Prosím o kontrollu Vyřešeno

[joseee]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:53:11, on 5.4.2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Programy\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\trend micro\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.3.5.6:8080
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Users\Aqwertz\AppData\Local\Temp\nro.tmp\"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Opera.lnk = C:\Program Files\Opera\opera.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programy\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programy\ICQ7.1\ICQ.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate1ca89a4acfcf020) (gupdate1ca89a4acfcf020) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
O23 - Service: Upsagent - UPS Monitor (Upsagent) - Unknown owner - C:\Program\elteco\Upsmon\Upsag_nt.exe (file missing)

--
End of file - 5942 bytes

[Reklama]

[joseee]

Ted jsem zjistil ze na google Chrome to slape.

[Orcus]

Co na něm šlape? Nechytám souvislosti.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

===================================================

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

====================================================

Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[joseee]

Presne jsem to vedel ze to tu nepoberete, ale to neeeeeeee přesunout cele vlakno nechteli.
Mrkni tady viewtopic.php?f=3&t=130169

[joseee]

Malwarebytes' Anti-Malware jsem uz pouzil v minulem vlakne a bylo mi receno dat vsechno do karanteny.
Adwceaner mi tedkom bezi, tedy jestli to bezi, klikl jsem na scan a nic se zatim nedeje.
ATF cleaner jsem uz taky pouzil.
Jestli mi to vytvori ten log tak ho sem za chvili dam.

[joseee]

# AdwCleaner v3.023 - Report created 06/04/2014 at 08:49:46
# Updated 01/04/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Aqwertz - AQWERTZ-PC
# Running from : C:\Users\Aqwertz\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Aqwertz\AppData\Roaming\Mozilla\Firefox\Profiles\apk9mtfy.default\searchplugins\icqplugin.src
Folder Found : C:\Users\Aqwertz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
Folder Found : C:\Users\Aqwertz\AppData\Roaming\Mozilla\Firefox\Profiles\apk9mtfy.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Folder Found C:\Program Files\Common Files\ParetoLogic
Folder Found C:\Program Files\DAEMON Tools Toolbar
Folder Found C:\Program Files\ICQ6Toolbar
Folder Found C:\Program Files\Optimizer Pro
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\DriverCure
Folder Found C:\ProgramData\ICQ\ICQToolbar
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\ProgramData\StarApp
Folder Found C:\Users\Aqwertz\AppData\Local\GamePlayLabs Plugin
Folder Found C:\Users\Aqwertz\AppData\Roaming\DefaultTab
Folder Found C:\Users\Aqwertz\AppData\Roaming\DriverCure

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\dt soft\daemon tools toolbar
Key Found : HKCU\Software\GamePlayLabs
Key Found : HKCU\Software\ICQ\ICQToolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Key Found : HKLM\Software\ICQ\ICQToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Speedchecker Limited
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18943

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://www.dalesearch.com/?babsrc=NT_ss ... 0&tsp=5034

-\\ Mozilla Firefox v

[ File : C:\Users\Aqwertz\AppData\Roaming\Mozilla\Firefox\Profiles\apk9mtfy.default\prefs.js ]

Line Found : user_pref("browser.startup.homepage", "hxxp://www.daemon-search.com/startpage|hxxp://start.icq.com/");
Line Found : user_pref("icqtoolbar.allowSendURL", false);
Line Found : user_pref("icqtoolbar.engineVerified", false);
Line Found : user_pref("icqtoolbar.geolastmodified", 1289062452);
Line Found : user_pref("icqtoolbar.hiddenElements", "itb_options");
Line Found : user_pref("icqtoolbar.history", "stahuj");
Line Found : user_pref("icqtoolbar.icqgeo", 42);
Line Found : user_pref("icqtoolbar.installTime", "1280306854");
Line Found : user_pref("icqtoolbar.installsource", "1");
Line Found : user_pref("icqtoolbar.newtab_state", "1");
Line Found : user_pref("icqtoolbar.numberOfSearches", 0);
Line Found : user_pref("icqtoolbar.previousFFVersion", "3.5.13");
Line Found : user_pref("icqtoolbar.skip_default_search", "no");
Line Found : user_pref("icqtoolbar.suggestions", false);
Line Found : user_pref("icqtoolbar.uniqueID", "127956895612795689561280306854105");
Line Found : user_pref("icqtoolbar.usageStatstTimestamp", 1289444816);
Line Found : user_pref("icqtoolbar.version", "2.0.0.2");
Line Found : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Found : user_pref("icqtoolbar.xmlLanguage", "cs");
Line Found : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Aqwertz\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6570 octets] - [05/04/2014 22:37:59]
AdwCleaner[R1].txt - [6630 octets] - [05/04/2014 23:32:30]
AdwCleaner[R2].txt - [6550 octets] - [06/04/2014 08:49:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [6610 octets] ##########

[memphisto]

V adw nech vše smazat a dodej log po smazání

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[joseee]

Tak v adw dám clean, kousek uběhne a pak se nic neděje. Zkusím na něco kliknout a program se zastaví a hlásí, že neodpovídá.
Zkusil jsem to třikrát a stejný průběh.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Aqwertz on ne 06.04.2014 at 12:00:01,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\escort.escrtbtn
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\escort.escrtbtn.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\optimizer pro_is1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 06.04.2014 at 12:03:21,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[joseee]

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Aqwertz [Admin rights]
Mode : Scan -- Date : 04/06/2014 12:08:22
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] JRT.exe -- C:\Users\Aqwertz\Desktop\JRT.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (10.3.5.6:8080 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤
[OP][PROXY] operaprefs : Proxy\HTTP server = 10.3.5.6:8080 -> FOUND
[OP][PROXY] operaprefs : Proxy\Use HTTP = 1 -> FOUND

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x854EC1F8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x854EC1F8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x854EC1F8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x854EC1F8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x854EC1F8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x854EC1F8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x854EC1F8)
[Address] EAT @explorer.exe (DllCanUnloadNow) : fastprox.dll -> HOOKED (C:\Windows\system32\wbem\wbemsvc.dll @ 0x706293B2)
[Address] EAT @explorer.exe (DllGetClassObject) : fastprox.dll -> HOOKED (C:\Windows\system32\wbem\wbemsvc.dll @ 0x70629375)
[Address] EAT @explorer.exe (DllRegisterServer) : fastprox.dll -> HOOKED (C:\Windows\system32\wbem\wbemsvc.dll @ 0x70629554)
[Address] EAT @explorer.exe (DllUnregisterServer) : fastprox.dll -> HOOKED (C:\Windows\system32\wbem\wbemsvc.dll @ 0x706296B8)
[Address] EAT @explorer.exe (EvtArchiveExportedLog) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545EE44)
[Address] EAT @explorer.exe (EvtCancel) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545E241)
[Address] EAT @explorer.exe (EvtClearLog) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545EBA1)
[Address] EAT @explorer.exe (EvtClose) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75444F34)
[Address] EAT @explorer.exe (EvtCreateBookmark) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544B6B0)
[Address] EAT @explorer.exe (EvtCreateRenderContext) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75446B14)
[Address] EAT @explorer.exe (EvtExportLog) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545ECD3)
[Address] EAT @explorer.exe (EvtFormatMessage) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544EBFF)
[Address] EAT @explorer.exe (EvtGetChannelConfigProperty) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544F1B8)
[Address] EAT @explorer.exe (EvtGetEventInfo) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545E33B)
[Address] EAT @explorer.exe (EvtGetEventMetadataProperty) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545E4EF)
[Address] EAT @explorer.exe (EvtGetExtendedStatus) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545DC0C)
[Address] EAT @explorer.exe (EvtGetLogInfo) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544F467)
[Address] EAT @explorer.exe (EvtGetObjectArrayProperty) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544E533)
[Address] EAT @explorer.exe (EvtGetObjectArraySize) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544E4C5)
[Address] EAT @explorer.exe (EvtGetPublisherMetadataProperty) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544E439)
[Address] EAT @explorer.exe (EvtGetQueryInfo) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545DF35)
[Address] EAT @explorer.exe (EvtIntAssertConfig) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545F8E5)
[Address] EAT @explorer.exe (EvtIntCreateLocalLogfile) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545F7D8)
[Address] EAT @explorer.exe (EvtIntGetClassicLogDisplayName) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544F2BF)
[Address] EAT @explorer.exe (EvtIntRenderResourceEventTemplate) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545F395)
[Address] EAT @explorer.exe (EvtIntReportAuthzEventAndSourceAsync) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7546041C)
[Address] EAT @explorer.exe (EvtIntReportEventAndSourceAsync) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x754603E6)
[Address] EAT @explorer.exe (EvtIntRetractConfig) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545F9EE)
[Address] EAT @explorer.exe (EvtIntSysprepCleanup) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545F0F1)
[Address] EAT @explorer.exe (EvtIntWriteXmlEventToLocalLogfile) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545FE7B)
[Address] EAT @explorer.exe (EvtNext) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75446A74)
[Address] EAT @explorer.exe (EvtNextChannelPath) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75450517)
[Address] EAT @explorer.exe (EvtNextEventMetadata) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545E3D8)
[Address] EAT @explorer.exe (EvtNextPublisherId) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75450314)
[Address] EAT @explorer.exe (EvtOpenChannelConfig) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544F005)
[Address] EAT @explorer.exe (EvtOpenChannelEnum) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75451B53)
[Address] EAT @explorer.exe (EvtOpenEventMetadataEnum) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545DE28)
[Address] EAT @explorer.exe (EvtOpenLog) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544F55C)
[Address] EAT @explorer.exe (EvtOpenPublisherEnum) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x754503BD)
[Address] EAT @explorer.exe (EvtOpenPublisherMetadata) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544E140)
[Address] EAT @explorer.exe (EvtOpenSession) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544D2FB)
[Address] EAT @explorer.exe (EvtQuery) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544FB59)
[Address] EAT @explorer.exe (EvtRender) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75447A42)
[Address] EAT @explorer.exe (EvtSaveChannelConfig) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545DC8C)
[Address] EAT @explorer.exe (EvtSeek) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545E6A4)
[Address] EAT @explorer.exe (EvtSetChannelConfigProperty) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545DD52)
[Address] EAT @explorer.exe (EvtSetObjectArrayProperty) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545E5D5)
[Address] EAT @explorer.exe (EvtSubscribe) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75446648)
[Address] EAT @explorer.exe (EvtUpdateBookmark) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544CACF)
[Address] EAT @explorer.exe (DllCanUnloadNow) : zipfldr.dll -> HOOKED (C:\Windows\system32\imapi2.dll @ 0x6D15164C)
[Address] EAT @explorer.exe (DllGetClassObject) : zipfldr.dll -> HOOKED (C:\Windows\system32\imapi2.dll @ 0x6D153ECA)
[Address] EAT @explorer.exe (DllRegisterServer) : zipfldr.dll -> HOOKED (C:\Windows\system32\imapi2.dll @ 0x6D18B81A)
[Address] EAT @explorer.exe (DllUnregisterServer) : zipfldr.dll -> HOOKED (C:\Windows\system32\imapi2.dll @ 0x6D18B834)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS543232L9A300 ATA Device +++++
--- User ---
[MBR] 17cd95cf966a51fe0945c956cc3f6771
[BSP] 597689f9fd584ba824a36be87199a262 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 141 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 290816 | Size: 10240 MB
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21262336 | Size: 294862 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04062014_120822.txt >>

[Orcus]

Smazání v ADW proveď v nouzovém režimu.

====================================================

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "

- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Pokud se log nevejde do jedné zprávy, rozděl jej na více částí.

[joseee]

Tak v nouzovem rezimu to same. Proste se to zvejkne.



RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Aqwertz [Admin rights]
Mode : Remove -- Date : 04/06/2014 20:34:10
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] JRT.exe -- C:\Users\Aqwertz\Desktop\JRT.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x854EC1F8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x854EC1F8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x854EC1F8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x854EC1F8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x854EC1F8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x854EC1F8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x854EC1F8)
[Address] EAT @explorer.exe (DllCanUnloadNow) : fastprox.dll -> HOOKED (C:\Windows\system32\wbem\wbemsvc.dll @ 0x706293B2)
[Address] EAT @explorer.exe (DllGetClassObject) : fastprox.dll -> HOOKED (C:\Windows\system32\wbem\wbemsvc.dll @ 0x70629375)
[Address] EAT @explorer.exe (DllRegisterServer) : fastprox.dll -> HOOKED (C:\Windows\system32\wbem\wbemsvc.dll @ 0x70629554)
[Address] EAT @explorer.exe (DllUnregisterServer) : fastprox.dll -> HOOKED (C:\Windows\system32\wbem\wbemsvc.dll @ 0x706296B8)
[Address] EAT @explorer.exe (EvtArchiveExportedLog) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545EE44)
[Address] EAT @explorer.exe (EvtCancel) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545E241)
[Address] EAT @explorer.exe (EvtClearLog) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545EBA1)
[Address] EAT @explorer.exe (EvtClose) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75444F34)
[Address] EAT @explorer.exe (EvtCreateBookmark) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544B6B0)
[Address] EAT @explorer.exe (EvtCreateRenderContext) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75446B14)
[Address] EAT @explorer.exe (EvtExportLog) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545ECD3)
[Address] EAT @explorer.exe (EvtFormatMessage) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544EBFF)
[Address] EAT @explorer.exe (EvtGetChannelConfigProperty) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544F1B8)
[Address] EAT @explorer.exe (EvtGetEventInfo) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545E33B)
[Address] EAT @explorer.exe (EvtGetEventMetadataProperty) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545E4EF)
[Address] EAT @explorer.exe (EvtGetExtendedStatus) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545DC0C)
[Address] EAT @explorer.exe (EvtGetLogInfo) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544F467)
[Address] EAT @explorer.exe (EvtGetObjectArrayProperty) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544E533)
[Address] EAT @explorer.exe (EvtGetObjectArraySize) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544E4C5)
[Address] EAT @explorer.exe (EvtGetPublisherMetadataProperty) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544E439)
[Address] EAT @explorer.exe (EvtGetQueryInfo) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545DF35)
[Address] EAT @explorer.exe (EvtIntAssertConfig) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545F8E5)
[Address] EAT @explorer.exe (EvtIntCreateLocalLogfile) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545F7D8)
[Address] EAT @explorer.exe (EvtIntGetClassicLogDisplayName) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544F2BF)
[Address] EAT @explorer.exe (EvtIntRenderResourceEventTemplate) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545F395)
[Address] EAT @explorer.exe (EvtIntReportAuthzEventAndSourceAsync) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7546041C)
[Address] EAT @explorer.exe (EvtIntReportEventAndSourceAsync) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x754603E6)
[Address] EAT @explorer.exe (EvtIntRetractConfig) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545F9EE)
[Address] EAT @explorer.exe (EvtIntSysprepCleanup) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545F0F1)
[Address] EAT @explorer.exe (EvtIntWriteXmlEventToLocalLogfile) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545FE7B)
[Address] EAT @explorer.exe (EvtNext) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75446A74)
[Address] EAT @explorer.exe (EvtNextChannelPath) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75450517)
[Address] EAT @explorer.exe (EvtNextEventMetadata) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545E3D8)
[Address] EAT @explorer.exe (EvtNextPublisherId) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75450314)
[Address] EAT @explorer.exe (EvtOpenChannelConfig) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544F005)
[Address] EAT @explorer.exe (EvtOpenChannelEnum) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75451B53)
[Address] EAT @explorer.exe (EvtOpenEventMetadataEnum) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545DE28)
[Address] EAT @explorer.exe (EvtOpenLog) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544F55C)
[Address] EAT @explorer.exe (EvtOpenPublisherEnum) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x754503BD)
[Address] EAT @explorer.exe (EvtOpenPublisherMetadata) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544E140)
[Address] EAT @explorer.exe (EvtOpenSession) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544D2FB)
[Address] EAT @explorer.exe (EvtQuery) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544FB59)
[Address] EAT @explorer.exe (EvtRender) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75447A42)
[Address] EAT @explorer.exe (EvtSaveChannelConfig) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545DC8C)
[Address] EAT @explorer.exe (EvtSeek) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545E6A4)
[Address] EAT @explorer.exe (EvtSetChannelConfigProperty) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545DD52)
[Address] EAT @explorer.exe (EvtSetObjectArrayProperty) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7545E5D5)
[Address] EAT @explorer.exe (EvtSubscribe) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x75446648)
[Address] EAT @explorer.exe (EvtUpdateBookmark) : MPR.dll -> HOOKED (C:\Windows\system32\wevtapi.dll @ 0x7544CACF)
[Address] EAT @explorer.exe (DllCanUnloadNow) : zipfldr.dll -> HOOKED (C:\Windows\system32\imapi2.dll @ 0x6D15164C)
[Address] EAT @explorer.exe (DllGetClassObject) : zipfldr.dll -> HOOKED (C:\Windows\system32\imapi2.dll @ 0x6D153ECA)
[Address] EAT @explorer.exe (DllRegisterServer) : zipfldr.dll -> HOOKED (C:\Windows\system32\imapi2.dll @ 0x6D18B81A)
[Address] EAT @explorer.exe (DllUnregisterServer) : zipfldr.dll -> HOOKED (C:\Windows\system32\imapi2.dll @ 0x6D18B834)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS543232L9A300 ATA Device +++++
--- User ---
[MBR] 17cd95cf966a51fe0945c956cc3f6771
[BSP] 597689f9fd584ba824a36be87199a262 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 141 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 290816 | Size: 10240 MB
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21262336 | Size: 294862 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_04062014_203410.txt >>
RKreport[0]_S_04062014_120822.txt

[joseee]

21:00:05.0713 1156 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:00:07.0190 1156 ============================================================
21:00:07.0190 1156 Current date / time: 2014/04/06 21:00:07.0190
21:00:07.0190 1156 SystemInfo:
21:00:07.0190 1156
21:00:07.0190 1156 OS Version: 6.0.6002 ServicePack: 2.0
21:00:07.0190 1156 Product type: Workstation
21:00:07.0190 1156 ComputerName: AQWERTZ-PC
21:00:07.0191 1156 UserName: Aqwertz
21:00:07.0191 1156 Windows directory: C:\Windows
21:00:07.0191 1156 System windows directory: C:\Windows
21:00:07.0191 1156 Processor architecture: Intel x86
21:00:07.0191 1156 Number of processors: 2
21:00:07.0191 1156 Page size: 0x1000
21:00:07.0191 1156 Boot type: Normal boot
21:00:07.0191 1156 ============================================================
21:00:09.0124 1156 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:00:09.0138 1156 ============================================================
21:00:09.0138 1156 \Device\Harddisk0\DR0:
21:00:09.0153 1156 MBR partitions:
21:00:09.0153 1156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x47000, BlocksNum 0x1400000
21:00:09.0153 1156 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1447000, BlocksNum 0x23FE7000
21:00:09.0153 1156 ============================================================
21:00:09.0233 1156 C: <-> \Device\Harddisk0\DR0\Partition2
21:00:09.0305 1156 D: <-> \Device\Harddisk0\DR0\Partition1
21:00:09.0306 1156 ============================================================
21:00:09.0306 1156 Initialize success
21:00:09.0306 1156 ============================================================
21:00:11.0102 2816 ============================================================
21:00:11.0102 2816 Scan started
21:00:11.0102 2816 Mode: Manual;
21:00:11.0102 2816 ============================================================
21:00:12.0704 2816 ================ Scan system memory ========================
21:00:12.0704 2816 System memory - ok
21:00:12.0704 2816 ================ Scan services =============================
21:00:13.0343 2816 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:00:13.0348 2816 ACPI - ok
21:00:13.0467 2816 [ 9D96B0D5855FD1B98023B3EEC9F06786 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:00:13.0502 2816 AdobeFlashPlayerUpdateSvc - ok
21:00:13.0575 2816 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:00:13.0604 2816 adp94xx - ok
21:00:13.0642 2816 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:00:13.0647 2816 adpahci - ok
21:00:13.0671 2816 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:00:13.0673 2816 adpu160m - ok
21:00:13.0694 2816 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:00:13.0697 2816 adpu320 - ok
21:00:13.0729 2816 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:00:13.0730 2816 AeLookupSvc - ok
21:00:14.0255 2816 [ EF1142512BEC12F1C2C87735DA1755BE ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
21:00:14.0255 2816 AESTFilters - ok
21:00:14.0439 2816 [ A201207363AA900ABF1A388468688570 ] AFD C:\Windows\system32\drivers\afd.sys
21:00:14.0484 2816 AFD - ok
21:00:14.0534 2816 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:00:14.0560 2816 agp440 - ok
21:00:14.0604 2816 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:00:14.0607 2816 aic78xx - ok
21:00:14.0641 2816 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:00:14.0643 2816 ALG - ok
21:00:14.0666 2816 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:00:14.0667 2816 aliide - ok
21:00:14.0689 2816 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:00:14.0691 2816 amdagp - ok
21:00:14.0704 2816 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:00:14.0705 2816 amdide - ok
21:00:14.0736 2816 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:00:14.0737 2816 AmdK7 - ok
21:00:14.0768 2816 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:00:14.0770 2816 AmdK8 - ok
21:00:14.0837 2816 [ D7723A101C5CB4C0FA979E4DDA732EC0 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
21:00:14.0838 2816 ApfiltrService - ok
21:00:14.0930 2816 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:00:14.0931 2816 Appinfo - ok
21:00:14.0967 2816 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:00:14.0970 2816 arc - ok
21:00:15.0008 2816 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:00:15.0011 2816 arcsas - ok
21:00:15.0468 2816 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:00:15.0485 2816 aspnet_state - ok
21:00:15.0539 2816 [ 0AE43C6C411254049279C2EE55630F95 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
21:00:15.0539 2816 aswFsBlk - ok
21:00:15.0643 2816 [ 81E695913FEFD4E23360A69C0F151797 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
21:00:15.0643 2816 aswKbd - ok
21:00:15.0716 2816 [ 6693141560B1615D8DCCF0D8EB00087E ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
21:00:15.0717 2816 aswMonFlt - ok
21:00:15.0766 2816 [ DA12626FD9A67F4E917E2F2FBE1E1764 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
21:00:15.0767 2816 aswRdr - ok
21:00:15.0791 2816 [ DCB199B967375753B5019EC15F008F53 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
21:00:15.0795 2816 aswSnx - ok
21:00:15.0835 2816 [ B32873E5A1443C0A1E322266E203BF10 ] aswSP C:\Windows\system32\drivers\aswSP.sys
21:00:15.0837 2816 aswSP - ok
21:00:15.0866 2816 [ 6FF544175A9180C5D88534D3D9C9A9F7 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
21:00:15.0867 2816 aswTdi - ok
21:00:15.0906 2816 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:00:15.0908 2816 AsyncMac - ok
21:00:15.0944 2816 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
21:00:15.0945 2816 atapi - ok
21:00:15.0992 2816 [ 4604DB6D5ECA6362873CC3A76D2204BA ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
21:00:15.0997 2816 Ati External Event Utility - ok
21:00:16.0280 2816 [ 47DCF5D78C395159D72C65C25129FC44 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:00:16.0401 2816 atikmdag - ok
21:00:16.0534 2816 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:00:16.0555 2816 AudioEndpointBuilder - ok
21:00:16.0564 2816 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:00:16.0568 2816 Audiosrv - ok
21:00:16.0730 2816 [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:00:16.0731 2816 avast! Antivirus - ok
21:00:16.0764 2816 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:00:16.0765 2816 Beep - ok
21:00:16.0875 2816 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
21:00:16.0897 2816 BFE - ok
21:00:17.0010 2816 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
21:00:17.0025 2816 BITS - ok
21:00:17.0042 2816 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:00:17.0044 2816 blbdrive - ok
21:00:17.0078 2816 [ 74B442B2BE1260B7588C136177CEAC66 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:00:17.0080 2816 bowser - ok
21:00:17.0112 2816 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:00:17.0114 2816 BrFiltLo - ok
21:00:17.0128 2816 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:00:17.0130 2816 BrFiltUp - ok
21:00:17.0165 2816 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:00:17.0167 2816 Browser - ok
21:00:17.0188 2816 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:00:17.0190 2816 Brserid - ok
21:00:17.0205 2816 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:00:17.0207 2816 BrSerWdm - ok
21:00:17.0218 2816 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:00:17.0220 2816 BrUsbMdm - ok
21:00:17.0256 2816 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:00:17.0258 2816 BrUsbSer - ok
21:00:17.0292 2816 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:00:17.0294 2816 BthEnum - ok
21:00:17.0333 2816 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:00:17.0335 2816 BTHMODEM - ok
21:00:17.0374 2816 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:00:17.0391 2816 BthPan - ok
21:00:17.0507 2816 [ 5A3ABAA2F8EECE7AEFB942773766E3DB ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:00:17.0528 2816 BTHPORT - ok
21:00:17.0588 2816 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
21:00:17.0590 2816 BthServ - ok
21:00:17.0622 2816 [ 94E2941280E3756A5E0BCB467865C43A ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:00:17.0676 2816 BTHUSB - ok
21:00:17.0709 2816 [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:00:17.0711 2816 btwaudio - ok
21:00:17.0776 2816 [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
21:00:17.0787 2816 btwavdt - ok
21:00:17.0802 2816 [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:00:17.0804 2816 btwrchid - ok
21:00:17.0840 2816 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:00:17.0842 2816 cdfs - ok
21:00:17.0885 2816 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:00:17.0902 2816 cdrom - ok
21:00:17.0961 2816 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:00:17.0973 2816 CertPropSvc - ok
21:00:17.0996 2816 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:00:17.0997 2816 circlass - ok
21:00:18.0051 2816 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
21:00:18.0073 2816 CLFS - ok
21:00:18.0243 2816 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:00:18.0267 2816 clr_optimization_v2.0.50727_32 - ok
21:00:18.0317 2816 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:00:18.0324 2816 clr_optimization_v4.0.30319_32 - ok
21:00:18.0367 2816 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:00:18.0369 2816 CmBatt - ok
21:00:18.0409 2816 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:00:18.0411 2816 cmdide - ok
21:00:18.0433 2816 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:00:18.0434 2816 Compbatt - ok
21:00:18.0439 2816 COMSysApp - ok
21:00:18.0449 2816 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:00:18.0451 2816 crcdisk - ok
21:00:18.0473 2816 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:00:18.0474 2816 Crusoe - ok
21:00:18.0537 2816 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:00:18.0564 2816 CryptSvc - ok
21:00:18.0668 2816 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:00:18.0693 2816 DcomLaunch - ok
21:00:18.0754 2816 [ 218D8AE46C88E82014F5D73D0236D9B2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:00:18.0756 2816 DfsC - ok
21:00:19.0037 2816 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
21:00:19.0093 2816 DFSR - ok
21:00:19.0182 2816 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:00:19.0195 2816 Dhcp - ok
21:00:19.0227 2816 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
21:00:19.0229 2816 disk - ok
21:00:19.0284 2816 [ 30A08728740E71947AE1E073B5CE69B4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:00:19.0287 2816 Dnscache - ok
21:00:19.0349 2816 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:00:19.0367 2816 dot3svc - ok
21:00:19.0391 2816 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:00:19.0394 2816 DPS - ok
21:00:19.0432 2816 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:00:19.0434 2816 drmkaud - ok
21:00:19.0523 2816 [ 5C7E2097B91D689DED7A6FF90F0F3A25 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:00:19.0558 2816 DXGKrnl - ok
21:00:19.0618 2816 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
21:00:19.0622 2816 e1express - ok
21:00:19.0651 2816 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:00:19.0655 2816 E1G60 - ok
21:00:19.0697 2816 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:00:19.0700 2816 EapHost - ok
21:00:19.0784 2816 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:00:19.0826 2816 Ecache - ok
21:00:19.0933 2816 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:00:19.0960 2816 ehRecvr - ok
21:00:19.0982 2816 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
21:00:19.0985 2816 ehSched - ok
21:00:19.0994 2816 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
21:00:19.0996 2816 ehstart - ok
21:00:20.0040 2816 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:00:20.0046 2816 elxstor - ok
21:00:20.0149 2816 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:00:20.0169 2816 EMDMgmt - ok
21:00:20.0228 2816 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:00:20.0229 2816 ErrDev - ok
21:00:20.0298 2816 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
21:00:20.0335 2816 EventSystem - ok
21:00:20.0402 2816 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
21:00:20.0405 2816 exfat - ok
21:00:20.0576 2816 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:00:20.0608 2816 fastfat - ok
21:00:20.0688 2816 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:00:20.0720 2816 fdc - ok
21:00:20.0752 2816 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:00:20.0755 2816 fdPHost - ok
21:00:20.0791 2816 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:00:20.0794 2816 FDResPub - ok
21:00:20.0829 2816 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:00:20.0831 2816 FileInfo - ok
21:00:20.0847 2816 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:00:20.0849 2816 Filetrace - ok
21:00:20.0873 2816 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:00:20.0875 2816 flpydisk - ok
21:00:20.0951 2816 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:00:20.0998 2816 FltMgr - ok
21:00:21.0070 2816 [ D49705F25390265CAD9B620F55EA968C ] FontCache C:\Windows\system32\FntCache.dll
21:00:21.0088 2816 FontCache - ok
21:00:21.0194 2816 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:00:21.0217 2816 FontCache3.0.0.0 - ok
21:00:21.0258 2816 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:00:21.0259 2816 Fs_Rec - ok
21:00:21.0282 2816 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:00:21.0283 2816 gagp30kx - ok
21:00:21.0341 2816 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:00:21.0351 2816 gpsvc - ok
21:00:21.0623 2816 GPU-Z - ok
21:00:21.0759 2816 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca89a4acfcf020 C:\Program Files\Google\Update\GoogleUpdate.exe
21:00:21.0762 2816 gupdate1ca89a4acfcf020 - ok
21:00:21.0773 2816 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:00:21.0774 2816 gupdatem - ok
21:00:21.0808 2816 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:00:21.0813 2816 HdAudAddService - ok
21:00:21.0835 2816 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:00:21.0846 2816 HDAudBus - ok
21:00:21.0863 2816 [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:00:21.0864 2816 HidBth - ok
21:00:21.0911 2816 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:00:21.0922 2816 HidIr - ok
21:00:21.0964 2816 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
21:00:21.0967 2816 hidserv - ok
21:00:21.0996 2816 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:00:21.0997 2816 HidUsb - ok
21:00:22.0025 2816 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:00:22.0029 2816 hkmsvc - ok
21:00:22.0060 2816 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:00:22.0061 2816 HpCISSs - ok
21:00:22.0112 2816 [ 4D6EB87DCABFD66221822F49CFD79077 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:00:22.0122 2816 HTTP - ok
21:00:22.0147 2816 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:00:22.0148 2816 i2omp - ok
21:00:22.0187 2816 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:00:22.0189 2816 i8042prt - ok
21:00:22.0225 2816 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:00:22.0231 2816 iaStorV - ok
21:00:22.0380 2816 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:00:22.0413 2816 idsvc - ok
21:00:23.0289 2816 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:00:23.0499 2816 igfx - ok
21:00:23.0596 2816 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:00:23.0639 2816 iirsp - ok
21:00:23.0770 2816 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:00:23.0783 2816 IKEEXT - ok
21:00:23.0832 2816 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
21:00:23.0834 2816 intelide - ok
21:00:23.0869 2816 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:00:23.0870 2816 intelppm - ok
21:00:23.0898 2816 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:00:23.0905 2816 IPBusEnum - ok
21:00:23.0932 2816 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:00:23.0934 2816 IpFilterDriver - ok
21:00:23.0959 2816 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:00:23.0963 2816 iphlpsvc - ok
21:00:23.0967 2816 IpInIp - ok
21:00:23.0993 2816 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:00:23.0995 2816 IPMIDRV - ok
21:00:24.0026 2816 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:00:24.0029 2816 IPNAT - ok
21:00:24.0047 2816 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:00:24.0048 2816 IRENUM - ok
21:00:24.0126 2816 [ 92D221514F48AACD01FA2C6329BBEFE1 ] IRIMAGER C:\Windows\system32\Drivers\irimager.sys
21:00:24.0137 2816 IRIMAGER - ok
21:00:24.0154 2816 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:00:24.0156 2816 isapnp - ok
21:00:24.0202 2816 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:00:24.0204 2816 iScsiPrt - ok
21:00:24.0232 2816 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:00:24.0234 2816 iteatapi - ok
21:00:24.0263 2816 [ 8BCD857C7932AD005D5F9C89329DA2E1 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
21:00:24.0265 2816 itecir - ok
21:00:24.0284 2816 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:00:24.0286 2816 iteraid - ok
21:00:24.0311 2816 [ A67E8CFCAD7D4F8B35643D6C79BA64C3 ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
21:00:24.0315 2816 k57nd60x - ok
21:00:24.0354 2816 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:00:24.0355 2816 kbdclass - ok
21:00:24.0401 2816 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:00:24.0402 2816 kbdhid - ok
21:00:24.0448 2816 [ 3978F3540329E16C0AC3BCF677E5669F ] KeyIso C:\Windows\system32\lsass.exe
21:00:24.0451 2816 KeyIso - ok
21:00:24.0586 2816 [ 86165728AF9BF72D6442A894FDFB4F8B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:00:24.0634 2816 KSecDD - ok
21:00:24.0669 2816 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:00:24.0679 2816 KtmRm - ok
21:00:24.0738 2816 [ 43446F197C74EF2030F84B3A4F39D570 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:00:24.0750 2816 LanmanServer - ok
21:00:24.0779 2816 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:00:24.0787 2816 LanmanWorkstation - ok
21:00:24.0859 2816 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:00:24.0861 2816 lltdio - ok
21:00:24.0923 2816 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:00:24.0941 2816 lltdsvc - ok
21:00:24.0957 2816 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:00:24.0960 2816 lmhosts - ok
21:00:25.0001 2816 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:00:25.0004 2816 LSI_FC - ok
21:00:25.0042 2816 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:00:25.0061 2816 LSI_SAS - ok
21:00:25.0097 2816 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:00:25.0100 2816 LSI_SCSI - ok
21:00:25.0120 2816 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:00:25.0123 2816 luafv - ok
21:00:25.0184 2816 [ 661B911FA04E73FB073FF9B1C9BD2E05 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
21:00:25.0187 2816 MBAMSwissArmy - ok
21:00:25.0243 2816 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:00:25.0257 2816 Mcx2Svc - ok
21:00:25.0294 2816 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:00:25.0307 2816 megasas - ok
21:00:25.0342 2816 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:00:25.0350 2816 MegaSR - ok
21:00:25.0381 2816 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:00:25.0384 2816 MMCSS - ok
21:00:25.0406 2816 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:00:25.0416 2816 Modem - ok
21:00:25.0446 2816 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:00:25.0447 2816 monitor - ok
21:00:25.0521 2816 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:00:25.0522 2816 mouclass - ok
21:00:25.0546 2816 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:00:25.0565 2816 mouhid - ok
21:00:25.0587 2816 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:00:25.0589 2816 MountMgr - ok
21:00:25.0628 2816 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:00:25.0631 2816 mpio - ok
21:00:25.0652 2816 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:00:25.0654 2816 mpsdrv - ok
21:00:25.0756 2816 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
21:00:25.0764 2816 MpsSvc - ok
21:00:25.0784 2816 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:00:25.0785 2816 Mraid35x - ok
21:00:25.0841 2816 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:00:25.0983 2816 MRxDAV - ok
21:00:26.0080 2816 [ 454341E652BDF5E01B0F2140232B073E ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:00:26.0093 2816 mrxsmb - ok
21:00:26.0150 2816 [ 2A4901AFF069944FA945ED5BBF4DCDE3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:00:26.0164 2816 mrxsmb10 - ok
21:00:26.0201 2816 [ 28B3F1AB44BDD4432C041581412F17D9 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:00:26.0204 2816 mrxsmb20 - ok
21:00:26.0237 2816 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
21:00:26.0238 2816 msahci - ok
21:00:26.0274 2816 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:00:26.0294 2816 msdsm - ok
21:00:26.0322 2816 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:00:26.0327 2816 MSDTC - ok
21:00:26.0356 2816 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:00:26.0357 2816 Msfs - ok
21:00:26.0401 2816 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:00:26.0416 2816 msisadrv - ok
21:00:26.0445 2816 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:00:26.0448 2816 MSiSCSI - ok
21:00:26.0452 2816 msiserver - ok
21:00:26.0493 2816 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:00:26.0505 2816 MSKSSRV - ok
21:00:26.0537 2816 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:00:26.0540 2816 MSPCLOCK - ok
21:00:26.0549 2816 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:00:26.0551 2816 MSPQM - ok
21:00:26.0627 2816 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:00:26.0679 2816 MsRPC - ok
21:00:26.0690 2816 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:00:26.0691 2816 mssmbios - ok
21:00:26.0701 2816 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:00:26.0703 2816 MSTEE - ok
21:00:26.0751 2816 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
21:00:26.0753 2816 Mup - ok
21:00:26.0808 2816 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
21:00:26.0835 2816 napagent - ok
21:00:26.0928 2816 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:00:26.0948 2816 NativeWifiP - ok
21:00:27.0037 2816 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:00:27.0046 2816 NDIS - ok
21:00:27.0064 2816 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:00:27.0066 2816 NdisTapi - ok
21:00:27.0077 2816 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:00:27.0078 2816 Ndisuio - ok
21:00:27.0150 2816 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:00:27.0176 2816 NdisWan - ok
21:00:27.0211 2816 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:00:27.0213 2816 NDProxy - ok
21:00:27.0230 2816 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:00:27.0231 2816 NetBIOS - ok
21:00:27.0295 2816 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:00:27.0318 2816 netbt - ok
21:00:27.0347 2816 [ 3978F3540329E16C0AC3BCF677E5669F ] Netlogon C:\Windows\system32\lsass.exe
21:00:27.0350 2816 Netlogon - ok
21:00:27.0449 2816 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:00:27.0459 2816 Netman - ok
21:00:27.0485 2816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:00:27.0488 2816 NetMsmqActivator - ok
21:00:27.0493 2816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:00:27.0494 2816 NetPipeActivator - ok
21:00:27.0526 2816 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:00:27.0533 2816 netprofm - ok
21:00:27.0537 2816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:00:27.0539 2816 NetTcpActivator - ok
21:00:27.0543 2816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:00:27.0545 2816 NetTcpPortSharing - ok
21:00:27.0933 2816 [ 0B214C6A4728F085FB64A29ED9C4DE94 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
21:00:28.0021 2816 NETw5v32 - ok
21:00:28.0051 2816 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:00:28.0063 2816 nfrd960 - ok
21:00:28.0086 2816 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:00:28.0106 2816 NlaSvc - ok
21:00:28.0156 2816 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:00:28.0158 2816 Npfs - ok
21:00:28.0213 2816 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:00:28.0217 2816 nsi - ok
21:00:28.0259 2816 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:00:28.0260 2816 nsiproxy - ok
21:00:28.0488 2816 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:00:28.0512 2816 Ntfs - ok
21:00:28.0601 2816 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:00:28.0627 2816 ntrigdigi - ok
21:00:28.0659 2816 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:00:28.0660 2816 Null - ok
21:00:28.0688 2816 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:00:28.0690 2816 nvraid - ok
21:00:28.0773 2816 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:00:28.0786 2816 nvstor - ok
21:00:28.0838 2816 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:00:28.0870 2816 nv_agp - ok
21:00:28.0874 2816 NwlnkFlt - ok
21:00:28.0880 2816 NwlnkFwd - ok
21:00:28.0945 2816 [ A015DD2BA6009C8BDD00A6C431302D06 ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
21:00:28.0949 2816 OA001Ufd - ok
21:00:28.0977 2816 [ 2C9410571660DFD607C863C66CA56D60 ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
21:00:28.0984 2816 OA001Vid - ok
21:00:29.0023 2816 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:00:29.0024 2816 ohci1394 - ok
21:00:29.0081 2816 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:00:29.0105 2816 p2pimsvc - ok
21:00:29.0126 2816 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:00:29.0138 2816 p2psvc - ok
21:00:29.0341 2816 [ 1011C779C9FCD01AFA96490C86A50421 ] PanService C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
21:00:29.0345 2816 PanService - ok
21:00:29.0380 2816 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:00:29.0397 2816 Parport - ok
21:00:29.0440 2816 [ 57389FA59A36D96B3EB09D0CB91E9CDC ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:00:29.0464 2816 partmgr - ok
21:00:29.0482 2816 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:00:29.0484 2816 Parvdm - ok
21:00:29.0512 2816 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:00:29.0516 2816 PcaSvc - ok
21:00:29.0585 2816 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
21:00:29.0640 2816 pci - ok
21:00:29.0671 2816 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
21:00:29.0672 2816 pciide - ok
21:00:29.0699 2816 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:00:29.0702 2816 pcmcia - ok
21:00:29.0753 2816 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:00:29.0770 2816 PEAUTH - ok
21:00:29.0848 2816 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:00:29.0886 2816 pla - ok
21:00:30.0036 2816 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:00:30.0046 2816 PlugPlay - ok
21:00:30.0068 2816 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:00:30.0076 2816 PNRPAutoReg - ok
21:00:30.0100 2816 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:00:30.0107 2816 PNRPsvc - ok
21:00:30.0190 2816 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:00:30.0208 2816 PolicyAgent - ok
21:00:30.0268 2816 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:00:30.0270 2816 PptpMiniport - ok
21:00:30.0287 2816 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
21:00:30.0289 2816 Processor - ok
21:00:30.0310 2816 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:00:30.0314 2816 ProfSvc - ok
21:00:30.0336 2816 [ 3978F3540329E16C0AC3BCF677E5669F ] ProtectedStorage C:\Windows\system32\lsass.exe
21:00:30.0339 2816 ProtectedStorage - ok
21:00:30.0400 2816 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:00:30.0419 2816 PSched - ok
21:00:30.0464 2816 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
21:00:30.0465 2816 PxHelp20 - ok
21:00:30.0538 2816 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:00:30.0571 2816 ql2300 - ok
21:00:30.0594 2816 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:00:30.0606 2816 ql40xx - ok
21:00:30.0639 2816 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:00:30.0659 2816 QWAVE - ok
21:00:30.0677 2816 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:00:30.0679 2816 QWAVEdrv - ok
21:00:31.0090 2816 [ 47DCF5D78C395159D72C65C25129FC44 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
21:00:31.0116 2816 R300 - ok
21:00:31.0192 2816 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:00:31.0346 2816 RasAcd - ok
21:00:31.0393 2816 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:00:31.0411 2816 RasAuto - ok
21:00:31.0432 2816 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:00:31.0434 2816 Rasl2tp - ok
21:00:31.0506 2816 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
21:00:31.0521 2816 RasMan - ok
21:00:31.0570 2816 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:00:31.0596 2816 RasPppoe - ok
21:00:31.0639 2816 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:00:31.0642 2816 RasSstp - ok
21:00:31.0701 2816 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:00:31.0716 2816 rdbss - ok
21:00:31.0745 2816 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:00:31.0746 2816 RDPCDD - ok
21:00:31.0766 2816 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:00:31.0771 2816 rdpdr - ok
21:00:31.0776 2816 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:00:31.0778 2816 RDPENCDD - ok
21:00:31.0937 2816 [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:00:31.0977 2816 RDPWD - ok
21:00:32.0009 2816 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:00:32.0014 2816 RemoteAccess - ok
21:00:32.0069 2816 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:00:32.0082 2816 RemoteRegistry - ok
21:00:32.0124 2816 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:00:32.0128 2816 RFCOMM - ok
21:00:32.0171 2816 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
21:00:32.0173 2816 rimmptsk - ok
21:00:32.0181 2816 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
21:00:32.0183 2816 rimsptsk - ok
21:00:32.0207 2816 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
21:00:32.0209 2816 rismxdp - ok
21:00:32.0235 2816 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:00:32.0238 2816 RpcLocator - ok
21:00:32.0259 2816 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
21:00:32.0266 2816 RpcSs - ok
21:00:32.0311 2816 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:00:32.0337 2816 rspndr - ok
21:00:32.0390 2816 [ E1AB463B36A7EF31D8A73A97A9B57AFA ] s115bus C:\Windows\system32\DRIVERS\s115bus.sys
21:00:32.0406 2816 s115bus - ok
21:00:32.0450 2816 [ E24113FC13B8737C94CF4E3415488C76 ] s115mdfl C:\Windows\system32\DRIVERS\s115mdfl.sys
21:00:32.0451 2816 s115mdfl - ok
21:00:32.0468 2816 [ 4029E49E7C673AA0670BD206B0AF1B5B ] s115mdm C:\Windows\system32\DRIVERS\s115mdm.sys
21:00:32.0471 2816 s115mdm - ok
21:00:32.0538 2816 [ EB02AB4CA8BCCECFDE236CAD8FC6E135 ] s115mgmt C:\Windows\system32\DRIVERS\s115mgmt.sys
21:00:32.0553 2816 s115mgmt - ok
21:00:32.0603 2816 [ 089869DB9FFD2AC807FA87FE82AC7761 ] s115obex C:\Windows\system32\DRIVERS\s115obex.sys
21:00:32.0607 2816 s115obex - ok
21:00:32.0676 2816 [ 06847AA6F3A9BF7C44134D00A2E578C0 ] s125bus C:\Windows\system32\DRIVERS\s125bus.sys
21:00:32.0688 2816 s125bus - ok
21:00:32.0753 2816 [ F83F88E1B125308FB5015EA0349502B0 ] s125mdfl C:\Windows\system32\DRIVERS\s125mdfl.sys
21:00:32.0763 2816 s125mdfl - ok
21:00:32.0816 2816 [ 402A97756C14940AD6AE5169C2FB105E ] s125mdm C:\Windows\system32\DRIVERS\s125mdm.sys
21:00:32.0831 2816 s125mdm - ok
21:00:32.0846 2816 [ BEDFC5707C356FD073BF1A4AFE442D91 ] s125obex C:\Windows\system32\DRIVERS\s125obex.sys
21:00:32.0849 2816 s125obex - ok
21:00:32.0869 2816 [ 3978F3540329E16C0AC3BCF677E5669F ] SamSs C:\Windows\system32\lsass.exe
21:00:32.0872 2816 SamSs - ok
21:00:32.0918 2816 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:00:32.0938 2816 sbp2port - ok
21:00:32.0983 2816 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:00:32.0988 2816 SCardSvr - ok
21:00:33.0193 2816 [ 323AE0BDFD2EB15B668DDA50CC597329 ] Schedule C:\Windows\system32\schedsvc.dll
21:00:33.0216 2816 Schedule - ok
21:00:33.0238 2816 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:00:33.0240 2816 SCPolicySvc - ok
21:00:33.0294 2816 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:00:33.0305 2816 sdbus - ok
21:00:33.0341 2816 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:00:33.0347 2816 SDRSVC - ok
21:00:33.0394 2816 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:00:33.0408 2816 secdrv - ok
21:00:33.0424 2816 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:00:33.0429 2816 seclogon - ok
21:00:33.0450 2816 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
21:00:33.0455 2816 SENS - ok
21:00:33.0503 2816 [ 95EEB5A6843238C829AAA9C05168C09C ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
21:00:33.0517 2816 Ser2pl - ok
21:00:33.0539 2816 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:00:33.0541 2816 Serenum - ok
21:00:33.0573 2816 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
21:00:33.0575 2816 Serial - ok
21:00:33.0588 2816 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:00:33.0589 2816 sermouse - ok
21:00:33.0637 2816 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:00:33.0651 2816 SessionEnv - ok
21:00:33.0664 2816 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:00:33.0666 2816 sffdisk - ok
21:00:33.0688 2816 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:00:33.0689 2816 sffp_mmc - ok
21:00:33.0715 2816 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:00:33.0716 2816 sffp_sd - ok
21:00:33.0740 2816 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:00:33.0741 2816 sfloppy - ok
21:00:33.0787 2816 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:00:33.0794 2816 SharedAccess - ok
21:00:33.0883 2816 [ C818C44C201898399BF999BB6B35D4E3 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:00:33.0906 2816 ShellHWDetection - ok
21:00:33.0940 2816 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:00:33.0942 2816 sisagp - ok
21:00:33.0967 2816 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:00:33.0969 2816 SiSRaid2 - ok
21:00:33.0987 2816 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:00:33.0990 2816 SiSRaid4 - ok
21:00:34.0261 2816 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
21:00:34.0354 2816 slsvc - ok
21:00:34.0422 2816 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:00:34.0438 2816 SLUINotify - ok
21:00:34.0495 2816 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:00:34.0505 2816 Smb - ok
21:00:34.0585 2816 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:00:34.0596 2816 SNMPTRAP - ok
21:00:34.0636 2816 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:00:34.0638 2816 spldr - ok
21:00:34.0699 2816 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
21:00:34.0718 2816 Spooler - ok
21:00:34.0842 2816 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
21:00:34.0843 2816 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
21:00:34.0845 2816 sptd ( LockedFile.Multi.Generic ) - warning
21:00:34.0846 2816 sptd - detected LockedFile.Multi.Generic (1)
21:00:34.0965 2816 [ 96A5E2C642AF8F591A7366429809506B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:00:34.0992 2816 srv - ok
21:00:34.0999 2816 [ 71DA2D64880C97E5FFC3C81761632751 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:00:35.0003 2816 srv2 - ok
21:00:35.0031 2816 [ 0C5AB1892AE0FA504218DB094BF6D041 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:00:35.0034 2816 srvnet - ok
21:00:35.0064 2816 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:00:35.0070 2816 SSDPSRV - ok
21:00:35.0108 2816 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:00:35.0114 2816 SstpSvc - ok
21:00:35.0281 2816 [ FFA85A9F3C3571AD29AC156BC6F116C5 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
21:00:35.0283 2816 STacSV - ok
21:00:35.0314 2816 [ 5AF1FEEC6945F4FA5EFD00E0C6D8F9B9 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
21:00:35.0321 2816 STHDA - ok
21:00:35.0425 2816 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
21:00:35.0438 2816 stisvc - ok
21:00:35.0488 2816 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:00:35.0489 2816 swenum - ok
21:00:35.0637 2816 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
21:00:35.0664 2816 swprv - ok
21:00:35.0704 2816 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:00:35.0706 2816 Symc8xx - ok
21:00:35.0731 2816 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:00:35.0732 2816 Sym_hi - ok
21:00:35.0748 2816 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:00:35.0750 2816 Sym_u3 - ok
21:00:35.0825 2816 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
21:00:35.0855 2816 SysMain - ok
21:00:35.0883 2816 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:00:35.0890 2816 TabletInputService - ok
21:00:35.0946 2816 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:00:35.0955 2816 TapiSrv - ok
21:00:35.0969 2816 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:00:35.0976 2816 TBS - ok
21:00:36.0099 2816 [ A474879AFA4A596B3A531F3E69730DBF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:00:36.0126 2816 Tcpip - ok
21:00:36.0144 2816 [ A474879AFA4A596B3A531F3E69730DBF ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:00:36.0152 2816 Tcpip6 - ok
21:00:36.0210 2816 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:00:36.0212 2816 tcpipreg - ok
21:00:36.0241 2816 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:00:36.0243 2816 TDPIPE - ok
21:00:36.0261 2816 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:00:36.0263 2816 TDTCP - ok
21:00:36.0306 2816 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys