Koči mi se konekcija

Koči mi se konekcija

offline
  • Pridružio: 14 Nov 2003
  • Poruke: 323

Komp je bio čist, pre par meseci sam ga odskenirao i otvarao temu ovde. Radio je super. Od juče me zeza, kada upalim komp ponekad traži da se skenira disk a ponekad ne. Kada se podigne sistem, treba da čekam po 2-3 minuta da se pojavi ikonica konekcije u Taskbar-u (ona dva mala ekrančića).
Na ovom kompu imam Ghost koji sam uradio kada sam ga nabavio, ja odradim Ghost ali je problem isti.
Jel može mala pomoć da vidimo šta mu je.

Hvala unapred.

**************//////////****************

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Eldar (administrator) on APUK-ACD6AE443F on 08-01-2015 06:19:16
Running from C:\Documents and Settings\Eldar\Desktop
Loaded Profile: Eldar (Available profiles: Eldar)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(HP) C:\WINDOWS\system32\HPSIsvc.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(CANON INC.) C:\WINDOWS\system32\CAPRPCSK.EXE
(Savard Software) C:\Documents and Settings\Eldar\Application Data\Mis portables\turbo\portable\TurboLaunch.exe
(CANON INC.) C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065384 2011-12-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CAPON] => C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE [22528 2001-02-05] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [155648 2012-11-10] (Apple Computer, Inc.)
Startup: C:\Documents and Settings\Eldar\Start Menu\Programs\Startup\TurboLaunch.lnk
ShortcutTarget: TurboLaunch.lnk -> C:\Documents and Settings\Eldar\Application Data\Mis portables\turbo\portable\TurboLaunch.exe (Savard Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-682003330-1935655697-2146900839-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-682003330-1935655697-2146900839-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-682003330-1935655697-2146900839-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
Tcpip\Parameters: [DhcpNameServer] 80.80.160.8 80.80.160.9

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchrocket.info/?pid=658&r=2013/05/28&hid=1376528480&lg=EN&cc=AL&unqvl=16&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: Google
FF SelectedSearchEngine,S: WebSearch
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Foxdie - C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\Extensions\Foxdie@tanjihay.com [2012-11-11]
FF Extension: FT GraphiteGlow - C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\Extensions\{99e34760-2754-11e0-91fa-0800200c9a66} [2012-11-11]
FF Extension: Classic Compact Options - C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\Extensions\notreal.ccoptions@environmentalchemistry.com.xpi [2012-11-11]
FF Extension: Tab Mix Plus - C:\Documents and Settings\Eldar\Application Data\Mozilla\Firefox\Profiles\8msvarp2.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-11-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-25]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Profile: C:\Documents and Settings\Eldar\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\Eldar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-10]
CHR Extension: (YouTube) - C:\Documents and Settings\Eldar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-10]
CHR Extension: (Google Search) - C:\Documents and Settings\Eldar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-10]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Eldar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Eldar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2014-10-03] () [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2014-09-16] (Adobe Systems Incorporated) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-03-15] (Mozilla Foundation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 a347bus; C:\WINDOWS\System32\DRIVERS\a347bus.sys [158720 2004-08-23] ( ) [File not signed]
R0 a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [5248 2004-04-30] ( ) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 GT680x; C:\WINDOWS\System32\Drivers\gt680x.sys [18120 2001-11-08] ( )
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S2 RapidPort; C:\WINDOWS\system32\Drivers\CAPLPTN.SYS [22912 2001-02-05] (CANON INC.)
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 06:19 - 2015-01-08 06:19 - 00010768 _____ () C:\Documents and Settings\Eldar\Desktop\FRST.txt
2015-01-08 06:19 - 2015-01-08 06:19 - 00000000 ____D () C:\FRST
2015-01-08 06:18 - 2015-01-08 06:18 - 01115648 _____ (Farbar) C:\Documents and Settings\Eldar\Desktop\FRST.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 06:19 - 2012-11-10 15:38 - 00000000 ____D () C:\Documents and Settings\Eldar\Local Settings\Temp
2015-01-08 06:19 - 2012-11-10 15:35 - 00154322 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-08 06:15 - 2012-11-10 21:20 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 06:15 - 2012-11-10 21:20 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-08 06:15 - 2012-11-10 16:28 - 00588920 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-08 06:14 - 2012-11-10 16:28 - 00006436 _____ () C:\WINDOWS\setupapi.log
2015-01-08 06:13 - 2012-11-10 16:31 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-08 06:13 - 2012-11-10 16:31 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-01-08 06:13 - 2012-11-10 15:38 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-07 21:46 - 2012-11-11 11:07 - 00071474 ____H () C:\Documents and Settings\Eldar\Application Data\TurboLaunch_IconCache.dat
2015-01-07 21:46 - 2012-11-10 15:38 - 00032620 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-07 21:46 - 2012-11-10 15:38 - 00000178 ___SH () C:\Documents and Settings\Eldar\ntuser.ini
2015-01-07 21:45 - 2008-04-14 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

Pozdrav Corleone,

Izvestaji ne pokazuju aktivan malware. U logovima vidim par neaktivnih adware unosa. Sledeci alat ce taj problem brzo resiti te ostatke.


Arrow
Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt






Arrow Potom postavi Mozilla Firefox browser nazad na njegova default podesavanja. Evo kako to da uradis:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems







----- ----- ----- ----- ----- -----






Iako FRST izvestaji pokazuju da je sistem cist, moramo stvari da ispitamo i sa drugog ugla.
Koristicemo ovaj obiman ARK skener da bi proverili da se slucajno nesto ne krije od nasih alata.





Arrow Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 14 Nov 2003
  • Poruke: 323

Preuzeo sam MBAR i napravio UPDATE ali kada kliknem na dugme Scan sistem se odmah restartuje.

AdwCleaner sam preuzeo i odradio. Fajl je prikačen.
Firefox sam restartovao prema uputstvu koje si dao.
https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

Koristicemo alternativu ...

Probaj da preuzmes alat sa jednog od sledecih linkova. Imaj na umu da neki linkovi u nekim regionima trenutno ne rade zbog problema ...

Preuzmi TDSSKiller, sacuvaj alat na Desktop i dvoklikom pokreni TDSSKiller.exe

----- alternativni download linkovi -----
http://www.bleepingcomputer.com/download/tdsskiller/
http://www.bleepingcomputer.com/download/tdsskiller/dl/4/

http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe
http://support.kaspersky.com/viruses/utility#
------------------------------------------------


U "End user Licence Agreement" dijalogu klikni na Accept.
Takođe, u "KSN Statement" dijalogu klikni na Accept.


klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.

Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)

offline
  • Pridružio: 14 Nov 2003
  • Poruke: 323

Napisano: 08 Jan 2015 16:39

Ne mogu da preuzmem ni sa jednog linka.

Dopuna: 08 Jan 2015 18:29

Preuzeh nekako.


18:22:26.0687 0x0a24 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
18:22:30.0437 0x0a24 ============================================================
18:22:30.0437 0x0a24 Current date / time: 2015/01/08 18:22:30.0437
18:22:30.0437 0x0a24 SystemInfo:
18:22:30.0437 0x0a24
18:22:30.0437 0x0a24 OS Version: 5.1.2600 ServicePack: 3.0
18:22:30.0437 0x0a24 Product type: Workstation
18:22:30.0437 0x0a24 ComputerName: APUK-ACD6AE443F
18:22:30.0437 0x0a24 UserName: Eldar
18:22:30.0437 0x0a24 Windows directory: C:\WINDOWS
18:22:30.0437 0x0a24 System windows directory: C:\WINDOWS
18:22:30.0437 0x0a24 Processor architecture: Intel x86
18:22:30.0437 0x0a24 Number of processors: 4
18:22:30.0437 0x0a24 Page size: 0x1000
18:22:30.0437 0x0a24 Boot type: Normal boot
18:22:30.0437 0x0a24 ============================================================
18:22:33.0031 0x0a24 KLMD registered as C:\WINDOWS\system32\drivers\93008939.sys
18:22:33.0093 0x0a24 System UUID: {6AB4E593-1C3F-BDFE-7850-4409B890D9D5}
18:22:33.0343 0x0a24 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:22:33.0359 0x0a24 ============================================================
18:22:33.0359 0x0a24 \Device\Harddisk0\DR0:
18:22:33.0359 0x0a24 MBR partitions:
18:22:33.0359 0x0a24 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA00298D
18:22:33.0359 0x0a24 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA002A0B, BlocksNum 0x30382236
18:22:33.0359 0x0a24 ============================================================
18:22:33.0390 0x0a24 C: <-> \Device\Harddisk0\DR0\Partition1
18:22:33.0421 0x0a24 D: <-> \Device\Harddisk0\DR0\Partition2
18:22:33.0453 0x0a24 ============================================================
18:22:33.0453 0x0a24 Initialize success
18:22:33.0453 0x0a24 ============================================================
18:22:36.0437 0x0af8 ============================================================
18:22:36.0437 0x0af8 Scan started
18:22:36.0437 0x0af8 Mode: Manual;
18:22:36.0437 0x0af8 ============================================================
18:22:36.0437 0x0af8 KSN ping started
18:22:49.0859 0x0af8 KSN ping finished: true
18:22:50.0812 0x0af8 ================ Scan system memory ========================
18:22:50.0812 0x0af8 System memory - ok
18:22:50.0812 0x0af8 ================ Scan services =============================
18:22:50.0921 0x0af8 [ 61C7FAA37417CA5BAFA0490A49CC84D6, FDD544C65C9A01F391C4C2BDCDCE867F3C71BD357BBFF7191EAF0A765D5617C8 ] a347bus C:\WINDOWS\system32\DRIVERS\a347bus.sys
18:22:50.0921 0x0af8 a347bus - ok
18:22:51.0000 0x0af8 [ 113E4B318BBAA7483CA4E582A4D63F49, 049B3963306CBF351A1A864779E89B67404C8629D816C5A3AC3A18C48706953C ] a347scsi C:\WINDOWS\system32\Drivers\a347scsi.sys
18:22:51.0000 0x0af8 a347scsi - ok
18:22:51.0000 0x0af8 Abiosdsk - ok
18:22:51.0000 0x0af8 abp480n5 - ok
18:22:51.0046 0x0af8 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:22:51.0046 0x0af8 ACPI - ok
18:22:51.0078 0x0af8 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:22:51.0078 0x0af8 ACPIEC - ok
18:22:51.0109 0x0af8 [ 5DDC0A8D2CD60BDA593DDAF45821CE08, 5A1599702C132C71F043576F50A4115647754FA5F7A01D17B72E147958A06383 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:22:51.0109 0x0af8 Adobe LM Service - ok
18:22:51.0156 0x0af8 [ 4E48A7DF7ECACB38C686B2BEBAA687A3, D4DEE6BD464855B24A6D40BC6A9279B2041099615C6A319D869DA113AD896EA3 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:22:51.0171 0x0af8 AdobeFlashPlayerUpdateSvc - ok
18:22:51.0171 0x0af8 adpu160m - ok
18:22:51.0187 0x0af8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:22:51.0187 0x0af8 aec - ok
18:22:51.0203 0x0af8 [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:22:51.0203 0x0af8 AFD - ok
18:22:51.0203 0x0af8 Aha154x - ok
18:22:51.0203 0x0af8 aic78u2 - ok
18:22:51.0203 0x0af8 aic78xx - ok
18:22:51.0218 0x0af8 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:22:51.0218 0x0af8 Alerter - ok
18:22:51.0250 0x0af8 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
18:22:51.0265 0x0af8 ALG - ok
18:22:51.0265 0x0af8 AliIde - ok
18:22:51.0328 0x0af8 [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
18:22:51.0375 0x0af8 Ambfilt - ok
18:22:51.0375 0x0af8 amsint - ok
18:22:51.0390 0x0af8 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:22:51.0406 0x0af8 AppMgmt - ok
18:22:51.0406 0x0af8 asc - ok
18:22:51.0406 0x0af8 asc3350p - ok
18:22:51.0406 0x0af8 asc3550 - ok
18:22:51.0468 0x0af8 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:22:51.0468 0x0af8 aspnet_state - ok
18:22:51.0468 0x0af8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:22:51.0468 0x0af8 AsyncMac - ok
18:22:51.0484 0x0af8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:22:51.0484 0x0af8 atapi - ok
18:22:51.0484 0x0af8 Atdisk - ok
18:22:51.0500 0x0af8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:22:51.0500 0x0af8 Atmarpc - ok
18:22:51.0500 0x0af8 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:22:51.0500 0x0af8 AudioSrv - ok
18:22:51.0546 0x0af8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:22:51.0546 0x0af8 audstub - ok
18:22:51.0562 0x0af8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:22:51.0562 0x0af8 Beep - ok
18:22:51.0593 0x0af8 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
18:22:51.0625 0x0af8 BITS - ok
18:22:51.0640 0x0af8 [ A06CE3399D16DB864F55FAEB1F1927A9, 3430FA8552D91670D9FB0A921C735ADBE2DA7FF108C199DDEEF2FB2E50713AF3 ] Browser C:\WINDOWS\System32\browser.dll
18:22:51.0640 0x0af8 Browser - ok
18:22:51.0656 0x0af8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:22:51.0656 0x0af8 cbidf2k - ok
18:22:51.0656 0x0af8 cd20xrnt - ok
18:22:51.0671 0x0af8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:22:51.0671 0x0af8 Cdaudio - ok
18:22:51.0687 0x0af8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:22:51.0687 0x0af8 Cdfs - ok
18:22:51.0703 0x0af8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:22:51.0703 0x0af8 Cdrom - ok
18:22:51.0703 0x0af8 Changer - ok
18:22:51.0718 0x0af8 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:22:51.0718 0x0af8 CiSvc - ok
18:22:51.0718 0x0af8 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:22:51.0718 0x0af8 ClipSrv - ok
18:22:51.0765 0x0af8 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:22:51.0765 0x0af8 clr_optimization_v2.0.50727_32 - ok
18:22:51.0828 0x0af8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:22:51.0859 0x0af8 clr_optimization_v4.0.30319_32 - ok
18:22:51.0859 0x0af8 CmdIde - ok
18:22:51.0859 0x0af8 COMSysApp - ok
18:22:51.0859 0x0af8 Cpqarray - ok
18:22:51.0875 0x0af8 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:22:51.0875 0x0af8 CryptSvc - ok
18:22:51.0875 0x0af8 dac2w2k - ok
18:22:51.0875 0x0af8 dac960nt - ok
18:22:51.0890 0x0af8 [ 2589FE6015A316C0F5D5112B4DA7B509, 2753785BA07A1A7A25E275332F5F9F403F6E8CBF396FD0905D6BA84B98C403A6 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:22:51.0906 0x0af8 DcomLaunch - ok
18:22:51.0921 0x0af8 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:22:51.0921 0x0af8 Dhcp - ok
18:22:51.0921 0x0af8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:22:51.0921 0x0af8 Disk - ok
18:22:51.0921 0x0af8 dmadmin - ok
18:22:51.0953 0x0af8 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:22:52.0015 0x0af8 dmboot - ok
18:22:52.0031 0x0af8 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:22:52.0031 0x0af8 dmio - ok
18:22:52.0062 0x0af8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:22:52.0062 0x0af8 dmload - ok
18:22:52.0062 0x0af8 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
18:22:52.0062 0x0af8 dmserver - ok
18:22:52.0078 0x0af8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:22:52.0078 0x0af8 DMusic - ok
18:22:52.0078 0x0af8 [ 474B4DC3983173E4B4C9740B0DAC98A6, C0B1B5B3A87529FFA93BCFCC2BC013A96CAD7F5049ED4D999E8D5D9AC91F95B7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:22:52.0078 0x0af8 Dnscache - ok
18:22:52.0093 0x0af8 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:22:52.0093 0x0af8 Dot3svc - ok
18:22:52.0093 0x0af8 dpti2o - ok
18:22:52.0109 0x0af8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:22:52.0109 0x0af8 drmkaud - ok
18:22:52.0109 0x0af8 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:22:52.0140 0x0af8 EapHost - ok
18:22:52.0156 0x0af8 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:22:52.0156 0x0af8 ERSvc - ok
18:22:52.0171 0x0af8 [ 0E776ED5F7CC9F94299E70461B7B8185, 22750B3829133D1D4BB3CE2FA6247BE2373B5D15A6ED1C8A71673AA1CE7D9530 ] Eventlog C:\WINDOWS\system32\services.exe
18:22:52.0171 0x0af8 Eventlog - ok
18:22:52.0187 0x0af8 [ 19A799805B24990867B00C120D300C3A, 3C8CB64BE0508B5136D4F4919DA665AB86366EFFFFDD890A9B27E7CE39DCF098 ] EventSystem C:\WINDOWS\system32\es.dll
18:22:52.0187 0x0af8 EventSystem - ok
18:22:52.0218 0x0af8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:22:52.0218 0x0af8 Fastfat - ok
18:22:52.0218 0x0af8 [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:22:52.0234 0x0af8 FastUserSwitchingCompatibility - ok
18:22:52.0234 0x0af8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:22:52.0234 0x0af8 Fdc - ok
18:22:52.0250 0x0af8 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:22:52.0250 0x0af8 Fips - ok
18:22:52.0250 0x0af8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:22:52.0250 0x0af8 Flpydisk - ok
18:22:52.0281 0x0af8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:22:52.0281 0x0af8 FltMgr - ok
18:22:52.0328 0x0af8 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:22:52.0328 0x0af8 FontCache3.0.0.0 - ok
18:22:52.0328 0x0af8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:22:52.0328 0x0af8 Fs_Rec - ok
18:22:52.0328 0x0af8 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:22:52.0328 0x0af8 Ftdisk - ok
18:22:52.0343 0x0af8 gdrv - ok
18:22:52.0343 0x0af8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:22:52.0343 0x0af8 Gpc - ok
18:22:52.0375 0x0af8 [ 4A2102DDF08472527B4872FA68EE87D1, 9745D962347D8238ECC0CA39AD9F956EB68F29F44B2702EC16EA01530E453EE3 ] GT680x C:\WINDOWS\system32\Drivers\gt680x.sys
18:22:52.0390 0x0af8 GT680x - ok
18:22:52.0421 0x0af8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:22:52.0437 0x0af8 gupdate - ok
18:22:52.0453 0x0af8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:22:52.0453 0x0af8 gupdatem - ok
18:22:52.0468 0x0af8 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:22:52.0468 0x0af8 HDAudBus - ok
18:22:52.0515 0x0af8 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:22:52.0515 0x0af8 helpsvc - ok
18:22:52.0515 0x0af8 HidServ - ok
18:22:52.0531 0x0af8 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:22:52.0546 0x0af8 hkmsvc - ok
18:22:52.0546 0x0af8 hpn - ok
18:22:52.0562 0x0af8 [ 7BB066F3753EAC61AACDD6C05DDFBC0B, 4F1A2702ED4B57980A804FE345D467C08A2B29E5E953171573A19875040044FA ] HPSIService C:\WINDOWS\system32\HPSIsvc.exe
18:22:52.0562 0x0af8 HPSIService - ok
18:22:52.0578 0x0af8 [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:22:52.0593 0x0af8 HTTP - ok
18:22:52.0609 0x0af8 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:22:52.0609 0x0af8 HTTPFilter - ok
18:22:52.0609 0x0af8 i2omgmt - ok
18:22:52.0625 0x0af8 i2omp - ok
18:22:52.0640 0x0af8 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:22:52.0656 0x0af8 i8042prt - ok
18:22:52.0750 0x0af8 [ A4978E73E18AED6F6765854BA27D674B, 4B1F51048317F7A5D2940D9A8322B73BE4B9EDBE2544DD511E3068B374CD6555 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:22:52.0812 0x0af8 ialm - ok
18:22:52.0828 0x0af8 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:22:52.0828 0x0af8 IDriverT - ok
18:22:52.0890 0x0af8 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:22:52.0906 0x0af8 idsvc - ok
18:22:52.0953 0x0af8 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE, 837C9BCB6C23FE0901F0F66A57FAB5985984F0EAD9E34F84A9F78349EDE0394F ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
18:22:52.0953 0x0af8 IJPLMSVC - ok
18:22:52.0968 0x0af8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:22:52.0968 0x0af8 Imapi - ok
18:22:52.0984 0x0af8 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
18:22:52.0984 0x0af8 ImapiService - ok
18:22:52.0984 0x0af8 ini910u - ok
18:22:53.0187 0x0af8 [ 791A119641F14706E6687741775AE1AA, 5FE16684854E5620EDA9C135D843426DC1BEB23AA1B4FBA39F93B44951B28C00 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:22:53.0281 0x0af8 IntcAzAudAddService - ok
18:22:53.0296 0x0af8 IntelIde - ok
18:22:53.0312 0x0af8 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:22:53.0312 0x0af8 intelppm - ok
18:22:53.0328 0x0af8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:22:53.0328 0x0af8 Ip6Fw - ok
18:22:53.0359 0x0af8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:22:53.0359 0x0af8 IpFilterDriver - ok
18:22:53.0359 0x0af8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:22:53.0359 0x0af8 IpInIp - ok
18:22:53.0359 0x0af8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:22:53.0375 0x0af8 IpNat - ok
18:22:53.0375 0x0af8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:22:53.0375 0x0af8 IPSec - ok
18:22:53.0390 0x0af8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:22:53.0390 0x0af8 IRENUM - ok
18:22:53.0421 0x0af8 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:22:53.0421 0x0af8 isapnp - ok
18:22:53.0437 0x0af8 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:22:53.0437 0x0af8 Kbdclass - ok
18:22:53.0453 0x0af8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:22:53.0453 0x0af8 kmixer - ok
18:22:53.0453 0x0af8 [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:22:53.0453 0x0af8 KSecDD - ok
18:22:53.0468 0x0af8 [ F385F4B02C535BFFE1D70CAB80838123, A1695E161673BCB77CE150C2D98A07FCB454C53F10EEBECD754D2CC40DEAA1E0 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
18:22:53.0468 0x0af8 LanmanServer - ok
18:22:53.0484 0x0af8 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6, 48A6DB1EC7515F0DDD0639AEE3056F32C273B4D541F3647915A32ABA140DA34A ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:22:53.0484 0x0af8 lanmanworkstation - ok
18:22:53.0484 0x0af8 lbrtfdc - ok
18:22:53.0531 0x0af8 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:22:53.0546 0x0af8 LmHosts - ok
18:22:53.0562 0x0af8 [ A78D4A82263B024E4D678FFB29EF6A62, 99FF59A9FDFC077E76EF3862C453F76ACD386E8EDE41FB7C30AB5E5B85673A29 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
18:22:53.0562 0x0af8 mbamchameleon - ok
18:22:53.0593 0x0af8 [ 5CA4A22D15763AF10FD20B4CBCB176ED, 33E6F001FCDD522458437AA3084A80FDC5980E0E9C436F1BD8195010F8CAD613 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
18:22:53.0593 0x0af8 MBAMSwissArmy - ok
18:22:53.0609 0x0af8 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:22:53.0609 0x0af8 Messenger - ok
18:22:53.0625 0x0af8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:22:53.0625 0x0af8 mnmdd - ok
18:22:53.0640 0x0af8 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:22:53.0640 0x0af8 mnmsrvc - ok
18:22:53.0656 0x0af8 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:22:53.0656 0x0af8 Modem - ok
18:22:53.0703 0x0af8 [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
18:22:53.0734 0x0af8 Monfilt - ok
18:22:53.0734 0x0af8 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:22:53.0765 0x0af8 Mouclass - ok
18:22:53.0796 0x0af8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:22:53.0796 0x0af8 MountMgr - ok
18:22:53.0828 0x0af8 [ DFCD29AB147716CA72416FA7D2196D46, ED60BF354347697F69A78C9FBE1ADCBE0C3EB4C2CC8DB97A7FA03A68BD796066 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:22:53.0828 0x0af8 MozillaMaintenance - ok
18:22:53.0828 0x0af8 mraid35x - ok
18:22:53.0828 0x0af8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:22:53.0843 0x0af8 MRxDAV - ok
18:22:53.0843 0x0af8 [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:22:53.0859 0x0af8 MRxSmb - ok
18:22:53.0875 0x0af8 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:22:53.0890 0x0af8 MSDTC - ok
18:22:53.0890 0x0af8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:22:53.0890 0x0af8 Msfs - ok
18:22:53.0890 0x0af8 MSIServer - ok
18:22:53.0906 0x0af8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:22:53.0906 0x0af8 MSKSSRV - ok
18:22:53.0937 0x0af8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:22:53.0937 0x0af8 MSPCLOCK - ok
18:22:53.0937 0x0af8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:22:53.0937 0x0af8 MSPQM - ok
18:22:53.0953 0x0af8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:22:53.0953 0x0af8 mssmbios - ok
18:22:53.0953 0x0af8 [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:22:53.0953 0x0af8 Mup - ok
18:22:53.0984 0x0af8 [ 6459E08514811CDEF51B3F635A7A2E78, 24C2C0FB17043ACE034EFF6772636F240335E6C90ABD8B8BD56FB7AA4CF9714C ] mvusbews C:\WINDOWS\system32\Drivers\mvusbews.sys
18:22:53.0984 0x0af8 mvusbews - ok
18:22:54.0015 0x0af8 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:22:54.0031 0x0af8 napagent - ok
18:22:54.0031 0x0af8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:22:54.0031 0x0af8 NDIS - ok
18:22:54.0046 0x0af8 [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:22:54.0046 0x0af8 NdisTapi - ok
18:22:54.0046 0x0af8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:22:54.0046 0x0af8 Ndisuio - ok
18:22:54.0062 0x0af8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:22:54.0062 0x0af8 NdisWan - ok
18:22:54.0062 0x0af8 [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:22:54.0062 0x0af8 NDProxy - ok
18:22:54.0062 0x0af8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:22:54.0062 0x0af8 NetBIOS - ok
18:22:54.0078 0x0af8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:22:54.0078 0x0af8 NetBT - ok
18:22:54.0093 0x0af8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
18:22:54.0093 0x0af8 NetDDE - ok
18:22:54.0093 0x0af8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:22:54.0109 0x0af8 NetDDEdsdm - ok
18:22:54.0109 0x0af8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:22:54.0109 0x0af8 Netlogon - ok
18:22:54.0125 0x0af8 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
18:22:54.0125 0x0af8 Netman - ok
18:22:54.0140 0x0af8 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:22:54.0156 0x0af8 NetTcpPortSharing - ok
18:22:54.0171 0x0af8 [ B4138E99236F0F57D4CF49BAE98A0746, DDEAE046C1165C41F06933E808B143118208B02BB83FA80BEF8F550D4DC78149 ] Nla C:\WINDOWS\System32\mswsock.dll
18:22:54.0203 0x0af8 Nla - ok
18:22:54.0218 0x0af8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:22:54.0218 0x0af8 Npfs - ok
18:22:54.0234 0x0af8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:22:54.0250 0x0af8 Ntfs - ok
18:22:54.0265 0x0af8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:22:54.0265 0x0af8 NtLmSsp - ok
18:22:54.0312 0x0af8 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:22:54.0312 0x0af8 NtmsSvc - ok
18:22:54.0328 0x0af8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
18:22:54.0328 0x0af8 Null - ok
18:22:54.0359 0x0af8 Suspicious service (Hidden): nvmini
18:22:54.0375 0x0af8 [ 01F4112EE9F2E11B8E952E4FF026B319, B21A22841910F8E325676E9DEED6F8052119785CA0E0DD5FDACF05A0FBA9346B ] nvmini C:\WINDOWS\system32\DRIVERS\nvmini.sys
18:22:54.0375 0x0af8 Suspicious file ( Hidden ): C:\WINDOWS\system32\DRIVERS\nvmini.sys. md5: 01F4112EE9F2E11B8E952E4FF026B319, sha256: B21A22841910F8E325676E9DEED6F8052119785CA0E0DD5FDACF05A0FBA9346B
18:22:54.0375 0x0af8 nvmini - detected HiddenService.Multi.Generic ( 1 )
18:22:57.0015 0x0af8 nvmini ( HiddenService.Multi.Generic ) - warning
18:22:57.0015 0x0af8 Force sending object to P2P due to detect: nvmini
18:22:59.0468 0x0af8 Object send P2P result: true
18:23:01.0843 0x0af8 Suspicious service (Hidden): NwlnkFlt
18:23:01.0859 0x0af8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:23:01.0859 0x0af8 NwlnkFlt - detected HiddenService.Multi.Generic ( 1 )
18:23:04.0312 0x0af8 Detect skipped due to KSN trusted
18:23:04.0312 0x0af8 NwlnkFlt - ok
18:23:04.0312 0x0af8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:23:04.0312 0x0af8 NwlnkFwd - ok
18:23:04.0390 0x0af8 [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:23:04.0406 0x0af8 odserv - ok
18:23:04.0437 0x0af8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:23:04.0437 0x0af8 ose - ok
18:23:04.0453 0x0af8 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\drivers\Parport.sys
18:23:04.0453 0x0af8 Parport - ok
18:23:04.0453 0x0af8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:23:04.0453 0x0af8 PartMgr - ok
18:23:04.0468 0x0af8 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:23:04.0468 0x0af8 ParVdm - ok
18:23:04.0468 0x0af8 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:23:04.0484 0x0af8 PCI - ok
18:23:04.0484 0x0af8 PCIDump - ok
18:23:04.0484 0x0af8 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:23:04.0484 0x0af8 PCIIde - ok
18:23:04.0500 0x0af8 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:23:04.0531 0x0af8 Pcmcia - ok
18:23:04.0546 0x0af8 PDCOMP - ok
18:23:04.0546 0x0af8 PDFRAME - ok
18:23:04.0546 0x0af8 PDRELI - ok
18:23:04.0546 0x0af8 PDRFRAME - ok
18:23:04.0546 0x0af8 perc2 - ok
18:23:04.0546 0x0af8 perc2hib - ok
18:23:04.0562 0x0af8 [ 0E776ED5F7CC9F94299E70461B7B8185, 22750B3829133D1D4BB3CE2FA6247BE2373B5D15A6ED1C8A71673AA1CE7D9530 ] PlugPlay C:\WINDOWS\system32\services.exe
18:23:04.0562 0x0af8 PlugPlay - ok
18:23:04.0562 0x0af8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:23:04.0562 0x0af8 PolicyAgent - ok
18:23:04.0562 0x0af8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:23:04.0578 0x0af8 PptpMiniport - ok
18:23:04.0578 0x0af8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:23:04.0578 0x0af8 ProtectedStorage - ok
18:23:04.0578 0x0af8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:23:04.0578 0x0af8 PSched - ok
18:23:04.0593 0x0af8 [ 543A4EF0923BF70D126625B034EF25AF, 9CC82C5221F11850419A796D48D5452B3DEE0C8E8E85A818F4AAA869673F9740 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
18:23:04.0609 0x0af8 PSI_SVC_2 - ok
18:23:04.0609 0x0af8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:23:04.0609 0x0af8 Ptilink - ok
18:23:04.0609 0x0af8 ql1080 - ok
18:23:04.0609 0x0af8 Ql10wnt - ok
18:23:04.0609 0x0af8 ql12160 - ok
18:23:04.0609 0x0af8 ql1240 - ok
18:23:04.0609 0x0af8 ql1280 - ok
18:23:04.0625 0x0af8 [ F210E3B0FC9E4BA24EF682B18B0B2EA1, A33AB720B4DA650F6785BAB30DB6A0DA63690B7183E9D17089D95F554C5CE731 ] RapidPort C:\WINDOWS\system32\Drivers\CAPLPTN.SYS
18:23:04.0640 0x0af8 RapidPort - ok
18:23:04.0640 0x0af8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:23:04.0640 0x0af8 RasAcd - ok
18:23:04.0656 0x0af8 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:23:04.0656 0x0af8 RasAuto - ok
18:23:04.0671 0x0af8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:23:04.0671 0x0af8 Rasl2tp - ok
18:23:04.0687 0x0af8 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:23:04.0687 0x0af8 RasMan - ok
18:23:04.0687 0x0af8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:23:04.0687 0x0af8 RasPppoe - ok
18:23:04.0703 0x0af8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:23:04.0703 0x0af8 Raspti - ok
18:23:04.0703 0x0af8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:23:04.0718 0x0af8 Rdbss - ok
18:23:04.0718 0x0af8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:23:04.0718 0x0af8 RDPCDD - ok
18:23:04.0734 0x0af8 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:23:04.0734 0x0af8 rdpdr - ok
18:23:04.0750 0x0af8 [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:23:04.0750 0x0af8 RDPWD - ok
18:23:04.0765 0x0af8 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:23:04.0765 0x0af8 RDSessMgr - ok
18:23:04.0781 0x0af8 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:23:04.0781 0x0af8 redbook - ok
18:23:04.0781 0x0af8 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:23:04.0781 0x0af8 RemoteAccess - ok
18:23:04.0812 0x0af8 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:23:04.0812 0x0af8 RemoteRegistry - ok
18:23:04.0828 0x0af8 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
18:23:04.0828 0x0af8 RpcLocator - ok
18:23:04.0859 0x0af8 [ 2589FE6015A316C0F5D5112B4DA7B509, 2753785BA07A1A7A25E275332F5F9F403F6E8CBF396FD0905D6BA84B98C403A6 ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:23:04.0859 0x0af8 RpcSs - ok
18:23:04.0890 0x0af8 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:23:04.0890 0x0af8 RSVP - ok
18:23:04.0968 0x0af8 [ 71439E5BF872A91DB450641BE445F51C, 7157CBC9D45CAB0070CEA5F67489E4F9B7360761A8BBA15E5F1E4489E75AFEAE ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
18:23:04.0968 0x0af8 RTLE8023xp - ok
18:23:05.0015 0x0af8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
18:23:05.0015 0x0af8 SamSs - ok
18:23:05.0031 0x0af8 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:23:05.0031 0x0af8 SCardSvr - ok
18:23:05.0062 0x0af8 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:23:05.0062 0x0af8 Schedule - ok
18:23:05.0078 0x0af8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:23:05.0078 0x0af8 Secdrv - ok
18:23:05.0078 0x0af8 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:23:05.0078 0x0af8 seclogon - ok
18:23:05.0093 0x0af8 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
18:23:05.0093 0x0af8 SENS - ok
18:23:05.0109 0x0af8 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys
18:23:05.0109 0x0af8 Serial - ok
18:23:05.0125 0x0af8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:23:05.0125 0x0af8 Sfloppy - ok
18:23:05.0125 0x0af8 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:23:05.0140 0x0af8 SharedAccess - ok
18:23:05.0140 0x0af8 [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:23:05.0140 0x0af8 ShellHWDetection - ok
18:23:05.0140 0x0af8 Simbad - ok
18:23:05.0156 0x0af8 Sparrow - ok
18:23:05.0156 0x0af8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:23:05.0156 0x0af8 splitter - ok
18:23:05.0156 0x0af8 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B, 130D686A220AF97EBF33DD481B79990F259B4EE38DD95A35CD3D0F0517790FF0 ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:23:05.0156 0x0af8 Spooler - ok
18:23:05.0171 0x0af8 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:23:05.0171 0x0af8 sr - ok
18:23:05.0187 0x0af8 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
18:23:05.0187 0x0af8 srservice - ok
18:23:05.0203 0x0af8 [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:23:05.0218 0x0af8 Srv - ok
18:23:05.0234 0x0af8 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:23:05.0234 0x0af8 SSDPSRV - ok
18:23:05.0250 0x0af8 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:23:05.0265 0x0af8 stisvc - ok
18:23:05.0265 0x0af8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:23:05.0281 0x0af8 swenum - ok
18:23:05.0281 0x0af8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:23:05.0281 0x0af8 swmidi - ok
18:23:05.0281 0x0af8 SwPrv - ok
18:23:05.0281 0x0af8 symc810 - ok
18:23:05.0281 0x0af8 symc8xx - ok
18:23:05.0296 0x0af8 sym_hi - ok
18:23:05.0296 0x0af8 sym_u3 - ok
18:23:05.0296 0x0af8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:23:05.0312 0x0af8 sysaudio - ok
18:23:05.0312 0x0af8 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:23:05.0312 0x0af8 SysmonLog - ok
18:23:05.0328 0x0af8 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:23:05.0328 0x0af8 TapiSrv - ok
18:23:05.0359 0x0af8 [ 93EA8D04EC73A85DB02EB8805988F733, 013008E23F5F14E0C836C28524D1181759BAF84530C6331163882A772217F398 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:23:05.0359 0x0af8 Tcpip - ok
18:23:05.0375 0x0af8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:23:05.0375 0x0af8 TDPIPE - ok
18:23:05.0375 0x0af8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:23:05.0375 0x0af8 TDTCP - ok
18:23:05.0375 0x0af8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:23:05.0375 0x0af8 TermDD - ok
18:23:05.0390 0x0af8 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
18:23:05.0406 0x0af8 TermService - ok
18:23:05.0406 0x0af8 [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] Themes C:\WINDOWS\System32\shsvcs.dll
18:23:05.0406 0x0af8 Themes - ok
18:23:05.0421 0x0af8 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:23:05.0421 0x0af8 TlntSvr - ok
18:23:05.0421 0x0af8 TosIde - ok
18:23:05.0437 0x0af8 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:23:05.0437 0x0af8 TrkWks - ok
18:23:05.0453 0x0af8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:23:05.0453 0x0af8 Udfs - ok
18:23:05.0453 0x0af8 ultra - ok
18:23:05.0468 0x0af8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:23:05.0468 0x0af8 Update - ok
18:23:05.0484 0x0af8 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
18:23:05.0484 0x0af8 upnphost - ok
18:23:05.0500 0x0af8 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
18:23:05.0500 0x0af8 UPS - ok
18:23:05.0531 0x0af8 [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:23:05.0531 0x0af8 usbccgp - ok
18:23:05.0546 0x0af8 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:23:05.0546 0x0af8 usbehci - ok
18:23:05.0546 0x0af8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:23:05.0546 0x0af8 usbhub - ok
18:23:05.0562 0x0af8 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:23:05.0562 0x0af8 usbprint - ok
18:23:05.0578 0x0af8 [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:23:05.0578 0x0af8 usbscan - ok
18:23:05.0609 0x0af8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:23:05.0625 0x0af8 USBSTOR - ok
18:23:05.0640 0x0af8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:23:05.0640 0x0af8 VgaSave - ok
18:23:05.0640 0x0af8 ViaIde - ok
18:23:05.0656 0x0af8 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:23:05.0656 0x0af8 VolSnap - ok
18:23:05.0671 0x0af8 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
18:23:05.0671 0x0af8 VSS - ok
18:23:05.0703 0x0af8 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
18:23:05.0734 0x0af8 W32Time - ok
18:23:05.0765 0x0af8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:23:05.0765 0x0af8 Wanarp - ok
18:23:05.0796 0x0af8 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
18:23:05.0812 0x0af8 Wdf01000 - ok
18:23:05.0812 0x0af8 WDICA - ok
18:23:05.0812 0x0af8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:23:05.0828 0x0af8 wdmaud - ok
18:23:05.0828 0x0af8 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
18:23:05.0843 0x0af8 WebClient - ok
18:23:05.0859 0x0af8 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:23:05.0875 0x0af8 winmgmt - ok
18:23:05.0890 0x0af8 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
18:23:05.0890 0x0af8 WmdmPmSN - ok
18:23:05.0921 0x0af8 [ BAB489A5FE26F2D0C910CF7AF7E4CF92, 700325258CA7A2BC2D7AA6E3176194D21229BEA76EA37BEAE117BBF87CE4ECD4 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:23:05.0953 0x0af8 Wmi - ok
18:23:05.0968 0x0af8 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:23:05.0968 0x0af8 WmiApSrv - ok
18:23:06.0078 0x0af8 [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:23:06.0109 0x0af8 WPFFontCache_v0400 - ok
18:23:06.0140 0x0af8 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:23:06.0140 0x0af8 wscsvc - ok
18:23:06.0156 0x0af8 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:23:06.0156 0x0af8 wuauserv - ok
18:23:06.0187 0x0af8 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:23:06.0203 0x0af8 WZCSVC - ok
18:23:06.0218 0x0af8 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:23:06.0234 0x0af8 xmlprov - ok
18:23:06.0234 0x0af8 ================ Scan global ===============================
18:23:06.0234 0x0af8 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
18:23:06.0250 0x0af8 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C, 1ED920E475221228EF215708701EC166A0B1BBCBD236E5B047420EBD0FF1371A ] C:\WINDOWS\system32\winsrv.dll
18:23:06.0265 0x0af8 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C, 1ED920E475221228EF215708701EC166A0B1BBCBD236E5B047420EBD0FF1371A ] C:\WINDOWS\system32\winsrv.dll
18:23:06.0312 0x0af8 [ 0E776ED5F7CC9F94299E70461B7B8185, 22750B3829133D1D4BB3CE2FA6247BE2373B5D15A6ED1C8A71673AA1CE7D9530 ] C:\WINDOWS\system32\services.exe
18:23:06.0312 0x0af8 [ Global ] - ok
18:23:06.0312 0x0af8 ================ Scan MBR ==================================
18:23:06.0328 0x0af8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:23:06.0546 0x0af8 \Device\Harddisk0\DR0 - ok
18:23:06.0546 0x0af8 ================ Scan VBR ==================================
18:23:06.0546 0x0af8 [ 2BC4505A5A7E927F021EF51FC2A9A6E6 ] \Device\Harddisk0\DR0\Partition1
18:23:06.0593 0x0af8 \Device\Harddisk0\DR0\Partition1 - ok
18:23:06.0593 0x0af8 [ EC06FF878D6748D297FF70D3E9B29547 ] \Device\Harddisk0\DR0\Partition2
18:23:06.0656 0x0af8 \Device\Harddisk0\DR0\Partition2 - ok
18:23:06.0656 0x0af8 ================ Scan generic autorun ======================
18:23:07.0109 0x0af8 [ 589B158ADFBAD142AE6EDDC31B632D1D, 7004ADCB16EA7E0E255C0C9548D3202BE45C6A66E77E30B228EDA4AE992D5856 ] C:\WINDOWS\RTHDCPL.EXE
18:23:07.0562 0x0af8 RTHDCPL - ok
18:23:07.0593 0x0af8 [ 0F38D5BCC7502A7C7C108454CD42DC54, EEC5A5EDD382FB332833A032346C49C3F0E36D691795FB89F79F75DC8FC9B987 ] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
18:23:07.0593 0x0af8 CAPON - ok
18:23:07.0656 0x0af8 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
18:23:07.0687 0x0af8 Adobe ARM - ok
18:23:07.0718 0x0af8 [ D772C357E47A6817AC3B73F2426B3C10, 37E632E4DECEDC328F1CE6A85B49B7A085FCDA5905CD02F251CD648364BA0318 ] C:\Program Files\QuickTime\qttask.exe
18:23:07.0734 0x0af8 QuickTime Task - ok
18:23:07.0750 0x0af8 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
18:23:07.0750 0x0af8 ctfmon.exe - ok
18:23:07.0750 0x0af8 Waiting for KSN requests completion. In queue: 90
18:23:08.0750 0x0af8 Waiting for KSN requests completion. In queue: 90
18:23:09.0750 0x0af8 Waiting for KSN requests completion. In queue: 90
18:23:10.0750 0x0af8 Win FW state via NFM: disabled
18:23:13.0125 0x0af8 ============================================================
18:23:13.0125 0x0af8 Scan finished
18:23:13.0125 0x0af8 ============================================================
18:23:13.0125 0x0af4 Detected object count: 1
18:23:13.0125 0x0af4 Actual detected object count: 1
18:23:28.0656 0x0af4 nvmini ( HiddenService.Multi.Generic ) - skipped by user
18:23:28.0656 0x0af4 nvmini ( HiddenService.Multi.Generic ) - User select action: Skip

Dopuna: 08 Jan 2015 18:33

https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

Nista, to je to onda. Postavljeni izvestaji ne pokazuju aktivnu infekciju. Slobodno obrisi koriscene alate kao i njihove izvestaje.

Takodje obrisi i C:\FRST folder. To bi bilo to, problem koji ti imas nije malware related.

offline
  • Pridružio: 14 Nov 2003
  • Poruke: 323

OK, bitno je da nema malware-a i ostalih zezancija.
Imam folder na disku D kojeg ne mogu da obrišem ali se nadam da nije do ovoga što me mučilo.
Probaću da skinem novi Firefox.
Hvala na trudu i saradnji.
Pozdrav

Ko je trenutno na forumu
 

Ukupno su 540 korisnika na forumu :: 14 registrovanih, 1 sakriven i 525 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ALBION101, hyla, ibssa, Ilija Cvorovic, ladro, maCvele, MikeHammer, Profica, Recce, Toni, uruk, VJ, vlvl, zixmix