 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:29:27.0703 5292 TermDD - ok
11:29:27.0734 5292 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:29:27.0890 5292 TermService - ok
11:29:27.0906 5292 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:29:27.0937 5292 Themes - ok
11:29:28.0062 5292 [ 9626746A9B120D2ED537DD8D76278405 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
11:29:28.0109 5292 ThinkVantage Registry Monitor Service - ok
11:29:28.0156 5292 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:29:28.0218 5292 TlntSvr - ok
11:29:28.0234 5292 TosIde - ok
11:29:28.0250 5292 [ D2378FBBD668D9FE9B6B5E3139D506D3 ] TPDIGIMN C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
11:29:28.0265 5292 TPDIGIMN - ok
11:29:28.0312 5292 [ A34A1E6B5461273846D30F5898602A72 ] TPHDEXLGSVC C:\WINDOWS\system32\TPHDEXLG.exe
11:29:28.0328 5292 TPHDEXLGSVC - ok
11:29:28.0359 5292 [ 8AEF2188630F5ECD79AD9ABBA630630B ] TPHKDRV C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
11:29:28.0390 5292 TPHKDRV - ok
11:29:28.0437 5292 [ 88D609BFDEB7E013E9E491434190BA43 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
11:29:28.0437 5292 TPHKLOAD ( UnsignedFile.Multi.Generic ) - warning
11:29:28.0437 5292 TPHKLOAD - detected UnsignedFile.Multi.Generic (1)
11:29:28.0468 5292 [ 9E6E4A9789F76593CC5A6A5AF8FC5929 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
11:29:28.0484 5292 TPHKSVC - ok
11:29:28.0515 5292 [ DFB268FF0A6DCB9280015FF527F892FF ] TpKmpSVC C:\WINDOWS\system32\TpKmpSVC.exe
11:29:28.0531 5292 TpKmpSVC ( UnsignedFile.Multi.Generic ) - warning
11:29:28.0531 5292 TpKmpSVC - detected UnsignedFile.Multi.Generic (1)
11:29:28.0562 5292 [ C037817E2498D9DB736E4BA355B1F4E7 ] TPPWRIF C:\WINDOWS\system32\drivers\Tppwrif.sys
11:29:28.0578 5292 TPPWRIF - ok
11:29:28.0609 5292 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:29:28.0750 5292 TrkWks - ok
11:29:28.0859 5292 [ 44D5BE1651390476C5EDB3B5DF28DE30 ] TSSCoreService C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
11:29:28.0890 5292 TSSCoreService - ok
11:29:29.0046 5292 [ 6658D32CBEBC606E4BACCCF4A6B4FD63 ] TuneUp.Defrag C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
11:29:29.0062 5292 TuneUp.Defrag - ok
11:29:29.0125 5292 [ 243F1C2CF7CAE07F035FE45E5B855C8E ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
11:29:29.0171 5292 TuneUp.UtilitiesSvc - ok
11:29:29.0218 5292 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
11:29:29.0234 5292 TuneUpUtilitiesDrv - ok
11:29:29.0312 5292 [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
11:29:29.0421 5292 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
11:29:29.0421 5292 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
11:29:29.0468 5292 [ 8AB24D4B7DA715C2C80455137910E792 ] TVTI2C C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
11:29:29.0515 5292 TVTI2C - ok
11:29:29.0562 5292 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:29:29.0687 5292 Udfs - ok
11:29:29.0703 5292 ultra - ok
11:29:29.0765 5292 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:29:29.0906 5292 Update - ok
11:29:29.0921 5292 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:29:30.0015 5292 upnphost - ok
11:29:30.0062 5292 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
11:29:30.0140 5292 upperdev - ok
11:29:30.0171 5292 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:29:30.0328 5292 UPS - ok
11:29:30.0359 5292 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:29:30.0484 5292 usbccgp - ok
11:29:30.0531 5292 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:29:30.0671 5292 usbehci - ok
11:29:30.0687 5292 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:29:30.0843 5292 usbhub - ok
11:29:30.0890 5292 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
11:29:31.0031 5292 usbser - ok
11:29:31.0062 5292 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
11:29:31.0140 5292 UsbserFilt - ok
11:29:31.0203 5292 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:29:31.0359 5292 USBSTOR - ok
11:29:31.0375 5292 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:29:31.0531 5292 usbuhci - ok
11:29:31.0578 5292 [ E7B2EF9B4A4A177CCDEC670E348AF633 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
11:29:31.0609 5292 UxTuneUp - ok
11:29:31.0640 5292 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:29:31.0781 5292 VgaSave - ok
11:29:31.0796 5292 ViaIde - ok
11:29:31.0828 5292 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:29:31.0968 5292 VolSnap - ok
11:29:32.0015 5292 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:29:32.0125 5292 VSS - ok
11:29:32.0234 5292 [ A22ABD73E0D6BA666CBA4E86EEB001B3 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
11:29:32.0312 5292 w29n51 - ok
11:29:32.0375 5292 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:29:32.0531 5292 W32Time - ok
11:29:32.0562 5292 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:29:32.0703 5292 Wanarp - ok
11:29:32.0765 5292 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
11:29:32.0812 5292 Wdf01000 - ok
11:29:32.0812 5292 WDICA - ok
11:29:32.0859 5292 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:29:33.0015 5292 wdmaud - ok
11:29:33.0031 5292 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:29:33.0187 5292 WebClient - ok
11:29:33.0234 5292 [ AFCEA7939925378F867DDE6AF76F3924 ] WIBUKEY C:\WINDOWS\system32\DRIVERS\WibuKey.sys
11:29:33.0250 5292 WIBUKEY ( UnsignedFile.Multi.Generic ) - warning
11:29:33.0250 5292 WIBUKEY - detected UnsignedFile.Multi.Generic (1)
11:29:33.0296 5292 [ 115946A53B62A6B171FD0ED197C71D52 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:29:33.0328 5292 winachsf - ok
11:29:33.0406 5292 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
11:29:33.0421 5292 WinDefend - ok
11:29:33.0500 5292 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:29:33.0640 5292 winmgmt - ok
11:29:33.0687 5292 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:29:33.0718 5292 WmdmPmSN - ok
11:29:33.0781 5292 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:29:33.0859 5292 Wmi - ok
11:29:33.0890 5292 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:29:34.0046 5292 WmiApSrv - ok
11:29:34.0078 5292 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
11:29:34.0093 5292 WpdUsb - ok
11:29:34.0171 5292 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:29:34.0218 5292 WPFFontCache_v0400 - ok
11:29:34.0296 5292 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:29:34.0421 5292 WS2IFSL - ok
11:29:34.0468 5292 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:29:34.0609 5292 wscsvc - ok
11:29:34.0656 5292 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:29:34.0796 5292 wuauserv - ok
11:29:34.0828 5292 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:29:34.0859 5292 WudfPf - ok
11:29:34.0890 5292 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:29:34.0921 5292 WudfRd - ok
11:29:34.0937 5292 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:29:34.0968 5292 WudfSvc - ok
11:29:35.0015 5292 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:29:35.0203 5292 WZCSVC - ok
11:29:35.0250 5292 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:29:35.0406 5292 xmlprov - ok
11:29:35.0453 5292 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
11:29:35.0484 5292 ZTEusbmdm6k - ok
11:29:35.0515 5292 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
11:29:35.0531 5292 ZTEusbnmea - ok
11:29:35.0546 5292 [ 28FB86AD7CC64AE5639E6E87F3B017D9 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
11:29:35.0578 5292 ZTEusbser6k - ok
11:29:35.0593 5292 ================ Scan global ===============================
11:29:35.0625 5292 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:29:35.0671 5292 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:29:35.0687 5292 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:29:35.0703 5292 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:29:35.0718 5292 [Global] - ok
11:29:35.0718 5292 ================ Scan MBR ==================================
11:29:35.0734 5292 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:29:36.0046 5292 \Device\Harddisk0\DR0 - ok
11:29:36.0062 5292 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR3
11:29:36.0203 5292 \Device\Harddisk1\DR3 - ok
11:29:36.0203 5292 ================ Scan VBR ==================================
11:29:36.0203 5292 [ AA27011B77C32F7CCDA01D32CEA1975F ] \Device\Harddisk0\DR0\Partition1
11:29:36.0203 5292 \Device\Harddisk0\DR0\Partition1 - ok
11:29:36.0234 5292 [ 45F435EBA7F7CCBCF9237C00B54C55F9 ] \Device\Harddisk0\DR0\Partition2
11:29:36.0234 5292 \Device\Harddisk0\DR0\Partition2 - ok
11:29:36.0250 5292 [ 130BE5B70ED19ACC8AC7CE77FD27A9CD ] \Device\Harddisk1\DR3\Partition1
11:29:36.0250 5292 \Device\Harddisk1\DR3\Partition1 - ok
11:29:36.0250 5292 ============================================================
11:29:36.0250 5292 Scan finished
11:29:36.0250 5292 ============================================================
11:29:36.0265 1236 Detected object count: 20
11:29:36.0265 1236 Actual detected object count: 20
Re: Skype virus Rsit,Rkill, Combofix
Dobrý večer,
prosím o radu, jak se zbavit viru,
Děkuji.
prosím o radu, jak se zbavit viru,
Děkuji.
Re: Skype virus Rsit,Rkill, Combofix
Je nedele, na foru je hruza uzivatelu, i my mame sve rodiny, pritelkyne apod... Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Search
- Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Skype virus Rsit,Rkill, Combofix
Děkuji za Váš čas, posílám log.
# AdwCleaner v2.004 - Logfile created 11/06/2012 at 19:29:50
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Gocik - GOCA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Gocik\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Documents and Settings\Gocik\Application Data\pdfforge
***** [Registry] *****
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Software
***** [Internet Browsers] *****
-\\ Internet Explorer v6.0.2900.5512
[OK] Registry is clean.
-\\ Mozilla Firefox v15.0.1 (cs)
Profile name : default
File : C:\Documents and Settings\Gocik\Application Data\Mozilla\Firefox\Profiles\dx04kuyk.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1103 octets] - [06/11/2012 19:29:50]
########## EOF - C:\AdwCleaner[R1].txt - [1163 octets] ##########
# AdwCleaner v2.004 - Logfile created 11/06/2012 at 19:29:50
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Gocik - GOCA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Gocik\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Documents and Settings\Gocik\Application Data\pdfforge
***** [Registry] *****
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Software
***** [Internet Browsers] *****
-\\ Internet Explorer v6.0.2900.5512
[OK] Registry is clean.
-\\ Mozilla Firefox v15.0.1 (cs)
Profile name : default
File : C:\Documents and Settings\Gocik\Application Data\Mozilla\Firefox\Profiles\dx04kuyk.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1103 octets] - [06/11/2012 19:29:50]
########## EOF - C:\AdwCleaner[R1].txt - [1163 octets] ##########
Re: Skype virus Rsit,Rkill, Combofix
Spustte znovu AdwCleaner
- Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
- Kliknete na Delete
- PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Skype virus Rsit,Rkill, Combofix
# AdwCleaner v2.004 - Logfile created 11/06/2012 at 19:36:03
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Gocik - GOCA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Gocik\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\Gocik\Application Data\pdfforge
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Software
***** [Internet Browsers] *****
-\\ Internet Explorer v6.0.2900.5512
[OK] Registry is clean.
-\\ Mozilla Firefox v15.0.1 (cs)
Profile name : default
File : C:\Documents and Settings\Gocik\Application Data\Mozilla\Firefox\Profiles\dx04kuyk.default\prefs.js
C:\Documents and Settings\Gocik\Application Data\Mozilla\Firefox\Profiles\dx04kuyk.default\user.js ... Deleted !
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1232 octets] - [06/11/2012 19:29:50]
AdwCleaner[S1].txt - [1293 octets] - [06/11/2012 19:36:03]
########## EOF - C:\AdwCleaner[S1].txt - [1353 octets] ##########
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Gocik - GOCA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Gocik\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\Gocik\Application Data\pdfforge
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Software
***** [Internet Browsers] *****
-\\ Internet Explorer v6.0.2900.5512
[OK] Registry is clean.
-\\ Mozilla Firefox v15.0.1 (cs)
Profile name : default
File : C:\Documents and Settings\Gocik\Application Data\Mozilla\Firefox\Profiles\dx04kuyk.default\prefs.js
C:\Documents and Settings\Gocik\Application Data\Mozilla\Firefox\Profiles\dx04kuyk.default\user.js ... Deleted !
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1232 octets] - [06/11/2012 19:29:50]
AdwCleaner[S1].txt - [1293 octets] - [06/11/2012 19:36:03]
########## EOF - C:\AdwCleaner[S1].txt - [1353 octets] ##########
Re: Skype virus Rsit,Rkill, Combofix
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Collect:: c:\documents and settings\Gocik\Application Data\20.exe c:\documents and settings\Gocik\Application Data\Bpfmfn.exe Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=- "Infium"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] File:: c:\windows\Tasks\Adobe Flash Player Updater.job c:\windows\Tasks\Automatic troubleshooting.job c:\windows\Tasks\avast! Emergency Update.job c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job c:\windows\Tasks\MP Scheduled Scan.job c:\windows\Tasks\PMTask.job Firefox:: FF - ProfilePath - c:\documents and settings\Gocik\Application Data\Mozilla\Firefox\Profiles\dx04kuyk.default\ FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 RegNull:: [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] Driver:: gupdate gupdatem ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Skype virus Rsit,Rkill, Combofix
ComboFix 12-10-04.02 - Gocik 06.11.2012 21:54:45.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2046.1402 [GMT 1:00]
Spuštěný z: c:\documents and settings\Gocik\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Gocik\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\Automatic troubleshooting.job"
"c:\windows\Tasks\avast! Emergency Update.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\MP Scheduled Scan.job"
"c:\windows\Tasks\PMTask.job"
.
file zipped: c:\documents and settings\Gocik\Application Data\20.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Gocik\Application Data\20.exe
c:\documents and settings\Gocik\Application Data\app
c:\documents and settings\Gocik\Application Data\app\Jerakine_lang.dat
c:\documents and settings\Gocik\Application Data\app\Jerakine_lang_vesrion.dat
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\Automatic troubleshooting.job
c:\windows\Tasks\avast! Emergency Update.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\MP Scheduled Scan.job
c:\windows\Tasks\PMTask.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-06 do 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 09:20 . 2012-11-06 09:21 -------- d-----w- C:\rsit
2012-11-06 09:20 . 2012-11-06 09:21 -------- d-----w- c:\program files\trend micro
2012-11-05 07:49 . 2012-09-18 22:59 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{761483E7-2480-4E96-ADAD-E6097A3E0B34}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-23 11:01 . 2012-04-01 17:42 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-23 11:01 . 2012-02-02 22:55 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-18 22:59 . 2012-02-03 20:20 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-30 20:29 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:29 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:29 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-28 13:00 . 2008-04-14 12:00 369664 ----a-w- c:\windows\system32\html.iec
2012-08-21 09:13 . 2012-02-02 17:35 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-02-02 17:35 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-02 17:35 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-02 17:35 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-02-02 17:35 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-02-02 17:35 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-02-02 17:35 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-02-02 17:35 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-02-02 17:34 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-02-02 17:34 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-24 10:18 . 2012-02-02 18:33 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2012-08-22 1368768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-09-30 2295080]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-04-19 759144]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-12-07 15:27 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2010-09-17 16:54 425984 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
2010-09-17 16:51 176128 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-08-03 15:35 2630968 ----a-w- c:\program files\Lenovo\Client Security Solution\cssauth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2008-11-03 10:45 2540800 ----a-w- c:\windows\system32\oodtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC Strong\\StrongDC.exe"=
"c:\\Program Files\\QIP 2012\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 13\\ArchiCAD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [3.2.2012 9:48 25968]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2012 11:28 664064]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [29.3.2011 19:12 20592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.2.2012 18:35 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.2.2012 18:35 355632]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [3.2.2012 9:49 13680]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [22.8.2012 15:59 123320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.2.2012 18:35 21256]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [3.2.2012 9:48 292200]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [3.2.2012 9:48 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [3.2.2012 9:48 143360]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13.3.2009 13:47 12560]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [3.2.2012 9:49 99328]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [3.2.2012 9:49 64440]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.11.2009 10:34 1021256]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.5.2007 15:59 30336]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [3.2.2012 9:49 45496]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1.4.2012 18:42 250288]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [9.5.2012 18:59 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [20.5.2012 11:44 114144]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25.2.2012 9:12 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25.2.2012 9:12 8576]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.172.1 213.192.60.6 213.192.60.5
FF - ProfilePath - c:\documents and settings\Gocik\Application Data\Mozilla\Firefox\Profiles\dx04kuyk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-06 22:02
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1460)
c:\windows\system32\Ati2evxx.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
.
- - - - - - - > 'lsass.exe'(1552)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(5928)
c:\windows\system32\netprovcredman.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
.
**************************************************************************
.
Celkový čas: 2012-11-06 22:06:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-06 21:06
ComboFix2.txt 2012-11-06 09:48
.
Před spuštěním: 19 957 833 728 bytes free
Po spuštění: 19 946 033 152 bytes free
.
- - End Of File - - 827C8F7D2476EBA52283BA24E492C303
Nahr nˇ probŘhlo ŁspŘçnŘ
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2046.1402 [GMT 1:00]
Spuštěný z: c:\documents and settings\Gocik\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Gocik\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\Automatic troubleshooting.job"
"c:\windows\Tasks\avast! Emergency Update.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\MP Scheduled Scan.job"
"c:\windows\Tasks\PMTask.job"
.
file zipped: c:\documents and settings\Gocik\Application Data\20.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Gocik\Application Data\20.exe
c:\documents and settings\Gocik\Application Data\app
c:\documents and settings\Gocik\Application Data\app\Jerakine_lang.dat
c:\documents and settings\Gocik\Application Data\app\Jerakine_lang_vesrion.dat
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\Automatic troubleshooting.job
c:\windows\Tasks\avast! Emergency Update.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\MP Scheduled Scan.job
c:\windows\Tasks\PMTask.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-06 do 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 09:20 . 2012-11-06 09:21 -------- d-----w- C:\rsit
2012-11-06 09:20 . 2012-11-06 09:21 -------- d-----w- c:\program files\trend micro
2012-11-05 07:49 . 2012-09-18 22:59 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{761483E7-2480-4E96-ADAD-E6097A3E0B34}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-23 11:01 . 2012-04-01 17:42 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-23 11:01 . 2012-02-02 22:55 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-18 22:59 . 2012-02-03 20:20 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-30 20:29 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:29 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:29 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-28 13:00 . 2008-04-14 12:00 369664 ----a-w- c:\windows\system32\html.iec
2012-08-21 09:13 . 2012-02-02 17:35 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-02-02 17:35 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-02 17:35 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-02 17:35 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-02-02 17:35 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-02-02 17:35 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-02-02 17:35 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-02-02 17:35 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-02-02 17:34 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-02-02 17:34 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-24 10:18 . 2012-02-02 18:33 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2012-08-22 1368768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-09-30 2295080]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-04-19 759144]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-12-07 15:27 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2010-09-17 16:54 425984 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
2010-09-17 16:51 176128 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-08-03 15:35 2630968 ----a-w- c:\program files\Lenovo\Client Security Solution\cssauth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2008-11-03 10:45 2540800 ----a-w- c:\windows\system32\oodtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC Strong\\StrongDC.exe"=
"c:\\Program Files\\QIP 2012\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 13\\ArchiCAD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [3.2.2012 9:48 25968]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2012 11:28 664064]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [29.3.2011 19:12 20592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.2.2012 18:35 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.2.2012 18:35 355632]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [3.2.2012 9:49 13680]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [22.8.2012 15:59 123320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.2.2012 18:35 21256]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [3.2.2012 9:48 292200]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [3.2.2012 9:48 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [3.2.2012 9:48 143360]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13.3.2009 13:47 12560]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [3.2.2012 9:49 99328]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [3.2.2012 9:49 64440]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.11.2009 10:34 1021256]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.5.2007 15:59 30336]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [3.2.2012 9:49 45496]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1.4.2012 18:42 250288]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [9.5.2012 18:59 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [20.5.2012 11:44 114144]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25.2.2012 9:12 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25.2.2012 9:12 8576]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.172.1 213.192.60.6 213.192.60.5
FF - ProfilePath - c:\documents and settings\Gocik\Application Data\Mozilla\Firefox\Profiles\dx04kuyk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-06 22:02
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1460)
c:\windows\system32\Ati2evxx.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
.
- - - - - - - > 'lsass.exe'(1552)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(5928)
c:\windows\system32\netprovcredman.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
.
**************************************************************************
.
Celkový čas: 2012-11-06 22:06:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-06 21:06
ComboFix2.txt 2012-11-06 09:48
.
Před spuštěním: 19 957 833 728 bytes free
Po spuštění: 19 946 033 152 bytes free
.
- - End Of File - - 827C8F7D2476EBA52283BA24E492C303
Nahr nˇ probŘhlo ŁspŘçnŘ
Přispějete na provoz fóra?