Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Win32/Rootkit.Whistler.A

This is a discussion on Win32/Rootkit.Whistler.A within the Resolved HJT Threads forums, part of the Tech Support Forum category. So i got an old computer with xp as OS. My AntiVirus, Eset NOD32 detected this Virus but couldnt remove


 
 
Thread Tools Search this Thread
Old 03-25-2012, 01:02 PM   #1
Registered Member
 
Join Date: Mar 2012
Posts: 16
OS: xp



So i got an old computer with xp as OS. My AntiVirus, Eset NOD32 detected this Virus but couldnt remove it. I cant say i have runningproblems with the virus, ok it freezes some times but no problem. But i read they can steal password an so on, so no god at all.

Ive checked out the NEW INSTRUCTIONS and got some logs if anyone want to help me out.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Ägaren at 18:02:19 on 2012-03-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1534.821 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
c:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe
C:\Program\InterVideo\Common\Bin\WinRemote.exe
C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Delade filer\Java\Java Update\jusched.exe
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program\QuickTime\QTTask.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Delade filer\Java\Java Update\jucheck.exe
c:\program\delade filer\installshield\updateservice\isuspm.exe
c:\Program\Delade filer\InstallShield\UpdateService\agent.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Real\RealPlayer\update\realsched.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Ägaren.DITT-DA7685D135\Skrivbord\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aftonbladet.se/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program\utorrentbar\prxtbuTo2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP-vy: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program\hp\digital imaging\bin\HPDTLK02.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program\utorrentbar\prxtbuTo2.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools] "d:\program\daemon tools\daemon.exe" -lang 1033
uRun: [Skype] "c:\program\skype\phone\Skype.exe" /nosplash /minimized
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HPHUPD06] c:\program\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Home Theater SchSvr] "c:\program\delade filer\intervideo\schsvr\SchSvr.exe"
mRun: [WINREMOTE] c:\program\intervideo\common\bin\WinRemote.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [CTDVDDET] c:\program\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [ISUSPM Startup] c:\program\delade~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program\delade filer\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"
mRun: [egui] "c:\program\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [TkBellExe] "c:\program\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program\delade filer\apple\apple application support\APSDaemon.exe"
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\hpdigi~1.lnk - c:\program\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - d:\program\microsoft office\office10\OSA.EXE
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{7763E172-E453-4320-84E5-8E75CBE931AE} : DhcpNameServer = 83.255.245.11 193.150.193.150
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2011-7-9 3332784]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-11-16 95896]
R2 ekrn;ESET Service;c:\program\eset\eset nod32 antivirus\ekrn.exe [2010-6-24 810144]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2011-3-30 2560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-6 2214504]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2005-12-6 24544]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-8-29 42368]
R3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [2005-12-6 449920]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\system32\appdrvrem01.exe svc --> c:\windows\system32\appdrvrem01.exe svc [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-03-23 14:19:57 1537 --sha-w- c:\windows\system32\mmf.sys
2012-02-23 14:09:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57:40 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-27 21:47:53 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-01-27 21:47:44 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-01-27 21:47:44 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-01-11 19:07:15 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:19 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 18:03:50,97 ===============

I dont have any Boot or install CD. Dont really know, but it seem that i have it inside the computer, because i have done format C in the past and restored the windows anyway, and i remember ive been asked to make a copy some years ago, but didnt


Hope this is enough for now.
Attached Files
File Type: zip attach.zip (4.5 KB, 78 views)
File Type: zip ark.zip (3.2 KB, 65 views)
Vallentino is offline  
Sponsored Links
Advertisement
 
Old 03-25-2012, 02:21 PM   #2
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.
__________________
NoodleTech is offline  
Old 03-25-2012, 06:29 PM   #3
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hi Vallentino,

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan.
    • If Malicious objects are found, DO NOT cure them.
    • Choose Skip then click on Continue.
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
__________________
NoodleTech is offline  
Sponsored Links
Advertisement
 
Old 03-26-2012, 02:17 AM   #4
Registered Member
 
Join Date: Mar 2012
Posts: 16
OS: xp



Hi, no worries, i will be patiente, you are currently my knight

Here is the TDSSKiller logg

11:11:08.0203 1192 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
11:11:08.0359 1192 ============================================================
11:11:08.0359 1192 Current date / time: 2012/03/26 11:11:08.0359
11:11:08.0359 1192 SystemInfo:
11:11:08.0359 1192
11:11:08.0359 1192 OS Version: 5.1.2600 ServicePack: 3.0
11:11:08.0359 1192 Product type: Workstation
11:11:08.0359 1192 ComputerName: DITT-DA7685D135
11:11:08.0359 1192 UserName: HP_Ägaren
11:11:08.0359 1192 Windows directory: C:\WINDOWS
11:11:08.0359 1192 System windows directory: C:\WINDOWS
11:11:08.0359 1192 Processor architecture: Intel x86
11:11:08.0359 1192 Number of processors: 2
11:11:08.0359 1192 Page size: 0x1000
11:11:08.0359 1192 Boot type: Normal boot
11:11:08.0359 1192 ============================================================
11:11:10.0203 1192 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:11:10.0218 1192 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:11:10.0328 1192 Drive \Device\Harddisk6\DR9 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8DF2D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x1, Type 'W'
11:11:18.0171 1192 \Device\Harddisk0\DR0:
11:11:18.0171 1192 MBR used
11:11:18.0171 1192 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xC20751
11:11:18.0171 1192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC20790, BlocksNum 0x11DF4470
11:11:18.0171 1192 \Device\Harddisk1\DR1:
11:11:18.0171 1192 MBR used
11:11:18.0171 1192 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
11:11:18.0171 1192 \Device\Harddisk6\DR9:
11:11:18.0171 1192 MBR used
11:11:18.0187 1192 \Device\Harddisk6\DR9\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x22EE6E41
11:11:18.0546 1192 Initialize success
11:11:18.0546 1192 ============================================================
11:11:24.0468 3540 ============================================================
11:11:24.0468 3540 Scan started
11:11:24.0468 3540 Mode: Manual;
11:11:24.0468 3540 ============================================================
11:11:24.0828 3540 Abiosdsk - ok
11:11:24.0859 3540 abp480n5 - ok
11:11:24.0906 3540 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:11:24.0906 3540 ACPI - ok
11:11:24.0937 3540 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:11:24.0953 3540 ACPIEC - ok
11:11:24.0968 3540 adpu160m - ok
11:11:25.0000 3540 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:11:25.0000 3540 aec - ok
11:11:25.0031 3540 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:11:25.0046 3540 AFD - ok
11:11:25.0093 3540 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:11:25.0125 3540 AgereSoftModem - ok
11:11:25.0156 3540 Aha154x - ok
11:11:25.0171 3540 aic78u2 - ok
11:11:25.0187 3540 aic78xx - ok
11:11:25.0218 3540 Alerter (7e3c83703327499d0b98ae392ff07ede) C:\WINDOWS\system32\alrsvc.dll
11:11:25.0234 3540 Alerter - ok
11:11:25.0250 3540 ALG (5df46f9ad9c1d611a38af2abb9365b5b) C:\WINDOWS\System32\alg.exe
11:11:25.0250 3540 ALG - ok
11:11:25.0265 3540 AliIde - ok
11:11:25.0281 3540 amsint - ok
11:11:25.0406 3540 appdrv01 (98f481241ba8bba38aa565bd3bf678f9) C:\WINDOWS\system32\Drivers\appdrv01.sys
11:11:25.0421 3540 appdrv01 - ok
11:11:25.0437 3540 appdrvrem01 - ok
11:11:25.0453 3540 AppMgmt - ok
11:11:25.0500 3540 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:11:25.0515 3540 Arp1394 - ok
11:11:25.0531 3540 asc - ok
11:11:25.0531 3540 asc3350p - ok
11:11:25.0546 3540 asc3550 - ok
11:11:25.0656 3540 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:11:25.0718 3540 aspnet_state - ok
11:11:25.0843 3540 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:11:25.0859 3540 AsyncMac - ok
11:11:25.0875 3540 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:11:25.0875 3540 atapi - ok
11:11:25.0890 3540 Atdisk - ok
11:11:25.0906 3540 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:11:25.0921 3540 Atmarpc - ok
11:11:25.0968 3540 AudioSrv (73f7604cfb13a066a93442f431c62c4a) C:\WINDOWS\System32\audiosrv.dll
11:11:25.0968 3540 AudioSrv - ok
11:11:26.0015 3540 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:11:26.0031 3540 audstub - ok
11:11:26.0062 3540 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:11:26.0078 3540 Beep - ok
11:11:26.0125 3540 BITS (9741942a86e579231d3c41aa51de042f) C:\WINDOWS\system32\qmgr.dll
11:11:26.0203 3540 BITS - ok
11:11:26.0234 3540 Browser (e0d4a1cc49efb58a32b5e9d35798c9dd) C:\WINDOWS\System32\browser.dll
11:11:26.0234 3540 Browser - ok
11:11:26.0312 3540 Cap7134 (2f6c4370cddeb9108c91e34210035fe8) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
11:11:26.0312 3540 Cap7134 - ok
11:11:26.0343 3540 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:11:26.0359 3540 cbidf2k - ok
11:11:26.0406 3540 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:11:26.0421 3540 CCDECODE - ok
11:11:26.0437 3540 cd20xrnt - ok
11:11:26.0484 3540 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:11:26.0500 3540 Cdaudio - ok
11:11:26.0515 3540 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:11:26.0531 3540 Cdfs - ok
11:11:26.0546 3540 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:11:26.0562 3540 Cdrom - ok
11:11:26.0578 3540 Changer - ok
11:11:26.0625 3540 CiSvc (359c676391504438f334478585fd6465) C:\WINDOWS\system32\cisvc.exe
11:11:26.0625 3540 CiSvc - ok
11:11:26.0656 3540 ClipSrv (b8345830c5d789d3da21b91c0c94d086) C:\WINDOWS\system32\clipsrv.exe
11:11:26.0656 3540 ClipSrv - ok
11:11:26.0734 3540 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:11:26.0859 3540 clr_optimization_v2.0.50727_32 - ok
11:11:26.0937 3540 CmdIde - ok
11:11:26.0968 3540 COMSysApp - ok
11:11:26.0984 3540 Cpqarray - ok
11:11:27.0031 3540 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTSvcCDA.EXE
11:11:27.0031 3540 Creative Service for CDROM Access - ok
11:11:27.0078 3540 CryptSvc (04fd6585508a7320b2c7453ced231d6b) C:\WINDOWS\System32\cryptsvc.dll
11:11:27.0078 3540 CryptSvc - ok
11:11:27.0125 3540 ctac32k (a5e67327b49e1f4341d470d8bbcbc401) C:\WINDOWS\system32\drivers\ctac32k.sys
11:11:27.0140 3540 ctac32k - ok
11:11:27.0171 3540 ctaud2k (dd2367251d8aa9315d71023e541048c9) C:\WINDOWS\system32\drivers\ctaud2k.sys
11:11:27.0187 3540 ctaud2k - ok
11:11:27.0203 3540 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
11:11:27.0234 3540 ctdvda2k - ok
11:11:27.0250 3540 ctprxy2k (c7fc5d87b06207a5d34697b627826618) C:\WINDOWS\system32\drivers\ctprxy2k.sys
11:11:27.0265 3540 ctprxy2k - ok
11:11:27.0296 3540 ctsfm2k (2c0af71cf0e1224a2dfc2b67e63b02b1) C:\WINDOWS\system32\drivers\ctsfm2k.sys
11:11:27.0312 3540 ctsfm2k - ok
11:11:27.0328 3540 dac2w2k - ok
11:11:27.0343 3540 dac960nt - ok
11:11:27.0390 3540 DcomLaunch (87dadc3f6e6cd5aaeb913e19cbff922c) C:\WINDOWS\system32\rpcss.dll
11:11:27.0406 3540 DcomLaunch - ok
11:11:27.0437 3540 Dhcp (0ce3fa1c1a6803b34022d6c47273930d) C:\WINDOWS\System32\dhcpcsvc.dll
11:11:27.0437 3540 Dhcp - ok
11:11:27.0515 3540 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:11:27.0531 3540 Disk - ok
11:11:27.0546 3540 dmadmin - ok
11:11:27.0578 3540 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys
11:11:27.0640 3540 dmboot - ok
11:11:27.0671 3540 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys
11:11:27.0687 3540 dmio - ok
11:11:27.0718 3540 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:11:27.0734 3540 dmload - ok
11:11:27.0781 3540 dmserver (77db107fd2d8de42b3adc7fce084f653) C:\WINDOWS\System32\dmserver.dll
11:11:27.0781 3540 dmserver - ok
11:11:27.0828 3540 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:11:27.0828 3540 DMusic - ok
11:11:27.0859 3540 Dnscache (efac4d4c80ccd725cc5bd7d3dbf18c74) C:\WINDOWS\System32\dnsrslvr.dll
11:11:27.0859 3540 Dnscache - ok
11:11:27.0906 3540 Dot3svc (c3c6cf67796acdd8329cb0e44367a1eb) C:\WINDOWS\System32\dot3svc.dll
11:11:27.0906 3540 Dot3svc - ok
11:11:27.0953 3540 dpti2o - ok
11:11:28.0000 3540 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:11:28.0000 3540 drmkaud - ok
11:11:28.0046 3540 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:11:28.0046 3540 E100B - ok
11:11:28.0093 3540 eamon (54e6b2194da2b8a286077a8abf42d3b7) C:\WINDOWS\system32\DRIVERS\eamon.sys
11:11:28.0125 3540 eamon - ok
11:11:28.0156 3540 EapHost (d9cabe63af4bc951302d9e508cb5599a) C:\WINDOWS\System32\eapsvc.dll
11:11:28.0156 3540 EapHost - ok
11:11:28.0234 3540 ehdrv (299a7ce452023a99a65d0d28f3b2bbf6) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
11:11:28.0250 3540 ehdrv - ok
11:11:28.0343 3540 EhttpSrv (2300f43197c5ae35b700c04d5e1b6ba6) C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
11:11:28.0343 3540 EhttpSrv - ok
11:11:28.0390 3540 ekrn (4032f381c6a7d396d62a4f5219585a46) C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
11:11:28.0390 3540 ekrn - ok
11:11:28.0546 3540 emupia (091d37e0f5193f708c9006b1f2e23ee4) C:\WINDOWS\system32\drivers\emupia2k.sys
11:11:28.0562 3540 emupia - ok
11:11:28.0578 3540 epfwtdir (aca520730cacc3afd206b92a6518c41a) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
11:11:28.0625 3540 epfwtdir - ok
11:11:28.0656 3540 ERSvc (bc5287dc6dc7ebb13aa825caa6482f94) C:\WINDOWS\System32\ersvc.dll
11:11:28.0656 3540 ERSvc - ok
11:11:28.0703 3540 Eventlog (8870b0c4a094c1ce80cea6f85fa38ff2) C:\WINDOWS\system32\services.exe
11:11:28.0703 3540 Eventlog - ok
11:11:28.0750 3540 EventSystem (01cec6de315f1a06ce5aa70009c6979e) C:\WINDOWS\system32\es.dll
11:11:28.0750 3540 EventSystem - ok
11:11:28.0828 3540 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:11:28.0843 3540 Fastfat - ok
11:11:28.0890 3540 FastUserSwitchingCompatibility (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll
11:11:28.0890 3540 FastUserSwitchingCompatibility - ok
11:11:28.0953 3540 Fax (fabd828c834c76e71c02a315dda5ab87) C:\WINDOWS\system32\fxssvc.exe
11:11:28.0953 3540 Fax - ok
11:11:28.0968 3540 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:11:29.0000 3540 Fdc - ok
11:11:29.0046 3540 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys
11:11:29.0062 3540 Fips - ok
11:11:29.0093 3540 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:11:29.0109 3540 Flpydisk - ok
11:11:29.0156 3540 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:11:29.0187 3540 FltMgr - ok
11:11:29.0265 3540 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:11:29.0281 3540 FontCache3.0.0.0 - ok
11:11:29.0312 3540 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:11:29.0328 3540 Fs_Rec - ok
11:11:29.0375 3540 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:11:29.0406 3540 Ftdisk - ok
11:11:29.0468 3540 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:11:29.0500 3540 Gpc - ok
11:11:29.0562 3540 ha10kx2k (1ad88bcf3d043baa58c15eb262625f9b) C:\WINDOWS\system32\drivers\ha10kx2k.sys
11:11:29.0609 3540 ha10kx2k - ok
11:11:29.0640 3540 hap16v2k (8ff42f63c722a1dd4c91ff6a497fd6b2) C:\WINDOWS\system32\drivers\hap16v2k.sys
11:11:29.0656 3540 hap16v2k - ok
11:11:29.0734 3540 helpsvc (202c95f334c53a5a8bd0d8465512b3f4) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:11:29.0734 3540 helpsvc - ok
11:11:29.0781 3540 HidServ (71aace06b5f93cf02d05e4e2ec479aac) C:\WINDOWS\System32\hidserv.dll
11:11:29.0781 3540 HidServ - ok
11:11:29.0843 3540 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:11:29.0875 3540 HidUsb - ok
11:11:29.0906 3540 hkmsvc (98580e101404565700fd12e03f7ee056) C:\WINDOWS\System32\kmsvc.dll
11:11:29.0921 3540 hkmsvc - ok
11:11:29.0921 3540 hpn - ok
11:11:29.0968 3540 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:11:29.0968 3540 HTTP - ok
11:11:30.0015 3540 HTTPFilter (f504d07cb25d62ab8d079c1f868651ae) C:\WINDOWS\System32\w3ssl.dll
11:11:30.0031 3540 HTTPFilter - ok
11:11:30.0031 3540 i2omgmt - ok
11:11:30.0046 3540 i2omp - ok
11:11:30.0093 3540 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:11:30.0140 3540 i8042prt - ok
11:11:30.0250 3540 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:11:30.0265 3540 idsvc - ok
11:11:30.0390 3540 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:11:30.0421 3540 Imapi - ok
11:11:30.0453 3540 ImapiService (891b69c3de6c55a7868b3bb52bc131aa) C:\WINDOWS\system32\imapi.exe
11:11:30.0453 3540 ImapiService - ok
11:11:30.0468 3540 ini910u - ok
11:11:30.0500 3540 IntelIde (3012ee13f357a99361ad8b0d93e13c45) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:11:30.0515 3540 IntelIde - ok
11:11:30.0562 3540 intelppm (02431778e84a525d29929d14bab71d53) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:11:30.0562 3540 intelppm - ok
11:11:30.0609 3540 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:11:30.0656 3540 Ip6Fw - ok
11:11:30.0703 3540 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:11:30.0750 3540 IpFilterDriver - ok
11:11:30.0796 3540 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:11:30.0812 3540 IpInIp - ok
11:11:30.0843 3540 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:11:30.0875 3540 IpNat - ok
11:11:30.0890 3540 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:11:30.0921 3540 IPSec - ok
11:11:30.0937 3540 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:11:30.0953 3540 IRENUM - ok
11:11:30.0984 3540 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:11:31.0015 3540 isapnp - ok
11:11:31.0140 3540 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program\Java\jre6\bin\jqs.exe
11:11:31.0140 3540 JavaQuickStarterService - ok
11:11:31.0296 3540 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:11:31.0328 3540 Kbdclass - ok
11:11:31.0359 3540 kbdhid (e1e28876fe7602b0a1d040354de35c06) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:11:31.0375 3540 kbdhid - ok
11:11:31.0406 3540 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:11:31.0406 3540 kmixer - ok
11:11:31.0437 3540 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:11:31.0468 3540 KSecDD - ok
11:11:31.0515 3540 lanmanserver (2c633a578d5adaaa821c675d65f959c5) C:\WINDOWS\System32\srvsvc.dll
11:11:31.0515 3540 lanmanserver - ok
11:11:31.0562 3540 lanmanworkstation (eaa41d225b9da1314e0977c774864430) C:\WINDOWS\System32\wkssvc.dll
11:11:31.0578 3540 lanmanworkstation - ok
11:11:31.0609 3540 lbrtfdc - ok
11:11:31.0656 3540 LicCtrlService (29fab5363138f6e322f4cd780ed9d337) C:\WINDOWS\runservice.exe
11:11:33.0718 3540 LicCtrlService - ok
11:11:33.0828 3540 LightScribeService (9bd7add61b031307dd075e5e6a917c4d) c:\Program\Delade filer\LightScribe\LSSrvc.exe
11:11:33.0843 3540 LightScribeService - ok
11:11:33.0953 3540 LmHosts (ee155cf65cdc8be1b4effa24a69fc924) C:\WINDOWS\System32\lmhsvc.dll
11:11:33.0953 3540 LmHosts - ok
11:11:34.0281 3540 ltmodem5 (382beceede63a1b62cef72d7786f1008) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
11:11:34.0281 3540 ltmodem5 - ok
11:11:34.0328 3540 Messenger (363e8ebae26bb8b4987c91b4d3ce0f54) C:\WINDOWS\System32\msgsvc.dll
11:11:34.0328 3540 Messenger - ok
11:11:34.0359 3540 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:11:34.0390 3540 mnmdd - ok
11:11:34.0437 3540 mnmsrvc (2bc41300b822562ac0a524dcdd2da027) C:\WINDOWS\system32\mnmsrvc.exe
11:11:34.0453 3540 mnmsrvc - ok
11:11:34.0515 3540 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys
11:11:34.0515 3540 Modem - ok
11:11:34.0531 3540 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:11:34.0578 3540 Mouclass - ok
11:11:34.0625 3540 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:11:34.0640 3540 mouhid - ok
11:11:34.0671 3540 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:11:34.0687 3540 MountMgr - ok
11:11:34.0703 3540 mraid35x - ok
11:11:34.0718 3540 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:11:34.0781 3540 MRxDAV - ok
11:11:34.0828 3540 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:11:34.0843 3540 MRxSmb - ok
11:11:34.0890 3540 MSDTC (7a73fdeef6cf45d27edd73220eaf1c8f) C:\WINDOWS\system32\msdtc.exe
11:11:34.0890 3540 MSDTC - ok
11:11:34.0906 3540 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:11:34.0921 3540 Msfs - ok
11:11:34.0937 3540 MSIServer - ok
11:11:34.0968 3540 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:11:35.0000 3540 MSKSSRV - ok
11:11:35.0000 3540 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:11:35.0031 3540 MSPCLOCK - ok
11:11:35.0046 3540 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:11:35.0078 3540 MSPQM - ok
11:11:35.0109 3540 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:11:35.0140 3540 mssmbios - ok
11:11:35.0156 3540 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:11:35.0187 3540 MSTEE - ok
11:11:35.0234 3540 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:11:35.0234 3540 Mup - ok
11:11:35.0281 3540 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:11:35.0296 3540 NABTSFEC - ok
11:11:35.0343 3540 napagent (28d11a2ecdfcb280624bd7006d85c38e) C:\WINDOWS\System32\qagentrt.dll
11:11:35.0359 3540 napagent - ok
11:11:35.0390 3540 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:11:35.0390 3540 NDIS - ok
11:11:35.0406 3540 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:11:35.0437 3540 NdisIP - ok
11:11:35.0468 3540 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:11:35.0484 3540 NdisTapi - ok
11:11:35.0500 3540 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:11:35.0515 3540 Ndisuio - ok
11:11:35.0531 3540 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:11:35.0562 3540 NdisWan - ok
11:11:35.0609 3540 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:11:35.0625 3540 NDProxy - ok
11:11:35.0640 3540 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:11:35.0656 3540 NetBIOS - ok
11:11:35.0687 3540 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:11:35.0703 3540 NetBT - ok
11:11:35.0750 3540 NetDDE (5a922c8e35bf372f3dd3ec61345634b7) C:\WINDOWS\system32\netdde.exe
11:11:35.0750 3540 NetDDE - ok
11:11:35.0750 3540 NetDDEdsdm (5a922c8e35bf372f3dd3ec61345634b7) C:\WINDOWS\system32\netdde.exe
11:11:35.0750 3540 NetDDEdsdm - ok
11:11:35.0796 3540 Netlogon (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
11:11:35.0796 3540 Netlogon - ok
11:11:35.0812 3540 Netman (7f791c1c9d3fec5d3f519c9db19465d3) C:\WINDOWS\System32\netman.dll
11:11:35.0828 3540 Netman - ok
11:11:35.0906 3540 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:11:35.0906 3540 NetTcpPortSharing - ok
11:11:36.0031 3540 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:11:36.0031 3540 NIC1394 - ok
11:11:36.0062 3540 Nla (d080a76f42dfe1e7af0c069ae5bad8fc) C:\WINDOWS\System32\mswsock.dll
11:11:36.0078 3540 Nla - ok
11:11:36.0093 3540 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:11:36.0109 3540 Npfs - ok
11:11:36.0140 3540 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:11:36.0203 3540 Ntfs - ok
11:11:36.0250 3540 NtLmSsp (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
11:11:36.0250 3540 NtLmSsp - ok
11:11:36.0296 3540 NtmsSvc (5fd9f539baf23288d131f1b709a62807) C:\WINDOWS\system32\ntmssvc.dll
11:11:36.0296 3540 NtmsSvc - ok
11:11:36.0328 3540 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:11:36.0343 3540 Null - ok
11:11:36.0703 3540 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:11:37.0062 3540 nv - ok
11:11:37.0140 3540 NVSvc (32f7dec3729b3bae66eebcab7b03b18f) C:\WINDOWS\system32\nvsvc32.exe
11:11:37.0140 3540 NVSvc - ok
11:11:37.0250 3540 nvUpdatusService (2cc4e45b0eb4c48392cec9c83b5b8e3b) C:\Program\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
11:11:37.0265 3540 nvUpdatusService - ok
11:11:37.0328 3540 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:11:37.0343 3540 NwlnkFlt - ok
11:11:37.0359 3540 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:11:37.0375 3540 NwlnkFwd - ok
11:11:37.0421 3540 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:11:37.0421 3540 ohci1394 - ok
11:11:37.0453 3540 ossrv (04fd6d19435b7b192a29428a2f60ac31) C:\WINDOWS\system32\drivers\ctoss2k.sys
11:11:37.0468 3540 ossrv - ok
11:11:37.0484 3540 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\DRIVERS\parport.sys
11:11:37.0500 3540 Parport - ok
11:11:37.0515 3540 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:11:37.0531 3540 PartMgr - ok
11:11:37.0578 3540 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys
11:11:37.0593 3540 ParVdm - ok
11:11:37.0609 3540 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys
11:11:37.0625 3540 PCI - ok
11:11:37.0640 3540 PCIDump - ok
11:11:37.0656 3540 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:11:37.0671 3540 PCIIde - ok
11:11:37.0703 3540 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:11:37.0734 3540 Pcmcia - ok
11:11:37.0750 3540 PDCOMP - ok
11:11:37.0765 3540 PDFRAME - ok
11:11:37.0765 3540 PDRELI - ok
11:11:37.0781 3540 PDRFRAME - ok
11:11:37.0796 3540 perc2 - ok
11:11:37.0812 3540 perc2hib - ok
11:11:37.0859 3540 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
11:11:37.0859 3540 PfModNT - ok
11:11:37.0890 3540 PhTVTune (b76a595d928b519a739a80d2695b29b3) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
11:11:37.0921 3540 PhTVTune - ok
11:11:37.0953 3540 PlugPlay (8870b0c4a094c1ce80cea6f85fa38ff2) C:\WINDOWS\system32\services.exe
11:11:37.0953 3540 PlugPlay - ok
11:11:38.0000 3540 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
11:11:38.0000 3540 Pml Driver HPZ12 - ok
11:11:38.0046 3540 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\WINDOWS\system32\PnkBstrA.exe
11:11:38.0046 3540 PnkBstrA - ok
11:11:38.0093 3540 PnkBstrB (7c01817adf3207fb65a4b56e6d5ad833) C:\WINDOWS\system32\PnkBstrB.exe
11:11:38.0093 3540 PnkBstrB - ok
11:11:38.0140 3540 PolicyAgent (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
11:11:38.0140 3540 PolicyAgent - ok
11:11:38.0203 3540 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:11:38.0218 3540 PptpMiniport - ok
11:11:38.0250 3540 Processor (992e4b2a91e6a2f3d21de89b9273353a) C:\WINDOWS\system32\DRIVERS\processr.sys
11:11:38.0265 3540 Processor - ok
11:11:38.0312 3540 prodrv06 (18d9789a4664bf417eea944d2776091a) C:\WINDOWS\System32\drivers\prodrv06.sys
11:11:38.0312 3540 prodrv06 - ok
11:11:38.0359 3540 prohlp02 (8cc9671a7ed2902e747ee0892e1c8575) C:\WINDOWS\system32\drivers\prohlp02.sys
11:11:38.0375 3540 prohlp02 - ok
11:11:38.0390 3540 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
11:11:38.0406 3540 prosync1 - ok
11:11:38.0453 3540 ProtectedStorage (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
11:11:38.0453 3540 ProtectedStorage - ok
11:11:38.0484 3540 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
11:11:38.0484 3540 Ps2 - ok
11:11:38.0531 3540 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:11:38.0562 3540 PSched - ok
11:11:38.0609 3540 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:11:38.0625 3540 Ptilink - ok
11:11:38.0671 3540 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:11:38.0687 3540 PxHelp20 - ok
11:11:38.0703 3540 ql1080 - ok
11:11:38.0718 3540 Ql10wnt - ok
11:11:38.0734 3540 ql12160 - ok
11:11:38.0750 3540 ql1240 - ok
11:11:38.0765 3540 ql1280 - ok
11:11:38.0781 3540 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:11:38.0796 3540 RasAcd - ok
11:11:38.0875 3540 RasAuto (15d787dffce46cfc4c7f567095ce8323) C:\WINDOWS\System32\rasauto.dll
11:11:38.0875 3540 RasAuto - ok
11:11:38.0906 3540 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:11:38.0937 3540 Rasl2tp - ok
11:11:38.0984 3540 RasMan (1e86de6b0df33953cf9ce449dd6e8442) C:\WINDOWS\System32\rasmans.dll
11:11:38.0984 3540 RasMan - ok
11:11:39.0000 3540 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:11:39.0015 3540 RasPppoe - ok
11:11:39.0031 3540 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:11:39.0046 3540 Raspti - ok
11:11:39.0062 3540 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:11:39.0125 3540 Rdbss - ok
11:11:39.0156 3540 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:11:39.0171 3540 RDPCDD - ok
11:11:39.0234 3540 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:11:39.0250 3540 RDPWD - ok
11:11:39.0281 3540 RDSessMgr (fe7c16fa5cbc560579c9728534fbaf6f) C:\WINDOWS\system32\sessmgr.exe
11:11:39.0296 3540 RDSessMgr - ok
11:11:39.0328 3540 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:11:39.0343 3540 redbook - ok
11:11:39.0390 3540 RemoteAccess (fcd42d82c6f5e0e1506eca01d692dde7) C:\WINDOWS\System32\mprdim.dll
11:11:39.0390 3540 RemoteAccess - ok
11:11:39.0421 3540 RpcLocator (2cfb81b412a5d3cbd55cefaccb5e2cee) C:\WINDOWS\system32\locator.exe
11:11:39.0437 3540 RpcLocator - ok
11:11:39.0468 3540 RpcSs (87dadc3f6e6cd5aaeb913e19cbff922c) C:\WINDOWS\system32\rpcss.dll
11:11:39.0484 3540 RpcSs - ok
11:11:39.0515 3540 RSVP (72407e48f912ed57213ae474b8a6798b) C:\WINDOWS\system32\rsvp.exe
11:11:39.0515 3540 RSVP - ok
11:11:39.0593 3540 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
11:11:39.0609 3540 rtl8139 - ok
11:11:39.0656 3540 SamSs (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
11:11:39.0656 3540 SamSs - ok
11:11:39.0687 3540 SCardSvr (d339f34d824a7d42ff4d61f1d9d06029) C:\WINDOWS\System32\SCardSvr.exe
11:11:39.0687 3540 SCardSvr - ok
11:11:39.0750 3540 Schedule (c7dc69a9d8c9ab2fbca3238c989d598f) C:\WINDOWS\system32\schedsvc.dll
11:11:39.0750 3540 Schedule - ok
11:11:39.0812 3540 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:11:39.0828 3540 Secdrv - ok
11:11:39.0843 3540 seclogon (ed70eb06f13062366b126b1c7475c127) C:\WINDOWS\System32\seclogon.dll
11:11:39.0859 3540 seclogon - ok
11:11:39.0875 3540 SENS (ea7b436a948c875dc94c6062fcbbc2d9) C:\WINDOWS\system32\sens.dll
11:11:39.0875 3540 SENS - ok
11:11:39.0937 3540 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\drivers\Serial.sys
11:11:39.0984 3540 Serial - ok
11:11:40.0031 3540 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
11:11:40.0046 3540 sfhlp01 - ok
11:11:40.0062 3540 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:11:40.0078 3540 Sfloppy - ok
11:11:40.0140 3540 SharedAccess (30e1a46734bdf836c8770949c86b42a4) C:\WINDOWS\System32\ipnathlp.dll
11:11:40.0140 3540 SharedAccess - ok
11:11:40.0187 3540 ShellHWDetection (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll
11:11:40.0187 3540 ShellHWDetection - ok
11:11:40.0234 3540 Simbad - ok
11:11:40.0265 3540 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:11:40.0281 3540 SLIP - ok
11:11:40.0296 3540 Sparrow - ok
11:11:40.0328 3540 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:11:40.0328 3540 splitter - ok
11:11:40.0375 3540 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:11:40.0375 3540 Spooler - ok
11:11:40.0437 3540 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
11:11:40.0437 3540 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
11:11:40.0437 3540 sptd ( LockedFile.Multi.Generic ) - warning
11:11:40.0437 3540 sptd - detected LockedFile.Multi.Generic (1)
11:11:40.0468 3540 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys
11:11:40.0484 3540 sr - ok
11:11:40.0515 3540 srservice (25edb60132f9d82cb1b7961c1d0d13f2) C:\WINDOWS\system32\srsvc.dll
11:11:40.0531 3540 srservice - ok
11:11:40.0609 3540 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:11:40.0609 3540 Srv - ok
11:11:40.0625 3540 SSDPSRV (53ffc29dc150e0107f28f0a622ff8d1a) C:\WINDOWS\System32\ssdpsrv.dll
11:11:40.0640 3540 SSDPSRV - ok
11:11:40.0671 3540 stisvc (5835d4ad35905215e1059a973b022ea1) C:\WINDOWS\system32\wiaservc.dll
11:11:40.0671 3540 stisvc - ok
11:11:40.0734 3540 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:11:40.0750 3540 streamip - ok
11:11:40.0781 3540 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:11:40.0796 3540 swenum - ok
11:11:40.0828 3540 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:11:40.0828 3540 swmidi - ok
11:11:40.0843 3540 SwPrv - ok
11:11:40.0859 3540 symc810 - ok
11:11:40.0875 3540 symc8xx - ok
11:11:40.0890 3540 sym_hi - ok
11:11:40.0906 3540 sym_u3 - ok
11:11:40.0937 3540 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:11:40.0953 3540 sysaudio - ok
11:11:40.0984 3540 SysmonLog (71a08eec00a703445a2cbc0e91ef0952) C:\WINDOWS\system32\smlogsvc.exe
11:11:41.0000 3540 SysmonLog - ok
11:11:41.0015 3540 TapiSrv (18261106524f7a93ceceacdc03a5b989) C:\WINDOWS\System32\tapisrv.dll
11:11:41.0015 3540 TapiSrv - ok
11:11:41.0093 3540 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:11:41.0093 3540 Tcpip - ok
11:11:41.0140 3540 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:11:41.0156 3540 TDPIPE - ok
11:11:41.0203 3540 Tdsshbecr (4a766448821359df6a0427a91782385a) C:\WINDOWS\system32\DRIVERS\shbecr.sys
11:11:41.0218 3540 Tdsshbecr - ok
11:11:41.0234 3540 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:11:41.0265 3540 TDTCP - ok
11:11:41.0281 3540 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:11:41.0328 3540 TermDD - ok
11:11:41.0375 3540 TermService (f89c53d455420df4d66e45842fb3a46e) C:\WINDOWS\System32\termsrv.dll
11:11:41.0375 3540 TermService - ok
11:11:41.0437 3540 Themes (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll
11:11:41.0437 3540 Themes - ok
11:11:41.0453 3540 TosIde - ok
11:11:41.0484 3540 TrkWks (548867e040cb81a82b5df09d074f95f8) C:\WINDOWS\system32\trkwks.dll
11:11:41.0484 3540 TrkWks - ok
11:11:41.0531 3540 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:11:41.0562 3540 Udfs - ok
11:11:41.0562 3540 ultra - ok
11:11:41.0625 3540 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:11:41.0656 3540 Update - ok
11:11:41.0687 3540 upnphost (b1222a2302480d56a32c5343150bb16d) C:\WINDOWS\System32\upnphost.dll
11:11:41.0687 3540 upnphost - ok
11:11:41.0703 3540 UPS (7b07af3d4545ad6fee34b5f2eb247c8f) C:\WINDOWS\System32\ups.exe
11:11:41.0718 3540 UPS - ok
11:11:41.0781 3540 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:11:41.0812 3540 usbccgp - ok
11:11:41.0843 3540 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:11:41.0875 3540 usbehci - ok
11:11:41.0890 3540 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:11:41.0906 3540 usbhub - ok
11:11:41.0953 3540 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:11:41.0968 3540 usbohci - ok
11:11:41.0984 3540 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:11:42.0000 3540 USBSTOR - ok
11:11:42.0015 3540 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:11:42.0031 3540 usbuhci - ok
11:11:42.0062 3540 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:11:42.0078 3540 VgaSave - ok
11:11:42.0093 3540 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:11:42.0109 3540 ViaIde - ok
11:11:42.0140 3540 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys
11:11:42.0171 3540 VolSnap - ok
11:11:42.0218 3540 VSS (940950dc9e34b05986bbbb1d1a33b74f) C:\WINDOWS\System32\vssvc.exe
11:11:42.0218 3540 VSS - ok
11:11:42.0250 3540 W32Time (4bf06a1dcd6a91c482e79340fee527ca) C:\WINDOWS\system32\w32time.dll
11:11:42.0250 3540 W32Time - ok
11:11:42.0328 3540 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:11:42.0343 3540 Wanarp - ok
11:11:42.0421 3540 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:11:42.0437 3540 Wdf01000 - ok
11:11:42.0453 3540 WDICA - ok
11:11:42.0468 3540 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:11:42.0484 3540 wdmaud - ok
11:11:42.0546 3540 WebClient (e6dfcadf5089a68ecd288e9a803a892c) C:\WINDOWS\System32\webclnt.dll
11:11:42.0546 3540 WebClient - ok
11:11:42.0625 3540 winmgmt (cf4e2a27495f7ea6b3128d9a731b3716) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:11:42.0625 3540 winmgmt - ok
11:11:42.0687 3540 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe
11:11:42.0687 3540 WMDM PMSP Service - ok
11:11:42.0718 3540 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:11:42.0718 3540 WmdmPmSN - ok
11:11:42.0750 3540 WmiApSrv (9bfadc02a9e27bfdff59e61302f92517) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:11:42.0750 3540 WmiApSrv - ok
11:11:42.0875 3540 WMPNetworkSvc (de188dd69ca74b1512adc5a7639523b2) C:\Program\Windows Media Player\WMPNetwk.exe
11:11:42.0890 3540 WMPNetworkSvc - ok
11:11:43.0062 3540 WN5401 (f87497cf86995df3b075234235682647) C:\WINDOWS\system32\DRIVERS\wn5401.sys
11:11:43.0062 3540 WN5401 - ok
11:11:43.0093 3540 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
11:11:43.0109 3540 WpdUsb - ok
11:11:43.0156 3540 wscsvc (4ac32513fa47c8219448269bf895fc34) C:\WINDOWS\system32\wscsvc.dll
11:11:43.0156 3540 wscsvc - ok
11:11:43.0203 3540 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:11:43.0234 3540 WSTCODEC - ok
11:11:43.0250 3540 wuauserv (4ceaf29d35c2608c6463e80574ddca10) C:\WINDOWS\system32\wuauserv.dll
11:11:43.0265 3540 wuauserv - ok
11:11:43.0296 3540 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:11:43.0312 3540 WudfPf - ok
11:11:43.0328 3540 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:11:43.0343 3540 WudfRd - ok
11:11:43.0359 3540 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:11:43.0359 3540 WudfSvc - ok
11:11:43.0421 3540 WZCSVC (5ec7d7f83640a921b5c616d9650520fd) C:\WINDOWS\System32\wzcsvc.dll
11:11:43.0578 3540 WZCSVC - ok
11:11:43.0625 3540 xmlprov (5b3d475aa8629320686fbffbe67ab492) C:\WINDOWS\System32\xmlprov.dll
11:11:43.0640 3540 xmlprov - ok
11:11:43.0718 3540 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
11:11:43.0718 3540 xusb21 - ok
11:11:43.0750 3540 MBR (0x1B8) (87d88fa4d3efd4431866ea91949644bf) \Device\Harddisk0\DR0
11:11:43.0765 3540 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
11:11:43.0765 3540 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
11:11:43.0796 3540 MBR (0x1B8) (87d88fa4d3efd4431866ea91949644bf) \Device\Harddisk1\DR1
11:11:43.0796 3540 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected
11:11:43.0796 3540 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0)
11:11:43.0796 3540 MBR (0x1B8) (87d88fa4d3efd4431866ea91949644bf) \Device\Harddisk6\DR9
11:11:43.0796 3540 \Device\Harddisk6\DR9 ( Rootkit.Boot.Wistler.a ) - infected
11:11:43.0796 3540 \Device\Harddisk6\DR9 - detected Rootkit.Boot.Wistler.a (0)
11:11:43.0812 3540 Boot (0x1200) (b68d3037027cda14e132aacd04deab07) \Device\Harddisk0\DR0\Partition0
11:11:43.0812 3540 \Device\Harddisk0\DR0\Partition0 - ok
11:11:43.0828 3540 Boot (0x1200) (866030127b689fbdafb443384b06cf16) \Device\Harddisk0\DR0\Partition1
11:11:43.0828 3540 \Device\Harddisk0\DR0\Partition1 - ok
11:11:43.0843 3540 Boot (0x1200) (3d49f42c02a332ed040a84c6dc71e389) \Device\Harddisk1\DR1\Partition0
11:11:43.0843 3540 \Device\Harddisk1\DR1\Partition0 - ok
11:11:43.0843 3540 Boot (0x1200) (8991bdfe2cb4036d2a6399287d2cd749) \Device\Harddisk6\DR9\Partition0
11:11:43.0843 3540 \Device\Harddisk6\DR9\Partition0 - ok
11:11:43.0843 3540 ============================================================
11:11:43.0843 3540 Scan finished
11:11:43.0843 3540 ============================================================
11:11:43.0859 3204 Detected object count: 4
11:11:43.0859 3204 Actual detected object count: 4
11:12:58.0281 3204 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:12:58.0281 3204 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:12:58.0281 3204 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user
11:12:58.0281 3204 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
11:12:58.0281 3204 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - skipped by user
11:12:58.0281 3204 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
11:12:58.0281 3204 \Device\Harddisk6\DR9 ( Rootkit.Boot.Wistler.a ) - skipped by user
11:12:58.0281 3204 \Device\Harddisk6\DR9 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
11:13:20.0187 2796 Deinitialize success
Vallentino is offline  
Old 03-26-2012, 01:24 PM   #5
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hi Vallentino,
  • Double click TDSSKiller.exe
  • Press Start Scan.
    • If Malicious objects are found, ensure Cure is selected.
    • Then click Continue > Reboot now.
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
===================================================

Next, Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
NoodleTech is offline  
Old 03-27-2012, 12:54 PM   #6
Registered Member
 
Join Date: Mar 2012
Posts: 16
OS: xp



ComboFix 12-03-27.03 - HP_Ägaren 2012-03-27 21:28:55.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1534.927 [GMT 2:00]
Körs från: c:\documents and settings\HP_-garen.DITT-DA7685D135\Skrivbord\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\sysReserve.ini
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\UpdatusUser\WINDOWS
c:\program\DaemonTools_WhenUSave_Installer
c:\windows\_ds1782.tmp
c:\windows\_ds2192.tmp
c:\windows\_iserr31.ini
c:\windows\GnuHashes.ini
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\ps2.bat
c:\windows\system32\TBD62.tmp
D:\setup.exe
.
.
(((((((((((((((((((((((( Filer skapade från 2012-02-27 till 2012-03-27 ))))))))))))))))))))))))))))))
.
.
2012-03-27 19:17 . 2012-03-27 19:17 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:09 . 2011-07-18 13:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2005-12-06 19:36 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-27 21:47 . 2011-02-17 17:25 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-01-27 21:47 . 2011-02-17 19:44 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-01-27 21:47 . 2011-02-17 17:25 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-01-11 19:07 . 2012-02-15 13:34 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2005-12-06 19:34 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="d:\program\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Skype"="c:\program\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"CTHelper"="CTHELPER.EXE" [2004-09-04 24576]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"HPHUPD06"="c:\program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]
"Home Theater SchSvr"="c:\program\Delade filer\InterVideo\SchSvr\SchSvr.exe" [2005-05-10 106496]
"WINREMOTE"="c:\program\InterVideo\Common\Bin\WinRemote.exe" [2005-05-10 233472]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-26 90112]
"CTDVDDET"="c:\program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"ISUSPM Startup"="c:\program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program\Delade filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]
"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"TkBellExe"="c:\program\Real\RealPlayer\update\realsched.exe" [2011-08-06 273544]
"QuickTime Task"="c:\program\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program\Delade filer\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2004-09-04 49152]
.
c:\documents and settings\All Users\Start-meny\Program\Autostart\
BankID säkerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2011-4-11 1086288]
HP Digital Imaging Monitor.lnk - c:\program\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
Microsoft Office.lnk - d:\program\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\Spotify\\spotify.exe"=
"d:\\Program\\Sports Interactive\\Football Manager 2011\\fm.exe"=
"d:\\Program\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program\\uTorrent\\uTorrent.exe"=
"c:\\Program\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\Program\\Cyanide\\Pro Cycling Manager - Season 2011\\PCM.exe"=
"d:\\Program\\Cyanide\\Pro Cycling Manager - Season 2011\\Autorun\\Exe\\Autorun.exe"=
"d:\\Program\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=
"d:\\Program\\Steam\\steam.exe"=
"d:\\Program\\Steam\\SteamApps\\common\\football manager 2012 demo\\fm.exe"=
"c:\\Program\\Delade filer\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-03-20 682232]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2011-07-09 3332784]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-11-16 95896]
R2 ekrn;ESET Service;c:\program\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-06-24 810144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-06 2214504]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2005-12-06 24544]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-08-29 42368]
R3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [2005-12-06 449920]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2011-03-30 2560]
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2011-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-03-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1401291705-3862973398-2054954641-1008.job
- c:\program\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2012-03-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1401291705-3862973398-2054954641-1008.job
- c:\program\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.aftonbladet.se/
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
Toolbar-Locked - (no file)
AddRemove-Bolibompa - F:\Setup.exe
AddRemove-DarthMod Ultimate Commander Edition - d:\program\Steam\SteamApps\common\empire total war\Uninstall_DMUC.exe
AddRemove-NVIDIA Display Control Panel - c:\program\NVIDIA Corporation\Uninstall\nvuninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-27 21:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-1401291705-3862973398-2054954641-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f8,3b,59,e6,67,9f,48,d4,8f,48,21,f5,1c,86,74,37,55,db,bf,76,b9,49,09,
c3,73,cc,37,92,6d,7b,ba,c6,22,98,40,8c,fe,bc,4c,2c,1e,dd,82,c1,ea,f0,d4,d1,\
"??"=hex:b9,95,9a,b2,24,0e,3c,e1,95,00,d8,f4,e7,a6,4e,9b
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\B7F5EA513569EA3E98352E3A3D1D6A3D]
"1"=hex:df,c7,3a,96,ab,66,13,d2,36,78,6c,b8,10,1c,c4,b0,a6,93,a9,25,23,fb,66,
2c,77,d8,5d,6a,fe,59,6e,ef
"2"=hex:84,e0,11,4a,54,77,0e,d0
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:58,eb,3b,8d,af,31,32,62,22,1b,23,79,6d,f4,12,c1,db,b4,20,3e,7f,80,2a,
0f,6a,a6,22,9f,10,4c,a5,77,df,44,a4,37,10,4b,bc,75,d7,98,0e,82,a4,8d,85,b3,\
"8"=hex:4e,76,82,b0,55,a5,5f,45,5a,41,63,53,8e,14,26,66,d6,42,22,da,81,84,7c,
a8,72,7d,7e,26,b1,7a,b2,6d,4a,a3,a0,00,73,2e,c8,79,85,11,a0,16,8b,0f,9c,79,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:73,ae,9c,78,e8,b9,bf,6c
.
Sluttid: 2012-03-27 21:40:22
ComboFix-quarantined-files.txt 2012-03-27 19:40
.
Före genomsökningen: 28 562 018 304 byte ledigt
Efter genomsökningen: 57 737 936 896 byte ledigt
.
- - End Of File - - DB13E24AC36CBCAB3367E0D22DDA7AA8
Vallentino is offline  
Old 03-27-2012, 03:48 PM   #7
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hi Vallentino,

Can you please post the TDSSKiller log as well? It is located in your C:\ drive. The name of the file should be the latest date that you ran TDSSKiller.
__________________
NoodleTech is offline  
Old 03-27-2012, 09:33 PM   #8
Registered Member
 
Join Date: Mar 2012
Posts: 16
OS: xp



21:16:59.0750 2036 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
21:16:59.0921 2036 ============================================================
21:16:59.0921 2036 Current date / time: 2012/03/27 21:16:59.0921
21:16:59.0921 2036 SystemInfo:
21:16:59.0921 2036
21:16:59.0921 2036 OS Version: 5.1.2600 ServicePack: 3.0
21:16:59.0921 2036 Product type: Workstation
21:16:59.0921 2036 ComputerName: DITT-DA7685D135
21:16:59.0921 2036 UserName: HP_Ägaren
21:16:59.0921 2036 Windows directory: C:\WINDOWS
21:16:59.0921 2036 System windows directory: C:\WINDOWS
21:16:59.0921 2036 Processor architecture: Intel x86
21:16:59.0921 2036 Number of processors: 2
21:16:59.0921 2036 Page size: 0x1000
21:16:59.0921 2036 Boot type: Normal boot
21:16:59.0921 2036 ============================================================
21:17:02.0390 2036 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:17:02.0390 2036 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:17:02.0515 2036 Drive \Device\Harddisk6\DR9 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8DF2D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x1, Type 'W'
21:17:02.0515 2036 \Device\Harddisk0\DR0:
21:17:02.0515 2036 MBR used
21:17:02.0515 2036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xC20751
21:17:02.0515 2036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC20790, BlocksNum 0x11DF4470
21:17:02.0515 2036 \Device\Harddisk1\DR1:
21:17:02.0515 2036 MBR used
21:17:02.0515 2036 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
21:17:02.0515 2036 \Device\Harddisk6\DR9:
21:17:02.0515 2036 MBR used
21:17:02.0515 2036 \Device\Harddisk6\DR9\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x22EE6E41
21:17:02.0859 2036 Initialize success
21:17:02.0859 2036 ============================================================
21:17:05.0187 4088 ============================================================
21:17:05.0187 4088 Scan started
21:17:05.0187 4088 Mode: Manual;
21:17:05.0187 4088 ============================================================
21:17:06.0187 4088 Abiosdsk - ok
21:17:06.0218 4088 abp480n5 - ok
21:17:06.0265 4088 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:17:06.0296 4088 ACPI - ok
21:17:06.0328 4088 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:17:06.0359 4088 ACPIEC - ok
21:17:06.0359 4088 adpu160m - ok
21:17:06.0390 4088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:17:06.0406 4088 aec - ok
21:17:06.0453 4088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:17:06.0453 4088 AFD - ok
21:17:06.0500 4088 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:17:06.0546 4088 AgereSoftModem - ok
21:17:06.0562 4088 Aha154x - ok
21:17:06.0593 4088 aic78u2 - ok
21:17:06.0609 4088 aic78xx - ok
21:17:06.0640 4088 Alerter (7e3c83703327499d0b98ae392ff07ede) C:\WINDOWS\system32\alrsvc.dll
21:17:06.0640 4088 Alerter - ok
21:17:06.0671 4088 ALG (5df46f9ad9c1d611a38af2abb9365b5b) C:\WINDOWS\System32\alg.exe
21:17:06.0671 4088 ALG - ok
21:17:06.0671 4088 AliIde - ok
21:17:06.0687 4088 amsint - ok
21:17:06.0828 4088 appdrv01 (98f481241ba8bba38aa565bd3bf678f9) C:\WINDOWS\system32\Drivers\appdrv01.sys
21:17:06.0906 4088 appdrv01 - ok
21:17:06.0953 4088 appdrvrem01 - ok
21:17:06.0953 4088 AppMgmt - ok
21:17:07.0000 4088 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:17:07.0015 4088 Arp1394 - ok
21:17:07.0031 4088 asc - ok
21:17:07.0046 4088 asc3350p - ok
21:17:07.0062 4088 asc3550 - ok
21:17:07.0171 4088 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:17:07.0234 4088 aspnet_state - ok
21:17:07.0359 4088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:17:07.0375 4088 AsyncMac - ok
21:17:07.0390 4088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:17:07.0390 4088 atapi - ok
21:17:07.0406 4088 Atdisk - ok
21:17:07.0421 4088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:17:07.0437 4088 Atmarpc - ok
21:17:07.0484 4088 AudioSrv (73f7604cfb13a066a93442f431c62c4a) C:\WINDOWS\System32\audiosrv.dll
21:17:07.0484 4088 AudioSrv - ok
21:17:07.0531 4088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:17:07.0546 4088 audstub - ok
21:17:07.0578 4088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:17:07.0593 4088 Beep - ok
21:17:07.0656 4088 BITS (9741942a86e579231d3c41aa51de042f) C:\WINDOWS\system32\qmgr.dll
21:17:07.0734 4088 BITS - ok
21:17:07.0765 4088 Browser (e0d4a1cc49efb58a32b5e9d35798c9dd) C:\WINDOWS\System32\browser.dll
21:17:07.0765 4088 Browser - ok
21:17:07.0828 4088 Cap7134 (2f6c4370cddeb9108c91e34210035fe8) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
21:17:07.0843 4088 Cap7134 - ok
21:17:07.0875 4088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:17:07.0890 4088 cbidf2k - ok
21:17:07.0937 4088 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:17:07.0953 4088 CCDECODE - ok
21:17:07.0968 4088 cd20xrnt - ok
21:17:08.0015 4088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:17:08.0031 4088 Cdaudio - ok
21:17:08.0046 4088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:17:08.0062 4088 Cdfs - ok
21:17:08.0078 4088 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:17:08.0093 4088 Cdrom - ok
21:17:08.0109 4088 Changer - ok
21:17:08.0156 4088 CiSvc (359c676391504438f334478585fd6465) C:\WINDOWS\system32\cisvc.exe
21:17:08.0156 4088 CiSvc - ok
21:17:08.0187 4088 ClipSrv (b8345830c5d789d3da21b91c0c94d086) C:\WINDOWS\system32\clipsrv.exe
21:17:08.0187 4088 ClipSrv - ok
21:17:08.0265 4088 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:17:08.0359 4088 clr_optimization_v2.0.50727_32 - ok
21:17:08.0437 4088 CmdIde - ok
21:17:08.0453 4088 COMSysApp - ok
21:17:08.0484 4088 Cpqarray - ok
21:17:08.0531 4088 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTSvcCDA.EXE
21:17:08.0531 4088 Creative Service for CDROM Access - ok
21:17:08.0562 4088 CryptSvc (04fd6585508a7320b2c7453ced231d6b) C:\WINDOWS\System32\cryptsvc.dll
21:17:08.0578 4088 CryptSvc - ok
21:17:08.0640 4088 ctac32k (a5e67327b49e1f4341d470d8bbcbc401) C:\WINDOWS\system32\drivers\ctac32k.sys
21:17:08.0656 4088 ctac32k - ok
21:17:08.0734 4088 ctaud2k (dd2367251d8aa9315d71023e541048c9) C:\WINDOWS\system32\drivers\ctaud2k.sys
21:17:08.0734 4088 ctaud2k - ok
21:17:08.0765 4088 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
21:17:08.0796 4088 ctdvda2k - ok
21:17:08.0796 4088 ctprxy2k (c7fc5d87b06207a5d34697b627826618) C:\WINDOWS\system32\drivers\ctprxy2k.sys
21:17:08.0812 4088 ctprxy2k - ok
21:17:08.0859 4088 ctsfm2k (2c0af71cf0e1224a2dfc2b67e63b02b1) C:\WINDOWS\system32\drivers\ctsfm2k.sys
21:17:08.0875 4088 ctsfm2k - ok
21:17:08.0890 4088 dac2w2k - ok
21:17:08.0890 4088 dac960nt - ok
21:17:08.0937 4088 DcomLaunch (87dadc3f6e6cd5aaeb913e19cbff922c) C:\WINDOWS\system32\rpcss.dll
21:17:08.0953 4088 DcomLaunch - ok
21:17:09.0000 4088 Dhcp (0ce3fa1c1a6803b34022d6c47273930d) C:\WINDOWS\System32\dhcpcsvc.dll
21:17:09.0000 4088 Dhcp - ok
21:17:09.0062 4088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:17:09.0093 4088 Disk - ok
21:17:09.0093 4088 dmadmin - ok
21:17:09.0156 4088 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys
21:17:09.0187 4088 dmboot - ok
21:17:09.0218 4088 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys
21:17:09.0234 4088 dmio - ok
21:17:09.0265 4088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:17:09.0281 4088 dmload - ok
21:17:09.0328 4088 dmserver (77db107fd2d8de42b3adc7fce084f653) C:\WINDOWS\System32\dmserver.dll
21:17:09.0328 4088 dmserver - ok
21:17:09.0343 4088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:17:09.0343 4088 DMusic - ok
21:17:09.0390 4088 Dnscache (efac4d4c80ccd725cc5bd7d3dbf18c74) C:\WINDOWS\System32\dnsrslvr.dll
21:17:09.0390 4088 Dnscache - ok
21:17:09.0421 4088 Dot3svc (c3c6cf67796acdd8329cb0e44367a1eb) C:\WINDOWS\System32\dot3svc.dll
21:17:09.0421 4088 Dot3svc - ok
21:17:09.0468 4088 dpti2o - ok
21:17:09.0515 4088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:17:09.0531 4088 drmkaud - ok
21:17:09.0578 4088 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:17:09.0578 4088 E100B - ok
21:17:09.0625 4088 eamon (54e6b2194da2b8a286077a8abf42d3b7) C:\WINDOWS\system32\DRIVERS\eamon.sys
21:17:09.0656 4088 eamon - ok
21:17:09.0687 4088 EapHost (d9cabe63af4bc951302d9e508cb5599a) C:\WINDOWS\System32\eapsvc.dll
21:17:09.0687 4088 EapHost - ok
21:17:09.0734 4088 ehdrv (299a7ce452023a99a65d0d28f3b2bbf6) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
21:17:09.0765 4088 ehdrv - ok
21:17:09.0843 4088 EhttpSrv (2300f43197c5ae35b700c04d5e1b6ba6) C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
21:17:09.0843 4088 EhttpSrv - ok
21:17:09.0890 4088 ekrn (4032f381c6a7d396d62a4f5219585a46) C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
21:17:09.0906 4088 ekrn - ok
21:17:10.0046 4088 emupia (091d37e0f5193f708c9006b1f2e23ee4) C:\WINDOWS\system32\drivers\emupia2k.sys
21:17:10.0062 4088 emupia - ok
21:17:10.0109 4088 epfwtdir (aca520730cacc3afd206b92a6518c41a) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
21:17:10.0156 4088 epfwtdir - ok
21:17:10.0187 4088 ERSvc (bc5287dc6dc7ebb13aa825caa6482f94) C:\WINDOWS\System32\ersvc.dll
21:17:10.0187 4088 ERSvc - ok
21:17:10.0234 4088 Eventlog (8870b0c4a094c1ce80cea6f85fa38ff2) C:\WINDOWS\system32\services.exe
21:17:10.0234 4088 Eventlog - ok
21:17:10.0281 4088 EventSystem (01cec6de315f1a06ce5aa70009c6979e) C:\WINDOWS\system32\es.dll
21:17:10.0281 4088 EventSystem - ok
21:17:10.0359 4088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:17:10.0375 4088 Fastfat - ok
21:17:10.0421 4088 FastUserSwitchingCompatibility (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll
21:17:10.0421 4088 FastUserSwitchingCompatibility - ok
21:17:10.0484 4088 Fax (fabd828c834c76e71c02a315dda5ab87) C:\WINDOWS\system32\fxssvc.exe
21:17:10.0484 4088 Fax - ok
21:17:10.0500 4088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:17:10.0515 4088 Fdc - ok
21:17:10.0531 4088 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys
21:17:10.0562 4088 Fips - ok
21:17:10.0562 4088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:17:10.0593 4088 Flpydisk - ok
21:17:10.0640 4088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:17:10.0656 4088 FltMgr - ok
21:17:10.0750 4088 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:17:10.0750 4088 FontCache3.0.0.0 - ok
21:17:10.0781 4088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:17:10.0796 4088 Fs_Rec - ok
21:17:10.0812 4088 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:17:10.0828 4088 Ftdisk - ok
21:17:10.0875 4088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:17:10.0890 4088 Gpc - ok
21:17:10.0953 4088 ha10kx2k (1ad88bcf3d043baa58c15eb262625f9b) C:\WINDOWS\system32\drivers\ha10kx2k.sys
21:17:10.0984 4088 ha10kx2k - ok
21:17:11.0000 4088 hap16v2k (8ff42f63c722a1dd4c91ff6a497fd6b2) C:\WINDOWS\system32\drivers\hap16v2k.sys
21:17:11.0031 4088 hap16v2k - ok
21:17:11.0093 4088 helpsvc (202c95f334c53a5a8bd0d8465512b3f4) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:17:11.0109 4088 helpsvc - ok
21:17:11.0187 4088 HidServ (71aace06b5f93cf02d05e4e2ec479aac) C:\WINDOWS\System32\hidserv.dll
21:17:11.0187 4088 HidServ - ok
21:17:11.0265 4088 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:17:11.0281 4088 HidUsb - ok
21:17:11.0312 4088 hkmsvc (98580e101404565700fd12e03f7ee056) C:\WINDOWS\System32\kmsvc.dll
21:17:11.0328 4088 hkmsvc - ok
21:17:11.0328 4088 hpn - ok
21:17:11.0375 4088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:17:11.0375 4088 HTTP - ok
21:17:11.0390 4088 HTTPFilter (f504d07cb25d62ab8d079c1f868651ae) C:\WINDOWS\System32\w3ssl.dll
21:17:11.0390 4088 HTTPFilter - ok
21:17:11.0406 4088 i2omgmt - ok
21:17:11.0421 4088 i2omp - ok
21:17:11.0437 4088 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:17:11.0468 4088 i8042prt - ok
21:17:11.0578 4088 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:17:11.0609 4088 idsvc - ok
21:17:11.0718 4088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:17:11.0734 4088 Imapi - ok
21:17:11.0781 4088 ImapiService (891b69c3de6c55a7868b3bb52bc131aa) C:\WINDOWS\system32\imapi.exe
21:17:11.0781 4088 ImapiService - ok
21:17:11.0796 4088 ini910u - ok
21:17:11.0812 4088 IntelIde (3012ee13f357a99361ad8b0d93e13c45) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:17:11.0828 4088 IntelIde - ok
21:17:11.0859 4088 intelppm (02431778e84a525d29929d14bab71d53) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:17:11.0859 4088 intelppm - ok
21:17:11.0890 4088 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:17:11.0921 4088 Ip6Fw - ok
21:17:11.0953 4088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:17:11.0984 4088 IpFilterDriver - ok
21:17:12.0015 4088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:17:12.0031 4088 IpInIp - ok
21:17:12.0062 4088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:17:12.0078 4088 IpNat - ok
21:17:12.0109 4088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:17:12.0125 4088 IPSec - ok
21:17:12.0140 4088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:17:12.0156 4088 IRENUM - ok
21:17:12.0203 4088 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:17:12.0218 4088 isapnp - ok
21:17:12.0343 4088 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program\Java\jre6\bin\jqs.exe
21:17:12.0343 4088 JavaQuickStarterService - ok
21:17:12.0500 4088 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:17:12.0515 4088 Kbdclass - ok
21:17:12.0531 4088 kbdhid (e1e28876fe7602b0a1d040354de35c06) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:17:12.0546 4088 kbdhid - ok
21:17:12.0578 4088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:17:12.0578 4088 kmixer - ok
21:17:12.0609 4088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:17:12.0625 4088 KSecDD - ok
21:17:12.0671 4088 lanmanserver (2c633a578d5adaaa821c675d65f959c5) C:\WINDOWS\System32\srvsvc.dll
21:17:12.0671 4088 lanmanserver - ok
21:17:12.0718 4088 lanmanworkstation (eaa41d225b9da1314e0977c774864430) C:\WINDOWS\System32\wkssvc.dll
21:17:12.0718 4088 lanmanworkstation - ok
21:17:12.0734 4088 lbrtfdc - ok
21:17:12.0765 4088 LicCtrlService (29fab5363138f6e322f4cd780ed9d337) C:\WINDOWS\runservice.exe
21:17:14.0890 4088 LicCtrlService - ok
21:17:15.0000 4088 LightScribeService (9bd7add61b031307dd075e5e6a917c4d) c:\Program\Delade filer\LightScribe\LSSrvc.exe
21:17:15.0000 4088 LightScribeService - ok
21:17:15.0125 4088 LmHosts (ee155cf65cdc8be1b4effa24a69fc924) C:\WINDOWS\System32\lmhsvc.dll
21:17:15.0125 4088 LmHosts - ok
21:17:15.0203 4088 ltmodem5 (382beceede63a1b62cef72d7786f1008) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
21:17:15.0218 4088 ltmodem5 - ok
21:17:15.0250 4088 Messenger (363e8ebae26bb8b4987c91b4d3ce0f54) C:\WINDOWS\System32\msgsvc.dll
21:17:15.0265 4088 Messenger - ok
21:17:15.0296 4088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:17:15.0312 4088 mnmdd - ok
21:17:15.0359 4088 mnmsrvc (2bc41300b822562ac0a524dcdd2da027) C:\WINDOWS\system32\mnmsrvc.exe
21:17:15.0359 4088 mnmsrvc - ok
21:17:15.0406 4088 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys
21:17:15.0406 4088 Modem - ok
21:17:15.0421 4088 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:17:15.0468 4088 Mouclass - ok
21:17:15.0500 4088 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:17:15.0515 4088 mouhid - ok
21:17:15.0531 4088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:17:15.0546 4088 MountMgr - ok
21:17:15.0562 4088 mraid35x - ok
21:17:15.0578 4088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:17:15.0609 4088 MRxDAV - ok
21:17:15.0656 4088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:17:15.0656 4088 MRxSmb - ok
21:17:15.0703 4088 MSDTC (7a73fdeef6cf45d27edd73220eaf1c8f) C:\WINDOWS\system32\msdtc.exe
21:17:15.0703 4088 MSDTC - ok
21:17:15.0718 4088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:17:15.0734 4088 Msfs - ok
21:17:15.0750 4088 MSIServer - ok
21:17:15.0765 4088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:17:15.0781 4088 MSKSSRV - ok
21:17:15.0796 4088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:17:15.0828 4088 MSPCLOCK - ok
21:17:15.0843 4088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:17:15.0859 4088 MSPQM - ok
21:17:15.0875 4088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:17:15.0906 4088 mssmbios - ok
21:17:15.0921 4088 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:17:15.0953 4088 MSTEE - ok
21:17:16.0000 4088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:17:16.0000 4088 Mup - ok
21:17:16.0015 4088 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:17:16.0046 4088 NABTSFEC - ok
21:17:16.0093 4088 napagent (28d11a2ecdfcb280624bd7006d85c38e) C:\WINDOWS\System32\qagentrt.dll
21:17:16.0093 4088 napagent - ok
21:17:16.0171 4088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:17:16.0171 4088 NDIS - ok
21:17:16.0203 4088 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:17:16.0218 4088 NdisIP - ok
21:17:16.0250 4088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:17:16.0250 4088 NdisTapi - ok
21:17:16.0281 4088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:17:16.0296 4088 Ndisuio - ok
21:17:16.0312 4088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:17:16.0328 4088 NdisWan - ok
21:17:16.0390 4088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:17:16.0390 4088 NDProxy - ok
21:17:16.0406 4088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:17:16.0421 4088 NetBIOS - ok
21:17:16.0453 4088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:17:16.0468 4088 NetBT - ok
21:17:16.0500 4088 NetDDE (5a922c8e35bf372f3dd3ec61345634b7) C:\WINDOWS\system32\netdde.exe
21:17:16.0515 4088 NetDDE - ok
21:17:16.0515 4088 NetDDEdsdm (5a922c8e35bf372f3dd3ec61345634b7) C:\WINDOWS\system32\netdde.exe
21:17:16.0515 4088 NetDDEdsdm - ok
21:17:16.0562 4088 Netlogon (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
21:17:16.0562 4088 Netlogon - ok
21:17:16.0578 4088 Netman (7f791c1c9d3fec5d3f519c9db19465d3) C:\WINDOWS\System32\netman.dll
21:17:16.0578 4088 Netman - ok
21:17:16.0671 4088 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:17:16.0671 4088 NetTcpPortSharing - ok
21:17:16.0750 4088 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:17:16.0750 4088 NIC1394 - ok
21:17:16.0781 4088 Nla (d080a76f42dfe1e7af0c069ae5bad8fc) C:\WINDOWS\System32\mswsock.dll
21:17:16.0781 4088 Nla - ok
21:17:16.0812 4088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:17:16.0828 4088 Npfs - ok
21:17:16.0859 4088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:17:16.0890 4088 Ntfs - ok
21:17:16.0937 4088 NtLmSsp (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
21:17:16.0937 4088 NtLmSsp - ok
21:17:16.0984 4088 NtmsSvc (5fd9f539baf23288d131f1b709a62807) C:\WINDOWS\system32\ntmssvc.dll
21:17:17.0000 4088 NtmsSvc - ok
21:17:17.0031 4088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:17:17.0046 4088 Null - ok
21:17:17.0390 4088 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:17:17.0718 4088 nv - ok
21:17:17.0781 4088 NVSvc (32f7dec3729b3bae66eebcab7b03b18f) C:\WINDOWS\system32\nvsvc32.exe
21:17:17.0781 4088 NVSvc - ok
21:17:17.0890 4088 nvUpdatusService (2cc4e45b0eb4c48392cec9c83b5b8e3b) C:\Program\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:17:17.0906 4088 nvUpdatusService - ok
21:17:17.0968 4088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:17:17.0984 4088 NwlnkFlt - ok
21:17:18.0000 4088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:17:18.0015 4088 NwlnkFwd - ok
21:17:18.0046 4088 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:17:18.0046 4088 ohci1394 - ok
21:17:18.0093 4088 ossrv (04fd6d19435b7b192a29428a2f60ac31) C:\WINDOWS\system32\drivers\ctoss2k.sys
21:17:18.0093 4088 ossrv - ok
21:17:18.0140 4088 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\DRIVERS\parport.sys
21:17:18.0171 4088 Parport - ok
21:17:18.0171 4088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:17:18.0203 4088 PartMgr - ok
21:17:18.0234 4088 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys
21:17:18.0250 4088 ParVdm - ok
21:17:18.0250 4088 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys
21:17:18.0281 4088 PCI - ok
21:17:18.0281 4088 PCIDump - ok
21:17:18.0296 4088 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:17:18.0312 4088 PCIIde - ok
21:17:18.0343 4088 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:17:18.0375 4088 Pcmcia - ok
21:17:18.0390 4088 PDCOMP - ok
21:17:18.0406 4088 PDFRAME - ok
21:17:18.0421 4088 PDRELI - ok
21:17:18.0437 4088 PDRFRAME - ok
21:17:18.0437 4088 perc2 - ok
21:17:18.0453 4088 perc2hib - ok
21:17:18.0500 4088 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
21:17:18.0500 4088 PfModNT - ok
21:17:18.0546 4088 PhTVTune (b76a595d928b519a739a80d2695b29b3) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
21:17:18.0578 4088 PhTVTune - ok
21:17:18.0609 4088 PlugPlay (8870b0c4a094c1ce80cea6f85fa38ff2) C:\WINDOWS\system32\services.exe
21:17:18.0609 4088 PlugPlay - ok
21:17:18.0656 4088 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
21:17:18.0656 4088 Pml Driver HPZ12 - ok
21:17:18.0703 4088 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\WINDOWS\system32\PnkBstrA.exe
21:17:18.0718 4088 PnkBstrA - ok
21:17:18.0765 4088 PnkBstrB (7c01817adf3207fb65a4b56e6d5ad833) C:\WINDOWS\system32\PnkBstrB.exe
21:17:19.0093 4088 PnkBstrB - ok
21:17:19.0140 4088 PolicyAgent (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
21:17:19.0140 4088 PolicyAgent - ok
21:17:19.0203 4088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:17:19.0234 4088 PptpMiniport - ok
21:17:19.0250 4088 Processor (992e4b2a91e6a2f3d21de89b9273353a) C:\WINDOWS\system32\DRIVERS\processr.sys
21:17:19.0265 4088 Processor - ok
21:17:19.0328 4088 prodrv06 (18d9789a4664bf417eea944d2776091a) C:\WINDOWS\System32\drivers\prodrv06.sys
21:17:19.0328 4088 prodrv06 - ok
21:17:19.0375 4088 prohlp02 (8cc9671a7ed2902e747ee0892e1c8575) C:\WINDOWS\system32\drivers\prohlp02.sys
21:17:19.0375 4088 prohlp02 - ok
21:17:19.0406 4088 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
21:17:19.0421 4088 prosync1 - ok
21:17:19.0468 4088 ProtectedStorage (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
21:17:19.0468 4088 ProtectedStorage - ok
21:17:19.0500 4088 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
21:17:19.0500 4088 Ps2 - ok
21:17:19.0546 4088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:17:19.0578 4088 PSched - ok
21:17:19.0609 4088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:17:19.0640 4088 Ptilink - ok
21:17:19.0671 4088 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:17:19.0687 4088 PxHelp20 - ok
21:17:19.0703 4088 ql1080 - ok
21:17:19.0718 4088 Ql10wnt - ok
21:17:19.0734 4088 ql12160 - ok
21:17:19.0734 4088 ql1240 - ok
21:17:19.0750 4088 ql1280 - ok
21:17:19.0781 4088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:17:19.0796 4088 RasAcd - ok
21:17:19.0843 4088 RasAuto (15d787dffce46cfc4c7f567095ce8323) C:\WINDOWS\System32\rasauto.dll
21:17:19.0843 4088 RasAuto - ok
21:17:19.0875 4088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:17:19.0890 4088 Rasl2tp - ok
21:17:19.0937 4088 RasMan (1e86de6b0df33953cf9ce449dd6e8442) C:\WINDOWS\System32\rasmans.dll
21:17:19.0953 4088 RasMan - ok
21:17:19.0968 4088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:17:19.0984 4088 RasPppoe - ok
21:17:20.0015 4088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:17:20.0031 4088 Raspti - ok
21:17:20.0046 4088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:17:20.0109 4088 Rdbss - ok
21:17:20.0125 4088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:17:20.0140 4088 RDPCDD - ok
21:17:20.0203 4088 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:17:20.0203 4088 RDPWD - ok
21:17:20.0265 4088 RDSessMgr (fe7c16fa5cbc560579c9728534fbaf6f) C:\WINDOWS\system32\sessmgr.exe
21:17:20.0265 4088 RDSessMgr - ok
21:17:20.0281 4088 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:17:20.0296 4088 redbook - ok
21:17:20.0343 4088 RemoteAccess (fcd42d82c6f5e0e1506eca01d692dde7) C:\WINDOWS\System32\mprdim.dll
21:17:20.0343 4088 RemoteAccess - ok
21:17:20.0390 4088 RpcLocator (2cfb81b412a5d3cbd55cefaccb5e2cee) C:\WINDOWS\system32\locator.exe
21:17:20.0390 4088 RpcLocator - ok
21:17:20.0453 4088 RpcSs (87dadc3f6e6cd5aaeb913e19cbff922c) C:\WINDOWS\system32\rpcss.dll
21:17:20.0453 4088 RpcSs - ok
21:17:20.0484 4088 RSVP (72407e48f912ed57213ae474b8a6798b) C:\WINDOWS\system32\rsvp.exe
21:17:20.0484 4088 RSVP - ok
21:17:20.0562 4088 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:17:20.0578 4088 rtl8139 - ok
21:17:20.0625 4088 SamSs (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
21:17:20.0625 4088 SamSs - ok
21:17:20.0656 4088 SCardSvr (d339f34d824a7d42ff4d61f1d9d06029) C:\WINDOWS\System32\SCardSvr.exe
21:17:20.0671 4088 SCardSvr - ok
21:17:20.0718 4088 Schedule (c7dc69a9d8c9ab2fbca3238c989d598f) C:\WINDOWS\system32\schedsvc.dll
21:17:20.0718 4088 Schedule - ok
21:17:20.0781 4088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:17:20.0812 4088 Secdrv - ok
21:17:20.0828 4088 seclogon (ed70eb06f13062366b126b1c7475c127) C:\WINDOWS\System32\seclogon.dll
21:17:20.0828 4088 seclogon - ok
21:17:20.0843 4088 SENS (ea7b436a948c875dc94c6062fcbbc2d9) C:\WINDOWS\system32\sens.dll
21:17:20.0843 4088 SENS - ok
21:17:20.0890 4088 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\drivers\Serial.sys
21:17:20.0921 4088 Serial - ok
21:17:20.0968 4088 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
21:17:20.0984 4088 sfhlp01 - ok
21:17:21.0000 4088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:17:21.0031 4088 Sfloppy - ok
21:17:21.0078 4088 SharedAccess (30e1a46734bdf836c8770949c86b42a4) C:\WINDOWS\System32\ipnathlp.dll
21:17:21.0078 4088 SharedAccess - ok
21:17:21.0125 4088 ShellHWDetection (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll
21:17:21.0125 4088 ShellHWDetection - ok
21:17:21.0171 4088 Simbad - ok
21:17:21.0218 4088 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:17:21.0234 4088 SLIP - ok
21:17:21.0250 4088 Sparrow - ok
21:17:21.0281 4088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:17:21.0281 4088 splitter - ok
21:17:21.0312 4088 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:17:21.0312 4088 Spooler - ok
21:17:21.0375 4088 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
21:17:21.0375 4088 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
21:17:21.0390 4088 sptd ( LockedFile.Multi.Generic ) - warning
21:17:21.0390 4088 sptd - detected LockedFile.Multi.Generic (1)
21:17:21.0406 4088 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys
21:17:21.0437 4088 sr - ok
21:17:21.0453 4088 srservice (25edb60132f9d82cb1b7961c1d0d13f2) C:\WINDOWS\system32\srsvc.dll
21:17:21.0468 4088 srservice - ok
21:17:21.0515 4088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:17:21.0531 4088 Srv - ok
21:17:21.0546 4088 SSDPSRV (53ffc29dc150e0107f28f0a622ff8d1a) C:\WINDOWS\System32\ssdpsrv.dll
21:17:21.0546 4088 SSDPSRV - ok
21:17:21.0609 4088 stisvc (5835d4ad35905215e1059a973b022ea1) C:\WINDOWS\system32\wiaservc.dll
21:17:21.0609 4088 stisvc - ok
21:17:21.0671 4088 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:17:21.0687 4088 streamip - ok
21:17:21.0718 4088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:17:21.0734 4088 swenum - ok
21:17:21.0765 4088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:17:21.0796 4088 swmidi - ok
21:17:21.0812 4088 SwPrv - ok
21:17:21.0828 4088 symc810 - ok
21:17:21.0843 4088 symc8xx - ok
21:17:21.0859 4088 sym_hi - ok
21:17:21.0875 4088 sym_u3 - ok
21:17:21.0890 4088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:17:21.0890 4088 sysaudio - ok
21:17:21.0937 4088 SysmonLog (71a08eec00a703445a2cbc0e91ef0952) C:\WINDOWS\system32\smlogsvc.exe
21:17:21.0937 4088 SysmonLog - ok
21:17:21.0968 4088 TapiSrv (18261106524f7a93ceceacdc03a5b989) C:\WINDOWS\System32\tapisrv.dll
21:17:21.0968 4088 TapiSrv - ok
21:17:22.0015 4088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:17:22.0015 4088 Tcpip - ok
21:17:22.0062 4088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:17:22.0078 4088 TDPIPE - ok
21:17:22.0125 4088 Tdsshbecr (4a766448821359df6a0427a91782385a) C:\WINDOWS\system32\DRIVERS\shbecr.sys
21:17:22.0140 4088 Tdsshbecr - ok
21:17:22.0156 4088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:17:22.0187 4088 TDTCP - ok
21:17:22.0203 4088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:17:22.0265 4088 TermDD - ok
21:17:22.0406 4088 TermService (f89c53d455420df4d66e45842fb3a46e) C:\WINDOWS\System32\termsrv.dll
21:17:22.0406 4088 TermService - ok
21:17:22.0500 4088 Themes (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll
21:17:22.0500 4088 Themes - ok
21:17:22.0546 4088 TosIde - ok
21:17:22.0562 4088 TrkWks (548867e040cb81a82b5df09d074f95f8) C:\WINDOWS\system32\trkwks.dll
21:17:22.0562 4088 TrkWks - ok
21:17:22.0609 4088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:17:22.0640 4088 Udfs - ok
21:17:22.0656 4088 ultra - ok
21:17:22.0703 4088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:17:22.0765 4088 Update - ok
21:17:22.0796 4088 upnphost (b1222a2302480d56a32c5343150bb16d) C:\WINDOWS\System32\upnphost.dll
21:17:22.0796 4088 upnphost - ok
21:17:22.0828 4088 UPS (7b07af3d4545ad6fee34b5f2eb247c8f) C:\WINDOWS\System32\ups.exe
21:17:22.0828 4088 UPS - ok
21:17:22.0875 4088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:17:22.0906 4088 usbccgp - ok
21:17:22.0937 4088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:17:22.0968 4088 usbehci - ok
21:17:22.0984 4088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:17:23.0031 4088 usbhub - ok
21:17:23.0062 4088 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:17:23.0093 4088 usbohci - ok
21:17:23.0125 4088 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:17:23.0156 4088 USBSTOR - ok
21:17:23.0156 4088 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:17:23.0187 4088 usbuhci - ok
21:17:23.0234 4088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:17:23.0250 4088 VgaSave - ok
21:17:23.0281 4088 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:17:23.0312 4088 ViaIde - ok
21:17:23.0328 4088 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys
21:17:23.0375 4088 VolSnap - ok
21:17:23.0437 4088 VSS (940950dc9e34b05986bbbb1d1a33b74f) C:\WINDOWS\System32\vssvc.exe
21:17:23.0437 4088 VSS - ok
21:17:23.0468 4088 W32Time (4bf06a1dcd6a91c482e79340fee527ca) C:\WINDOWS\system32\w32time.dll
21:17:23.0468 4088 W32Time - ok
21:17:23.0500 4088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:17:23.0531 4088 Wanarp - ok
21:17:23.0593 4088 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:17:23.0640 4088 Wdf01000 - ok
21:17:23.0656 4088 WDICA - ok
21:17:23.0687 4088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:17:23.0718 4088 wdmaud - ok
21:17:23.0765 4088 WebClient (e6dfcadf5089a68ecd288e9a803a892c) C:\WINDOWS\System32\webclnt.dll
21:17:23.0781 4088 WebClient - ok
21:17:23.0859 4088 winmgmt (cf4e2a27495f7ea6b3128d9a731b3716) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:17:23.0875 4088 winmgmt - ok
21:17:23.0921 4088 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe
21:17:23.0921 4088 WMDM PMSP Service - ok
21:17:23.0968 4088 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:17:23.0968 4088 WmdmPmSN - ok
21:17:24.0062 4088 WmiApSrv (9bfadc02a9e27bfdff59e61302f92517) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:17:24.0062 4088 WmiApSrv - ok
21:17:24.0171 4088 WMPNetworkSvc (de188dd69ca74b1512adc5a7639523b2) C:\Program\Windows Media Player\WMPNetwk.exe
21:17:24.0203 4088 WMPNetworkSvc - ok
21:17:24.0390 4088 WN5401 (f87497cf86995df3b075234235682647) C:\WINDOWS\system32\DRIVERS\wn5401.sys
21:17:24.0390 4088 WN5401 - ok
21:17:24.0421 4088 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
21:17:24.0437 4088 WpdUsb - ok
21:17:24.0484 4088 wscsvc (4ac32513fa47c8219448269bf895fc34) C:\WINDOWS\system32\wscsvc.dll
21:17:24.0500 4088 wscsvc - ok
21:17:24.0546 4088 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:17:24.0578 4088 WSTCODEC - ok
21:17:24.0609 4088 wuauserv (4ceaf29d35c2608c6463e80574ddca10) C:\WINDOWS\system32\wuauserv.dll
21:17:24.0609 4088 wuauserv - ok
21:17:24.0656 4088 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:17:24.0671 4088 WudfPf - ok
21:17:24.0703 4088 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:17:24.0703 4088 WudfRd - ok
21:17:24.0734 4088 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:17:24.0750 4088 WudfSvc - ok
21:17:24.0812 4088 WZCSVC (5ec7d7f83640a921b5c616d9650520fd) C:\WINDOWS\System32\wzcsvc.dll
21:17:24.0968 4088 WZCSVC - ok
21:17:25.0031 4088 xmlprov (5b3d475aa8629320686fbffbe67ab492) C:\WINDOWS\System32\xmlprov.dll
21:17:25.0031 4088 xmlprov - ok
21:17:25.0109 4088 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
21:17:25.0125 4088 xusb21 - ok
21:17:25.0156 4088 MBR (0x1B8) (87d88fa4d3efd4431866ea91949644bf) \Device\Harddisk0\DR0
21:17:25.0171 4088 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
21:17:25.0171 4088 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
21:17:25.0187 4088 MBR (0x1B8) (87d88fa4d3efd4431866ea91949644bf) \Device\Harddisk1\DR1
21:17:25.0187 4088 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected
21:17:25.0187 4088 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0)
21:17:25.0203 4088 MBR (0x1B8) (87d88fa4d3efd4431866ea91949644bf) \Device\Harddisk6\DR9
21:17:25.0203 4088 \Device\Harddisk6\DR9 ( Rootkit.Boot.Wistler.a ) - infected
21:17:25.0203 4088 \Device\Harddisk6\DR9 - detected Rootkit.Boot.Wistler.a (0)
21:17:25.0203 4088 Boot (0x1200) (b68d3037027cda14e132aacd04deab07) \Device\Harddisk0\DR0\Partition0
21:17:25.0203 4088 \Device\Harddisk0\DR0\Partition0 - ok
21:17:25.0234 4088 Boot (0x1200) (866030127b689fbdafb443384b06cf16) \Device\Harddisk0\DR0\Partition1
21:17:25.0234 4088 \Device\Harddisk0\DR0\Partition1 - ok
21:17:25.0234 4088 Boot (0x1200) (3d49f42c02a332ed040a84c6dc71e389) \Device\Harddisk1\DR1\Partition0
21:17:25.0234 4088 \Device\Harddisk1\DR1\Partition0 - ok
21:17:25.0250 4088 Boot (0x1200) (8991bdfe2cb4036d2a6399287d2cd749) \Device\Harddisk6\DR9\Partition0
21:17:25.0250 4088 \Device\Harddisk6\DR9\Partition0 - ok
21:17:25.0250 4088 ============================================================
21:17:25.0250 4088 Scan finished
21:17:25.0250 4088 ============================================================
21:17:25.0265 3092 Detected object count: 4
21:17:25.0265 3092 Actual detected object count: 4
21:17:31.0687 3092 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:17:31.0687 3092 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:17:31.0796 3092 \Device\Harddisk0\DR0\# - copied to quarantine
21:17:31.0812 3092 \Device\Harddisk0\DR0 - copied to quarantine
21:17:31.0812 3092 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot
21:17:31.0812 3092 \Device\Harddisk0\DR0 - ok
21:17:31.0812 3092 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
21:17:31.0921 3092 \Device\Harddisk1\DR1\# - copied to quarantine
21:17:31.0921 3092 \Device\Harddisk1\DR1 - copied to quarantine
21:17:31.0937 3092 \Device\Harddisk1\DR1 - processing error
21:18:07.0140 3092 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
21:18:07.0218 3092 \Device\Harddisk6\DR9\# - copied to quarantine
21:18:07.0218 3092 \Device\Harddisk6\DR9 - copied to quarantine
21:18:07.0218 3092 \Device\Harddisk6\DR9 - processing error
21:18:08.0390 3092 \Device\Harddisk6\DR9 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
21:18:15.0828 1584 Deinitialize success
Vallentino is offline  
Old 03-28-2012, 09:40 AM   #9
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hi Vallentino,

I need you to run TDSSKiller again and post the repot. Do not cure any malicious items.
__________________
NoodleTech is offline  
Old 03-28-2012, 10:30 AM   #10
Registered Member
 
Join Date: Mar 2012
Posts: 16
OS: xp



Hi and thank you for your effort. Here is the latest scan.

19:27:36.0937 2340 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
19:27:37.0203 2340 ============================================================
19:27:37.0203 2340 Current date / time: 2012/03/28 19:27:37.0203
19:27:37.0203 2340 SystemInfo:
19:27:37.0203 2340
19:27:37.0203 2340 OS Version: 5.1.2600 ServicePack: 3.0
19:27:37.0203 2340 Product type: Workstation
19:27:37.0203 2340 ComputerName: DITT-DA7685D135
19:27:37.0203 2340 UserName: HP_Ägaren
19:27:37.0203 2340 Windows directory: C:\WINDOWS
19:27:37.0203 2340 System windows directory: C:\WINDOWS
19:27:37.0203 2340 Processor architecture: Intel x86
19:27:37.0203 2340 Number of processors: 2
19:27:37.0203 2340 Page size: 0x1000
19:27:37.0203 2340 Boot type: Normal boot
19:27:37.0203 2340 ============================================================
19:27:40.0312 2340 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
19:27:40.0328 2340 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:27:40.0453 2340 Drive \Device\Harddisk6\DR9 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8DF2D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x1, Type 'W'
19:27:48.0234 2340 \Device\Harddisk0\DR0:
19:27:48.0234 2340 MBR used
19:27:48.0234 2340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xC20751
19:27:48.0234 2340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC20790, BlocksNum 0x11DF4470
19:27:48.0234 2340 \Device\Harddisk1\DR1:
19:27:48.0234 2340 MBR used
19:27:48.0234 2340 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
19:27:48.0234 2340 \Device\Harddisk6\DR9:
19:27:48.0250 2340 MBR used
19:27:48.0250 2340 \Device\Harddisk6\DR9\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x22EE6E41
19:27:48.0578 2340 Initialize success
19:27:48.0578 2340 ============================================================
19:27:50.0265 1324 ============================================================
19:27:50.0265 1324 Scan started
19:27:50.0265 1324 Mode: Manual;
19:27:50.0265 1324 ============================================================
19:27:50.0593 1324 Abiosdsk - ok
19:27:50.0609 1324 abp480n5 - ok
19:27:50.0656 1324 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:27:50.0703 1324 ACPI - ok
19:27:50.0734 1324 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:27:50.0750 1324 ACPIEC - ok
19:27:50.0765 1324 adpu160m - ok
19:27:50.0781 1324 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:27:50.0812 1324 aec - ok
19:27:50.0859 1324 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:27:50.0859 1324 AFD - ok
19:27:50.0906 1324 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:27:50.0953 1324 AgereSoftModem - ok
19:27:50.0968 1324 Aha154x - ok
19:27:51.0000 1324 aic78u2 - ok
19:27:51.0000 1324 aic78xx - ok
19:27:51.0046 1324 Alerter (7e3c83703327499d0b98ae392ff07ede) C:\WINDOWS\system32\alrsvc.dll
19:27:51.0046 1324 Alerter - ok
19:27:51.0062 1324 ALG (5df46f9ad9c1d611a38af2abb9365b5b) C:\WINDOWS\System32\alg.exe
19:27:51.0062 1324 ALG - ok
19:27:51.0078 1324 AliIde - ok
19:27:51.0093 1324 amsint - ok
19:27:51.0218 1324 appdrv01 (98f481241ba8bba38aa565bd3bf678f9) C:\WINDOWS\system32\Drivers\appdrv01.sys
19:27:51.0312 1324 appdrv01 - ok
19:27:51.0343 1324 appdrvrem01 - ok
19:27:51.0359 1324 AppMgmt - ok
19:27:51.0406 1324 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:27:51.0421 1324 Arp1394 - ok
19:27:51.0437 1324 asc - ok
19:27:51.0453 1324 asc3350p - ok
19:27:51.0453 1324 asc3550 - ok
19:27:51.0562 1324 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:27:51.0609 1324 aspnet_state - ok
19:27:51.0718 1324 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:27:51.0734 1324 AsyncMac - ok
19:27:51.0765 1324 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:27:51.0765 1324 atapi - ok
19:27:51.0765 1324 Atdisk - ok
19:27:51.0796 1324 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:27:51.0812 1324 Atmarpc - ok
19:27:51.0859 1324 AudioSrv (73f7604cfb13a066a93442f431c62c4a) C:\WINDOWS\System32\audiosrv.dll
19:27:51.0875 1324 AudioSrv - ok
19:27:51.0906 1324 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:27:51.0937 1324 audstub - ok
19:27:51.0953 1324 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:27:51.0968 1324 Beep - ok
19:27:52.0031 1324 BITS (9741942a86e579231d3c41aa51de042f) C:\WINDOWS\system32\qmgr.dll
19:27:52.0109 1324 BITS - ok
19:27:52.0140 1324 Browser (e0d4a1cc49efb58a32b5e9d35798c9dd) C:\WINDOWS\System32\browser.dll
19:27:52.0140 1324 Browser - ok
19:27:52.0218 1324 Cap7134 (2f6c4370cddeb9108c91e34210035fe8) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
19:27:52.0218 1324 Cap7134 - ok
19:27:52.0359 1324 catchme - ok
19:27:52.0500 1324 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:27:52.0515 1324 cbidf2k - ok
19:27:52.0546 1324 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:27:52.0578 1324 CCDECODE - ok
19:27:52.0578 1324 cd20xrnt - ok
19:27:52.0625 1324 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:27:52.0640 1324 Cdaudio - ok
19:27:52.0656 1324 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:27:52.0671 1324 Cdfs - ok
19:27:52.0703 1324 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:27:52.0718 1324 Cdrom - ok
19:27:52.0718 1324 Changer - ok
19:27:52.0765 1324 CiSvc (359c676391504438f334478585fd6465) C:\WINDOWS\system32\cisvc.exe
19:27:52.0781 1324 CiSvc - ok
19:27:52.0796 1324 ClipSrv (b8345830c5d789d3da21b91c0c94d086) C:\WINDOWS\system32\clipsrv.exe
19:27:52.0796 1324 ClipSrv - ok
19:27:52.0890 1324 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:27:52.0953 1324 clr_optimization_v2.0.50727_32 - ok
19:27:53.0031 1324 CmdIde - ok
19:27:53.0046 1324 COMSysApp - ok
19:27:53.0062 1324 Cpqarray - ok
19:27:53.0125 1324 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTSvcCDA.EXE
19:27:53.0125 1324 Creative Service for CDROM Access - ok
19:27:53.0171 1324 CryptSvc (04fd6585508a7320b2c7453ced231d6b) C:\WINDOWS\System32\cryptsvc.dll
19:27:53.0171 1324 CryptSvc - ok
19:27:53.0234 1324 ctac32k (a5e67327b49e1f4341d470d8bbcbc401) C:\WINDOWS\system32\drivers\ctac32k.sys
19:27:53.0250 1324 ctac32k - ok
19:27:53.0281 1324 ctaud2k (dd2367251d8aa9315d71023e541048c9) C:\WINDOWS\system32\drivers\ctaud2k.sys
19:27:53.0281 1324 ctaud2k - ok
19:27:53.0312 1324 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
19:27:53.0343 1324 ctdvda2k - ok
19:27:53.0359 1324 ctprxy2k (c7fc5d87b06207a5d34697b627826618) C:\WINDOWS\system32\drivers\ctprxy2k.sys
19:27:53.0375 1324 ctprxy2k - ok
19:27:53.0406 1324 ctsfm2k (2c0af71cf0e1224a2dfc2b67e63b02b1) C:\WINDOWS\system32\drivers\ctsfm2k.sys
19:27:53.0421 1324 ctsfm2k - ok
19:27:53.0437 1324 dac2w2k - ok
19:27:53.0453 1324 dac960nt - ok
19:27:53.0500 1324 DcomLaunch (87dadc3f6e6cd5aaeb913e19cbff922c) C:\WINDOWS\system32\rpcss.dll
19:27:53.0515 1324 DcomLaunch - ok
19:27:53.0546 1324 Dhcp (0ce3fa1c1a6803b34022d6c47273930d) C:\WINDOWS\System32\dhcpcsvc.dll
19:27:53.0546 1324 Dhcp - ok
19:27:53.0625 1324 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:27:53.0640 1324 Disk - ok
19:27:53.0656 1324 dmadmin - ok
19:27:53.0687 1324 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys
19:27:53.0734 1324 dmboot - ok
19:27:53.0781 1324 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys
19:27:53.0796 1324 dmio - ok
19:27:53.0828 1324 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:27:53.0843 1324 dmload - ok
19:27:53.0890 1324 dmserver (77db107fd2d8de42b3adc7fce084f653) C:\WINDOWS\System32\dmserver.dll
19:27:53.0890 1324 dmserver - ok
19:27:53.0968 1324 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:27:53.0968 1324 DMusic - ok
19:27:54.0000 1324 Dnscache (efac4d4c80ccd725cc5bd7d3dbf18c74) C:\WINDOWS\System32\dnsrslvr.dll
19:27:54.0015 1324 Dnscache - ok
19:27:54.0046 1324 Dot3svc (c3c6cf67796acdd8329cb0e44367a1eb) C:\WINDOWS\System32\dot3svc.dll
19:27:54.0062 1324 Dot3svc - ok
19:27:54.0062 1324 dpti2o - ok
19:27:54.0093 1324 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:27:54.0109 1324 drmkaud - ok
19:27:54.0156 1324 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:27:54.0171 1324 E100B - ok
19:27:54.0218 1324 eamon (54e6b2194da2b8a286077a8abf42d3b7) C:\WINDOWS\system32\DRIVERS\eamon.sys
19:27:54.0234 1324 eamon - ok
19:27:54.0281 1324 EapHost (d9cabe63af4bc951302d9e508cb5599a) C:\WINDOWS\System32\eapsvc.dll
19:27:54.0281 1324 EapHost - ok
19:27:54.0328 1324 ehdrv (299a7ce452023a99a65d0d28f3b2bbf6) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
19:27:54.0343 1324 ehdrv - ok
19:27:54.0437 1324 EhttpSrv (2300f43197c5ae35b700c04d5e1b6ba6) C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19:27:54.0437 1324 EhttpSrv - ok
19:27:54.0484 1324 ekrn (4032f381c6a7d396d62a4f5219585a46) C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
19:27:54.0484 1324 ekrn - ok
19:27:54.0640 1324 emupia (091d37e0f5193f708c9006b1f2e23ee4) C:\WINDOWS\system32\drivers\emupia2k.sys
19:27:54.0656 1324 emupia - ok
19:27:54.0671 1324 epfwtdir (aca520730cacc3afd206b92a6518c41a) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
19:27:54.0703 1324 epfwtdir - ok
19:27:54.0750 1324 ERSvc (bc5287dc6dc7ebb13aa825caa6482f94) C:\WINDOWS\System32\ersvc.dll
19:27:54.0750 1324 ERSvc - ok
19:27:54.0796 1324 Eventlog (8870b0c4a094c1ce80cea6f85fa38ff2) C:\WINDOWS\system32\services.exe
19:27:54.0796 1324 Eventlog - ok
19:27:54.0859 1324 EventSystem (01cec6de315f1a06ce5aa70009c6979e) C:\WINDOWS\system32\es.dll
19:27:54.0859 1324 EventSystem - ok
19:27:54.0937 1324 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:27:54.0953 1324 Fastfat - ok
19:27:55.0000 1324 FastUserSwitchingCompatibility (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll
19:27:55.0000 1324 FastUserSwitchingCompatibility - ok
19:27:55.0046 1324 Fax (fabd828c834c76e71c02a315dda5ab87) C:\WINDOWS\system32\fxssvc.exe
19:27:55.0046 1324 Fax - ok
19:27:55.0062 1324 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:27:55.0093 1324 Fdc - ok
19:27:55.0109 1324 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys
19:27:55.0125 1324 Fips - ok
19:27:55.0140 1324 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:27:55.0156 1324 Flpydisk - ok
19:27:55.0187 1324 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:27:55.0218 1324 FltMgr - ok
19:27:55.0296 1324 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:27:55.0296 1324 FontCache3.0.0.0 - ok
19:27:55.0359 1324 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:27:55.0375 1324 Fs_Rec - ok
19:27:55.0390 1324 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:27:55.0421 1324 Ftdisk - ok
19:27:55.0453 1324 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:27:55.0468 1324 Gpc - ok
19:27:55.0531 1324 ha10kx2k (1ad88bcf3d043baa58c15eb262625f9b) C:\WINDOWS\system32\drivers\ha10kx2k.sys
19:27:55.0578 1324 ha10kx2k - ok
19:27:55.0593 1324 hap16v2k (8ff42f63c722a1dd4c91ff6a497fd6b2) C:\WINDOWS\system32\drivers\hap16v2k.sys
19:27:55.0609 1324 hap16v2k - ok
19:27:55.0687 1324 helpsvc (202c95f334c53a5a8bd0d8465512b3f4) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:27:55.0687 1324 helpsvc - ok
19:27:55.0765 1324 HidServ (71aace06b5f93cf02d05e4e2ec479aac) C:\WINDOWS\System32\hidserv.dll
19:27:55.0765 1324 HidServ - ok
19:27:55.0843 1324 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:27:55.0859 1324 HidUsb - ok
19:27:55.0906 1324 hkmsvc (98580e101404565700fd12e03f7ee056) C:\WINDOWS\System32\kmsvc.dll
19:27:55.0906 1324 hkmsvc - ok
19:27:55.0921 1324 hpn - ok
19:27:55.0953 1324 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:27:56.0000 1324 HTTP - ok
19:27:56.0015 1324 HTTPFilter (f504d07cb25d62ab8d079c1f868651ae) C:\WINDOWS\System32\w3ssl.dll
19:27:56.0031 1324 HTTPFilter - ok
19:27:56.0031 1324 i2omgmt - ok
19:27:56.0046 1324 i2omp - ok
19:27:56.0078 1324 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:27:56.0109 1324 i8042prt - ok
19:27:56.0203 1324 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:27:56.0234 1324 idsvc - ok
19:27:56.0343 1324 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:27:56.0359 1324 Imapi - ok
19:27:56.0406 1324 ImapiService (891b69c3de6c55a7868b3bb52bc131aa) C:\WINDOWS\system32\imapi.exe
19:27:56.0406 1324 ImapiService - ok
19:27:56.0421 1324 ini910u - ok
19:27:56.0437 1324 IntelIde (3012ee13f357a99361ad8b0d93e13c45) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:27:56.0468 1324 IntelIde - ok
19:27:56.0500 1324 intelppm (02431778e84a525d29929d14bab71d53) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:27:56.0515 1324 intelppm - ok
19:27:56.0562 1324 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:27:56.0593 1324 Ip6Fw - ok
19:27:56.0640 1324 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:27:56.0671 1324 IpFilterDriver - ok
19:27:56.0703 1324 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:27:56.0718 1324 IpInIp - ok
19:27:56.0750 1324 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:27:56.0765 1324 IpNat - ok
19:27:56.0796 1324 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:27:56.0812 1324 IPSec - ok
19:27:56.0828 1324 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:27:56.0843 1324 IRENUM - ok
19:27:56.0890 1324 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:27:56.0906 1324 isapnp - ok
19:27:57.0046 1324 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program\Java\jre6\bin\jqs.exe
19:27:57.0046 1324 JavaQuickStarterService - ok
19:27:57.0203 1324 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:27:57.0218 1324 Kbdclass - ok
19:27:57.0234 1324 kbdhid (e1e28876fe7602b0a1d040354de35c06) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:27:57.0250 1324 kbdhid - ok
19:27:57.0281 1324 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:27:57.0296 1324 kmixer - ok
19:27:57.0343 1324 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:27:57.0359 1324 KSecDD - ok
19:27:57.0390 1324 lanmanserver (2c633a578d5adaaa821c675d65f959c5) C:\WINDOWS\System32\srvsvc.dll
19:27:57.0406 1324 lanmanserver - ok
19:27:57.0437 1324 lanmanworkstation (eaa41d225b9da1314e0977c774864430) C:\WINDOWS\System32\wkssvc.dll
19:27:57.0437 1324 lanmanworkstation - ok
19:27:57.0484 1324 lbrtfdc - ok
19:27:57.0531 1324 LicCtrlService (29fab5363138f6e322f4cd780ed9d337) C:\WINDOWS\runservice.exe
19:27:59.0593 1324 LicCtrlService - ok
19:27:59.0703 1324 LightScribeService (9bd7add61b031307dd075e5e6a917c4d) c:\Program\Delade filer\LightScribe\LSSrvc.exe
19:27:59.0703 1324 LightScribeService - ok
19:27:59.0828 1324 LmHosts (ee155cf65cdc8be1b4effa24a69fc924) C:\WINDOWS\System32\lmhsvc.dll
19:27:59.0828 1324 LmHosts - ok
19:27:59.0906 1324 ltmodem5 (382beceede63a1b62cef72d7786f1008) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
19:27:59.0921 1324 ltmodem5 - ok
19:27:59.0937 1324 Messenger (363e8ebae26bb8b4987c91b4d3ce0f54) C:\WINDOWS\System32\msgsvc.dll
19:27:59.0937 1324 Messenger - ok
19:27:59.0968 1324 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:27:59.0984 1324 mnmdd - ok
19:28:00.0031 1324 mnmsrvc (2bc41300b822562ac0a524dcdd2da027) C:\WINDOWS\system32\mnmsrvc.exe
19:28:00.0046 1324 mnmsrvc - ok
19:28:00.0078 1324 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys
19:28:00.0093 1324 Modem - ok
19:28:00.0109 1324 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:28:00.0140 1324 Mouclass - ok
19:28:00.0171 1324 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:28:00.0187 1324 mouhid - ok
19:28:00.0203 1324 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:28:00.0218 1324 MountMgr - ok
19:28:00.0234 1324 mraid35x - ok
19:28:00.0250 1324 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:28:00.0296 1324 MRxDAV - ok
19:28:00.0328 1324 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:28:00.0375 1324 MRxSmb - ok
19:28:00.0421 1324 MSDTC (7a73fdeef6cf45d27edd73220eaf1c8f) C:\WINDOWS\system32\msdtc.exe
19:28:00.0421 1324 MSDTC - ok
19:28:00.0437 1324 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:28:00.0453 1324 Msfs - ok
19:28:00.0468 1324 MSIServer - ok
19:28:00.0484 1324 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:28:00.0500 1324 MSKSSRV - ok
19:28:00.0515 1324 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:28:00.0531 1324 MSPCLOCK - ok
19:28:00.0546 1324 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:28:00.0562 1324 MSPQM - ok
19:28:00.0593 1324 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:28:00.0609 1324 mssmbios - ok
19:28:00.0640 1324 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:28:00.0656 1324 MSTEE - ok
19:28:00.0703 1324 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:28:00.0718 1324 Mup - ok
19:28:00.0734 1324 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:28:00.0750 1324 NABTSFEC - ok
19:28:00.0796 1324 napagent (28d11a2ecdfcb280624bd7006d85c38e) C:\WINDOWS\System32\qagentrt.dll
19:28:00.0812 1324 napagent - ok
19:28:00.0828 1324 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:28:00.0828 1324 NDIS - ok
19:28:00.0843 1324 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:28:00.0859 1324 NdisIP - ok
19:28:00.0906 1324 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:28:00.0921 1324 NdisTapi - ok
19:28:00.0953 1324 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:28:00.0968 1324 Ndisuio - ok
19:28:00.0984 1324 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:28:01.0000 1324 NdisWan - ok
19:28:01.0062 1324 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:28:01.0078 1324 NDProxy - ok
19:28:01.0093 1324 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:28:01.0109 1324 NetBIOS - ok
19:28:01.0140 1324 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:28:01.0156 1324 NetBT - ok
19:28:01.0203 1324 NetDDE (5a922c8e35bf372f3dd3ec61345634b7) C:\WINDOWS\system32\netdde.exe
19:28:01.0218 1324 NetDDE - ok
19:28:01.0218 1324 NetDDEdsdm (5a922c8e35bf372f3dd3ec61345634b7) C:\WINDOWS\system32\netdde.exe
19:28:01.0218 1324 NetDDEdsdm - ok
19:28:01.0265 1324 Netlogon (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
19:28:01.0265 1324 Netlogon - ok
19:28:01.0281 1324 Netman (7f791c1c9d3fec5d3f519c9db19465d3) C:\WINDOWS\System32\netman.dll
19:28:01.0281 1324 Netman - ok
19:28:01.0375 1324 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:28:01.0375 1324 NetTcpPortSharing - ok
19:28:01.0500 1324 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:28:01.0515 1324 NIC1394 - ok
19:28:01.0562 1324 Nla (d080a76f42dfe1e7af0c069ae5bad8fc) C:\WINDOWS\System32\mswsock.dll
19:28:01.0578 1324 Nla - ok
19:28:01.0593 1324 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:28:01.0609 1324 Npfs - ok
19:28:01.0625 1324 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:28:01.0656 1324 Ntfs - ok
19:28:01.0687 1324 NtLmSsp (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
19:28:01.0703 1324 NtLmSsp - ok
19:28:01.0750 1324 NtmsSvc (5fd9f539baf23288d131f1b709a62807) C:\WINDOWS\system32\ntmssvc.dll
19:28:01.0750 1324 NtmsSvc - ok
19:28:01.0796 1324 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:28:01.0812 1324 Null - ok
19:28:02.0171 1324 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:28:02.0500 1324 nv - ok
19:28:02.0593 1324 NVSvc (32f7dec3729b3bae66eebcab7b03b18f) C:\WINDOWS\system32\nvsvc32.exe
19:28:02.0593 1324 NVSvc - ok
19:28:02.0703 1324 nvUpdatusService (2cc4e45b0eb4c48392cec9c83b5b8e3b) C:\Program\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:28:02.0718 1324 nvUpdatusService - ok
19:28:02.0781 1324 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:28:02.0796 1324 NwlnkFlt - ok
19:28:02.0812 1324 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:28:02.0828 1324 NwlnkFwd - ok
19:28:02.0875 1324 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:28:02.0906 1324 ohci1394 - ok
19:28:02.0937 1324 ossrv (04fd6d19435b7b192a29428a2f60ac31) C:\WINDOWS\system32\drivers\ctoss2k.sys
19:28:02.0953 1324 ossrv - ok
19:28:02.0968 1324 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\DRIVERS\parport.sys
19:28:02.0984 1324 Parport - ok
19:28:03.0000 1324 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:28:03.0015 1324 PartMgr - ok
19:28:03.0062 1324 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys
19:28:03.0078 1324 ParVdm - ok
19:28:03.0093 1324 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys
19:28:03.0109 1324 PCI - ok
19:28:03.0125 1324 PCIDump - ok
19:28:03.0125 1324 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:28:03.0156 1324 PCIIde - ok
19:28:03.0171 1324 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:28:03.0203 1324 Pcmcia - ok
19:28:03.0218 1324 PDCOMP - ok
19:28:03.0234 1324 PDFRAME - ok
19:28:03.0250 1324 PDRELI - ok
19:28:03.0265 1324 PDRFRAME - ok
19:28:03.0265 1324 perc2 - ok
19:28:03.0281 1324 perc2hib - ok
19:28:03.0328 1324 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
19:28:03.0328 1324 PfModNT - ok
19:28:03.0343 1324 PhTVTune (b76a595d928b519a739a80d2695b29b3) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
19:28:03.0375 1324 PhTVTune - ok
19:28:03.0421 1324 PlugPlay (8870b0c4a094c1ce80cea6f85fa38ff2) C:\WINDOWS\system32\services.exe
19:28:03.0421 1324 PlugPlay - ok
19:28:03.0468 1324 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
19:28:03.0468 1324 Pml Driver HPZ12 - ok
19:28:03.0515 1324 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\WINDOWS\system32\PnkBstrA.exe
19:28:03.0515 1324 PnkBstrA - ok
19:28:03.0562 1324 PnkBstrB (7c01817adf3207fb65a4b56e6d5ad833) C:\WINDOWS\system32\PnkBstrB.exe
19:28:03.0906 1324 PnkBstrB - ok
19:28:03.0937 1324 PolicyAgent (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
19:28:03.0937 1324 PolicyAgent - ok
19:28:04.0000 1324 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:28:04.0015 1324 PptpMiniport - ok
19:28:04.0031 1324 Processor (992e4b2a91e6a2f3d21de89b9273353a) C:\WINDOWS\system32\DRIVERS\processr.sys
19:28:04.0046 1324 Processor - ok
19:28:04.0093 1324 prodrv06 (18d9789a4664bf417eea944d2776091a) C:\WINDOWS\System32\drivers\prodrv06.sys
19:28:04.0093 1324 prodrv06 - ok
19:28:04.0140 1324 prohlp02 (8cc9671a7ed2902e747ee0892e1c8575) C:\WINDOWS\system32\drivers\prohlp02.sys
19:28:04.0140 1324 prohlp02 - ok
19:28:04.0171 1324 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
19:28:04.0171 1324 prosync1 - ok
19:28:04.0218 1324 ProtectedStorage (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
19:28:04.0218 1324 ProtectedStorage - ok
19:28:04.0265 1324 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
19:28:04.0265 1324 Ps2 - ok
19:28:04.0312 1324 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:28:04.0343 1324 PSched - ok
19:28:04.0375 1324 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:28:04.0390 1324 Ptilink - ok
19:28:04.0437 1324 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:28:04.0453 1324 PxHelp20 - ok
19:28:04.0468 1324 ql1080 - ok
19:28:04.0500 1324 Ql10wnt - ok
19:28:04.0500 1324 ql12160 - ok
19:28:04.0515 1324 ql1240 - ok
19:28:04.0531 1324 ql1280 - ok
19:28:04.0546 1324 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:28:04.0562 1324 RasAcd - ok
19:28:04.0609 1324 RasAuto (15d787dffce46cfc4c7f567095ce8323) C:\WINDOWS\System32\rasauto.dll
19:28:04.0625 1324 RasAuto - ok
19:28:04.0671 1324 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:28:04.0687 1324 Rasl2tp - ok
19:28:04.0734 1324 RasMan (1e86de6b0df33953cf9ce449dd6e8442) C:\WINDOWS\System32\rasmans.dll
19:28:04.0750 1324 RasMan - ok
19:28:04.0765 1324 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:28:04.0781 1324 RasPppoe - ok
19:28:04.0812 1324 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:28:04.0828 1324 Raspti - ok
19:28:04.0843 1324 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:28:04.0906 1324 Rdbss - ok
19:28:04.0937 1324 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:28:04.0953 1324 RDPCDD - ok
19:28:05.0015 1324 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:28:05.0031 1324 RDPWD - ok
19:28:05.0078 1324 RDSessMgr (fe7c16fa5cbc560579c9728534fbaf6f) C:\WINDOWS\system32\sessmgr.exe
19:28:05.0078 1324 RDSessMgr - ok
19:28:05.0125 1324 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:28:05.0140 1324 redbook - ok
19:28:05.0187 1324 RemoteAccess (fcd42d82c6f5e0e1506eca01d692dde7) C:\WINDOWS\System32\mprdim.dll
19:28:05.0187 1324 RemoteAccess - ok
19:28:05.0234 1324 RpcLocator (2cfb81b412a5d3cbd55cefaccb5e2cee) C:\WINDOWS\system32\locator.exe
19:28:05.0234 1324 RpcLocator - ok
19:28:05.0281 1324 RpcSs (87dadc3f6e6cd5aaeb913e19cbff922c) C:\WINDOWS\System32\rpcss.dll
19:28:05.0296 1324 RpcSs - ok
19:28:05.0328 1324 RSVP (72407e48f912ed57213ae474b8a6798b) C:\WINDOWS\system32\rsvp.exe
19:28:05.0328 1324 RSVP - ok
19:28:05.0390 1324 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:28:05.0406 1324 rtl8139 - ok
19:28:05.0453 1324 SamSs (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
19:28:05.0453 1324 SamSs - ok
19:28:05.0484 1324 SCardSvr (d339f34d824a7d42ff4d61f1d9d06029) C:\WINDOWS\System32\SCardSvr.exe
19:28:05.0500 1324 SCardSvr - ok
19:28:05.0546 1324 Schedule (c7dc69a9d8c9ab2fbca3238c989d598f) C:\WINDOWS\system32\schedsvc.dll
19:28:05.0546 1324 Schedule - ok
19:28:05.0609 1324 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:28:05.0640 1324 Secdrv - ok
19:28:05.0656 1324 seclogon (ed70eb06f13062366b126b1c7475c127) C:\WINDOWS\System32\seclogon.dll
19:28:05.0656 1324 seclogon - ok
19:28:05.0671 1324 SENS (ea7b436a948c875dc94c6062fcbbc2d9) C:\WINDOWS\system32\sens.dll
19:28:05.0671 1324 SENS - ok
19:28:05.0687 1324 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\drivers\Serial.sys
19:28:05.0734 1324 Serial - ok
19:28:05.0781 1324 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
19:28:05.0796 1324 sfhlp01 - ok
19:28:05.0812 1324 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:28:05.0828 1324 Sfloppy - ok
19:28:05.0875 1324 SharedAccess (30e1a46734bdf836c8770949c86b42a4) C:\WINDOWS\System32\ipnathlp.dll
19:28:05.0875 1324 SharedAccess - ok
19:28:05.0921 1324 ShellHWDetection (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll
19:28:05.0937 1324 ShellHWDetection - ok
19:28:05.0937 1324 Simbad - ok
19:28:05.0968 1324 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:28:05.0984 1324 SLIP - ok
19:28:06.0000 1324 Sparrow - ok
19:28:06.0031 1324 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:28:06.0046 1324 splitter - ok
19:28:06.0093 1324 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:28:06.0093 1324 Spooler - ok
19:28:06.0156 1324 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
19:28:06.0156 1324 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
19:28:06.0156 1324 sptd ( LockedFile.Multi.Generic ) - warning
19:28:06.0156 1324 sptd - detected LockedFile.Multi.Generic (1)
19:28:06.0171 1324 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys
19:28:06.0187 1324 sr - ok
19:28:06.0234 1324 srservice (25edb60132f9d82cb1b7961c1d0d13f2) C:\WINDOWS\system32\srsvc.dll
19:28:06.0234 1324 srservice - ok
19:28:06.0296 1324 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:28:06.0312 1324 Srv - ok
19:28:06.0328 1324 SSDPSRV (53ffc29dc150e0107f28f0a622ff8d1a) C:\WINDOWS\System32\ssdpsrv.dll
19:28:06.0343 1324 SSDPSRV - ok
19:28:06.0359 1324 stisvc (5835d4ad35905215e1059a973b022ea1) C:\WINDOWS\system32\wiaservc.dll
19:28:06.0375 1324 stisvc - ok
19:28:06.0437 1324 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:28:06.0468 1324 streamip - ok
19:28:06.0484 1324 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:28:06.0500 1324 swenum - ok
19:28:06.0515 1324 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:28:06.0562 1324 swmidi - ok
19:28:06.0562 1324 SwPrv - ok
19:28:06.0578 1324 symc810 - ok
19:28:06.0593 1324 symc8xx - ok
19:28:06.0609 1324 sym_hi - ok
19:28:06.0625 1324 sym_u3 - ok
19:28:06.0640 1324 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:28:06.0656 1324 sysaudio - ok
19:28:06.0687 1324 SysmonLog (71a08eec00a703445a2cbc0e91ef0952) C:\WINDOWS\system32\smlogsvc.exe
19:28:06.0703 1324 SysmonLog - ok
19:28:06.0765 1324 TapiSrv (18261106524f7a93ceceacdc03a5b989) C:\WINDOWS\System32\tapisrv.dll
19:28:06.0765 1324 TapiSrv - ok
19:28:06.0843 1324 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:28:06.0875 1324 Tcpip - ok
19:28:06.0906 1324 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:28:06.0921 1324 TDPIPE - ok
19:28:06.0968 1324 Tdsshbecr (4a766448821359df6a0427a91782385a) C:\WINDOWS\system32\DRIVERS\shbecr.sys
19:28:06.0984 1324 Tdsshbecr - ok
19:28:07.0015 1324 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:28:07.0031 1324 TDTCP - ok
19:28:07.0046 1324 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:28:07.0093 1324 TermDD - ok
19:28:07.0140 1324 TermService (f89c53d455420df4d66e45842fb3a46e) C:\WINDOWS\System32\termsrv.dll
19:28:07.0140 1324 TermService - ok
19:28:07.0203 1324 Themes (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll
19:28:07.0203 1324 Themes - ok
19:28:07.0218 1324 TosIde - ok
19:28:07.0250 1324 TrkWks (548867e040cb81a82b5df09d074f95f8) C:\WINDOWS\system32\trkwks.dll
19:28:07.0265 1324 TrkWks - ok
19:28:07.0312 1324 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:28:07.0328 1324 Udfs - ok
19:28:07.0328 1324 ultra - ok
19:28:07.0390 1324 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:28:07.0421 1324 Update - ok
19:28:07.0453 1324 upnphost (b1222a2302480d56a32c5343150bb16d) C:\WINDOWS\System32\upnphost.dll
19:28:07.0453 1324 upnphost - ok
19:28:07.0468 1324 UPS (7b07af3d4545ad6fee34b5f2eb247c8f) C:\WINDOWS\System32\ups.exe
19:28:07.0468 1324 UPS - ok
19:28:07.0515 1324 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:28:07.0531 1324 usbccgp - ok
19:28:07.0578 1324 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:28:07.0593 1324 usbehci - ok
19:28:07.0625 1324 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:28:07.0640 1324 usbhub - ok
19:28:07.0656 1324 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:28:07.0671 1324 usbohci - ok
19:28:07.0687 1324 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:28:07.0703 1324 USBSTOR - ok
19:28:07.0734 1324 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:28:07.0750 1324 usbuhci - ok
19:28:07.0796 1324 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:28:07.0812 1324 VgaSave - ok
19:28:07.0843 1324 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:28:07.0859 1324 ViaIde - ok
19:28:07.0890 1324 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys
19:28:07.0921 1324 VolSnap - ok
19:28:07.0953 1324 VSS (940950dc9e34b05986bbbb1d1a33b74f) C:\WINDOWS\System32\vssvc.exe
19:28:07.0953 1324 VSS - ok
19:28:07.0984 1324 W32Time (4bf06a1dcd6a91c482e79340fee527ca) C:\WINDOWS\system32\w32time.dll
19:28:07.0984 1324 W32Time - ok
19:28:08.0062 1324 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:28:08.0078 1324 Wanarp - ok
19:28:08.0140 1324 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:28:08.0171 1324 Wdf01000 - ok
19:28:08.0171 1324 WDICA - ok
19:28:08.0203 1324 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:28:08.0218 1324 wdmaud - ok
19:28:08.0250 1324 WebClient (e6dfcadf5089a68ecd288e9a803a892c) C:\WINDOWS\System32\webclnt.dll
19:28:08.0265 1324 WebClient - ok
19:28:08.0343 1324 winmgmt (cf4e2a27495f7ea6b3128d9a731b3716) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:28:08.0359 1324 winmgmt - ok
19:28:08.0406 1324 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe
19:28:08.0406 1324 WMDM PMSP Service - ok
19:28:08.0437 1324 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:28:08.0453 1324 WmdmPmSN - ok
19:28:08.0468 1324 WmiApSrv (9bfadc02a9e27bfdff59e61302f92517) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:28:08.0468 1324 WmiApSrv - ok
19:28:08.0593 1324 WMPNetworkSvc (de188dd69ca74b1512adc5a7639523b2) C:\Program\Windows Media Player\WMPNetwk.exe
19:28:08.0609 1324 WMPNetworkSvc - ok
19:28:08.0781 1324 WN5401 (f87497cf86995df3b075234235682647) C:\WINDOWS\system32\DRIVERS\wn5401.sys
19:28:08.0812 1324 WN5401 - ok
19:28:08.0859 1324 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
19:28:08.0859 1324 WpdUsb - ok
19:28:08.0890 1324 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:28:08.0906 1324 WS2IFSL - ok
19:28:08.0953 1324 wscsvc (4ac32513fa47c8219448269bf895fc34) C:\WINDOWS\system32\wscsvc.dll
19:28:08.0953 1324 wscsvc - ok
19:28:09.0015 1324 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:28:09.0031 1324 WSTCODEC - ok
19:28:09.0078 1324 wuauserv (4ceaf29d35c2608c6463e80574ddca10) C:\WINDOWS\system32\wuauserv.dll
19:28:09.0093 1324 wuauserv - ok
19:28:09.0140 1324 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:28:09.0156 1324 WudfPf - ok
19:28:09.0171 1324 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:28:09.0171 1324 WudfRd - ok
19:28:09.0203 1324 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:28:09.0203 1324 WudfSvc - ok
19:28:09.0281 1324 WZCSVC (5ec7d7f83640a921b5c616d9650520fd) C:\WINDOWS\System32\wzcsvc.dll
19:28:09.0468 1324 WZCSVC - ok
19:28:09.0593 1324 xmlprov (5b3d475aa8629320686fbffbe67ab492) C:\WINDOWS\System32\xmlprov.dll
19:28:09.0609 1324 xmlprov - ok
19:28:09.0703 1324 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
19:28:09.0703 1324 xusb21 - ok
19:28:09.0734 1324 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
19:28:09.0796 1324 \Device\Harddisk0\DR0 - ok
19:28:09.0812 1324 MBR (0x1B8) (87d88fa4d3efd4431866ea91949644bf) \Device\Harddisk1\DR1
19:28:09.0812 1324 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected
19:28:09.0812 1324 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0)
19:28:09.0828 1324 MBR (0x1B8) (87d88fa4d3efd4431866ea91949644bf) \Device\Harddisk6\DR9
19:28:09.0828 1324 \Device\Harddisk6\DR9 ( Rootkit.Boot.Wistler.a ) - infected
19:28:09.0828 1324 \Device\Harddisk6\DR9 - detected Rootkit.Boot.Wistler.a (0)
19:28:09.0828 1324 Boot (0x1200) (9726cb79168859ad4240211defe624c1) \Device\Harddisk0\DR0\Partition0
19:28:09.0828 1324 \Device\Harddisk0\DR0\Partition0 - ok
19:28:09.0828 1324 Boot (0x1200) (866030127b689fbdafb443384b06cf16) \Device\Harddisk0\DR0\Partition1
19:28:09.0843 1324 \Device\Harddisk0\DR0\Partition1 - ok
19:28:09.0843 1324 Boot (0x1200) (3d49f42c02a332ed040a84c6dc71e389) \Device\Harddisk1\DR1\Partition0
19:28:09.0843 1324 \Device\Harddisk1\DR1\Partition0 - ok
19:28:09.0859 1324 Boot (0x1200) (8991bdfe2cb4036d2a6399287d2cd749) \Device\Harddisk6\DR9\Partition0
19:28:09.0859 1324 \Device\Harddisk6\DR9\Partition0 - ok
19:28:09.0859 1324 ============================================================
19:28:09.0859 1324 Scan finished
19:28:09.0859 1324 ============================================================
19:28:09.0859 3612 Detected object count: 3
19:28:09.0859 3612 Actual detected object count: 3
19:28:22.0484 3612 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:28:22.0484 3612 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:28:22.0484 3612 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - skipped by user
19:28:22.0484 3612 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
19:28:22.0484 3612 \Device\Harddisk6\DR9 ( Rootkit.Boot.Wistler.a ) - skipped by user
19:28:22.0484 3612 \Device\Harddisk6\DR9 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
19:28:35.0234 3476 Deinitialize success
Vallentino is offline  
Old 03-28-2012, 02:45 PM   #11
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hi Vallentino,

My pleasure.

Please download aswMBR.exe and save it to your desktop. 

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review.
  • Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat.
  • Right click that file and select Send To>Compressed (zipped) file.
  • Attach that zipped file in your next reply as well.
__________________
NoodleTech is offline  
Old 03-28-2012, 08:45 PM   #12
Registered Member
 
Join Date: Mar 2012
Posts: 16
OS: xp



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-29 05:30:25
-----------------------------
05:30:25.515 OS Version: Windows 5.1.2600 Service Pack 3
05:30:25.515 Number of processors: 2 586 0x403
05:30:25.515 ComputerName: DITT-DA7685D135 UserName: HP_Ägaren
05:30:27.437 Initialize success
05:32:02.078 AVAST engine defs: 12032802
05:32:05.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-18
05:32:05.390 Disk 0 Vendor: ST3160023AS 3.43 Size: 152627MB BusType: 3
05:32:05.390 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-20
05:32:05.390 Disk 1 Vendor: ST3160023AS 3.43 Size: 152627MB BusType: 3
05:32:05.406 Disk 0 MBR read successfully
05:32:05.406 Disk 0 MBR scan
05:32:05.437 Disk 0 unknown MBR code
05:32:05.437 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 6208 MB offset 63
05:32:05.453 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 146408 MB offset 12715920
05:32:05.468 Disk 0 scanning sectors +312560640
05:32:05.531 Disk 0 scanning C:\WINDOWS\system32\drivers
05:32:30.406 Service scanning
05:32:59.093 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
05:33:04.296 Modules scanning
05:33:11.531 Disk 0 trace - called modules:
05:33:11.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys sptd.sys >>UNKNOWN [0x8a0418a8]<<
05:33:11.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89fb9ab8]
05:33:11.546 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000006f[0x89ffd280]
05:33:11.562 5 ACPI.sys[b7e7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-18[0x89fbbd98]
05:33:11.562 \Driver\atapi[0x8a084b60] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xb85ae6c1]
05:33:12.296 AVAST engine scan C:\WINDOWS
05:33:38.187 AVAST engine scan C:\WINDOWS\system32
05:36:44.703 AVAST engine scan C:\WINDOWS\system32\drivers
05:37:06.937 AVAST engine scan C:\Documents and Settings\HP_Ägaren.DITT-DA7685D135
05:40:17.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Ägaren.DITT-DA7685D135\Skrivbord\MBR.dat"
05:40:17.515 The log file has been saved successfully to "C:\Documents and Settings\HP_Ägaren.DITT-DA7685D135\Skrivbord\aswMBR.txt"
Attached Files
File Type: zip MBR.zip (562 Bytes, 59 views)
Vallentino is offline  
Old 03-29-2012, 10:20 AM   #13
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hi Vallentino,

Run aswMBR.exe again and click the Scan button.

Upon completion of the scan, click FIXMBR .



Click YES when prompted to overwrite the MBR





Reboot the machine. When it has rebooted, run a new scan, Save the log, and post the contents of the aswMBR.txt in your next reply.
__________________
NoodleTech is offline  
Old 03-29-2012, 01:19 PM   #14
Registered Member
 
Join Date: Mar 2012
Posts: 16
OS: xp



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-29 22:12:06
-----------------------------
22:12:06.734 OS Version: Windows 5.1.2600 Service Pack 3
22:12:06.734 Number of processors: 2 586 0x403
22:12:06.734 ComputerName: DITT-DA7685D135 UserName: HP_Ägaren
22:12:07.140 Initialize success
22:12:12.750 AVAST engine defs: 12032802
22:12:13.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-18
22:12:13.953 Disk 0 Vendor: ST3160023AS 3.43 Size: 152627MB BusType: 3
22:12:13.953 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-20
22:12:13.953 Disk 1 Vendor: ST3160023AS 3.43 Size: 152627MB BusType: 3
22:12:13.968 Disk 0 MBR read successfully
22:12:13.968 Disk 0 MBR scan
22:12:13.968 Disk 0 Windows XP default MBR code
22:12:13.968 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 6208 MB offset 63
22:12:13.984 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 146408 MB offset 12715920
22:12:14.000 Disk 0 scanning sectors +312560640
22:12:14.062 Disk 0 scanning C:\WINDOWS\system32\drivers
22:12:30.312 Service scanning
22:12:45.187 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
22:12:48.781 Modules scanning
22:13:00.390 Disk 0 trace - called modules:
22:13:00.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys sptd.sys >>UNKNOWN [0x8a0418a8]<<
22:13:00.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89fb9ab8]
22:13:00.421 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8a08a310]
22:13:00.421 5 ACPI.sys[b7e7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-18[0x89fbbd98]
22:13:00.421 \Driver\atapi[0x8a084b60] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xb85ae6c1]
22:13:00.843 AVAST engine scan C:\WINDOWS
22:13:26.437 AVAST engine scan C:\WINDOWS\system32
22:17:23.140 AVAST engine scan C:\WINDOWS\system32\drivers
22:17:52.718 AVAST engine scan C:\Documents and Settings\HP_Ägaren.DITT-DA7685D135
22:19:11.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Ägaren.DITT-DA7685D135\Skrivbord\MBR.dat"
22:19:11.593 The log file has been saved successfully to "C:\Documents and Settings\HP_Ägaren.DITT-DA7685D135\Skrivbord\aswMBR.txt"
Vallentino is offline  
Old 03-29-2012, 02:13 PM   #15
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hi Vallentino,

Do you have multiple hard drives in your computer? Are they internal drives? External drives? Do you have multiple operating systems installed by chance?
__________________
NoodleTech is offline  
Old 03-30-2012, 02:30 AM   #16
Registered Member
 
Join Date: Mar 2012
Posts: 16
OS: xp



I have one external harddrive just using for storage, but its external and is very easy to take out if you understand what i say. It is "HP personal media drive" if its any help. But just one operatingsystem and its XP. And there is something called "HP Recovery"
Vallentino is offline  
Old 03-30-2012, 02:48 AM   #17
Registered Member
 
Join Date: Mar 2012
Posts: 16
OS: xp



Did a scan with my Eset AV, and you are right. There are something in the "e" "hp recovery" and "L" "HP personel media drive" It seems to be in the bootsector aswell. Hmm, i never thought of them because they are just there and i almost never use them. Sorry!
Vallentino is offline  
Old 03-31-2012, 12:52 AM   #18
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hi Vallentino,

No worries! Let's see if we can take care of the infection.
  • Double click TDSSKiller.exe
  • Press Start Scan.
    • If Malicious objects are found, ensure Cure is selected.
    • Then click Continue > Reboot now.
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
__________________
NoodleTech is offline  
Old 03-31-2012, 03:52 AM   #19
Registered Member
 
Join Date: Mar 2012
Posts: 16
OS: xp



11:21:50.0812 6992 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
11:21:50.0953 6992 ============================================================
11:21:50.0953 6992 Current date / time: 2012/03/31 11:21:50.0953
11:21:50.0953 6992 SystemInfo:
11:21:50.0953 6992
11:21:50.0953 6992 OS Version: 5.1.2600 ServicePack: 3.0
11:21:50.0953 6992 Product type: Workstation
11:21:50.0953 6992 ComputerName: DITT-DA7685D135
11:21:50.0953 6992 UserName: HP_Ägaren
11:21:50.0953 6992 Windows directory: C:\WINDOWS
11:21:50.0953 6992 System windows directory: C:\WINDOWS
11:21:50.0953 6992 Processor architecture: Intel x86
11:21:50.0953 6992 Number of processors: 2
11:21:50.0953 6992 Page size: 0x1000
11:21:50.0953 6992 Boot type: Normal boot
11:21:50.0953 6992 ============================================================
11:21:54.0593 6992 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:21:54.0609 6992 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:21:54.0734 6992 Drive \Device\Harddisk6\DR9 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8DF2D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x1, Type 'W'
11:22:02.0546 6992 \Device\Harddisk0\DR0:
11:22:02.0562 6992 MBR used
11:22:02.0562 6992 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xC20751
11:22:02.0562 6992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC20790, BlocksNum 0x11DF4470
11:22:02.0562 6992 \Device\Harddisk1\DR1:
11:22:02.0593 6992 MBR used
11:22:02.0593 6992 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
11:22:02.0593 6992 \Device\Harddisk6\DR9:
11:22:02.0593 6992 MBR used
11:22:02.0609 6992 \Device\Harddisk6\DR9\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x22EE6E41
11:22:03.0046 6992 Initialize success
11:22:03.0046 6992 ============================================================
11:22:05.0281 7124 ============================================================
11:22:05.0281 7124 Scan started
11:22:05.0281 7124 Mode: Manual;
11:22:05.0281 7124 ============================================================
11:22:07.0140 7124 Scan interrupted by user!
11:22:07.0140 7124 Scan interrupted by user!
11:22:07.0140 7124 Scan interrupted by user!
11:22:07.0140 7124 ============================================================
11:22:07.0140 7124 Scan finished
11:22:07.0140 7124 ============================================================
11:22:07.0156 7116 Detected object count: 0
11:22:07.0156 7116 Actual detected object count: 0
11:22:21.0687 7148 ============================================================
11:22:21.0687 7148 Scan started
11:22:21.0687 7148 Mode: Manual;
11:22:21.0687 7148 ============================================================
11:22:21.0937 7148 Abiosdsk - ok
11:22:21.0968 7148 abp480n5 - ok
11:22:22.0015 7148 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:22:22.0015 7148 ACPI - ok
11:22:22.0062 7148 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:22:22.0078 7148 ACPIEC - ok
11:22:22.0078 7148 adpu160m - ok
11:22:22.0109 7148 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:22:22.0140 7148 aec - ok
11:22:22.0171 7148 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:22:22.0171 7148 AFD - ok
11:22:22.0218 7148 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:22:22.0265 7148 AgereSoftModem - ok
11:22:22.0281 7148 Aha154x - ok
11:22:22.0312 7148 aic78u2 - ok
11:22:22.0328 7148 aic78xx - ok
11:22:22.0359 7148 Alerter (7e3c83703327499d0b98ae392ff07ede) C:\WINDOWS\system32\alrsvc.dll
11:22:22.0375 7148 Alerter - ok
11:22:22.0406 7148 ALG (5df46f9ad9c1d611a38af2abb9365b5b) C:\WINDOWS\System32\alg.exe
11:22:22.0406 7148 ALG - ok
11:22:22.0421 7148 AliIde - ok
11:22:22.0437 7148 amsint - ok
11:22:22.0562 7148 appdrv01 (98f481241ba8bba38aa565bd3bf678f9) C:\WINDOWS\system32\Drivers\appdrv01.sys
11:22:22.0656 7148 appdrv01 - ok
11:22:22.0703 7148 appdrvrem01 - ok
11:22:22.0718 7148 AppMgmt - ok
11:22:22.0765 7148 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:22:22.0781 7148 Arp1394 - ok
11:22:22.0796 7148 asc - ok
11:22:22.0796 7148 asc3350p - ok
11:22:22.0812 7148 asc3550 - ok
11:22:22.0921 7148 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:22:22.0953 7148 aspnet_state - ok
11:22:23.0000 7148 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:22:23.0015 7148 AsyncMac - ok
11:22:23.0062 7148 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:22:23.0062 7148 atapi - ok
11:22:23.0078 7148 Atdisk - ok
11:22:23.0093 7148 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:22:23.0109 7148 Atmarpc - ok
11:22:23.0156 7148 AudioSrv (73f7604cfb13a066a93442f431c62c4a) C:\WINDOWS\System32\audiosrv.dll
11:22:23.0156 7148 AudioSrv - ok
11:22:23.0218 7148 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:22:23.0234 7148 audstub - ok
11:22:23.0265 7148 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:22:23.0281 7148 Beep - ok
11:22:23.0343 7148 BITS (9741942a86e579231d3c41aa51de042f) C:\WINDOWS\system32\qmgr.dll
11:22:23.0437 7148 BITS - ok
11:22:23.0484 7148 Browser (e0d4a1cc49efb58a32b5e9d35798c9dd) C:\WINDOWS\System32\browser.dll
11:22:23.0500 7148 Browser - ok
11:22:23.0562 7148 Cap7134 (2f6c4370cddeb9108c91e34210035fe8) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
11:22:23.0578 7148 Cap7134 - ok
11:22:23.0703 7148 catchme - ok
11:22:23.0828 7148 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:22:23.0843 7148 cbidf2k - ok
11:22:23.0875 7148 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:22:23.0906 7148 CCDECODE - ok
11:22:23.0921 7148 cd20xrnt - ok
11:22:23.0953 7148 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:22:23.0968 7148 Cdaudio - ok
11:22:24.0000 7148 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:22:24.0000 7148 Cdfs - ok
11:22:24.0015 7148 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:22:24.0046 7148 Cdrom - ok
11:22:24.0062 7148 Changer - ok
11:22:24.0093 7148 CiSvc (359c676391504438f334478585fd6465) C:\WINDOWS\system32\cisvc.exe
11:22:24.0093 7148 CiSvc - ok
11:22:24.0140 7148 ClipSrv (b8345830c5d789d3da21b91c0c94d086) C:\WINDOWS\system32\clipsrv.exe
11:22:24.0140 7148 ClipSrv - ok
11:22:24.0234 7148 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:22:24.0296 7148 clr_optimization_v2.0.50727_32 - ok
11:22:24.0375 7148 CmdIde - ok
11:22:24.0390 7148 COMSysApp - ok
11:22:24.0421 7148 Cpqarray - ok
11:22:24.0468 7148 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTSvcCDA.EXE
11:22:24.0468 7148 Creative Service for CDROM Access - ok
11:22:24.0515 7148 CryptSvc (04fd6585508a7320b2c7453ced231d6b) C:\WINDOWS\System32\cryptsvc.dll
11:22:24.0515 7148 CryptSvc - ok
11:22:24.0578 7148 ctac32k (a5e67327b49e1f4341d470d8bbcbc401) C:\WINDOWS\system32\drivers\ctac32k.sys
11:22:24.0593 7148 ctac32k - ok
11:22:24.0609 7148 ctaud2k (dd2367251d8aa9315d71023e541048c9) C:\WINDOWS\system32\drivers\ctaud2k.sys
11:22:24.0625 7148 ctaud2k - ok
11:22:24.0656 7148 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
11:22:24.0687 7148 ctdvda2k - ok
11:22:24.0703 7148 ctprxy2k (c7fc5d87b06207a5d34697b627826618) C:\WINDOWS\system32\drivers\ctprxy2k.sys
11:22:24.0718 7148 ctprxy2k - ok
11:22:24.0734 7148 ctsfm2k (2c0af71cf0e1224a2dfc2b67e63b02b1) C:\WINDOWS\system32\drivers\ctsfm2k.sys
11:22:24.0765 7148 ctsfm2k - ok
11:22:24.0781 7148 dac2w2k - ok
11:22:24.0796 7148 dac960nt - ok
11:22:24.0843 7148 DcomLaunch (87dadc3f6e6cd5aaeb913e19cbff922c) C:\WINDOWS\system32\rpcss.dll
11:22:24.0859 7148 DcomLaunch - ok
11:22:24.0906 7148 Dhcp (0ce3fa1c1a6803b34022d6c47273930d) C:\WINDOWS\System32\dhcpcsvc.dll
11:22:24.0906 7148 Dhcp - ok
11:22:24.0968 7148 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:22:24.0968 7148 Disk - ok
11:22:24.0984 7148 dmadmin - ok
11:22:25.0062 7148 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys
11:22:25.0109 7148 dmboot - ok
11:22:25.0343 7148 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys
11:22:25.0390 7148 dmio - ok
11:22:25.0437 7148 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:22:25.0453 7148 dmload - ok
11:22:25.0500 7148 dmserver (77db107fd2d8de42b3adc7fce084f653) C:\WINDOWS\System32\dmserver.dll
11:22:25.0500 7148 dmserver - ok
11:22:25.0515 7148 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:22:25.0515 7148 DMusic - ok
11:22:25.0562 7148 Dnscache (efac4d4c80ccd725cc5bd7d3dbf18c74) C:\WINDOWS\System32\dnsrslvr.dll
11:22:25.0562 7148 Dnscache - ok
11:22:25.0609 7148 Dot3svc (c3c6cf67796acdd8329cb0e44367a1eb) C:\WINDOWS\System32\dot3svc.dll
11:22:25.0609 7148 Dot3svc - ok
11:22:25.0656 7148 dpti2o - ok
11:22:25.0703 7148 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:22:25.0718 7148 drmkaud - ok
11:22:25.0765 7148 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:22:25.0796 7148 E100B - ok
11:22:25.0843 7148 eamon (54e6b2194da2b8a286077a8abf42d3b7) C:\WINDOWS\system32\DRIVERS\eamon.sys
11:22:25.0843 7148 eamon - ok
11:22:25.0890 7148 EapHost (d9cabe63af4bc951302d9e508cb5599a) C:\WINDOWS\System32\eapsvc.dll
11:22:25.0890 7148 EapHost - ok
11:22:25.0906 7148 ehdrv (299a7ce452023a99a65d0d28f3b2bbf6) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
11:22:25.0937 7148 ehdrv - ok
11:22:26.0015 7148 EhttpSrv (2300f43197c5ae35b700c04d5e1b6ba6) C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
11:22:26.0031 7148 EhttpSrv - ok
11:22:26.0062 7148 ekrn (4032f381c6a7d396d62a4f5219585a46) C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
11:22:26.0093 7148 ekrn - ok
11:22:26.0250 7148 emupia (091d37e0f5193f708c9006b1f2e23ee4) C:\WINDOWS\system32\drivers\emupia2k.sys
11:22:26.0265 7148 emupia - ok
11:22:26.0296 7148 epfwtdir (aca520730cacc3afd206b92a6518c41a) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
11:22:26.0328 7148 epfwtdir - ok
11:22:26.0359 7148 ERSvc (bc5287dc6dc7ebb13aa825caa6482f94) C:\WINDOWS\System32\ersvc.dll
11:22:26.0359 7148 ERSvc - ok
11:22:26.0406 7148 Eventlog (8870b0c4a094c1ce80cea6f85fa38ff2) C:\WINDOWS\system32\services.exe
11:22:26.0406 7148 Eventlog - ok
11:22:26.0468 7148 EventSystem (01cec6de315f1a06ce5aa70009c6979e) C:\WINDOWS\system32\es.dll
11:22:26.0468 7148 EventSystem - ok
11:22:26.0546 7148 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:22:26.0562 7148 Fastfat - ok
11:22:26.0609 7148 FastUserSwitchingCompatibility (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll
11:22:26.0625 7148 FastUserSwitchingCompatibility - ok
11:22:26.0671 7148 Fax (fabd828c834c76e71c02a315dda5ab87) C:\WINDOWS\system32\fxssvc.exe
11:22:26.0687 7148 Fax - ok
11:22:26.0703 7148 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:22:26.0734 7148 Fdc - ok
11:22:26.0750 7148 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys
11:22:26.0765 7148 Fips - ok
11:22:26.0781 7148 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:22:26.0796 7148 Flpydisk - ok
11:22:26.0859 7148 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:22:26.0875 7148 FltMgr - ok
11:22:26.0968 7148 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:22:26.0968 7148 FontCache3.0.0.0 - ok
11:22:27.0062 7148 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:22:27.0078 7148 Fs_Rec - ok
11:22:27.0125 7148 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:22:27.0125 7148 Ftdisk - ok
11:22:27.0171 7148 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:22:27.0203 7148 Gpc - ok
11:22:27.0265 7148 ha10kx2k (1ad88bcf3d043baa58c15eb262625f9b) C:\WINDOWS\system32\drivers\ha10kx2k.sys
11:22:27.0296 7148 ha10kx2k - ok
11:22:27.0328 7148 hap16v2k (8ff42f63c722a1dd4c91ff6a497fd6b2) C:\WINDOWS\system32\drivers\hap16v2k.sys
11:22:27.0359 7148 hap16v2k - ok
11:22:27.0437 7148 helpsvc (202c95f334c53a5a8bd0d8465512b3f4) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:22:27.0437 7148 helpsvc - ok
11:22:27.0484 7148 HidServ (71aace06b5f93cf02d05e4e2ec479aac) C:\WINDOWS\System32\hidserv.dll
11:22:27.0484 7148 HidServ - ok
11:22:27.0546 7148 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:22:27.0578 7148 HidUsb - ok
11:22:27.0625 7148 hkmsvc (98580e101404565700fd12e03f7ee056) C:\WINDOWS\System32\kmsvc.dll
11:22:27.0625 7148 hkmsvc - ok
11:22:27.0640 7148 hpn - ok
11:22:27.0687 7148 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:22:27.0687 7148 HTTP - ok
11:22:27.0734 7148 HTTPFilter (f504d07cb25d62ab8d079c1f868651ae) C:\WINDOWS\System32\w3ssl.dll
11:22:27.0734 7148 HTTPFilter - ok
11:22:27.0750 7148 i2omgmt - ok
11:22:27.0765 7148 i2omp - ok
11:22:27.0812 7148 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:22:27.0843 7148 i8042prt - ok
11:22:27.0953 7148 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:22:27.0984 7148 idsvc - ok
11:22:28.0062 7148 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:22:28.0093 7148 Imapi - ok
11:22:28.0125 7148 ImapiService (891b69c3de6c55a7868b3bb52bc131aa) C:\WINDOWS\system32\imapi.exe
11:22:28.0125 7148 ImapiService - ok
11:22:28.0140 7148 ini910u - ok
11:22:28.0171 7148 IntelIde (3012ee13f357a99361ad8b0d93e13c45) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:22:28.0187 7148 IntelIde - ok
11:22:28.0218 7148 intelppm (02431778e84a525d29929d14bab71d53) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:22:28.0234 7148 intelppm - ok
11:22:28.0296 7148 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:22:28.0328 7148 Ip6Fw - ok
11:22:28.0375 7148 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:22:28.0406 7148 IpFilterDriver - ok
11:22:28.0437 7148 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:22:28.0468 7148 IpInIp - ok
11:22:28.0484 7148 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:22:28.0500 7148 IpNat - ok
11:22:28.0531 7148 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:22:28.0546 7148 IPSec - ok
11:22:28.0562 7148 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:22:28.0593 7148 IRENUM - ok
11:22:28.0625 7148 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:22:28.0625 7148 isapnp - ok
11:22:28.0750 7148 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program\Java\jre6\bin\jqs.exe
11:22:28.0765 7148 JavaQuickStarterService - ok
11:22:28.0906 7148 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:22:28.0937 7148 Kbdclass - ok
11:22:28.0953 7148 kbdhid (e1e28876fe7602b0a1d040354de35c06) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:22:28.0968 7148 kbdhid - ok
11:22:28.0984 7148 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:22:28.0984 7148 kmixer - ok
11:22:29.0031 7148 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:22:29.0031 7148 KSecDD - ok
11:22:29.0078 7148 lanmanserver (2c633a578d5adaaa821c675d65f959c5) C:\WINDOWS\System32\srvsvc.dll
11:22:29.0078 7148 lanmanserver - ok
11:22:29.0125 7148 lanmanworkstation (eaa41d225b9da1314e0977c774864430) C:\WINDOWS\System32\wkssvc.dll
11:22:29.0125 7148 lanmanworkstation - ok
11:22:29.0171 7148 lbrtfdc - ok
11:22:29.0218 7148 LicCtrlService (29fab5363138f6e322f4cd780ed9d337) C:\WINDOWS\runservice.exe
11:22:31.0234 7148 LicCtrlService - ok
11:22:31.0390 7148 LightScribeService (9bd7add61b031307dd075e5e6a917c4d) c:\Program\Delade filer\LightScribe\LSSrvc.exe
11:22:31.0390 7148 LightScribeService - ok
11:22:31.0500 7148 LmHosts (ee155cf65cdc8be1b4effa24a69fc924) C:\WINDOWS\System32\lmhsvc.dll
11:22:31.0515 7148 LmHosts - ok
11:22:31.0593 7148 ltmodem5 (382beceede63a1b62cef72d7786f1008) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
11:22:31.0609 7148 ltmodem5 - ok
11:22:31.0640 7148 Messenger (363e8ebae26bb8b4987c91b4d3ce0f54) C:\WINDOWS\System32\msgsvc.dll
11:22:31.0656 7148 Messenger - ok
11:22:31.0687 7148 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:22:31.0703 7148 mnmdd - ok
11:22:31.0750 7148 mnmsrvc (2bc41300b822562ac0a524dcdd2da027) C:\WINDOWS\system32\mnmsrvc.exe
11:22:31.0750 7148 mnmsrvc - ok
11:22:31.0796 7148 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys
11:22:31.0812 7148 Modem - ok
11:22:31.0828 7148 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:22:31.0859 7148 Mouclass - ok
11:22:31.0890 7148 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:22:31.0921 7148 mouhid - ok
11:22:31.0953 7148 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:22:31.0953 7148 MountMgr - ok
11:22:31.0968 7148 mraid35x - ok
11:22:31.0984 7148 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:22:31.0984 7148 MRxDAV - ok
11:22:32.0015 7148 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:22:32.0015 7148 MRxSmb - ok
11:22:32.0046 7148 MSDTC (7a73fdeef6cf45d27edd73220eaf1c8f) C:\WINDOWS\system32\msdtc.exe
11:22:32.0062 7148 MSDTC - ok
11:22:32.0078 7148 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:22:32.0093 7148 Msfs - ok
11:22:32.0109 7148 MSIServer - ok
11:22:32.0125 7148 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:22:32.0140 7148 MSKSSRV - ok
11:22:32.0156 7148 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:22:32.0171 7148 MSPCLOCK - ok
11:22:32.0187 7148 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:22:32.0218 7148 MSPQM - ok
11:22:32.0234 7148 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:22:32.0250 7148 mssmbios - ok
11:22:32.0281 7148 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:22:32.0296 7148 MSTEE - ok
11:22:32.0343 7148 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:22:32.0359 7148 Mup - ok
11:22:32.0375 7148 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:22:32.0390 7148 NABTSFEC - ok
11:22:32.0437 7148 napagent (28d11a2ecdfcb280624bd7006d85c38e) C:\WINDOWS\System32\qagentrt.dll
11:22:32.0453 7148 napagent - ok
11:22:32.0531 7148 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:22:32.0531 7148 NDIS - ok
11:22:32.0546 7148 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:22:32.0578 7148 NdisIP - ok
11:22:32.0609 7148 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:22:32.0609 7148 NdisTapi - ok
11:22:32.0671 7148 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:22:32.0687 7148 Ndisuio - ok
11:22:32.0703 7148 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:22:32.0718 7148 NdisWan - ok
11:22:32.0781 7148 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:22:32.0781 7148 NDProxy - ok
11:22:32.0796 7148 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:22:32.0796 7148 NetBIOS - ok
11:22:32.0828 7148 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:22:32.0843 7148 NetBT - ok
11:22:32.0890 7148 NetDDE (5a922c8e35bf372f3dd3ec61345634b7) C:\WINDOWS\system32\netdde.exe
11:22:32.0890 7148 NetDDE - ok
11:22:32.0890 7148 NetDDEdsdm (5a922c8e35bf372f3dd3ec61345634b7) C:\WINDOWS\system32\netdde.exe
11:22:32.0906 7148 NetDDEdsdm - ok
11:22:32.0937 7148 Netlogon (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
11:22:32.0937 7148 Netlogon - ok
11:22:32.0968 7148 Netman (7f791c1c9d3fec5d3f519c9db19465d3) C:\WINDOWS\System32\netman.dll
11:22:32.0968 7148 Netman - ok
11:22:33.0062 7148 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:22:33.0062 7148 NetTcpPortSharing - ok
11:22:33.0171 7148 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:22:33.0187 7148 NIC1394 - ok
11:22:33.0234 7148 Nla (d080a76f42dfe1e7af0c069ae5bad8fc) C:\WINDOWS\System32\mswsock.dll
11:22:33.0234 7148 Nla - ok
11:22:33.0265 7148 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:22:33.0265 7148 Npfs - ok
11:22:33.0296 7148 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:22:33.0312 7148 Ntfs - ok
11:22:33.0359 7148 NtLmSsp (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
11:22:33.0359 7148 NtLmSsp - ok
11:22:33.0406 7148 NtmsSvc (5fd9f539baf23288d131f1b709a62807) C:\WINDOWS\system32\ntmssvc.dll
11:22:33.0421 7148 NtmsSvc - ok
11:22:33.0453 7148 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:22:33.0468 7148 Null - ok
11:22:33.0859 7148 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:22:34.0218 7148 nv - ok
11:22:34.0265 7148 NVSvc (32f7dec3729b3bae66eebcab7b03b18f) C:\WINDOWS\system32\nvsvc32.exe
11:22:34.0281 7148 NVSvc - ok
11:22:34.0406 7148 nvUpdatusService (2cc4e45b0eb4c48392cec9c83b5b8e3b) C:\Program\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
11:22:34.0468 7148 nvUpdatusService - ok
11:22:34.0546 7148 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:22:34.0562 7148 NwlnkFlt - ok
11:22:34.0593 7148 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:22:34.0609 7148 NwlnkFwd - ok
11:22:34.0656 7148 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:22:34.0687 7148 ohci1394 - ok
11:22:34.0718 7148 ossrv (04fd6d19435b7b192a29428a2f60ac31) C:\WINDOWS\system32\drivers\ctoss2k.sys
11:22:34.0718 7148 ossrv - ok
11:22:34.0750 7148 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\DRIVERS\parport.sys
11:22:34.0765 7148 Parport - ok
11:22:34.0781 7148 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:22:34.0781 7148 PartMgr - ok
11:22:34.0812 7148 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys
11:22:34.0828 7148 ParVdm - ok
11:22:34.0843 7148 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys
11:22:34.0859 7148 PCI - ok
11:22:34.0875 7148 PCIDump - ok
11:22:34.0890 7148 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:22:34.0890 7148 PCIIde - ok
11:22:34.0921 7148 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:22:34.0953 7148 Pcmcia - ok
11:22:34.0968 7148 PDCOMP - ok
11:22:34.0984 7148 PDFRAME - ok
11:22:35.0000 7148 PDRELI - ok
11:22:35.0015 7148 PDRFRAME - ok
11:22:35.0031 7148 perc2 - ok
11:22:35.0046 7148 perc2hib - ok
11:22:35.0093 7148 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
11:22:35.0093 7148 PfModNT - ok
11:22:35.0109 7148 PhTVTune (b76a595d928b519a739a80d2695b29b3) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
11:22:35.0140 7148 PhTVTune - ok
11:22:35.0171 7148 PlugPlay (8870b0c4a094c1ce80cea6f85fa38ff2) C:\WINDOWS\system32\services.exe
11:22:35.0171 7148 PlugPlay - ok
11:22:35.0218 7148 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
11:22:35.0218 7148 Pml Driver HPZ12 - ok
11:22:35.0265 7148 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\WINDOWS\system32\PnkBstrA.exe
11:22:35.0265 7148 PnkBstrA - ok
11:22:35.0312 7148 PnkBstrB (7c01817adf3207fb65a4b56e6d5ad833) C:\WINDOWS\system32\PnkBstrB.exe
11:22:35.0671 7148 PnkBstrB - ok
11:22:35.0703 7148 PolicyAgent (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
11:22:35.0718 7148 PolicyAgent - ok
11:22:35.0781 7148 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:22:35.0796 7148 PptpMiniport - ok
11:22:35.0812 7148 Processor (992e4b2a91e6a2f3d21de89b9273353a) C:\WINDOWS\system32\DRIVERS\processr.sys
11:22:35.0828 7148 Processor - ok
11:22:35.0875 7148 prodrv06 (18d9789a4664bf417eea944d2776091a) C:\WINDOWS\System32\drivers\prodrv06.sys
11:22:35.0875 7148 prodrv06 - ok
11:22:35.0921 7148 prohlp02 (8cc9671a7ed2902e747ee0892e1c8575) C:\WINDOWS\system32\drivers\prohlp02.sys
11:22:35.0921 7148 prohlp02 - ok
11:22:35.0953 7148 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
11:22:35.0953 7148 prosync1 - ok
11:22:36.0015 7148 ProtectedStorage (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
11:22:36.0015 7148 ProtectedStorage - ok
11:22:36.0062 7148 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
11:22:36.0062 7148 Ps2 - ok
11:22:36.0109 7148 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:22:36.0140 7148 PSched - ok
11:22:36.0171 7148 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:22:36.0203 7148 Ptilink - ok
11:22:36.0265 7148 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:22:36.0281 7148 PxHelp20 - ok
11:22:36.0296 7148 ql1080 - ok
11:22:36.0328 7148 Ql10wnt - ok
11:22:36.0343 7148 ql12160 - ok
11:22:36.0359 7148 ql1240 - ok
11:22:36.0359 7148 ql1280 - ok
11:22:36.0390 7148 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:22:36.0406 7148 RasAcd - ok
11:22:36.0453 7148 RasAuto (15d787dffce46cfc4c7f567095ce8323) C:\WINDOWS\System32\rasauto.dll
11:22:36.0453 7148 RasAuto - ok
11:22:36.0484 7148 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:22:36.0500 7148 Rasl2tp - ok
11:22:36.0546 7148 RasMan (1e86de6b0df33953cf9ce449dd6e8442) C:\WINDOWS\System32\rasmans.dll
11:22:36.0546 7148 RasMan - ok
11:22:36.0562 7148 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:22:36.0593 7148 RasPppoe - ok
11:22:36.0625 7148 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:22:36.0640 7148 Raspti - ok
11:22:36.0687 7148 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:22:36.0687 7148 Rdbss - ok
11:22:36.0703 7148 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:22:36.0718 7148 RDPCDD - ok
11:22:36.0765 7148 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:22:36.0781 7148 RDPWD - ok
11:22:36.0828 7148 RDSessMgr (fe7c16fa5cbc560579c9728534fbaf6f) C:\WINDOWS\system32\sessmgr.exe
11:22:36.0828 7148 RDSessMgr - ok
11:22:36.0843 7148 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:22:36.0875 7148 redbook - ok
11:22:36.0906 7148 RemoteAccess (fcd42d82c6f5e0e1506eca01d692dde7) C:\WINDOWS\System32\mprdim.dll
11:22:36.0921 7148 RemoteAccess - ok
11:22:36.0953 7148 RpcLocator (2cfb81b412a5d3cbd55cefaccb5e2cee) C:\WINDOWS\system32\locator.exe
11:22:36.0968 7148 RpcLocator - ok
11:22:37.0015 7148 RpcSs (87dadc3f6e6cd5aaeb913e19cbff922c) C:\WINDOWS\System32\rpcss.dll
11:22:37.0015 7148 RpcSs - ok
11:22:37.0046 7148 RSVP (72407e48f912ed57213ae474b8a6798b) C:\WINDOWS\system32\rsvp.exe
11:22:37.0062 7148 RSVP - ok
11:22:37.0140 7148 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
11:22:37.0156 7148 rtl8139 - ok
11:22:37.0187 7148 SamSs (ff1805d5daf41625af5282750d4a3700) C:\WINDOWS\system32\lsass.exe
11:22:37.0187 7148 SamSs - ok
11:22:37.0234 7148 SCardSvr (d339f34d824a7d42ff4d61f1d9d06029) C:\WINDOWS\System32\SCardSvr.exe
11:22:37.0234 7148 SCardSvr - ok
11:22:37.0281 7148 Schedule (c7dc69a9d8c9ab2fbca3238c989d598f) C:\WINDOWS\system32\schedsvc.dll
11:22:37.0281 7148 Schedule - ok
11:22:37.0359 7148 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:22:37.0375 7148 Secdrv - ok
11:22:37.0406 7148 seclogon (ed70eb06f13062366b126b1c7475c127) C:\WINDOWS\System32\seclogon.dll
11:22:37.0421 7148 seclogon - ok
11:22:37.0453 7148 SENS (ea7b436a948c875dc94c6062fcbbc2d9) C:\WINDOWS\system32\sens.dll
11:22:37.0453 7148 SENS - ok
11:22:37.0484 7148 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\drivers\Serial.sys
11:22:37.0515 7148 Serial - ok
11:22:37.0593 7148 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
11:22:37.0593 7148 sfhlp01 - ok
11:22:37.0609 7148 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:22:37.0640 7148 Sfloppy - ok
11:22:37.0671 7148 SharedAccess (30e1a46734bdf836c8770949c86b42a4) C:\WINDOWS\System32\ipnathlp.dll
11:22:37.0687 7148 SharedAccess - ok
11:22:37.0734 7148 ShellHWDetection (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll
11:22:37.0750 7148 ShellHWDetection - ok
11:22:37.0781 7148 Simbad - ok
11:22:37.0828 7148 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:22:37.0859 7148 SLIP - ok
11:22:37.0859 7148 Sparrow - ok
11:22:37.0906 7148 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:22:37.0921 7148 splitter - ok
11:22:37.0968 7148 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:22:37.0968 7148 Spooler - ok
11:22:38.0031 7148 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
11:22:38.0031 7148 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
11:22:38.0031 7148 sptd ( LockedFile.Multi.Generic ) - warning
11:22:38.0031 7148 sptd - detected LockedFile.Multi.Generic (1)
11:22:38.0046 7148 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys
11:22:38.0078 7148 sr - ok
11:22:38.0109 7148 srservice (25edb60132f9d82cb1b7961c1d0d13f2) C:\WINDOWS\system32\srsvc.dll
11:22:38.0125 7148 srservice - ok
11:22:38.0171 7148 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:22:38.0171 7148 Srv - ok
11:22:38.0187 7148 SSDPSRV (53ffc29dc150e0107f28f0a622ff8d1a) C:\WINDOWS\System32\ssdpsrv.dll
11:22:38.0203 7148 SSDPSRV - ok
11:22:38.0234 7148 stisvc (5835d4ad35905215e1059a973b022ea1) C:\WINDOWS\system32\wiaservc.dll
11:22:38.0234 7148 stisvc - ok
11:22:38.0312 7148 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:22:38.0328 7148 streamip - ok
11:22:38.0359 7148 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:22:38.0375 7148 swenum - ok
11:22:38.0406 7148 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:22:38.0437 7148 swmidi - ok
11:22:38.0437 7148 SwPrv - ok
11:22:38.0468 7148 symc810 - ok
11:22:38.0484 7148 symc8xx - ok
11:22:38.0500 7148 sym_hi - ok
11:22:38.0500 7148 sym_u3 - ok
11:22:38.0546 7148 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:22:38.0546 7148 sysaudio - ok
11:22:38.0578 7148 SysmonLog (71a08eec00a703445a2cbc0e91ef0952) C:\WINDOWS\system32\smlogsvc.exe
11:22:38.0593 7148 SysmonLog - ok
11:22:38.0640 7148 TapiSrv (18261106524f7a93ceceacdc03a5b989) C:\WINDOWS\System32\tapisrv.dll
11:22:38.0640 7148 TapiSrv - ok
11:22:38.0718 7148 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:22:38.0734 7148 Tcpip - ok
11:22:38.0765 7148 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:22:38.0781 7148 TDPIPE - ok
11:22:38.0843 7148 Tdsshbecr (4a766448821359df6a0427a91782385a) C:\WINDOWS\system32\DRIVERS\shbecr.sys
11:22:38.0859 7148 Tdsshbecr - ok
11:22:38.0875 7148 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:22:38.0890 7148 TDTCP - ok
11:22:38.0937 7148 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:22:38.0984 7148 TermDD - ok
11:22:39.0046 7148 TermService (f89c53d455420df4d66e45842fb3a46e) C:\WINDOWS\System32\termsrv.dll
11:22:39.0062 7148 TermService - ok
11:22:39.0109 7148 Themes (c5684b98920f9ba98d6a33701ca816e6) C:\WINDOWS\System32\shsvcs.dll
11:22:39.0109 7148 Themes - ok
11:22:39.0156 7148 TosIde - ok
11:22:39.0187 7148 TrkWks (548867e040cb81a82b5df09d074f95f8) C:\WINDOWS\system32\trkwks.dll
11:22:39.0187 7148 TrkWks - ok
11:22:39.0250 7148 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:22:39.0265 7148 Udfs - ok
11:22:39.0281 7148 ultra - ok
11:22:39.0328 7148 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:22:39.0375 7148 Update - ok
11:22:39.0406 7148 upnphost (b1222a2302480d56a32c5343150bb16d) C:\WINDOWS\System32\upnphost.dll
11:22:39.0406 7148 upnphost - ok
11:22:39.0437 7148 UPS (7b07af3d4545ad6fee34b5f2eb247c8f) C:\WINDOWS\System32\ups.exe
11:22:39.0437 7148 UPS - ok
11:22:39.0500 7148 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:22:39.0531 7148 usbccgp - ok
11:22:39.0562 7148 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:22:39.0578 7148 usbehci - ok
11:22:39.0609 7148 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:22:39.0625 7148 usbhub - ok
11:22:39.0656 7148 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:22:39.0671 7148 usbohci - ok
11:22:39.0703 7148 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:22:39.0718 7148 USBSTOR - ok
11:22:39.0750 7148 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:22:39.0765 7148 usbuhci - ok
11:22:39.0781 7148 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:22:39.0796 7148 VgaSave - ok
11:22:39.0843 7148 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:22:39.0875 7148 ViaIde - ok
11:22:39.0890 7148 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys
11:22:39.0906 7148 VolSnap - ok
11:22:39.0953 7148 VSS (940950dc9e34b05986bbbb1d1a33b74f) C:\WINDOWS\System32\vssvc.exe
11:22:39.0953 7148 VSS - ok
11:22:39.0984 7148 W32Time (4bf06a1dcd6a91c482e79340fee527ca) C:\WINDOWS\system32\w32time.dll
11:22:39.0984 7148 W32Time - ok
11:22:40.0062 7148 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:22:40.0078 7148 Wanarp - ok
11:22:40.0140 7148 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:22:40.0156 7148 Wdf01000 - ok
11:22:40.0171 7148 WDICA - ok
11:22:40.0203 7148 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:22:40.0218 7148 wdmaud - ok
11:22:40.0265 7148 WebClient (e6dfcadf5089a68ecd288e9a803a892c) C:\WINDOWS\System32\webclnt.dll
11:22:40.0281 7148 WebClient - ok
11:22:40.0359 7148 winmgmt (cf4e2a27495f7ea6b3128d9a731b3716) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:22:40.0375 7148 winmgmt - ok
11:22:40.0421 7148 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe
11:22:40.0421 7148 WMDM PMSP Service - ok
11:22:40.0453 7148 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:22:40.0453 7148 WmdmPmSN - ok
11:22:40.0484 7148 WmiApSrv (9bfadc02a9e27bfdff59e61302f92517) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:22:40.0484 7148 WmiApSrv - ok
11:22:40.0609 7148 WMPNetworkSvc (de188dd69ca74b1512adc5a7639523b2) C:\Program\Windows Media Player\WMPNetwk.exe
11:22:40.0640 7148 WMPNetworkSvc - ok
11:22:40.0796 7148 WN5401 (f87497cf86995df3b075234235682647) C:\WINDOWS\system32\DRIVERS\wn5401.sys
11:22:40.0843 7148 WN5401 - ok
11:22:40.0890 7148 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
11:22:40.0890 7148 WpdUsb - ok
11:22:40.0921 7148 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:22:40.0937 7148 WS2IFSL - ok
11:22:40.0968 7148 wscsvc (4ac32513fa47c8219448269bf895fc34) C:\WINDOWS\system32\wscsvc.dll
11:22:40.0984 7148 wscsvc - ok
11:22:41.0031 7148 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:22:41.0046 7148 WSTCODEC - ok
11:22:41.0093 7148 wuauserv (4ceaf29d35c2608c6463e80574ddca10) C:\WINDOWS\system32\wuauserv.dll
11:22:41.0093 7148 wuauserv - ok
11:22:41.0125 7148 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:22:41.0156 7148 WudfPf - ok
11:22:41.0171 7148 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:22:41.0171 7148 WudfRd - ok
11:22:41.0203 7148 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:22:41.0203 7148 WudfSvc - ok
11:22:41.0265 7148 WZCSVC (5ec7d7f83640a921b5c616d9650520fd) C:\WINDOWS\System32\wzcsvc.dll
11:22:41.0453 7148 WZCSVC - ok
11:22:41.0593 7148 xmlprov (5b3d475aa8629320686fbffbe67ab492) C:\WINDOWS\System32\xmlprov.dll
11:22:41.0593 7148 xmlprov - ok
11:22:41.0671 7148 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
11:22:41.0671 7148 xusb21 - ok
11:22:41.0703 7148 MBR (0x1B8) (a40ae8018c2771f630fa39be0e2da53b) \Device\Harddisk0\DR0
11:22:41.0859 7148 \Device\Harddisk0\DR0 - ok
11:22:41.0875 7148 MBR (0x1B8) (87d88fa4d3efd4431866ea91949644bf) \Device\Harddisk1\DR1
11:22:41.0875 7148 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected
11:22:41.0875 7148 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0)
11:22:41.0890 7148 MBR (0x1B8) (87d88fa4d3efd4431866ea91949644bf) \Device\Harddisk6\DR9
11:22:41.0890 7148 \Device\Harddisk6\DR9 ( Rootkit.Boot.Wistler.a ) - infected
11:22:41.0890 7148 \Device\Harddisk6\DR9 - detected Rootkit.Boot.Wistler.a (0)
11:22:41.0890 7148 Boot (0x1200) (c0adc30fb6170e1dfe5cb282d6544ad5) \Device\Harddisk0\DR0\Partition0
11:22:41.0890 7148 \Device\Harddisk0\DR0\Partition0 - ok
11:22:41.0890 7148 Boot (0x1200) (866030127b689fbdafb443384b06cf16) \Device\Harddisk0\DR0\Partition1
11:22:41.0890 7148 \Device\Harddisk0\DR0\Partition1 - ok
11:22:41.0906 7148 Boot (0x1200) (3d49f42c02a332ed040a84c6dc71e389) \Device\Harddisk1\DR1\Partition0
11:22:41.0906 7148 \Device\Harddisk1\DR1\Partition0 - ok
11:22:41.0906 7148 Boot (0x1200) (8991bdfe2cb4036d2a6399287d2cd749) \Device\Harddisk6\DR9\Partition0
11:22:41.0906 7148 \Device\Harddisk6\DR9\Partition0 - ok
11:22:41.0921 7148 ============================================================
11:22:41.0921 7148 Scan finished
11:22:41.0921 7148 ============================================================
11:22:41.0921 7140 Detected object count: 3
11:22:41.0921 7140 Actual detected object count: 3
11:23:22.0453 7140 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
11:23:22.0562 7140 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
11:23:22.0578 7140 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
11:23:22.0593 7140 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted on reboot
11:23:22.0593 7140 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
11:23:22.0656 7140 \Device\Harddisk1\DR1\# - copied to quarantine
11:23:22.0671 7140 \Device\Harddisk1\DR1 - copied to quarantine
11:23:22.0671 7140 \Device\Harddisk1\DR1 - processing error
11:30:39.0921 7140 \Device\Harddisk1\DR1 - will be restored on reboot
11:30:39.0921 7140 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Cure Restore
11:30:47.0796 7140 \Device\Harddisk6\DR9\# - copied to quarantine
11:30:47.0796 7140 \Device\Harddisk6\DR9 - copied to quarantine
11:30:47.0812 7140 \Device\Harddisk6\DR9 - processing error
11:30:51.0312 7140 \Device\Harddisk6\DR9 - restored
11:30:51.0312 7140 \Device\Harddisk6\DR9 ( Rootkit.Boot.Wistler.a ) - User select action: Cure Restore
11:30:57.0203 6988 Deinitialize success
Vallentino is offline  
Old 03-31-2012, 08:26 AM   #20
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hey Vallentino,

This one is a toughie. Can you please post the ESET log?
__________________
NoodleTech is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Win32 ZAccess Virus.....
Hello, About a week ago, my computer seemed to be running slower and slower each time I use it. At that time I did have Kaspersky Anti-Virus 2012 and when I ran it, it gave me a potential virus called Win32 ZAccess (I believe) which I could not have deleted by Kaspersky. Since y'all have...
hbkvcu Resolved HJT Threads 29 03-24-2012 03:00 PM
Possible Win32/small.ca virus
Hello, This morning i received a message from my windows action center telling me that i somehow gotten the win32/small.ca virus After searching google for possible solutions i found some guides (these of which had me download TDSSKiller.exe, and Malwarebytes) After seeing that most of the...
Psycotech Resolved HJT Threads 20 03-22-2012 09:15 PM
win32/heur
i could use some info on how to remove this virus from the registry.it seems to only be effecting internet explorer,everytime i open explorer i get the error message that explorer has stopped working.i can use safari - but i still need to clean 2 - win32/heir from my pc.trendmicro detected them but...
slopez Windows 7 , Windows Vista Support 1 03-12-2012 05:53 PM
Win32/Sirefef.DN trojan
Hi there. Eset is reporting that I've got Win32/Sirefef.DN trojan in Operating memory. I've tried cleaning it, but it returns. Computer behaviour is getting worse. Some examples: New firefox tabs opening Firefox redirects to ebay Computer fans varying wildly when idle Malware software...
tryingtimes Resolved HJT Threads 139 03-12-2012 01:04 AM
Unremovable Viruses "Win32/Karagany.I" and "Win32/Winwebsec" from Undeletable File
Microsoft Security Essentials (MSE) keeps identifying the following malware. Every time I try to delete it, MSE says the deletion is successful, but the problem returns in a few minutes.TrojanDownloader:Win32/Karagany.I Rogue:Win32/Winwebsec Looking at the detailed information from MSE, I...
SeriousCat Virus/Trojan/Spyware Help 2 03-01-2012 09:43 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:39 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts