Provjera kompjutera od virus-a ako moze ?

1

Provjera kompjutera od virus-a ako moze ?

offline
  • Pridružio: 05 Dec 2012
  • Poruke: 15

sta trebam da uradim da bi provjerili komp dal ima virusa? Smile

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Potrebno je da procitas ovu temu i ispratis uputstva

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 05 Dec 2012
  • Poruke: 15

Napisano: 22 Sep 2013 22:31

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.25.2
Run by Mr GooD at 22:29:23 on 2013-09-22
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3072.1532 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
D:\Program files\Programi\Malwarebytes' Anti-Malware\mbamscheduler.exe
D:\Program files\Programi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
D:\Program files\Programi\Version8\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\programi\java\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\programi\java\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "d:\program files\programi\deamon tols\daemon tools lite\DTLite.exe" -autorun
uRun: [CCleaner] "d:\program files\cclener\ccleaner.exe" /AUTO
uRun: [Akamai NetSession Interface] "c:\users\mr good\appdata\local\akamai\netsession_win.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
TCP: NameServer = 192.168.0.2
TCP: Interfaces\{44497A38-6604-4402-8FAF-5F8D00C8EE58} : DHCPNameServer = 192.168.0.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mr good\appdata\roaming\mozilla\firefox\profiles\rrkrp3ku.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\users\mr good\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: d:\program files\programi\java\bin\plugin2\npjp2.dll
.
---- FIREFOX POLICIES ----
.
.
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 3e25e999000000000000001fd001f30a
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15872
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.514:30:33
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119776&tt=120613_ndc
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-6-15 242240]
R2 MBAMScheduler;MBAMScheduler;d:\program files\programi\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-20 418376]
R2 MBAMService;MBAMService;d:\program files\programi\malwarebytes' anti-malware\mbamservice.exe [2013-9-20 701512]
R2 TeamViewer8;TeamViewer 8;d:\program files\programi\version8\TeamViewer_Service.exe [2013-4-10 5071712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-20 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-8 176128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ceabe4a758859;Google Update Service (gupdate1ceabe4a758859);c:\program files\google\update\GoogleUpdate.exe [2013-9-7 116648]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem1ceabe4b15048c;Google Update Service (gupdatem1ceabe4b15048c);c:\program files\google\update\GoogleUpdate.exe [2013-9-7 116648]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-9 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-9 52224]
.
=============== Created Last 30 ================
.
2013-09-22 13:48:52 -------- d-----w- c:\programdata\NexonEU
2013-09-22 13:10:17 -------- d-----w- c:\programdata\NexonUS
2013-09-22 00:19:35 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4fd16a56-23cd-4754-8499-e43aecafa307}\offreg.dll
2013-09-20 19:46:24 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-20 11:21:46 7328304 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4fd16a56-23cd-4754-8499-e43aecafa307}\mpengine.dll
2013-09-11 11:52:21 -------- d-----w- c:\users\mr good\appdata\roaming\.mono
2013-09-02 22:27:42 -------- d-----w- c:\users\mr good\appdata\roaming\Awesomium
2013-09-01 10:19:29 283032 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-09-01 10:19:22 -------- d-----w- c:\users\mr good\appdata\local\PunkBuster
2013-09-01 10:02:55 138056 ----a-w- c:\users\mr good\appdata\roaming\PnkBstrK.sys
2013-08-31 17:51:19 -------- d-----w- c:\programdata\PWD
2013-08-30 22:26:37 -------- d-----w- c:\program files\common files\Steam
.
==================== Find3M ====================
.
2013-09-22 19:31:04 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2013-09-11 12:55:42 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-11 12:55:41 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-01 10:31:02 283032 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-08-07 02:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, gmer.net
Windows 6.1.7601 Disk: ExcelStor_Technology_J8160S rev.P22OABEA -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x860A3856]<<
_asm { PUSH EBP; MOV EBP, ESP; MOV ECX, [0xffdf0308]; MOV EAX, [EBP+0x8]; SUB ESP, 0x14; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; CMP EAX, [ECX+0x4]; JNZ 0x6d; XOR EDI, EDI; }
1 ntkrnlpa!IofCallDriver[0x82A4EBAA] -> \Device\Harddisk0\DR0[0x861C9030]
3 CLASSPNP[0x8AFDC59E] -> ntkrnlpa!IofCallDriver[0x82A4EBAA] -> [0x85CB5918]
5 ACPI[0x836973D4] -> ntkrnlpa!IofCallDriver[0x82A4EBAA] -> \IdeDeviceP0T0L0-0[0x85CA7030]
[0x862BB530] -> IRP_MJ_CREATE -> 0x860A3856
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskExcelStor_Technology_J8160S_____________P22OABEA#5&17ef7b8e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
sectors 312579693 (+107): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:29:56,71 ===============

Dopuna: 22 Sep 2013 22:32

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 9.12.2012 18:22:03
System Uptime: 21.9.2013 20:53:13 (26 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 945GCM-S2L
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | Socket 775 | 2000/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 30 GiB total, 10,163 GiB free.
D: is FIXED (NTFS) - 119 GiB total, 105,457 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 0 GiB total, 0,068 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: D-Link DFE-530TX PCI Fast Ethernet Adapter (rev.A)
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_14001186&REV_43\4&A314B16&0&00F0
Manufacturer: D-Link
Name: D-Link DFE-530TX PCI Fast Ethernet Adapter (rev.A)
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_14001186&REV_43\4&A314B16&0&00F0
Service: FETNDIS
.
==== System Restore Points ===================
.
RP290: 22.9.2013 13:42:45 - MechWarrior Online
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 12.0
Ashampoo Burning Studio 6 FREE v.6.83
BitTorrent
CCleaner
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
Counter Strike 1.6 FULL v42
DAEMON Tools Lite
Facebook Video Calling 1.2.0.287
GOM Player
Google Chrome
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
iLivid
Java 7 Update 25
Java Auto Updater
K-Lite Mega Codec Pack 6.5.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Mozilla Firefox 20.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
neroxml
Shadowgun: DeadZone
Skype™ 6.6
swMSM
TeamViewer 8
Unity Web Player
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Winamp
WinRAR 4.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
22.9.2013 18:18:11, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
21.9.2013 20:17:14, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
20.9.2013 19:07:26, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
18.9.2013 14:16:24, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Preuzmi TDSSKiller i sacuvaj ga na Desktop
Dvoklikom pokreni TDSSKiller.exe ...

klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.


Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)[/quote]

offline
  • Pridružio: 05 Dec 2012
  • Poruke: 15

koliko sam vidio gore kaze da je moguca prijtnja virusa Very Happy eo odradio sam sve ... obrisao virus ...restart komp ...i eo izvjestaja ---22:46:06.0085 0x0d80 TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
22:46:06.0725 0x0d80 ============================================================
22:46:06.0725 0x0d80 Current date / time: 2013/09/22 22:46:06.0725
22:46:06.0725 0x0d80 SystemInfo:
22:46:06.0725 0x0d80
22:46:06.0725 0x0d80 OS Version: 6.1.7601 ServicePack: 1.0
22:46:06.0725 0x0d80 Product type: Workstation
22:46:06.0725 0x0d80 ComputerName: NECO-PC
22:46:06.0725 0x0d80 UserName: Mr GooD
22:46:06.0725 0x0d80 Windows directory: C:\Windows
22:46:06.0725 0x0d80 System windows directory: C:\Windows
22:46:06.0725 0x0d80 Processor architecture: Intel x86
22:46:06.0725 0x0d80 Number of processors: 2
22:46:06.0725 0x0d80 Page size: 0x1000
22:46:06.0725 0x0d80 Boot type: Normal boot
22:46:06.0725 0x0d80 ============================================================
22:46:06.0725 0x0d80 BG loaded
22:46:07.0708 0x0d80 Drive \Device\Harddisk0\DR0 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
22:46:07.0708 0x0d80 ============================================================
22:46:07.0708 0x0d80 \Device\Harddisk0\DR0:
22:46:07.0708 0x0d80 MBR partitions:
22:46:07.0708 0x0d80 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:46:07.0708 0x0d80 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3BCE000
22:46:07.0708 0x0d80 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3C00800, BlocksNum 0xEE18000
22:46:07.0708 0x0d80 ============================================================
22:46:07.0723 0x0d80 C: <-> \Device\Harddisk0\DR0\Partition2
22:46:07.0910 0x0d80 D: <-> \Device\Harddisk0\DR0\Partition3
22:46:07.0942 0x0d80 F: <-> \Device\Harddisk0\DR0\Partition1
22:46:07.0942 0x0d80 ============================================================
22:46:07.0942 0x0d80 Initialize success
22:46:07.0942 0x0d80 ============================================================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ovo nije ceo izvestaj, na C particiji imas kompletan izvestaj, prikaci ga koristeci opciju Prikaci fajl pri pisanju poruke...

offline
  • Pridružio: 05 Dec 2012
  • Poruke: 15

22:40:01.0182 0x07e0 TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
22:40:01.0633 0x07e0 ============================================================
22:40:01.0634 0x07e0 Current date / time: 2013/09/22 22:40:01.0633
22:40:01.0634 0x07e0 SystemInfo:
22:40:01.0634 0x07e0
22:40:01.0634 0x07e0 OS Version: 6.1.7601 ServicePack: 1.0
22:40:01.0634 0x07e0 Product type: Workstation
22:40:01.0634 0x07e0 ComputerName: NECO-PC
22:40:01.0634 0x07e0 UserName: Mr GooD
22:40:01.0634 0x07e0 Windows directory: C:\Windows
22:40:01.0634 0x07e0 System windows directory: C:\Windows
22:40:01.0634 0x07e0 Processor architecture: Intel x86
22:40:01.0634 0x07e0 Number of processors: 2
22:40:01.0634 0x07e0 Page size: 0x1000
22:40:01.0634 0x07e0 Boot type: Normal boot
22:40:01.0634 0x07e0 ============================================================
22:40:03.0041 0x07e0 Drive \Device\Harddisk0\DR0 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
22:40:03.0043 0x07e0 ============================================================
22:40:03.0043 0x07e0 \Device\Harddisk0\DR0:
22:40:03.0043 0x07e0 MBR partitions:
22:40:03.0043 0x07e0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:40:03.0043 0x07e0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3BCE000
22:40:03.0043 0x07e0 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3C00800, BlocksNum 0xEE18000
22:40:03.0043 0x07e0 ============================================================
22:40:03.0060 0x07e0 C: <-> \Device\Harddisk0\DR0\Partition2
22:40:03.0083 0x07e0 D: <-> \Device\Harddisk0\DR0\Partition3
22:40:03.0106 0x07e0 F: <-> \Device\Harddisk0\DR0\Partition1
22:40:03.0107 0x07e0 ============================================================
22:40:03.0107 0x07e0 Initialize success
22:40:03.0107 0x07e0 ============================================================
22:40:25.0388 0x0a34 ============================================================
22:40:25.0388 0x0a34 Scan started
22:40:25.0388 0x0a34 Mode: Manual;
22:40:25.0388 0x0a34 ============================================================
22:40:25.0957 0x0a34 ================ Scan system memory ========================
22:40:25.0957 0x0a34 System memory - ok
22:40:25.0957 0x0a34 ================ Scan services =============================
22:40:26.0105 0x0a34 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:40:26.0108 0x0a34 1394ohci - ok
22:40:26.0141 0x0a34 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:40:26.0145 0x0a34 ACPI - ok
22:40:26.0169 0x0a34 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:40:26.0169 0x0a34 AcpiPmi - ok
22:40:26.0230 0x0a34 [ 3109B16A0939BA11696EEB04F345D099 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:40:26.0232 0x0a34 AdobeFlashPlayerUpdateSvc - ok
22:40:26.0264 0x0a34 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:40:26.0268 0x0a34 adp94xx - ok
22:40:26.0291 0x0a34 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:40:26.0294 0x0a34 adpahci - ok
22:40:26.0313 0x0a34 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:40:26.0315 0x0a34 adpu320 - ok
22:40:26.0338 0x0a34 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:40:26.0340 0x0a34 AeLookupSvc - ok
22:40:26.0377 0x0a34 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
22:40:26.0382 0x0a34 AFD - ok
22:40:26.0409 0x0a34 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
22:40:26.0411 0x0a34 agp440 - ok
22:40:26.0437 0x0a34 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:40:26.0438 0x0a34 aic78xx - ok
22:40:26.0475 0x0a34 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:40:26.0477 0x0a34 ALG - ok
22:40:26.0497 0x0a34 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
22:40:26.0499 0x0a34 aliide - ok
22:40:26.0531 0x0a34 [ 5320FF0FDEC41FAF9D5CB01318AEFD6A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:40:26.0535 0x0a34 AMD External Events Utility - ok
22:40:26.0561 0x0a34 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:40:26.0561 0x0a34 amdagp - ok
22:40:26.0573 0x0a34 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
22:40:26.0573 0x0a34 amdide - ok
22:40:26.0609 0x0a34 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:40:26.0610 0x0a34 AmdK8 - ok
22:40:26.0802 0x0a34 [ 335ACE2A8E97439733F0F6A1BBD818D5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:40:26.0858 0x0a34 amdkmdag - ok
22:40:26.0891 0x0a34 [ 0B1B116D30F133DC918287FD8E212F1E ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:40:26.0893 0x0a34 amdkmdap - ok
22:40:26.0929 0x0a34 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:40:26.0930 0x0a34 AmdPPM - ok
22:40:26.0956 0x0a34 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:40:26.0957 0x0a34 amdsata - ok
22:40:26.0973 0x0a34 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:40:26.0974 0x0a34 amdsbs - ok
22:40:26.0985 0x0a34 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:40:26.0986 0x0a34 amdxata - ok
22:40:27.0015 0x0a34 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
22:40:27.0016 0x0a34 AppID - ok
22:40:27.0048 0x0a34 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:40:27.0050 0x0a34 AppIDSvc - ok
22:40:27.0081 0x0a34 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
22:40:27.0083 0x0a34 Appinfo - ok
22:40:27.0112 0x0a34 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
22:40:27.0115 0x0a34 AppMgmt - ok
22:40:27.0146 0x0a34 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:40:27.0147 0x0a34 arc - ok
22:40:27.0161 0x0a34 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:40:27.0162 0x0a34 arcsas - ok
22:40:27.0241 0x0a34 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:40:27.0242 0x0a34 aspnet_state - ok
22:40:27.0260 0x0a34 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:40:27.0261 0x0a34 AsyncMac - ok
22:40:27.0289 0x0a34 [ E8F6F81E7DF7DE236B26E8731CF22E8F ] atapi C:\Windows\system32\drivers\atapi.sys
22:40:27.0289 0x0a34 Suspicious file (Forged): C:\Windows\system32\drivers\atapi.sys. Real md5: E8F6F81E7DF7DE236B26E8731CF22E8F, Fake md5: 338C86357871C167A96AB976519BF59E
22:40:27.0289 0x0a34 atapi ( Rootkit.Win32.TDSS.tdl3 ) - infected
22:40:27.0289 0x0a34 atapi - detected Rootkit.Win32.TDSS.tdl3 (0)
22:40:27.0351 0x0a34 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:40:27.0355 0x0a34 AudioEndpointBuilder - ok
22:40:27.0367 0x0a34 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:40:27.0370 0x0a34 Audiosrv - ok
22:40:27.0405 0x0a34 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:40:27.0407 0x0a34 AxInstSV - ok
22:40:27.0453 0x0a34 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:40:27.0456 0x0a34 b06bdrv - ok
22:40:27.0492 0x0a34 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:40:27.0494 0x0a34 b57nd60x - ok
22:40:27.0531 0x0a34 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:40:27.0533 0x0a34 BDESVC - ok
22:40:27.0550 0x0a34 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:40:27.0551 0x0a34 Beep - ok
22:40:27.0596 0x0a34 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
22:40:27.0604 0x0a34 BFE - ok
22:40:27.0631 0x0a34 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
22:40:27.0637 0x0a34 BITS - ok
22:40:27.0652 0x0a34 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:40:27.0653 0x0a34 blbdrive - ok
22:40:27.0703 0x0a34 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:40:27.0705 0x0a34 bowser - ok
22:40:27.0728 0x0a34 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:40:27.0728 0x0a34 BrFiltLo - ok
22:40:27.0744 0x0a34 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:40:27.0745 0x0a34 BrFiltUp - ok
22:40:27.0772 0x0a34 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
22:40:27.0775 0x0a34 Browser - ok
22:40:27.0807 0x0a34 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:40:27.0809 0x0a34 Brserid - ok
22:40:27.0823 0x0a34 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:40:27.0824 0x0a34 BrSerWdm - ok
22:40:27.0841 0x0a34 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:40:27.0841 0x0a34 BrUsbMdm - ok
22:40:27.0858 0x0a34 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:40:27.0859 0x0a34 BrUsbSer - ok
22:40:27.0869 0x0a34 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:40:27.0870 0x0a34 BTHMODEM - ok
22:40:27.0904 0x0a34 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:40:27.0906 0x0a34 bthserv - ok
22:40:27.0930 0x0a34 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:40:27.0932 0x0a34 cdfs - ok
22:40:27.0974 0x0a34 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:40:27.0975 0x0a34 cdrom - ok
22:40:28.0006 0x0a34 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
22:40:28.0008 0x0a34 CertPropSvc - ok
22:40:28.0033 0x0a34 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:40:28.0034 0x0a34 circlass - ok
22:40:28.0058 0x0a34 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:40:28.0062 0x0a34 CLFS - ok
22:40:28.0112 0x0a34 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:40:28.0113 0x0a34 clr_optimization_v2.0.50727_32 - ok
22:40:28.0159 0x0a34 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:40:28.0161 0x0a34 clr_optimization_v4.0.30319_32 - ok
22:40:28.0185 0x0a34 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:40:28.0185 0x0a34 CmBatt - ok
22:40:28.0205 0x0a34 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:40:28.0206 0x0a34 cmdide - ok
22:40:28.0232 0x0a34 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
22:40:28.0238 0x0a34 CNG - ok
22:40:28.0249 0x0a34 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:40:28.0250 0x0a34 Compbatt - ok
22:40:28.0278 0x0a34 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:40:28.0279 0x0a34 CompositeBus - ok
22:40:28.0294 0x0a34 COMSysApp - ok
22:40:28.0305 0x0a34 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:40:28.0306 0x0a34 crcdisk - ok
22:40:28.0335 0x0a34 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:40:28.0338 0x0a34 CryptSvc - ok
22:40:28.0373 0x0a34 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
22:40:28.0379 0x0a34 CSC - ok
22:40:28.0401 0x0a34 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
22:40:28.0409 0x0a34 CscService - ok
22:40:28.0469 0x0a34 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:40:28.0474 0x0a34 DcomLaunch - ok
22:40:28.0503 0x0a34 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:40:28.0508 0x0a34 defragsvc - ok
22:40:28.0532 0x0a34 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:40:28.0534 0x0a34 DfsC - ok
22:40:28.0571 0x0a34 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:40:28.0575 0x0a34 Dhcp - ok
22:40:28.0593 0x0a34 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:40:28.0594 0x0a34 discache - ok
22:40:28.0625 0x0a34 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:40:28.0627 0x0a34 Disk - ok
22:40:28.0652 0x0a34 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:40:28.0655 0x0a34 Dnscache - ok
22:40:28.0686 0x0a34 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
22:40:28.0691 0x0a34 dot3svc - ok
22:40:28.0714 0x0a34 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
22:40:28.0718 0x0a34 DPS - ok
22:40:28.0744 0x0a34 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:40:28.0744 0x0a34 drmkaud - ok
22:40:28.0781 0x0a34 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:40:28.0783 0x0a34 dtsoftbus01 - ok
22:40:28.0832 0x0a34 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:40:28.0841 0x0a34 DXGKrnl - ok
22:40:28.0870 0x0a34 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:40:28.0873 0x0a34 EapHost - ok
22:40:28.0972 0x0a34 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:40:28.0994 0x0a34 ebdrv - ok
22:40:29.0015 0x0a34 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
22:40:29.0018 0x0a34 EFS - ok
22:40:29.0065 0x0a34 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:40:29.0072 0x0a34 ehRecvr - ok
22:40:29.0091 0x0a34 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:40:29.0092 0x0a34 ehSched - ok
22:40:29.0132 0x0a34 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:40:29.0136 0x0a34 elxstor - ok
22:40:29.0156 0x0a34 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:40:29.0157 0x0a34 ErrDev - ok
22:40:29.0201 0x0a34 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:40:29.0204 0x0a34 EventSystem - ok
22:40:29.0233 0x0a34 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:40:29.0236 0x0a34 exfat - ok
22:40:29.0257 0x0a34 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:40:29.0260 0x0a34 fastfat - ok
22:40:29.0301 0x0a34 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
22:40:29.0309 0x0a34 Fax - ok
22:40:29.0334 0x0a34 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:40:29.0334 0x0a34 fdc - ok
22:40:29.0360 0x0a34 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:40:29.0362 0x0a34 fdPHost - ok
22:40:29.0375 0x0a34 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:40:29.0377 0x0a34 FDResPub - ok
22:40:29.0404 0x0a34 [ F5CB6CB6D12F495516BE27CFFCCDE4BF ] FETNDIS C:\Windows\system32\DRIVERS\fetnd6.sys
22:40:29.0405 0x0a34 FETNDIS - ok
22:40:29.0420 0x0a34 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:40:29.0421 0x0a34 FileInfo - ok
22:40:29.0427 0x0a34 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:40:29.0428 0x0a34 Filetrace - ok
22:40:29.0440 0x0a34 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:40:29.0440 0x0a34 flpydisk - ok
22:40:29.0476 0x0a34 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:40:29.0478 0x0a34 FltMgr - ok
22:40:29.0529 0x0a34 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
22:40:29.0541 0x0a34 FontCache - ok
22:40:29.0586 0x0a34 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:40:29.0588 0x0a34 FontCache3.0.0.0 - ok
22:40:29.0603 0x0a34 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:40:29.0604 0x0a34 FsDepends - ok
22:40:29.0625 0x0a34 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:40:29.0625 0x0a34 Fs_Rec - ok
22:40:29.0654 0x0a34 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:40:29.0655 0x0a34 fvevol - ok
22:40:29.0689 0x0a34 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:40:29.0690 0x0a34 gagp30kx - ok
22:40:29.0736 0x0a34 [ 5C230948DD6652228F88CA7AE6CB276C ] gdrv C:\Windows\gdrv.sys
22:40:29.0737 0x0a34 gdrv - ok
22:40:29.0775 0x0a34 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
22:40:29.0784 0x0a34 gpsvc - ok
22:40:29.0896 0x0a34 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate1ceabe4a758859 C:\Program Files\Google\Update\GoogleUpdate.exe
22:40:29.0901 0x0a34 gupdate1ceabe4a758859 - ok
22:40:29.0936 0x0a34 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem1ceabe4b15048c C:\Program Files\Google\Update\GoogleUpdate.exe
22:40:29.0938 0x0a34 gupdatem1ceabe4b15048c - ok
22:40:29.0960 0x0a34 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:40:29.0961 0x0a34 hcw85cir - ok
22:40:29.0993 0x0a34 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:40:29.0996 0x0a34 HdAudAddService - ok
22:40:30.0022 0x0a34 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:40:30.0023 0x0a34 HDAudBus - ok
22:40:30.0040 0x0a34 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:40:30.0040 0x0a34 HidBatt - ok
22:40:30.0054 0x0a34 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:40:30.0055 0x0a34 HidBth - ok
22:40:30.0080 0x0a34 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:40:30.0082 0x0a34 HidIr - ok
22:40:30.0104 0x0a34 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
22:40:30.0106 0x0a34 hidserv - ok
22:40:30.0146 0x0a34 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:40:30.0149 0x0a34 HidUsb - ok
22:40:30.0173 0x0a34 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:40:30.0176 0x0a34 hkmsvc - ok
22:40:30.0207 0x0a34 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:40:30.0212 0x0a34 HomeGroupListener - ok
22:40:30.0237 0x0a34 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:40:30.0242 0x0a34 HomeGroupProvider - ok
22:40:30.0267 0x0a34 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:40:30.0268 0x0a34 HpSAMD - ok
22:40:30.0323 0x0a34 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:40:30.0329 0x0a34 HTTP - ok
22:40:30.0356 0x0a34 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:40:30.0357 0x0a34 hwpolicy - ok
22:40:30.0394 0x0a34 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:40:30.0395 0x0a34 i8042prt - ok
22:40:30.0425 0x0a34 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:40:30.0427 0x0a34 iaStorV - ok
22:40:30.0480 0x0a34 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:40:30.0491 0x0a34 idsvc - ok
22:40:30.0519 0x0a34 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:40:30.0519 0x0a34 iirsp - ok
22:40:30.0570 0x0a34 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
22:40:30.0580 0x0a34 IKEEXT - ok
22:40:30.0608 0x0a34 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
22:40:30.0609 0x0a34 intelide - ok
22:40:30.0632 0x0a34 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:40:30.0632 0x0a34 intelppm - ok
22:40:30.0659 0x0a34 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:40:30.0662 0x0a34 IPBusEnum - ok
22:40:30.0678 0x0a34 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:40:30.0679 0x0a34 IpFilterDriver - ok
22:40:30.0715 0x0a34 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:40:30.0722 0x0a34 iphlpsvc - ok
22:40:30.0748 0x0a34 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:40:30.0749 0x0a34 IPMIDRV - ok
22:40:30.0768 0x0a34 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:40:30.0770 0x0a34 IPNAT - ok
22:40:30.0794 0x0a34 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:40:30.0794 0x0a34 IRENUM - ok
22:40:30.0811 0x0a34 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:40:30.0812 0x0a34 isapnp - ok
22:40:30.0836 0x0a34 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:40:30.0839 0x0a34 iScsiPrt - ok
22:40:30.0865 0x0a34 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:40:30.0866 0x0a34 kbdclass - ok
22:40:30.0898 0x0a34 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:40:30.0899 0x0a34 kbdhid - ok
22:40:30.0915 0x0a34 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
22:40:30.0917 0x0a34 KeyIso - ok
22:40:30.0946 0x0a34 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:40:30.0947 0x0a34 KSecDD - ok
22:40:30.0961 0x0a34 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:40:30.0962 0x0a34 KSecPkg - ok
22:40:30.0994 0x0a34 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:40:31.0000 0x0a34 KtmRm - ok
22:40:31.0035 0x0a34 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
22:40:31.0039 0x0a34 LanmanServer - ok
22:40:31.0076 0x0a34 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:40:31.0081 0x0a34 LanmanWorkstation - ok
22:40:31.0125 0x0a34 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:40:31.0125 0x0a34 lltdio - ok
22:40:31.0154 0x0a34 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:40:31.0158 0x0a34 lltdsvc - ok
22:40:31.0174 0x0a34 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:40:31.0176 0x0a34 lmhosts - ok
22:40:31.0199 0x0a34 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:40:31.0201 0x0a34 LSI_FC - ok
22:40:31.0211 0x0a34 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:40:31.0212 0x0a34 LSI_SAS - ok
22:40:31.0229 0x0a34 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:40:31.0230 0x0a34 LSI_SAS2 - ok
22:40:31.0251 0x0a34 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:40:31.0252 0x0a34 LSI_SCSI - ok
22:40:31.0280 0x0a34 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:40:31.0281 0x0a34 luafv - ok
22:40:31.0323 0x0a34 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:40:31.0324 0x0a34 MBAMProtector - ok
22:40:31.0396 0x0a34 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler D:\Program files\Programi\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:40:31.0404 0x0a34 MBAMScheduler - ok
22:40:31.0453 0x0a34 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService D:\Program files\Programi\Malwarebytes' Anti-Malware\mbamservice.exe
22:40:31.0462 0x0a34 MBAMService - ok
22:40:31.0489 0x0a34 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:40:31.0492 0x0a34 Mcx2Svc - ok
22:40:31.0518 0x0a34 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:40:31.0519 0x0a34 megasas - ok
22:40:31.0549 0x0a34 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:40:31.0551 0x0a34 MegaSR - ok
22:40:31.0571 0x0a34 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:40:31.0574 0x0a34 MMCSS - ok
22:40:31.0595 0x0a34 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:40:31.0596 0x0a34 Modem - ok
22:40:31.0630 0x0a34 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:40:31.0632 0x0a34 monitor - ok
22:40:31.0651 0x0a34 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:40:31.0652 0x0a34 mouclass - ok
22:40:31.0684 0x0a34 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:40:31.0685 0x0a34 mouhid - ok
22:40:31.0708 0x0a34 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:40:31.0709 0x0a34 mountmgr - ok
22:40:31.0732 0x0a34 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
22:40:31.0734 0x0a34 mpio - ok
22:40:31.0745 0x0a34 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:40:31.0746 0x0a34 mpsdrv - ok
22:40:31.0780 0x0a34 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:40:31.0788 0x0a34 MpsSvc - ok
22:40:31.0819 0x0a34 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:40:31.0821 0x0a34 MRxDAV - ok
22:40:31.0846 0x0a34 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:40:31.0848 0x0a34 mrxsmb - ok
22:40:31.0861 0x0a34 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:40:31.0863 0x0a34 mrxsmb10 - ok
22:40:31.0882 0x0a34 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:40:31.0883 0x0a34 mrxsmb20 - ok
22:40:31.0896 0x0a34 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
22:40:31.0897 0x0a34 msahci - ok
22:40:31.0916 0x0a34 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:40:31.0918 0x0a34 msdsm - ok
22:40:31.0946 0x0a34 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:40:31.0950 0x0a34 MSDTC - ok
22:40:31.0983 0x0a34 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:40:31.0983 0x0a34 Msfs - ok
22:40:31.0993 0x0a34 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:40:31.0993 0x0a34 mshidkmdf - ok
22:40:32.0015 0x0a34 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:40:32.0016 0x0a34 msisadrv - ok
22:40:32.0038 0x0a34 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:40:32.0042 0x0a34 MSiSCSI - ok
22:40:32.0048 0x0a34 msiserver - ok
22:40:32.0066 0x0a34 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:40:32.0066 0x0a34 MSKSSRV - ok
22:40:32.0083 0x0a34 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:40:32.0083 0x0a34 MSPCLOCK - ok
22:40:32.0090 0x0a34 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:40:32.0091 0x0a34 MSPQM - ok
22:40:32.0112 0x0a34 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:40:32.0113 0x0a34 MsRPC - ok
22:40:32.0129 0x0a34 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:40:32.0130 0x0a34 mssmbios - ok
22:40:32.0150 0x0a34 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:40:32.0150 0x0a34 MSTEE - ok
22:40:32.0165 0x0a34 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:40:32.0166 0x0a34 MTConfig - ok
22:40:32.0182 0x0a34 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:40:32.0183 0x0a34 Mup - ok
22:40:32.0210 0x0a34 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
22:40:32.0215 0x0a34 napagent - ok
22:40:32.0242 0x0a34 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:40:32.0244 0x0a34 NativeWifiP - ok
22:40:32.0277 0x0a34 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:40:32.0282 0x0a34 NDIS - ok
22:40:32.0308 0x0a34 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:40:32.0309 0x0a34 NdisCap - ok
22:40:32.0327 0x0a34 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:40:32.0327 0x0a34 NdisTapi - ok
22:40:32.0356 0x0a34 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:40:32.0357 0x0a34 Ndisuio - ok
22:40:32.0376 0x0a34 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:40:32.0378 0x0a34 NdisWan - ok
22:40:32.0405 0x0a34 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:40:32.0406 0x0a34 NDProxy - ok
22:40:32.0432 0x0a34 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:40:32.0433 0x0a34 NetBIOS - ok
22:40:32.0464 0x0a34 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:40:32.0466 0x0a34 NetBT - ok
22:40:32.0482 0x0a34 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
22:40:32.0485 0x0a34 Netlogon - ok
22:40:32.0519 0x0a34 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:40:32.0525 0x0a34 Netman - ok
22:40:32.0571 0x0a34 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:40:32.0574 0x0a34 NetMsmqActivator - ok
22:40:32.0580 0x0a34 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:40:32.0581 0x0a34 NetPipeActivator - ok
22:40:32.0606 0x0a34 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:40:32.0613 0x0a34 netprofm - ok
22:40:32.0621 0x0a34 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:40:32.0623 0x0a34 NetTcpActivator - ok
22:40:32.0629 0x0a34 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:40:32.0632 0x0a34 NetTcpPortSharing - ok
22:40:32.0659 0x0a34 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:40:32.0660 0x0a34 nfrd960 - ok
22:40:32.0690 0x0a34 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:40:32.0695 0x0a34 NlaSvc - ok
22:40:32.0706 0x0a34 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:40:32.0707 0x0a34 Npfs - ok
22:40:32.0727 0x0a34 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:40:32.0730 0x0a34 nsi - ok
22:40:32.0743 0x0a34 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:40:32.0744 0x0a34 nsiproxy - ok
22:40:32.0794 0x0a34 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:40:32.0804 0x0a34 Ntfs - ok
22:40:32.0824 0x0a34 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:40:32.0825 0x0a34 Null - ok
22:40:32.0856 0x0a34 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:40:32.0857 0x0a34 nvraid - ok
22:40:32.0888 0x0a34 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:40:32.0889 0x0a34 nvstor - ok
22:40:32.0908 0x0a34 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:40:32.0910 0x0a34 nv_agp - ok
22:40:32.0926 0x0a34 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:40:32.0927 0x0a34 ohci1394 - ok
22:40:32.0951 0x0a34 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:40:32.0957 0x0a34 p2pimsvc - ok
22:40:32.0988 0x0a34 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:40:32.0995 0x0a34 p2psvc - ok
22:40:33.0030 0x0a34 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:40:33.0031 0x0a34 Parport - ok
22:40:33.0061 0x0a34 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:40:33.0062 0x0a34 partmgr - ok
22:40:33.0078 0x0a34 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:40:33.0079 0x0a34 Parvdm - ok
22:40:33.0105 0x0a34 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:40:33.0110 0x0a34 PcaSvc - ok
22:40:33.0140 0x0a34 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
22:40:33.0141 0x0a34 pci - ok
22:40:33.0159 0x0a34 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
22:40:33.0160 0x0a34 pciide - ok
22:40:33.0186 0x0a34 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:40:33.0188 0x0a34 pcmcia - ok
22:40:33.0205 0x0a34 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:40:33.0206 0x0a34 pcw - ok
22:40:33.0242 0x0a34 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:40:33.0247 0x0a34 PEAUTH - ok
22:40:33.0286 0x0a34 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:40:33.0300 0x0a34 PeerDistSvc - ok
22:40:33.0382 0x0a34 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
22:40:33.0403 0x0a34 pla - ok
22:40:33.0444 0x0a34 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:40:33.0449 0x0a34 PlugPlay - ok
22:40:33.0464 0x0a34 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:40:33.0467 0x0a34 PNRPAutoReg - ok
22:40:33.0484 0x0a34 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:40:33.0488 0x0a34 PNRPsvc - ok
22:40:33.0524 0x0a34 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:40:33.0530 0x0a34 PolicyAgent - ok
22:40:33.0563 0x0a34 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
22:40:33.0567 0x0a34 Power - ok
22:40:33.0601 0x0a34 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:40:33.0602 0x0a34 PptpMiniport - ok
22:40:33.0620 0x0a34 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:40:33.0621 0x0a34 Processor - ok
22:40:33.0650 0x0a34 ProcObsrv - ok
22:40:33.0689 0x0a34 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
22:40:33.0693 0x0a34 ProfSvc - ok
22:40:33.0707 0x0a34 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:40:33.0709 0x0a34 ProtectedStorage - ok
22:40:33.0742 0x0a34 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:40:33.0743 0x0a34 Psched - ok
22:40:33.0802 0x0a34 [ 0B6DEA0A1662CAB8F2BF339DC0752EF4 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
22:40:33.0804 0x0a34 PSI_SVC_2 - ok
22:40:33.0861 0x0a34 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:40:33.0871 0x0a34 ql2300 - ok
22:40:33.0886 0x0a34 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:40:33.0888 0x0a34 ql40xx - ok
22:40:33.0909 0x0a34 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:40:33.0913 0x0a34 QWAVE - ok
22:40:33.0925 0x0a34 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:40:33.0925 0x0a34 QWAVEdrv - ok
22:40:33.0949 0x0a34 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:40:33.0950 0x0a34 RasAcd - ok
22:40:33.0977 0x0a34 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:40:33.0978 0x0a34 RasAgileVpn - ok
22:40:34.0003 0x0a34 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:40:34.0006 0x0a34 RasAuto - ok
22:40:34.0017 0x0a34 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:40:34.0018 0x0a34 Rasl2tp - ok
22:40:34.0044 0x0a34 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
22:40:34.0049 0x0a34 RasMan - ok
22:40:34.0060 0x0a34 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:40:34.0061 0x0a34 RasPppoe - ok
22:40:34.0076 0x0a34 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:40:34.0077 0x0a34 RasSstp - ok
22:40:34.0105 0x0a34 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:40:34.0107 0x0a34 rdbss - ok
22:40:34.0134 0x0a34 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:40:34.0134 0x0a34 rdpbus - ok
22:40:34.0156 0x0a34 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:40:34.0157 0x0a34 RDPCDD - ok
22:40:34.0192 0x0a34 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:40:34.0194 0x0a34 RDPDR - ok
22:40:34.0214 0x0a34 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:40:34.0214 0x0a34 RDPENCDD - ok
22:40:34.0231 0x0a34 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:40:34.0232 0x0a34 RDPREFMP - ok
22:40:34.0261 0x0a34 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:40:34.0262 0x0a34 RdpVideoMiniport - ok
22:40:34.0283 0x0a34 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:40:34.0285 0x0a34 RDPWD - ok
22:40:34.0322 0x0a34 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:40:34.0324 0x0a34 rdyboost - ok
22:40:34.0353 0x0a34 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:40:34.0356 0x0a34 RemoteAccess - ok
22:40:34.0384 0x0a34 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:40:34.0387 0x0a34 RemoteRegistry - ok
22:40:34.0410 0x0a34 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:40:34.0413 0x0a34 RpcEptMapper - ok
22:40:34.0435 0x0a34 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:40:34.0437 0x0a34 RpcLocator - ok
22:40:34.0460 0x0a34 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
22:40:34.0465 0x0a34 RpcSs - ok
22:40:34.0506 0x0a34 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:40:34.0507 0x0a34 rspndr - ok
22:40:34.0529 0x0a34 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
22:40:34.0531 0x0a34 RTL8167 - ok
22:40:34.0553 0x0a34 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:40:34.0553 0x0a34 s3cap - ok
22:40:34.0565 0x0a34 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
22:40:34.0568 0x0a34 SamSs - ok
22:40:34.0591 0x0a34 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:40:34.0592 0x0a34 sbp2port - ok
22:40:34.0618 0x0a34 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:40:34.0622 0x0a34 SCardSvr - ok
22:40:34.0639 0x0a34 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:40:34.0640 0x0a34 scfilter - ok
22:40:34.0683 0x0a34 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
22:40:34.0691 0x0a34 Schedule - ok
22:40:34.0715 0x0a34 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:40:34.0716 0x0a34 SCPolicySvc - ok
22:40:34.0740 0x0a34 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:40:34.0744 0x0a34 SDRSVC - ok
22:40:34.0785 0x0a34 [ C71394D99A04CA76484492F590C9CBA5 ] SecDrv C:\Windows\system32\drivers\SECDRV.SYS
22:40:34.0786 0x0a34 SecDrv - ok
22:40:34.0801 0x0a34 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:40:34.0805 0x0a34 seclogon - ok
22:40:34.0833 0x0a34 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
22:40:34.0837 0x0a34 SENS - ok
22:40:34.0856 0x0a34 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:40:34.0860 0x0a34 SensrSvc - ok
22:40:34.0884 0x0a34 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:40:34.0885 0x0a34 Serenum - ok
22:40:34.0907 0x0a34 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:40:34.0908 0x0a34 Serial - ok
22:40:34.0933 0x0a34 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:40:34.0934 0x0a34 sermouse - ok
22:40:34.0967 0x0a34 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
22:40:34.0972 0x0a34 SessionEnv - ok
22:40:34.0992 0x0a34 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:40:34.0993 0x0a34 sffdisk - ok
22:40:35.0018 0x0a34 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:40:35.0019 0x0a34 sffp_mmc - ok
22:40:35.0032 0x0a34 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:40:35.0033 0x0a34 sffp_sd - ok
22:40:35.0058 0x0a34 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:40:35.0058 0x0a34 sfloppy - ok
22:40:35.0092 0x0a34 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:40:35.0097 0x0a34 SharedAccess - ok
22:40:35.0125 0x0a34 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:40:35.0130 0x0a34 ShellHWDetection - ok
22:40:35.0158 0x0a34 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:40:35.0159 0x0a34 sisagp - ok
22:40:35.0175 0x0a34 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:40:35.0177 0x0a34 SiSRaid2 - ok
22:40:35.0195 0x0a34 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:40:35.0196 0x0a34 SiSRaid4 - ok
22:40:35.0248 0x0a34 [ F2B755D3835089590E8113F48AA931F7 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:40:35.0252 0x0a34 SkypeUpdate - ok
22:40:35.0282 0x0a34 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:40:35.0283 0x0a34 Smb - ok
22:40:35.0332 0x0a34 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:40:35.0335 0x0a34 SNMPTRAP - ok
22:40:35.0344 0x0a34 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:40:35.0345 0x0a34 spldr - ok
22:40:35.0382 0x0a34 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
22:40:35.0387 0x0a34 Spooler - ok
22:40:35.0474 0x0a34 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
22:40:35.0498 0x0a34 sppsvc - ok
22:40:35.0532 0x0a34 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:40:35.0535 0x0a34 sppuinotify - ok
22:40:35.0561 0x0a34 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:40:35.0564 0x0a34 srv - ok
22:40:35.0585 0x0a34 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:40:35.0588 0x0a34 srv2 - ok
22:40:35.0606 0x0a34 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:40:35.0607 0x0a34 srvnet - ok
22:40:35.0632 0x0a34 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:40:35.0636 0x0a34 SSDPSRV - ok
22:40:35.0690 0x0a34 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:40:35.0694 0x0a34 SstpSvc - ok
22:40:35.0711 0x0a34 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:40:35.0712 0x0a34 stexstor - ok
22:40:35.0751 0x0a34 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
22:40:35.0759 0x0a34 StiSvc - ok
22:40:35.0779 0x0a34 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:40:35.0780 0x0a34 storflt - ok
22:40:35.0802 0x0a34 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:40:35.0802 0x0a34 storvsc - ok
22:40:35.0815 0x0a34 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
22:40:35.0816 0x0a34 swenum - ok
22:40:35.0844 0x0a34 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:40:35.0851 0x0a34 swprv - ok
22:40:35.0893 0x0a34 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
22:40:35.0910 0x0a34 SysMain - ok
22:40:35.0938 0x0a34 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:40:35.0941 0x0a34 TabletInputService - ok
22:40:35.0972 0x0a34 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
22:40:35.0977 0x0a34 TapiSrv - ok
22:40:35.0999 0x0a34 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:40:36.0003 0x0a34 TBS - ok
22:40:36.0054 0x0a34 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:40:36.0063 0x0a34 Tcpip - ok
22:40:36.0094 0x0a34 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:40:36.0103 0x0a34 TCPIP6 - ok
22:40:36.0128 0x0a34 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:40:36.0129 0x0a34 tcpipreg - ok
22:40:36.0150 0x0a34 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:40:36.0151 0x0a34 TDPIPE - ok
22:40:36.0164 0x0a34 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:40:36.0166 0x0a34 TDTCP - ok
22:40:36.0188 0x0a34 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:40:36.0189 0x0a34 tdx - ok
22:40:36.0483 0x0a34 [ 576918B02840A360702051BC4269B13F ] TeamViewer8 D:\Program files\Programi\Version8\TeamViewer_Service.exe
22:40:36.0520 0x0a34 TeamViewer8 - ok
22:40:36.0547 0x0a34 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:40:36.0547 0x0a34 TermDD - ok
22:40:36.0580 0x0a34 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
22:40:36.0587 0x0a34 TermService - ok
22:40:36.0610 0x0a34 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:40:36.0613 0x0a34 Themes - ok
22:40:36.0630 0x0a34 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:40:36.0632 0x0a34 THREADORDER - ok
22:40:36.0659 0x0a34 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:40:36.0663 0x0a34 TrkWks - ok
22:40:36.0703 0x0a34 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:40:36.0706 0x0a34 TrustedInstaller - ok
22:40:36.0738 0x0a34 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:40:36.0739 0x0a34 tssecsrv - ok
22:40:36.0766 0x0a34 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:40:36.0766 0x0a34 TsUsbFlt - ok
22:40:36.0800 0x0a34 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:40:36.0801 0x0a34 tunnel - ok
22:40:36.0820 0x0a34 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:40:36.0821 0x0a34 uagp35 - ok
22:40:36.0854 0x0a34 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:40:36.0856 0x0a34 udfs - ok
22:40:36.0886 0x0a34 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:40:36.0889 0x0a34 UI0Detect - ok
22:40:36.0901 0x0a34 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:40:36.0902 0x0a34 uliagpkx - ok
22:40:36.0924 0x0a34 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
22:40:36.0926 0x0a34 umbus - ok
22:40:36.0943 0x0a34 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:40:36.0943 0x0a34 UmPass - ok
22:40:36.0974 0x0a34 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
22:40:36.0978 0x0a34 UmRdpService - ok
22:40:37.0007 0x0a34 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:40:37.0012 0x0a34 upnphost - ok
22:40:37.0041 0x0a34 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:40:37.0042 0x0a34 usbccgp - ok
22:40:37.0082 0x0a34 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:40:37.0083 0x0a34 usbcir - ok
22:40:37.0099 0x0a34 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:40:37.0100 0x0a34 usbehci - ok
22:40:37.0124 0x0a34 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\drivers\usbhub.sys
22:40:37.0126 0x0a34 usbhub - ok
22:40:37.0143 0x0a34 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:40:37.0143 0x0a34 usbohci - ok
22:40:37.0167 0x0a34 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:40:37.0168 0x0a34 usbprint - ok
22:40:37.0185 0x0a34 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:40:37.0186 0x0a34 USBSTOR - ok
22:40:37.0197 0x0a34 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:40:37.0199 0x0a34 usbuhci - ok
22:40:37.0218 0x0a34 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:40:37.0222 0x0a34 UxSms - ok
22:40:37.0232 0x0a34 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
22:40:37.0234 0x0a34 VaultSvc - ok
22:40:37.0261 0x0a34 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:40:37.0261 0x0a34 vdrvroot - ok
22:40:37.0299 0x0a34 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
22:40:37.0308 0x0a34 vds - ok
22:40:37.0336 0x0a34 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:40:37.0337 0x0a34 vga - ok
22:40:37.0350 0x0a34 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:40:37.0351 0x0a34 VgaSave - ok
22:40:37.0367 0x0a34 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:40:37.0368 0x0a34 vhdmp - ok
22:40:37.0381 0x0a34 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:40:37.0383 0x0a34 viaagp - ok
22:40:37.0399 0x0a34 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:40:37.0400 0x0a34 ViaC7 - ok
22:40:37.0412 0x0a34 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
22:40:37.0413 0x0a34 viaide - ok
22:40:37.0443 0x0a34 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:40:37.0445 0x0a34 vmbus - ok
22:40:37.0459 0x0a34 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:40:37.0460 0x0a34 VMBusHID - ok
22:40:37.0477 0x0a34 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:40:37.0478 0x0a34 volmgr - ok
22:40:37.0506 0x0a34 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:40:37.0508 0x0a34 volmgrx - ok
22:40:37.0526 0x0a34 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:40:37.0528 0x0a34 volsnap - ok
22:40:37.0550 0x0a34 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:40:37.0552 0x0a34 vsmraid - ok
22:40:37.0598 0x0a34 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
22:40:37.0608 0x0a34 VSS - ok
22:40:37.0619 0x0a34 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:40:37.0620 0x0a34 vwifibus - ok
22:40:37.0647 0x0a34 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:40:37.0652 0x0a34 W32Time - ok
22:40:37.0672 0x0a34 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:40:37.0673 0x0a34 WacomPen - ok
22:40:37.0704 0x0a34 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:40:37.0705 0x0a34 WANARP - ok
22:40:37.0710 0x0a34 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:40:37.0711 0x0a34 Wanarpv6 - ok
22:40:37.0758 0x0a34 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
22:40:37.0772 0x0a34 wbengine - ok
22:40:37.0820 0x0a34 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:40:37.0840 0x0a34 WbioSrvc - ok
22:40:37.0955 0x0a34 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:40:37.0962 0x0a34 wcncsvc - ok
22:40:37.0989 0x0a34 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:40:37.0993 0x0a34 WcsPlugInService - ok
22:40:38.0018 0x0a34 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:40:38.0018 0x0a34 Wd - ok
22:40:38.0041 0x0a34 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:40:38.0045 0x0a34 Wdf01000 - ok
22:40:38.0056 0x0a34 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:40:38.0061 0x0a34 WdiServiceHost - ok
22:40:38.0066 0x0a34 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:40:38.0071 0x0a34 WdiSystemHost - ok
22:40:38.0095 0x0a34 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
22:40:38.0101 0x0a34 WebClient - ok
22:40:38.0124 0x0a34 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:40:38.0130 0x0a34 Wecsvc - ok
22:40:38.0147 0x0a34 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:40:38.0152 0x0a34 wercplsupport - ok
22:40:38.0169 0x0a34 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:40:38.0173 0x0a34 WerSvc - ok
22:40:38.0189 0x0a34 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:40:38.0189 0x0a34 WfpLwf - ok
22:40:38.0216 0x0a34 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:40:38.0217 0x0a34 WIMMount - ok
22:40:38.0268 0x0a34 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:40:38.0276 0x0a34 WinDefend - ok
22:40:38.0295 0x0a34 WinHttpAutoProxySvc - ok
22:40:38.0342 0x0a34 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:40:38.0344 0x0a34 Winmgmt - ok
22:40:38.0402 0x0a34 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
22:40:38.0414 0x0a34 WinRM - ok
22:40:38.0463 0x0a34 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:40:38.0476 0x0a34 Wlansvc - ok
22:40:38.0490 0x0a34 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:40:38.0491 0x0a34 WmiAcpi - ok
22:40:38.0525 0x0a34 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:40:38.0527 0x0a34 wmiApSrv - ok
22:40:38.0591 0x0a34 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:40:38.0605 0x0a34 WMPNetworkSvc - ok
22:40:38.0632 0x0a34 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:40:38.0636 0x0a34 WPCSvc - ok
22:40:38.0657 0x0a34 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:40:38.0660 0x0a34 WPDBusEnum - ok
22:40:38.0682 0x0a34 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:40:38.0683 0x0a34 ws2ifsl - ok
22:40:38.0706 0x0a34 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
22:40:38.0710 0x0a34 wscsvc - ok
22:40:38.0716 0x0a34 WSearch - ok
22:40:38.0782 0x0a34 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:40:38.0798 0x0a34 wuauserv - ok
22:40:38.0825 0x0a34 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:40:38.0826 0x0a34 WudfPf - ok
22:40:38.0857 0x0a34 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:38.0859 0x0a34 WUDFRd - ok
22:40:38.0890 0x0a34 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:40:38.0893 0x0a34 wudfsvc - ok
22:40:38.0923 0x0a34 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:40:38.0927 0x0a34 WwanSvc - ok
22:40:38.0946 0x0a34 ================ Scan global ===============================
22:40:38.0972 0x0a34 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:40:39.0007 0x0a34 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:40:39.0021 0x0a34 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:40:39.0042 0x0a34 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:40:39.0059 0x0a34 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:40:39.0066 0x0a34 [Global] - ok
22:40:39.0067 0x0a34 ================ Scan MBR ==================================
22:40:39.0079 0x0a34 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:40:39.0540 0x0a34 \Device\Harddisk0\DR0 - ok
22:40:39.0541 0x0a34 ================ Scan VBR ==================================
22:40:39.0544 0x0a34 [ 07943E72D335D63DCC067FA17938D1B5 ] \Device\Harddisk0\DR0\Partition1
22:40:39.0546 0x0a34 \Device\Harddisk0\DR0\Partition1 - ok
22:40:39.0562 0x0a34 [ DCD0A1D3F9779B7C56B313261EF4702B ] \Device\Harddisk0\DR0\Partition2
22:40:39.0564 0x0a34 \Device\Harddisk0\DR0\Partition2 - ok
22:40:39.0584 0x0a34 [ F6B4A51B4379D26F3A2160EFD7C506DE ] \Device\Harddisk0\DR0\Partition3
22:40:39.0585 0x0a34 \Device\Harddisk0\DR0\Partition3 - ok
22:40:39.0586 0x0a34 ============================================================
22:40:39.0586 0x0a34 Scan finished
22:40:39.0586 0x0a34 ============================================================
22:40:39.0601 0x0a94 Detected object count: 1
22:40:39.0601 0x0a94 Actual detected object count: 1
22:41:09.0527 0x0a94 C:\Windows\system32\drivers\atapi.sys - copied to quarantine
22:41:09.0561 0x0a94 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:41:09.0564 0x0a94 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
22:41:09.0566 0x0a94 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
22:41:09.0569 0x0a94 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
22:41:09.0638 0x0a94 Backup copy found, using it..
22:41:09.0652 0x0a94 C:\Windows\system32\drivers\atapi.sys - will be cured on reboot
22:41:09.0652 0x0a94 atapi ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
22:44:18.0284 0x0f48 Deinitialize success

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ok, to smo resili, idemo dalje Smile


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

offline
  • Pridružio: 05 Dec 2012
  • Poruke: 15

ComboFix 13-09-22.01 - Mr GooD 22.09.2013 23:08:38.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3072.1809 [GMT 2:00]
Running from: d:\downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2013-08-22 to 2013-09-22 )))))))))))))))))))))))))))))))
.
.
2013-09-22 21:13 . 2013-09-22 21:13 -------- d-----w- c:\users\Mr GooD\AppData\Local\temp
2013-09-22 21:13 . 2013-09-22 21:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-22 20:41 . 2013-09-22 20:41 -------- d-----w- C:\TDSSKiller_Quarantine
2013-09-22 13:48 . 2013-09-22 13:48 -------- d-----w- c:\programdata\NexonEU
2013-09-22 13:10 . 2013-09-22 13:10 -------- d-----w- c:\programdata\NexonUS
2013-09-20 19:46 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-20 11:21 . 2013-09-15 22:50 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FD16A56-23CD-4754-8499-E43AECAFA307}\mpengine.dll
2013-09-11 11:52 . 2013-09-11 11:52 -------- d-----w- c:\users\Mr GooD\AppData\Roaming\.mono
2013-09-07 16:05 . 2013-09-07 16:07 -------- d-----w- c:\program files\Google
2013-09-02 22:27 . 2013-09-04 18:15 -------- d-----w- c:\users\Mr GooD\AppData\Roaming\Awesomium
2013-09-01 10:19 . 2013-09-01 10:54 283032 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-09-01 10:19 . 2013-09-01 10:19 -------- d-----w- c:\users\Mr GooD\AppData\Local\PunkBuster
2013-09-01 10:02 . 2013-09-01 10:02 138056 ----a-w- c:\users\Mr GooD\AppData\Roaming\PnkBstrK.sys
2013-08-31 17:51 . 2013-08-31 17:51 -------- d-----w- c:\programdata\PWD
2013-08-30 22:26 . 2013-08-30 22:26 -------- d-----w- c:\program files\Common Files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-22 20:45 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2013-09-11 12:55 . 2012-12-09 21:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-11 12:55 . 2012-12-09 21:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-01 10:31 . 2012-12-29 07:22 283032 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-08-07 02:22 . 2012-12-09 17:53 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="d:\program files\Programi\deamon tols\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"CCleaner"="d:\program files\cclener\ccleaner.exe" [2013-08-21 3676952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- d:\program files\Programi\deamon tols\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-21 08:18 19875944 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"
.
R2 gupdate1ceabe4a758859;Google Update Service (gupdate1ceabe4a758859);c:\program files\Google\Update\GoogleUpdate.exe [2013-09-07 116648]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 gupdatem1ceabe4b15048c;Google Update Service (gupdatem1ceabe4b15048c);c:\program files\Google\Update\GoogleUpdate.exe [2013-09-07 116648]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-06-14 242240]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]
S2 MBAMScheduler;MBAMScheduler;d:\program files\Programi\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;d:\program files\Programi\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 TeamViewer8;TeamViewer 8;d:\program files\Programi\Version8\TeamViewer_Service.exe [2013-09-12 5071712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 94882255
*Deregistered* - 94882255
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-19 22:13 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-09 12:55]
.
2013-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650746548-3130309986-2507687739-1000Core.job
- c:\users\Mr GooD\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-30 14:17]
.
2013-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650746548-3130309986-2507687739-1000UA.job
- c:\users\Mr GooD\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-30 14:17]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-07 16:05]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-07 16:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.2
FF - ProfilePath - c:\users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 3e25e999000000000000001fd001f30a
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15872
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.514:30
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119776&tt=120613_ndc
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Akamai NetSession Interface - c:\users\Mr GooD\AppData\Local\Akamai\netsession_win.exe
SafeBoot-94882255.sys
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-22 23:15:18
ComboFix-quarantined-files.txt 2013-09-22 21:15
.
Pre-Run: 10.880.299.008 bytes free
Post-Run: 10.793.095.168 bytes free
.
- - End Of File - - 7792752D30AFA82677174547A9875EF4
A36C5E4F47E84449FF07ED3517B43A31

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

FileLook::
c:\windows\system32\drivers\atapi.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SearchSettings"=-

File::
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

Folder::
c:\program files\Common Files\Spigot

Firefox::
FF - ProfilePath - c:\users\Mr GooD\AppData\Roaming\Mozilla\Firefox\Profiles\rrkrp3ku.default\
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 3e25e999000000000000001fd001f30a
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15872
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.514:30
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119776&tt=120613_ndc
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false

DDS::
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com

ClearJavaCache::


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 1032 korisnika na forumu :: 75 registrovanih, 6 sakrivenih i 951 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksmajstor, Apok, ArmyBoss, arsa, Bane san, Bobrock1, bojank, bojcistv, branko7, Bubili, Bubimir, Buda Baba, ccoogg123, darios, ddjxxi, draganca, Džordžino, esx66, FOX, goranperović66, Gosha101980, goxin, ikan, Ivica1102, Japidson, Koridor, Kriglord, kuntalo, ladro, marsovac 2, MB120mm, mercedesamg, mikrimaus, milimoj, Mimikrija, misa1xx, Mixelotti, mnn2, moldway, MrNo, nebkv, nedeljkovici, nenad81, nikoladim, Nobunaga, Outis, Parker, pedja2506, PEGIN, pera12345, Petarvu, Pikac-47, pvoman, Radoje, Romibrat, S2M, samsung, saxone, Shinobi, srbijaiznadsvega, Srky Boy, theNedjeljko, trajkoni018, Trpe Grozni, vathra, Vatrogasaccc, VJ, Vlad000, VladaNS1978, vlahale, vobo, vranjanac29, wizzardone, zziko, |_MeD_|