Jump to content

Virus accessing Outlook constantly?


ilWizard
 Share

Recommended Posts

Hi,

I update regularly my Avira but in one of my e-mail "seems" got hijacked and provider suggested me to change password and such. I've also performed a complete virus scan with Avira and there were many "infection" which were quarantined.

Now I've runned Anti-Malware and it only found one virus which it cured (I consequentely runned another scan and it showed no hits). Strange fact one: I had to un-install Anti-Malware since it blocked completely the access to the internet.

Strange fact 2 (could be non-related): Outlook accesses constantly to the hard-disk when on

Basically I think that I have something on my PC...

Note: I have a couple of P2P programs which I'm not using at the moment.

Thanks for your help.DDS.txtAttach.txt

Ah, nother minor strange fact: I've Win7 and DDS it did not "Run as Administrator" (which not compared in the list of options after the right click), but went normally with "Open"...

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Dear Dark Knight, thanks for taking care of me. :)

If I'm not mistaken I should copy and past the reports in the post rather than attaching them.

Here you are:

ComboFix 12-09-23.02 - ilWizard 23/09/2012 19:16:20.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.6135.4220 [GMT 2:00]

Eseguito da: c:\users\ilWizard\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Creati Da 2012-08-23 al 2012-09-23 )))))))))))))))))))))))))))))))))))

.

.

2012-09-23 17:24 . 2012-09-23 17:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-09-23 17:24 . 2012-09-23 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-23 17:10 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5657EB4B-AE5A-458A-8626-161F82CF0739}\mpengine.dll

2012-09-22 15:45 . 2012-09-22 15:45 113629 ----a-w- c:\windows\SysWow64\slmgr.vbs

2012-09-22 15:45 . 2012-09-22 15:45 113629 ----a-w- c:\windows\system32\slmgr.vbs

2012-09-22 14:37 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-22 14:37 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-22 14:37 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-21 07:56 . 2012-09-21 07:56 -------- d-----w- c:\windows\system32\SPReview

2012-09-21 07:55 . 2012-09-21 07:55 -------- d-----w- c:\windows\system32\EventProviders

2012-09-20 13:49 . 2012-09-20 13:49 -------- d-----w- c:\users\ilWizard\AppData\Roaming\Malwarebytes

2012-09-20 13:49 . 2012-09-20 14:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-20 13:49 . 2012-09-20 13:49 -------- d-----w- c:\programdata\Malwarebytes

2012-09-05 16:34 . 2012-09-05 16:34 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-09-05 16:33 . 2012-09-05 16:33 -------- d-----w- c:\program files (x86)\Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-21 17:03 . 2012-04-04 07:32 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-21 17:03 . 2011-05-20 07:20 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-21 08:04 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-09-21 08:04 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-09-13 00:15 . 2009-10-22 18:01 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-08-28 18:24 . 2012-05-05 16:52 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-08-28 18:24 . 2010-05-05 16:18 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-13 20:31 . 2012-05-11 08:06 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-08-13 20:31 . 2012-05-11 08:06 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-07-30 13:53 . 2012-08-16 13:05 112096 ----a-w- c:\windows\SysWow64\acaptuser32.dll

2012-07-18 18:15 . 2012-08-16 07:39 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-04 22:16 . 2012-08-16 07:40 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-16 07:40 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-16 07:40 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-16 07:40 41984 ----a-w- c:\windows\SysWow64\browcli.dll

.

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-24 2245120]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-23 1038088]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1255736]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-22 834544]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-02-03 27760]

S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-13 86224]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1222144]

.

.

Contenuto della cartella 'Scheduled Tasks'

.

2012-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 17:03]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-26 171520]

.

------- Scansione supplementare -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Aggiungi a PDF esistente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Aggiungi destinazione link a PDF esistente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Converti destinazione link in Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Converti destinazione link in PDF esistente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Converti in Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 78.46.86.74 212.117.175.185

.

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_USERS\S-1-5-21-1953389004-333701557-3154058245-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* %s*]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-1953389004-333701557-3154058245-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* %s*\OpenWithList]

@Class="Shell"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\windows\SysWOW64\NMSAccessU.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Ora fine scansione: 2012-09-23 19:30:46 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2012-09-23 17:30

ComboFix2.txt 2012-09-22 15:00

.

Pre-Run: 325.995.347.968 byte disponibili

Post-Run: 325.745.500.160 byte disponibili

.

- - End Of File - - E8B10BE01B450C10BF2008CFAA85D596

Link to post
Share on other sites

Hey ilWizard. :)

If I'm not mistaken I should copy and past the reports in the post rather than attaching them.

Correct. :)

Nothing showing in your ComboFix log.

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

Then, please download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.blee...al/MBRCheck.exe

http://www.kernelmod...fo/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

==========

In your post please provide the following:

  • TDSSKiller log.
  • MBRCheck log.

How is your computer running at the moment?

Link to post
Share on other sites

Hi DK,

The pc is running ok. This morning the hard disk was a little bit "too active" but now it is fine. The only thing that really doens't work is Outlook which I cannot keep open if I don't want to constantly accessing the hard disk. Maybe if it's not a virus maybe it's some sort of corruption of the program?

Anyhow, her there are the requested logs:

18:08:54.0761 12132 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

18:08:55.0041 12132 ============================================================

18:08:55.0041 12132 Current date / time: 2012/09/24 18:08:55.0041

18:08:55.0041 12132 SystemInfo:

18:08:55.0041 12132

18:08:55.0041 12132 OS Version: 6.1.7601 ServicePack: 1.0

18:08:55.0041 12132 Product type: Workstation

18:08:55.0041 12132 ComputerName: ILWIZARD-PC

18:08:55.0041 12132 UserName: ilWizard

18:08:55.0041 12132 Windows directory: C:\Windows

18:08:55.0041 12132 System windows directory: C:\Windows

18:08:55.0041 12132 Running under WOW64

18:08:55.0041 12132 Processor architecture: Intel x64

18:08:55.0041 12132 Number of processors: 4

18:08:55.0041 12132 Page size: 0x1000

18:08:55.0041 12132 Boot type: Normal boot

18:08:55.0041 12132 ============================================================

18:08:55.0831 12132 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:08:55.0841 12132 ============================================================

18:08:55.0841 12132 \Device\Harddisk0\DR0:

18:08:55.0841 12132 MBR partitions:

18:08:55.0841 12132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

18:08:55.0841 12132 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3AD93000

18:08:55.0841 12132 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3ADC5800, BlocksNum 0x39940000

18:08:55.0841 12132 ============================================================

18:08:55.0861 12132 C: <-> \Device\Harddisk0\DR0\Partition2

18:08:55.0881 12132 E: <-> \Device\Harddisk0\DR0\Partition3

18:08:55.0881 12132 ============================================================

18:08:55.0881 12132 Initialize success

18:08:55.0881 12132 ============================================================

18:09:32.0802 13020 ============================================================

18:09:32.0802 13020 Scan started

18:09:32.0802 13020 Mode: Manual;

18:09:32.0802 13020 ============================================================

18:09:33.0707 13020 ================ Scan system memory ========================

18:09:33.0707 13020 System memory - ok

18:09:33.0707 13020 ================ Scan services =============================

18:09:33.0832 13020 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

18:09:33.0832 13020 1394ohci - ok

18:09:33.0863 13020 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

18:09:33.0863 13020 ACPI - ok

18:09:33.0894 13020 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

18:09:33.0894 13020 AcpiPmi - ok

18:09:33.0925 13020 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys

18:09:33.0935 13020 adfs - ok

18:09:34.0055 13020 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

18:09:34.0065 13020 AdobeFlashPlayerUpdateSvc - ok

18:09:34.0105 13020 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

18:09:34.0115 13020 adp94xx - ok

18:09:34.0145 13020 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

18:09:34.0155 13020 adpahci - ok

18:09:34.0175 13020 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

18:09:34.0185 13020 adpu320 - ok

18:09:34.0205 13020 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

18:09:34.0215 13020 AeLookupSvc - ok

18:09:34.0265 13020 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

18:09:34.0265 13020 AFD - ok

18:09:34.0285 13020 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

18:09:34.0295 13020 agp440 - ok

18:09:34.0305 13020 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

18:09:34.0315 13020 ALG - ok

18:09:34.0335 13020 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

18:09:34.0345 13020 aliide - ok

18:09:34.0355 13020 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

18:09:34.0355 13020 amdide - ok

18:09:34.0395 13020 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

18:09:34.0395 13020 AmdK8 - ok

18:09:34.0415 13020 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

18:09:34.0425 13020 AmdPPM - ok

18:09:34.0445 13020 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

18:09:34.0455 13020 amdsata - ok

18:09:34.0475 13020 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

18:09:34.0485 13020 amdsbs - ok

18:09:34.0505 13020 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

18:09:34.0515 13020 amdxata - ok

18:09:34.0545 13020 [ 363571BC0C79E394E69300D1F2E3DDAE ] androidusb C:\Windows\system32\Drivers\androidusb.sys

18:09:34.0545 13020 androidusb - ok

18:09:34.0625 13020 [ 22F45B5EC50FCC97A1A4A26EDD5A1263 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

18:09:34.0625 13020 AntiVirSchedulerService - ok

18:09:34.0655 13020 [ 9AB4FA686910D4E49A8D92836E3DC23B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

18:09:34.0655 13020 AntiVirService - ok

18:09:34.0705 13020 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

18:09:34.0715 13020 AppID - ok

18:09:34.0725 13020 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

18:09:34.0735 13020 AppIDSvc - ok

18:09:34.0765 13020 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

18:09:34.0775 13020 Appinfo - ok

18:09:34.0805 13020 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

18:09:34.0815 13020 AppMgmt - ok

18:09:34.0835 13020 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

18:09:34.0845 13020 arc - ok

18:09:34.0855 13020 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

18:09:34.0865 13020 arcsas - ok

18:09:34.0935 13020 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys

18:09:34.0945 13020 AsIO - ok

18:09:34.0955 13020 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys

18:09:34.0955 13020 AsUpIO - ok

18:09:34.0975 13020 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

18:09:34.0985 13020 AsyncMac - ok

18:09:35.0005 13020 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

18:09:35.0005 13020 atapi - ok

18:09:35.0055 13020 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

18:09:35.0065 13020 AudioEndpointBuilder - ok

18:09:35.0075 13020 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

18:09:35.0075 13020 AudioSrv - ok

18:09:35.0095 13020 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys

18:09:35.0105 13020 avgntflt - ok

18:09:35.0145 13020 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys

18:09:35.0155 13020 avipbb - ok

18:09:35.0165 13020 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys

18:09:35.0175 13020 avkmgr - ok

18:09:35.0215 13020 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

18:09:35.0225 13020 AxInstSV - ok

18:09:35.0255 13020 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

18:09:35.0275 13020 b06bdrv - ok

18:09:35.0305 13020 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

18:09:35.0315 13020 b57nd60a - ok

18:09:35.0345 13020 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

18:09:35.0355 13020 BDESVC - ok

18:09:35.0365 13020 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

18:09:35.0365 13020 Beep - ok

18:09:35.0445 13020 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

18:09:35.0455 13020 BFE - ok

18:09:35.0485 13020 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

18:09:35.0505 13020 BITS - ok

18:09:35.0525 13020 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

18:09:35.0535 13020 blbdrive - ok

18:09:35.0565 13020 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

18:09:35.0575 13020 bowser - ok

18:09:35.0595 13020 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:09:35.0605 13020 BrFiltLo - ok

18:09:35.0635 13020 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:09:35.0635 13020 BrFiltUp - ok

18:09:35.0695 13020 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

18:09:35.0725 13020 BridgeMP - ok

18:09:35.0765 13020 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

18:09:35.0765 13020 Browser - ok

18:09:35.0795 13020 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

18:09:35.0815 13020 Brserid - ok

18:09:35.0825 13020 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

18:09:35.0835 13020 BrSerWdm - ok

18:09:35.0845 13020 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

18:09:35.0845 13020 BrUsbMdm - ok

18:09:35.0855 13020 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

18:09:35.0855 13020 BrUsbSer - ok

18:09:35.0875 13020 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

18:09:35.0875 13020 BTHMODEM - ok

18:09:35.0905 13020 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

18:09:35.0915 13020 bthserv - ok

18:09:35.0915 13020 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

18:09:35.0925 13020 cdfs - ok

18:09:35.0955 13020 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

18:09:35.0965 13020 cdrom - ok

18:09:36.0005 13020 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

18:09:36.0015 13020 CertPropSvc - ok

18:09:36.0035 13020 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

18:09:36.0045 13020 circlass - ok

18:09:36.0075 13020 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

18:09:36.0075 13020 CLFS - ok

18:09:36.0135 13020 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:09:36.0145 13020 clr_optimization_v2.0.50727_32 - ok

18:09:36.0185 13020 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:09:36.0195 13020 clr_optimization_v2.0.50727_64 - ok

18:09:36.0215 13020 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

18:09:36.0215 13020 CmBatt - ok

18:09:36.0245 13020 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

18:09:36.0245 13020 cmdide - ok

18:09:36.0285 13020 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

18:09:36.0305 13020 CNG - ok

18:09:36.0315 13020 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

18:09:36.0325 13020 Compbatt - ok

18:09:36.0355 13020 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

18:09:36.0365 13020 CompositeBus - ok

18:09:36.0375 13020 COMSysApp - ok

18:09:36.0425 13020 [ C9C25778EFE890BAA4087E32937016A0 ] cpuz132 C:\Windows\system32\drivers\cpuz132_x64.sys

18:09:36.0425 13020 cpuz132 - ok

18:09:36.0495 13020 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

18:09:36.0505 13020 crcdisk - ok

18:09:36.0535 13020 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

18:09:36.0545 13020 CryptSvc - ok

18:09:36.0575 13020 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

18:09:36.0595 13020 CSC - ok

18:09:36.0635 13020 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

18:09:36.0645 13020 CscService - ok

18:09:36.0675 13020 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

18:09:36.0685 13020 DcomLaunch - ok

18:09:36.0705 13020 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

18:09:36.0715 13020 defragsvc - ok

18:09:36.0755 13020 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

18:09:36.0755 13020 DfsC - ok

18:09:36.0795 13020 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

18:09:36.0795 13020 Dhcp - ok

18:09:36.0815 13020 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

18:09:36.0815 13020 discache - ok

18:09:36.0835 13020 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

18:09:36.0845 13020 Disk - ok

18:09:36.0875 13020 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

18:09:36.0875 13020 Dnscache - ok

18:09:36.0965 13020 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

18:09:36.0975 13020 dot3svc - ok

18:09:37.0005 13020 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

18:09:37.0015 13020 DPS - ok

18:09:37.0035 13020 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

18:09:37.0045 13020 drmkaud - ok

18:09:37.0095 13020 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

18:09:37.0115 13020 DXGKrnl - ok

18:09:37.0145 13020 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

18:09:37.0145 13020 EapHost - ok

18:09:37.0235 13020 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

18:09:37.0285 13020 ebdrv - ok

18:09:37.0315 13020 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

18:09:37.0315 13020 EFS - ok

18:09:37.0365 13020 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

18:09:37.0385 13020 ehRecvr - ok

18:09:37.0405 13020 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

18:09:37.0415 13020 ehSched - ok

18:09:37.0455 13020 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

18:09:37.0465 13020 elxstor - ok

18:09:37.0495 13020 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

18:09:37.0495 13020 ErrDev - ok

18:09:37.0535 13020 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

18:09:37.0535 13020 EventSystem - ok

18:09:37.0575 13020 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

18:09:37.0645 13020 exfat - ok

18:09:37.0685 13020 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

18:09:37.0695 13020 fastfat - ok

18:09:37.0735 13020 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

18:09:37.0745 13020 Fax - ok

18:09:37.0765 13020 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

18:09:37.0765 13020 fdc - ok

18:09:37.0785 13020 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

18:09:37.0785 13020 fdPHost - ok

18:09:37.0805 13020 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

18:09:37.0805 13020 FDResPub - ok

18:09:37.0835 13020 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

18:09:37.0845 13020 FileInfo - ok

18:09:37.0855 13020 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

18:09:37.0865 13020 Filetrace - ok

18:09:37.0935 13020 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

18:09:37.0955 13020 FLEXnet Licensing Service - ok

18:09:38.0005 13020 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

18:09:38.0015 13020 FLEXnet Licensing Service 64 - ok

18:09:38.0035 13020 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

18:09:38.0035 13020 flpydisk - ok

18:09:38.0065 13020 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

18:09:38.0085 13020 FltMgr - ok

18:09:38.0115 13020 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll

18:09:38.0135 13020 FontCache - ok

18:09:38.0175 13020 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:09:38.0185 13020 FontCache3.0.0.0 - ok

18:09:38.0205 13020 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

18:09:38.0215 13020 FsDepends - ok

18:09:38.0235 13020 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

18:09:38.0245 13020 Fs_Rec - ok

18:09:38.0285 13020 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

18:09:38.0285 13020 fvevol - ok

18:09:38.0305 13020 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

18:09:38.0315 13020 gagp30kx - ok

18:09:38.0345 13020 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

18:09:38.0355 13020 gpsvc - ok

18:09:38.0375 13020 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

18:09:38.0385 13020 hcw85cir - ok

18:09:38.0425 13020 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

18:09:38.0445 13020 HdAudAddService - ok

18:09:38.0485 13020 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

18:09:38.0485 13020 HDAudBus - ok

18:09:38.0505 13020 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

18:09:38.0505 13020 HidBatt - ok

18:09:38.0515 13020 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

18:09:38.0525 13020 HidBth - ok

18:09:38.0545 13020 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

18:09:38.0555 13020 HidIr - ok

18:09:38.0575 13020 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

18:09:38.0585 13020 hidserv - ok

18:09:38.0615 13020 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys

18:09:38.0615 13020 HidUsb - ok

18:09:38.0645 13020 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

18:09:38.0655 13020 hkmsvc - ok

18:09:38.0685 13020 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

18:09:38.0685 13020 HomeGroupListener - ok

18:09:38.0725 13020 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

18:09:38.0725 13020 HomeGroupProvider - ok

18:09:38.0775 13020 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

18:09:38.0785 13020 HpSAMD - ok

18:09:38.0835 13020 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

18:09:38.0845 13020 HTTP - ok

18:09:38.0855 13020 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

18:09:38.0865 13020 hwpolicy - ok

18:09:38.0895 13020 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

18:09:38.0905 13020 i8042prt - ok

18:09:38.0935 13020 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

18:09:38.0955 13020 iaStorV - ok

18:09:39.0005 13020 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

18:09:39.0025 13020 IDriverT - ok

18:09:39.0065 13020 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:09:39.0095 13020 idsvc - ok

18:09:39.0125 13020 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

18:09:39.0125 13020 iirsp - ok

18:09:39.0375 13020 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

18:09:39.0415 13020 IKEEXT - ok

18:09:39.0505 13020 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

18:09:39.0505 13020 intelide - ok

18:09:39.0515 13020 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

18:09:39.0515 13020 intelppm - ok

18:09:39.0535 13020 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

18:09:39.0545 13020 IPBusEnum - ok

18:09:39.0575 13020 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:09:39.0575 13020 IpFilterDriver - ok

18:09:39.0635 13020 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

18:09:39.0635 13020 iphlpsvc - ok

18:09:39.0665 13020 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

18:09:39.0675 13020 IPMIDRV - ok

18:09:39.0745 13020 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

18:09:39.0845 13020 IPNAT - ok

18:09:39.0925 13020 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

18:09:39.0925 13020 IRENUM - ok

18:09:40.0015 13020 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

18:09:40.0025 13020 isapnp - ok

18:09:40.0035 13020 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

18:09:40.0055 13020 iScsiPrt - ok

18:09:40.0075 13020 [ 2224ABC439D115A44EDB5630A92C1D7E ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

18:09:40.0085 13020 JRAID - ok

18:09:40.0105 13020 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

18:09:40.0115 13020 kbdclass - ok

18:09:40.0145 13020 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

18:09:40.0145 13020 kbdhid - ok

18:09:40.0175 13020 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

18:09:40.0175 13020 KeyIso - ok

18:09:40.0205 13020 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

18:09:40.0215 13020 KSecDD - ok

18:09:40.0235 13020 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

18:09:40.0245 13020 KSecPkg - ok

18:09:40.0265 13020 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

18:09:40.0265 13020 ksthunk - ok

18:09:40.0295 13020 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

18:09:40.0305 13020 KtmRm - ok

18:09:40.0355 13020 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

18:09:40.0355 13020 LanmanServer - ok

18:09:40.0385 13020 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

18:09:40.0395 13020 LanmanWorkstation - ok

18:09:40.0425 13020 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

18:09:40.0435 13020 lltdio - ok

18:09:40.0455 13020 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

18:09:40.0465 13020 lltdsvc - ok

18:09:40.0485 13020 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

18:09:40.0485 13020 lmhosts - ok

18:09:40.0555 13020 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

18:09:40.0555 13020 LSI_FC - ok

18:09:40.0585 13020 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

18:09:40.0595 13020 LSI_SAS - ok

18:09:40.0605 13020 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:09:40.0615 13020 LSI_SAS2 - ok

18:09:40.0625 13020 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:09:40.0635 13020 LSI_SCSI - ok

18:09:40.0645 13020 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

18:09:40.0655 13020 luafv - ok

18:09:40.0685 13020 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

18:09:40.0695 13020 Mcx2Svc - ok

18:09:40.0705 13020 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

18:09:40.0715 13020 megasas - ok

18:09:40.0725 13020 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

18:09:40.0745 13020 MegaSR - ok

18:09:40.0785 13020 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

18:09:40.0795 13020 Microsoft Office Groove Audit Service - ok

18:09:40.0815 13020 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

18:09:40.0815 13020 MMCSS - ok

18:09:40.0825 13020 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

18:09:40.0825 13020 Modem - ok

18:09:40.0845 13020 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

18:09:40.0845 13020 monitor - ok

18:09:40.0885 13020 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys

18:09:40.0885 13020 mouclass - ok

18:09:40.0895 13020 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

18:09:40.0905 13020 mouhid - ok

18:09:40.0935 13020 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

18:09:40.0945 13020 mountmgr - ok

18:09:40.0975 13020 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

18:09:40.0985 13020 mpio - ok

18:09:40.0995 13020 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

18:09:41.0005 13020 mpsdrv - ok

18:09:41.0045 13020 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

18:09:41.0055 13020 MpsSvc - ok

18:09:41.0085 13020 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

18:09:41.0095 13020 MRxDAV - ok

18:09:41.0125 13020 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

18:09:41.0135 13020 mrxsmb - ok

18:09:41.0165 13020 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:09:41.0175 13020 mrxsmb10 - ok

18:09:41.0185 13020 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:09:41.0195 13020 mrxsmb20 - ok

18:09:41.0225 13020 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

18:09:41.0235 13020 msahci - ok

18:09:41.0255 13020 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

18:09:41.0265 13020 msdsm - ok

18:09:41.0275 13020 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

18:09:41.0295 13020 MSDTC - ok

18:09:41.0315 13020 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

18:09:41.0315 13020 Msfs - ok

18:09:41.0335 13020 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

18:09:41.0335 13020 mshidkmdf - ok

18:09:41.0355 13020 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

18:09:41.0365 13020 msisadrv - ok

18:09:41.0385 13020 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

18:09:41.0395 13020 MSiSCSI - ok

18:09:41.0405 13020 msiserver - ok

18:09:41.0415 13020 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

18:09:41.0425 13020 MSKSSRV - ok

18:09:41.0445 13020 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

18:09:41.0455 13020 MSPCLOCK - ok

18:09:41.0465 13020 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

18:09:41.0465 13020 MSPQM - ok

18:09:41.0505 13020 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

18:09:41.0515 13020 MsRPC - ok

18:09:41.0545 13020 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

18:09:41.0545 13020 mssmbios - ok

18:09:41.0565 13020 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

18:09:41.0565 13020 MSTEE - ok

18:09:41.0585 13020 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

18:09:41.0585 13020 MTConfig - ok

18:09:41.0635 13020 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys

18:09:41.0635 13020 MTsensor - ok

18:09:41.0665 13020 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

18:09:41.0665 13020 Mup - ok

18:09:41.0745 13020 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

18:09:41.0755 13020 napagent - ok

18:09:41.0815 13020 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

18:09:41.0825 13020 NativeWifiP - ok

18:09:41.0875 13020 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

18:09:41.0875 13020 NDIS - ok

18:09:41.0905 13020 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

18:09:41.0945 13020 NdisCap - ok

18:09:41.0965 13020 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

18:09:41.0965 13020 NdisTapi - ok

18:09:42.0005 13020 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

18:09:42.0095 13020 Ndisuio - ok

18:09:42.0125 13020 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

18:09:42.0135 13020 NdisWan - ok

18:09:42.0155 13020 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

18:09:42.0165 13020 NDProxy - ok

18:09:42.0185 13020 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

18:09:42.0195 13020 NetBIOS - ok

18:09:42.0225 13020 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

18:09:42.0225 13020 NetBT - ok

18:09:42.0245 13020 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

18:09:42.0245 13020 Netlogon - ok

18:09:42.0275 13020 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

18:09:42.0295 13020 Netman - ok

18:09:42.0305 13020 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

18:09:42.0315 13020 netprofm - ok

18:09:42.0335 13020 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:09:42.0345 13020 NetTcpPortSharing - ok

18:09:42.0375 13020 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

18:09:42.0385 13020 nfrd960 - ok

18:09:42.0415 13020 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

18:09:42.0415 13020 NlaSvc - ok

18:09:42.0495 13020 [ B400ED9FA710F2E5FC3C1CB14D7947B0 ] NMSAccessU C:\Windows\SysWOW64\NMSAccessU.exe

18:09:42.0495 13020 NMSAccessU - ok

18:09:42.0505 13020 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

18:09:42.0505 13020 Npfs - ok

18:09:42.0525 13020 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

18:09:42.0535 13020 nsi - ok

18:09:42.0545 13020 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

18:09:42.0545 13020 nsiproxy - ok

18:09:42.0615 13020 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

18:09:42.0645 13020 Ntfs - ok

18:09:42.0675 13020 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

18:09:42.0685 13020 Null - ok

18:09:42.0945 13020 [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

18:09:43.0155 13020 nvlddmkm - ok

18:09:43.0195 13020 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

18:09:43.0195 13020 nvraid - ok

18:09:43.0215 13020 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

18:09:43.0215 13020 nvstor - ok

18:09:43.0255 13020 [ 34E5498528BB3D5A951F889F8756AD26 ] nvsvc C:\Windows\system32\nvvsvc.exe

18:09:43.0265 13020 nvsvc - ok

18:09:43.0365 13020 [ CD0BFAA6872CFE38C908D313AE17C350 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

18:09:43.0385 13020 nvUpdatusService - ok

18:09:43.0415 13020 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

18:09:43.0415 13020 nv_agp - ok

18:09:43.0475 13020 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

18:09:43.0495 13020 odserv - ok

18:09:43.0525 13020 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

18:09:43.0525 13020 ohci1394 - ok

18:09:43.0555 13020 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:09:43.0575 13020 ose - ok

18:09:43.0595 13020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

18:09:43.0615 13020 p2pimsvc - ok

18:09:43.0625 13020 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

18:09:43.0635 13020 p2psvc - ok

18:09:43.0655 13020 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

18:09:43.0665 13020 Parport - ok

18:09:43.0695 13020 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

18:09:43.0705 13020 partmgr - ok

18:09:43.0725 13020 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

18:09:43.0735 13020 PcaSvc - ok

18:09:43.0755 13020 pccsmcfd - ok

18:09:43.0785 13020 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

18:09:43.0795 13020 pci - ok

18:09:43.0805 13020 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

18:09:43.0815 13020 pciide - ok

18:09:43.0825 13020 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

18:09:43.0835 13020 pcmcia - ok

18:09:43.0855 13020 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

18:09:43.0855 13020 pcw - ok

18:09:43.0885 13020 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

18:09:43.0905 13020 PEAUTH - ok

18:09:43.0955 13020 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

18:09:43.0975 13020 PeerDistSvc - ok

18:09:43.0995 13020 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

18:09:43.0995 13020 PerfHost - ok

18:09:44.0035 13020 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

18:09:44.0065 13020 pla - ok

18:09:44.0115 13020 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

18:09:44.0125 13020 PlugPlay - ok

18:09:44.0155 13020 PnkBstrA - ok

18:09:44.0175 13020 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

18:09:44.0185 13020 PNRPAutoReg - ok

18:09:44.0195 13020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

18:09:44.0205 13020 PNRPsvc - ok

18:09:44.0245 13020 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

18:09:44.0245 13020 PolicyAgent - ok

18:09:44.0265 13020 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

18:09:44.0285 13020 Power - ok

18:09:44.0315 13020 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

18:09:44.0325 13020 PptpMiniport - ok

18:09:44.0335 13020 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

18:09:44.0345 13020 Processor - ok

18:09:44.0375 13020 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

18:09:44.0385 13020 ProfSvc - ok

18:09:44.0395 13020 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

18:09:44.0395 13020 ProtectedStorage - ok

18:09:44.0425 13020 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

18:09:44.0435 13020 Psched - ok

18:09:44.0485 13020 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

18:09:44.0515 13020 ql2300 - ok

18:09:44.0535 13020 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

18:09:44.0535 13020 ql40xx - ok

18:09:44.0565 13020 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

18:09:44.0575 13020 QWAVE - ok

18:09:44.0595 13020 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

18:09:44.0595 13020 QWAVEdrv - ok

18:09:44.0615 13020 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

18:09:44.0615 13020 RasAcd - ok

18:09:44.0635 13020 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

18:09:44.0645 13020 RasAgileVpn - ok

18:09:44.0655 13020 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

18:09:44.0665 13020 RasAuto - ok

18:09:44.0695 13020 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

18:09:44.0705 13020 Rasl2tp - ok

18:09:44.0745 13020 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

18:09:44.0745 13020 RasMan - ok

18:09:44.0775 13020 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

18:09:44.0785 13020 RasPppoe - ok

18:09:44.0795 13020 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

18:09:44.0805 13020 RasSstp - ok

18:09:44.0825 13020 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

18:09:44.0845 13020 rdbss - ok

18:09:44.0855 13020 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

18:09:44.0865 13020 rdpbus - ok

18:09:44.0875 13020 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

18:09:44.0875 13020 RDPCDD - ok

18:09:44.0915 13020 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

18:09:44.0925 13020 RDPDR - ok

18:09:44.0945 13020 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

18:09:44.0945 13020 RDPENCDD - ok

18:09:44.0955 13020 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

18:09:44.0955 13020 RDPREFMP - ok

18:09:44.0995 13020 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

18:09:44.0995 13020 RdpVideoMiniport - ok

18:09:45.0035 13020 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

18:09:45.0045 13020 RDPWD - ok

18:09:45.0055 13020 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

18:09:45.0065 13020 rdyboost - ok

18:09:45.0095 13020 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

18:09:45.0095 13020 RemoteAccess - ok

18:09:45.0115 13020 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

18:09:45.0125 13020 RemoteRegistry - ok

18:09:45.0145 13020 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

18:09:45.0145 13020 RpcEptMapper - ok

18:09:45.0165 13020 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

18:09:45.0165 13020 RpcLocator - ok

18:09:45.0195 13020 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

18:09:45.0195 13020 RpcSs - ok

18:09:45.0215 13020 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

18:09:45.0225 13020 rspndr - ok

18:09:45.0245 13020 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

18:09:45.0305 13020 RTL8167 - ok

18:09:45.0325 13020 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

18:09:45.0325 13020 s3cap - ok

18:09:45.0345 13020 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

18:09:45.0345 13020 SamSs - ok

18:09:45.0365 13020 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

18:09:45.0375 13020 sbp2port - ok

18:09:45.0405 13020 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

18:09:45.0415 13020 SCardSvr - ok

18:09:45.0445 13020 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

18:09:45.0445 13020 scfilter - ok

18:09:45.0495 13020 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

18:09:45.0505 13020 Schedule - ok

18:09:45.0545 13020 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

18:09:45.0545 13020 SCPolicySvc - ok

18:09:45.0575 13020 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

18:09:45.0585 13020 SDRSVC - ok

18:09:45.0615 13020 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

18:09:45.0615 13020 secdrv - ok

18:09:45.0635 13020 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

18:09:45.0645 13020 seclogon - ok

18:09:45.0695 13020 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

18:09:45.0695 13020 SENS - ok

18:09:45.0725 13020 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

18:09:45.0795 13020 SensrSvc - ok

18:09:45.0815 13020 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

18:09:45.0825 13020 Serenum - ok

18:09:45.0845 13020 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

18:09:45.0855 13020 Serial - ok

18:09:45.0885 13020 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

18:09:45.0895 13020 sermouse - ok

18:09:45.0935 13020 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

18:09:45.0945 13020 SessionEnv - ok

18:09:45.0965 13020 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

18:09:45.0975 13020 sffdisk - ok

18:09:45.0985 13020 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

18:09:45.0995 13020 sffp_mmc - ok

18:09:46.0005 13020 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

18:09:46.0005 13020 sffp_sd - ok

18:09:46.0035 13020 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

18:09:46.0045 13020 sfloppy - ok

18:09:46.0075 13020 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

18:09:46.0085 13020 SharedAccess - ok

18:09:46.0105 13020 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

18:09:46.0105 13020 ShellHWDetection - ok

18:09:46.0115 13020 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:09:46.0125 13020 SiSRaid2 - ok

18:09:46.0135 13020 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

18:09:46.0145 13020 SiSRaid4 - ok

18:09:46.0175 13020 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

18:09:46.0185 13020 Smb - ok

18:09:46.0215 13020 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

18:09:46.0225 13020 SNMPTRAP - ok

18:09:46.0245 13020 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

18:09:46.0245 13020 spldr - ok

18:09:46.0285 13020 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

18:09:46.0295 13020 Spooler - ok

18:09:46.0385 13020 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

18:09:46.0405 13020 sppsvc - ok

18:09:46.0425 13020 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

18:09:46.0435 13020 sppuinotify - ok

18:09:46.0475 13020 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys

18:09:46.0475 13020 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB

18:09:46.0475 13020 sptd ( LockedFile.Multi.Generic ) - warning

18:09:46.0475 13020 sptd - detected LockedFile.Multi.Generic (1)

18:09:46.0515 13020 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

18:09:46.0525 13020 srv - ok

18:09:46.0545 13020 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

18:09:46.0555 13020 srv2 - ok

18:09:46.0575 13020 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

18:09:46.0575 13020 srvnet - ok

18:09:46.0605 13020 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

18:09:46.0615 13020 SSDPSRV - ok

18:09:46.0625 13020 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

18:09:46.0625 13020 SstpSvc - ok

18:09:46.0695 13020 [ 8544A200C40447E465F06E58687428BB ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

18:09:46.0705 13020 Stereo Service - ok

18:09:46.0725 13020 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

18:09:46.0735 13020 stexstor - ok

18:09:46.0795 13020 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

18:09:46.0795 13020 stisvc - ok

18:09:46.0825 13020 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

18:09:46.0835 13020 storflt - ok

18:09:46.0855 13020 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

18:09:46.0865 13020 storvsc - ok

18:09:46.0895 13020 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

18:09:46.0895 13020 swenum - ok

18:09:46.0935 13020 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

18:09:46.0945 13020 swprv - ok

18:09:46.0955 13020 Synth3dVsc - ok

18:09:47.0015 13020 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

18:09:47.0045 13020 SysMain - ok

18:09:47.0065 13020 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

18:09:47.0065 13020 TabletInputService - ok

18:09:47.0085 13020 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

18:09:47.0085 13020 TapiSrv - ok

18:09:47.0105 13020 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

18:09:47.0105 13020 TBS - ok

18:09:47.0185 13020 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

18:09:47.0235 13020 Tcpip - ok

18:09:47.0275 13020 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

18:09:47.0285 13020 TCPIP6 - ok

18:09:47.0315 13020 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

18:09:47.0315 13020 tcpipreg - ok

18:09:47.0335 13020 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

18:09:47.0335 13020 TDPIPE - ok

18:09:47.0355 13020 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

18:09:47.0365 13020 TDTCP - ok

18:09:47.0375 13020 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

18:09:47.0385 13020 tdx - ok

18:09:47.0415 13020 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

18:09:47.0415 13020 TermDD - ok

18:09:47.0455 13020 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

18:09:47.0465 13020 TermService - ok

18:09:47.0485 13020 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

18:09:47.0495 13020 Themes - ok

18:09:47.0515 13020 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

18:09:47.0515 13020 THREADORDER - ok

18:09:47.0525 13020 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

18:09:47.0535 13020 TrkWks - ok

18:09:47.0565 13020 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

18:09:47.0565 13020 TrustedInstaller - ok

18:09:47.0595 13020 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

18:09:47.0605 13020 tssecsrv - ok

18:09:47.0695 13020 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

18:09:47.0795 13020 TsUsbFlt - ok

18:09:47.0825 13020 tsusbhub - ok

18:09:47.0925 13020 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

18:09:47.0965 13020 tunnel - ok

18:09:47.0985 13020 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

18:09:47.0985 13020 uagp35 - ok

18:09:48.0005 13020 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

18:09:48.0025 13020 udfs - ok

18:09:48.0045 13020 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

18:09:48.0055 13020 UI0Detect - ok

18:09:48.0085 13020 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

18:09:48.0085 13020 uliagpkx - ok

18:09:48.0115 13020 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

18:09:48.0125 13020 umbus - ok

18:09:48.0145 13020 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

18:09:48.0145 13020 UmPass - ok

18:09:48.0185 13020 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

18:09:48.0195 13020 UmRdpService - ok

18:09:48.0215 13020 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

18:09:48.0235 13020 upnphost - ok

18:09:48.0255 13020 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\drivers\usbccgp.sys

18:09:48.0265 13020 usbccgp - ok

18:09:48.0295 13020 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

18:09:48.0305 13020 usbcir - ok

18:09:48.0315 13020 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

18:09:48.0325 13020 usbehci - ok

18:09:48.0345 13020 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

18:09:48.0355 13020 usbhub - ok

18:09:48.0365 13020 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

18:09:48.0365 13020 usbohci - ok

18:09:48.0395 13020 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

18:09:48.0395 13020 usbprint - ok

18:09:48.0415 13020 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

18:09:48.0425 13020 usbscan - ok

18:09:48.0435 13020 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS

18:09:48.0445 13020 USBSTOR - ok

18:09:48.0475 13020 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

18:09:48.0475 13020 usbuhci - ok

18:09:48.0495 13020 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys

18:09:48.0495 13020 usb_rndisx - ok

18:09:48.0505 13020 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

18:09:48.0515 13020 UxSms - ok

18:09:48.0525 13020 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

18:09:48.0525 13020 VaultSvc - ok

18:09:48.0545 13020 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

18:09:48.0555 13020 vdrvroot - ok

18:09:48.0585 13020 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

18:09:48.0595 13020 vds - ok

18:09:48.0625 13020 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

18:09:48.0635 13020 vga - ok

18:09:48.0645 13020 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

18:09:48.0645 13020 VgaSave - ok

18:09:48.0655 13020 VGPU - ok

18:09:48.0685 13020 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

18:09:48.0695 13020 vhdmp - ok

18:09:48.0745 13020 [ 627270F2103D41086BAB9675A3315DAB ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys

18:09:48.0775 13020 VIAHdAudAddService - ok

18:09:48.0805 13020 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

18:09:48.0805 13020 viaide - ok

18:09:48.0845 13020 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

18:09:48.0855 13020 vmbus - ok

18:09:48.0875 13020 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

18:09:48.0885 13020 VMBusHID - ok

18:09:48.0915 13020 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

18:09:48.0915 13020 volmgr - ok

18:09:48.0945 13020 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

18:09:48.0955 13020 volmgrx - ok

18:09:48.0985 13020 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

18:09:49.0005 13020 volsnap - ok

18:09:49.0045 13020 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

18:09:49.0055 13020 vsmraid - ok

18:09:49.0105 13020 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

18:09:49.0145 13020 VSS - ok

18:09:49.0165 13020 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

18:09:49.0165 13020 vwifibus - ok

18:09:49.0195 13020 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

18:09:49.0215 13020 W32Time - ok

18:09:49.0225 13020 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

18:09:49.0235 13020 WacomPen - ok

18:09:49.0275 13020 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

18:09:49.0275 13020 WANARP - ok

18:09:49.0295 13020 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

18:09:49.0295 13020 Wanarpv6 - ok

18:09:49.0355 13020 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

18:09:49.0395 13020 WatAdminSvc - ok

18:09:49.0435 13020 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

18:09:49.0455 13020 wbengine - ok

18:09:49.0475 13020 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

18:09:49.0485 13020 WbioSrvc - ok

18:09:49.0515 13020 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

18:09:49.0525 13020 wcncsvc - ok

18:09:49.0525 13020 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

18:09:49.0535 13020 WcsPlugInService - ok

18:09:49.0555 13020 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

18:09:49.0555 13020 Wd - ok

18:09:49.0585 13020 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

18:09:49.0595 13020 Wdf01000 - ok

18:09:49.0615 13020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

18:09:49.0615 13020 WdiServiceHost - ok

18:09:49.0625 13020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

18:09:49.0625 13020 WdiSystemHost - ok

18:09:49.0655 13020 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

18:09:49.0665 13020 WebClient - ok

18:09:49.0695 13020 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

18:09:49.0705 13020 Wecsvc - ok

18:09:49.0715 13020 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

18:09:49.0715 13020 wercplsupport - ok

18:09:49.0735 13020 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

18:09:49.0735 13020 WerSvc - ok

18:09:49.0755 13020 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

18:09:49.0755 13020 WfpLwf - ok

18:09:49.0765 13020 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

18:09:49.0775 13020 WIMMount - ok

18:09:49.0785 13020 WinDefend - ok

18:09:49.0795 13020 WinHttpAutoProxySvc - ok

18:09:49.0825 13020 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

18:09:49.0845 13020 Winmgmt - ok

18:09:49.0895 13020 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

18:09:49.0925 13020 WinRM - ok

18:09:49.0985 13020 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

18:09:49.0995 13020 WinUsb - ok

18:09:50.0035 13020 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

18:09:50.0055 13020 Wlansvc - ok

18:09:50.0155 13020 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

18:09:50.0185 13020 wlidsvc - ok

18:09:50.0225 13020 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

18:09:50.0265 13020 WmiAcpi - ok

18:09:50.0365 13020 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

18:09:50.0375 13020 wmiApSrv - ok

18:09:50.0395 13020 WMPNetworkSvc - ok

18:09:50.0415 13020 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

18:09:50.0425 13020 WPCSvc - ok

18:09:50.0455 13020 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

18:09:50.0455 13020 WPDBusEnum - ok

18:09:50.0475 13020 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

18:09:50.0475 13020 ws2ifsl - ok

18:09:50.0495 13020 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

18:09:50.0495 13020 wscsvc - ok

18:09:50.0495 13020 WSearch - ok

18:09:50.0575 13020 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

18:09:50.0595 13020 wuauserv - ok

18:09:50.0615 13020 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

18:09:50.0625 13020 WudfPf - ok

18:09:50.0645 13020 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

18:09:50.0645 13020 WUDFRd - ok

18:09:50.0665 13020 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

18:09:50.0675 13020 wudfsvc - ok

18:09:50.0695 13020 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

18:09:50.0705 13020 WwanSvc - ok

18:09:50.0795 13020 ================ Scan global ===============================

18:09:50.0805 13020 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

18:09:50.0835 13020 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

18:09:50.0855 13020 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

18:09:50.0875 13020 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

18:09:50.0905 13020 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

18:09:50.0915 13020 [Global] - ok

18:09:50.0915 13020 ================ Scan MBR ==================================

18:09:50.0925 13020 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

18:09:51.0065 13020 \Device\Harddisk0\DR0 - ok

18:09:51.0065 13020 ================ Scan VBR ==================================

18:09:51.0075 13020 [ D7482CDF910BA65FD466B214456EAE38 ] \Device\Harddisk0\DR0\Partition1

18:09:51.0075 13020 \Device\Harddisk0\DR0\Partition1 - ok

18:09:51.0075 13020 [ CBE60AB2674CC23301FEFF457F033770 ] \Device\Harddisk0\DR0\Partition2

18:09:51.0085 13020 \Device\Harddisk0\DR0\Partition2 - ok

18:09:51.0095 13020 [ E76CE77BA2FDD5462FF84DA68A89BDDC ] \Device\Harddisk0\DR0\Partition3

18:09:51.0095 13020 \Device\Harddisk0\DR0\Partition3 - ok

18:09:51.0095 13020 ============================================================

18:09:51.0095 13020 Scan finished

18:09:51.0095 13020 ============================================================

18:09:51.0115 9752 Detected object count: 1

18:09:51.0115 9752 Actual detected object count: 1

18:10:08.0955 9752 sptd ( LockedFile.Multi.Generic ) - skipped by user

18:10:08.0955 9752 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

18:10:50.0860 11208 Deinitialize success

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Ultimate Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: ASUSTeK Computer INC.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: System manufacturer

System Product Name: System Product Name

Logical Drives Mask: 0x0000003c

Kernel Drivers (total 191):

0x02C07000 \SystemRoot\system32\ntoskrnl.exe

0x031EF000 \SystemRoot\system32\hal.dll

0x00BD1000 \SystemRoot\system32\kdcom.dll

0x00CF9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00D48000 \SystemRoot\system32\PSHED.dll

0x00D5C000 \SystemRoot\system32\CLFS.SYS

0x00C00000 \SystemRoot\system32\CI.dll

0x00E40000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EE4000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x0104F000 \SystemRoot\System32\Drivers\spkm.sys

0x01175000 \SystemRoot\System32\Drivers\WMILIB.SYS

0x0117E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS

0x00EF3000 \SystemRoot\system32\drivers\ACPI.sys

0x011AD000 \SystemRoot\system32\drivers\msisadrv.sys

0x011B7000 \SystemRoot\system32\drivers\vdrvroot.sys

0x011C4000 \SystemRoot\system32\drivers\pci.sys

0x01000000 \SystemRoot\System32\drivers\partmgr.sys

0x01015000 \SystemRoot\system32\drivers\volmgr.sys

0x00F4A000 \SystemRoot\System32\drivers\volmgrx.sys

0x0102A000 \SystemRoot\system32\drivers\pciide.sys

0x01031000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x00FA6000 \SystemRoot\System32\drivers\mountmgr.sys

0x00FC0000 \SystemRoot\system32\drivers\vmbus.sys

0x00E00000 \SystemRoot\system32\drivers\winhv.sys

0x01041000 \SystemRoot\system32\drivers\atapi.sys

0x00E14000 \SystemRoot\system32\drivers\ataport.SYS

0x00CC0000 \SystemRoot\system32\DRIVERS\jraid.sys

0x00CDE000 \SystemRoot\system32\drivers\amdxata.sys

0x01233000 \SystemRoot\system32\drivers\fltmgr.sys

0x0127F000 \SystemRoot\system32\drivers\fileinfo.sys

0x0145A000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01293000 \SystemRoot\System32\Drivers\msrpc.sys

0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys

0x012F1000 \SystemRoot\System32\Drivers\cng.sys

0x0141B000 \SystemRoot\System32\drivers\pcw.sys

0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x016F9000 \SystemRoot\system32\drivers\ndis.sys

0x01600000 \SystemRoot\system32\drivers\NETIO.SYS

0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01800000 \SystemRoot\System32\drivers\tcpip.sys

0x0168A000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x016D4000 \SystemRoot\system32\drivers\vmstorfl.sys

0x01363000 \SystemRoot\system32\drivers\volsnap.sys

0x016E4000 \SystemRoot\System32\Drivers\spldr.sys

0x01436000 \SystemRoot\system32\drivers\sbp2port.sys

0x013AF000 \SystemRoot\System32\drivers\rdyboost.sys

0x017EB000 \SystemRoot\System32\Drivers\mup.sys

0x016EC000 \SystemRoot\System32\drivers\hwpolicy.sys

0x00DBA000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x013E9000 \SystemRoot\system32\DRIVERS\disk.sys

0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x02C64000 \SystemRoot\system32\drivers\cdrom.sys

0x02C8E000 \SystemRoot\System32\Drivers\Null.SYS

0x02C97000 \SystemRoot\System32\Drivers\Beep.SYS

0x02C9E000 \SystemRoot\System32\drivers\vga.sys

0x02CAC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x02CD1000 \SystemRoot\System32\drivers\watchdog.sys

0x02CE1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x02CEA000 \SystemRoot\system32\drivers\rdpencdd.sys

0x02CF3000 \SystemRoot\system32\drivers\rdprefmp.sys

0x02CFC000 \SystemRoot\System32\Drivers\Msfs.SYS

0x02D07000 \SystemRoot\System32\Drivers\Npfs.SYS

0x02D18000 \SystemRoot\system32\DRIVERS\tdx.sys

0x02D3A000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x02D47000 \SystemRoot\system32\drivers\afd.sys

0x02C00000 \SystemRoot\System32\DRIVERS\netbt.sys

0x02C45000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x02DD0000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x02DD9000 \SystemRoot\system32\DRIVERS\pacer.sys

0x03E2F000 \SystemRoot\system32\DRIVERS\netbios.sys

0x03E3E000 \SystemRoot\system32\DRIVERS\serial.sys

0x03E5B000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x03E76000 \SystemRoot\system32\drivers\termdd.sys

0x03E8A000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x03EDB000 \SystemRoot\system32\drivers\nsiproxy.sys

0x03EE7000 \SystemRoot\system32\drivers\mssmbios.sys

0x03EF2000 \SystemRoot\System32\drivers\discache.sys

0x03F01000 \SystemRoot\system32\drivers\csc.sys

0x03F84000 \SystemRoot\System32\Drivers\dfsc.sys

0x03FA2000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x03FB3000 \SystemRoot\system32\DRIVERS\avkmgr.sys

0x03FBD000 \SystemRoot\system32\DRIVERS\avipbb.sys

0x03FE4000 \SystemRoot\SysWow64\drivers\AsUpIO.sys

0x03FEA000 \SystemRoot\SysWow64\drivers\AsIO.sys

0x03E00000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x04482000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x0F094000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x0FDB2000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x04498000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x0FDB4000 \SystemRoot\System32\drivers\dxgmms1.sys

0x0F000000 \SystemRoot\system32\drivers\usbehci.sys

0x0F011000 \SystemRoot\system32\drivers\USBPORT.SYS

0x0F067000 \SystemRoot\system32\drivers\HDAudBus.sys

0x0458C000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x04400000 \SystemRoot\system32\drivers\1394ohci.sys

0x0F08B000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0x0443E000 \SystemRoot\system32\DRIVERS\serenum.sys

0x0444A000 \SystemRoot\system32\drivers\i8042prt.sys

0x04468000 \SystemRoot\system32\drivers\kbdclass.sys

0x045C5000 \SystemRoot\system32\drivers\mouclass.sys

0x04A2E000 \SystemRoot\System32\Drivers\ayel2ul1.SYS

0x04A73000 \SystemRoot\system32\drivers\CompositeBus.sys

0x04A83000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x04A99000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x04ABD000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x04AC9000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x04AF8000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x04B13000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x04B34000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x04B4E000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x04B59000 \SystemRoot\system32\drivers\swenum.sys

0x04B5B000 \SystemRoot\system32\drivers\ks.sys

0x04B9E000 \SystemRoot\system32\drivers\umbus.sys

0x04C63000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x04CBD000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x05A25000 \SystemRoot\system32\drivers\viahduaa.sys

0x05BB9000 \SystemRoot\system32\drivers\portcls.sys

0x05A00000 \SystemRoot\system32\drivers\drmk.sys

0x05BF6000 \SystemRoot\system32\drivers\ksthunk.sys

0x00080000 \SystemRoot\System32\win32k.sys

0x04CD2000 \SystemRoot\System32\drivers\Dxapi.sys

0x04CDE000 \SystemRoot\System32\Drivers\crashdmp.sys

0x04CEC000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x04CF8000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x04D01000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x04D14000 \SystemRoot\system32\DRIVERS\usbscan.sys

0x05BFC000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x04D25000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00500000 \SystemRoot\System32\TSDDD.dll

0x00780000 \SystemRoot\System32\cdd.dll

0x00880000 \SystemRoot\System32\ATMFD.DLL

0x04D33000 \SystemRoot\system32\drivers\luafv.sys

0x04D56000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0x04D76000 \SystemRoot\system32\drivers\WudfPf.sys

0x04D97000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x04DAC000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x0620B000 \SystemRoot\system32\drivers\HTTP.sys

0x062D4000 \SystemRoot\system32\DRIVERS\bowser.sys

0x062F2000 \SystemRoot\System32\drivers\mpsdrv.sys

0x0630A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x06337000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x06385000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x063A9000 \SystemRoot\System32\Drivers\adfs.SYS

0x063C1000 \??\C:\Windows\system32\drivers\cpuz132_x64.sys

0x068C2000 \SystemRoot\system32\drivers\peauth.sys

0x06968000 \SystemRoot\System32\Drivers\secdrv.SYS

0x06973000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x069A4000 \SystemRoot\System32\drivers\tcpipreg.sys

0x06800000 \SystemRoot\System32\DRIVERS\srv2.sys

0x06C7A000 \SystemRoot\System32\DRIVERS\srv.sys

0x06D12000 \SystemRoot\system32\drivers\spsys.sys

0x76FD0000 \Windows\System32\ntdll.dll

0x481F0000 \Windows\System32\smss.exe

0xFF2F0000 \Windows\System32\apisetschema.dll

0xFF680000 \Windows\System32\autochk.exe

0x76E70000 \Windows\System32\wininet.dll

0xFF2C0000 \Windows\System32\imagehlp.dll

0xFF190000 \Windows\System32\rpcrt4.dll

0x76D50000 \Windows\System32\kernel32.dll

0xFF170000 \Windows\System32\sechost.dll

0xFF0F0000 \Windows\System32\shlwapi.dll

0xFF0E0000 \Windows\System32\nsi.dll

0xFF080000 \Windows\System32\Wldap32.dll

0xFE2F0000 \Windows\System32\shell32.dll

0x76B40000 \Windows\System32\iertutil.dll

0xFE280000 \Windows\System32\gdi32.dll

0xFE270000 \Windows\System32\lpk.dll

0xFE160000 \Windows\System32\msctf.dll

0x769F0000 \Windows\System32\urlmon.dll

0xFE0C0000 \Windows\System32\comdlg32.dll

0xFE020000 \Windows\System32\clbcatq.dll

0x771A0000 \Windows\System32\psapi.dll

0xFDE40000 \Windows\System32\setupapi.dll

0xFDDF0000 \Windows\System32\ws2_32.dll

0xFDD10000 \Windows\System32\advapi32.dll

0xFDC70000 \Windows\System32\msvcrt.dll

0x77190000 \Windows\System32\normaliz.dll

0xFDA60000 \Windows\System32\ole32.dll

0xFD9E0000 \Windows\System32\difxapi.dll

0xFD9B0000 \Windows\System32\imm32.dll

0xFD8E0000 \Windows\System32\usp10.dll

0xFD800000 \Windows\System32\oleaut32.dll

0x768F0000 \Windows\System32\user32.dll

0xFD790000 \Windows\System32\KernelBase.dll

0xFD750000 \Windows\System32\cfgmgr32.dll

0xFD730000 \Windows\System32\devobj.dll

0xFD6F0000 \Windows\System32\wintrust.dll

0xFD580000 \Windows\System32\crypt32.dll

0xFD4E0000 \Windows\System32\comctl32.dll

0xFD4D0000 \Windows\System32\msasn1.dll

0x763D0000 \Windows\SysWOW64\normaliz.dll

Processes (total 61):

0 System Idle Process

4 System

292 C:\Windows\System32\smss.exe

384 csrss.exe

444 C:\Windows\System32\wininit.exe

468 csrss.exe

508 C:\Windows\System32\services.exe

524 C:\Windows\System32\lsass.exe

532 C:\Windows\System32\lsm.exe

648 C:\Windows\System32\winlogon.exe

680 C:\Windows\System32\svchost.exe

752 C:\Windows\System32\nvvsvc.exe

776 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

820 C:\Windows\System32\svchost.exe

912 C:\Windows\System32\svchost.exe

952 C:\Windows\System32\svchost.exe

996 C:\Windows\System32\svchost.exe

696 C:\Windows\System32\svchost.exe

1104 C:\Windows\System32\svchost.exe

1208 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

1220 C:\Windows\System32\nvvsvc.exe

1276 C:\Windows\System32\spoolsv.exe

1324 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

1524 C:\Windows\System32\svchost.exe

1656 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

1688 C:\Windows\System32\svchost.exe

1740 C:\Windows\SysWOW64\NMSAccessU.exe

1804 C:\Windows\SysWOW64\PnkBstrA.exe

1840 C:\Windows\System32\svchost.exe

1896 C:\Windows\System32\svchost.exe

1940 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

1780 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2104 C:\Windows\System32\taskhost.exe

2424 C:\Windows\System32\dwm.exe

2444 C:\Windows\explorer.exe

2552 C:\Program Files\Java\jre6\bin\jusched.exe

2588 C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

2896 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

2944 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

2976 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

2996 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

3004 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

2508 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

2596 C:\Windows\System32\conhost.exe

2672 C:\Windows\System32\SearchIndexer.exe

3272 C:\Windows\System32\svchost.exe

3568 C:\Windows\System32\svchost.exe

3892 C:\Program Files\Windows Media Player\wmpnetwk.exe

3912 dllhost.exe

2992 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

4228 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

4576 C:\Windows\System32\sppsvc.exe

4288 C:\Windows\System32\wuauclt.exe

2668 C:\Windows\splwow64.exe

10000 C:\Program Files (x86)\DAEMON Tools Pro\DTProShellHlp.exe

10256 C:\Windows\System32\audiodg.exe

12336 C:\Windows\System32\SearchProtocolHost.exe

11496 C:\Windows\System32\SearchFilterHost.exe

11740 C:\Users\ilWizard\Desktop\MBRCheck.exe

13032 C:\Windows\System32\conhost.exe

11992 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000075`b8b00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT721010SLA360, Rev: ST6OA3AA

Size Device Name MBR Status

--------------------------------------------

931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Link to post
Share on other sites

Thanks Screen.

This is what happened. A couple of weeks ago the provider of one of the mail I use signalled that there were suspect smtp authentication from all over the world for my email. And that was, most probably, because I got malware (if not something worse) and that probably all my emails were compromised. I panicked, since I keep Avira always up and running and updated. I've done a scan and there were tons of suspected files (like 17). I cleaned and quarantined as suggested but once I've done another complete scan there were some stuff more. Another round of cleaning and then I've tried with Malwere bytes which signalled only one malwere and, apparently, it cured that one.

Around the same time, Outlook 2007 started to acccess furiously to the hard disk and so I panicked again and basically I was sure that I was still infected and so I've asked for help. :) And here I am.

The pc is running smoothly but basically I can't keed Outlook open since after one minute it starts accessing to the hard disk with 1 second intervals in an infinite loop. So I have to launch and close it after downloading the mails. Very annoying. So at the end of the day I'd like to know if I have some kind of infestation and perhaps it's just Outlook that got corrupted (I even tried to "repair" the pst files with scanpst.exe, but nothing it still does the hard disk think).

I hope that I explained what's going on here and hopefully you can clear for me if it's a nasty virus or something else. :(

Thanks again!

Link to post
Share on other sites

  • Staff

Hi,

Okay. Can you post a log from Avira which showed those detections?

I don't see any active malware in your logs.. Seems more likely to be a corruption issue to me, assuming that you've already changed your passwords (to stronger ones!). Try uninstalling Outlook completely, then reinstalling it. Alternatively, try another e-mail client like Thunderbird.

Could be a hard drive issue as well.

Click Start and type in cmd.exe; right-click cmd.exe and click Run as Admin...

In the black box that appears, enter this command exactly as shown:

chkdsk>"%userprofile%\desktop\chkdsk.txt"

Press Enter. When prompted, type Y and press Enter. Upon restart, a disk check will commence. Allow it to finish and note any messages it gives.

-screen317

Link to post
Share on other sites

Hi, well it seems there are good news!

The 3 log that shown infections were those ones (in chronological order):

Avira Free Antivirus

Data del file di report: venerdì 14 settembre 2012 16:10

Ricerca di 4213188 virus e programmi indesiderati.

Il programma funziona come versione completa e illimitata.

I servizi online sono disponibili.

Concesso in licenza a : Avira AntiVir Personal - Free Antivirus

Numero di serie : 0000149996-ADJIE-0000001

Piattaforma : Windows 7 Ultimate

Versione di Windows : (plain) [6.1.7600]

Modalità di avvio : Booting eseguito regolarmente

Nome utente : ilWizard

Nome computer : ILWIZARD-PC

Informazioni sulla versione:

BUILD.DAT : 12.0.0.330 40867 Bytes 07/09/2012 22:38:00

AVSCAN.EXE : 12.3.0.33 468472 Bytes 13/08/2012 20:31:20

AVSCAN.DLL : 12.3.0.15 63440 Bytes 13/08/2012 20:31:20

LUKE.DLL : 12.3.0.15 68304 Bytes 13/08/2012 20:31:21

AVSCPLR.DLL : 12.3.0.14 97032 Bytes 11/05/2012 08:07:57

AVREG.DLL : 12.3.0.17 232200 Bytes 11/05/2012 08:07:56

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 17:18:34

VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 22:26:32

VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 13:26:43

VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 08:07:37

VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 08:07:43

VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 14:04:30

VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 07:49:07

VBASE007.VDF : 7.11.41.251 2048 Bytes 06/09/2012 07:49:07

VBASE008.VDF : 7.11.41.252 2048 Bytes 06/09/2012 07:49:08

VBASE009.VDF : 7.11.41.253 2048 Bytes 06/09/2012 07:49:08

VBASE010.VDF : 7.11.41.254 2048 Bytes 06/09/2012 07:49:08

VBASE011.VDF : 7.11.41.255 2048 Bytes 06/09/2012 07:49:08

VBASE012.VDF : 7.11.42.0 2048 Bytes 06/09/2012 07:49:08

VBASE013.VDF : 7.11.42.1 2048 Bytes 06/09/2012 07:49:09

VBASE014.VDF : 7.11.42.65 203264 Bytes 09/09/2012 20:26:33

VBASE015.VDF : 7.11.42.125 156672 Bytes 11/09/2012 20:26:34

VBASE016.VDF : 7.11.42.171 187904 Bytes 12/09/2012 20:26:40

VBASE017.VDF : 7.11.42.172 2048 Bytes 12/09/2012 20:26:41

VBASE018.VDF : 7.11.42.173 2048 Bytes 12/09/2012 20:26:41

VBASE019.VDF : 7.11.42.174 2048 Bytes 12/09/2012 20:26:41

VBASE020.VDF : 7.11.42.175 2048 Bytes 12/09/2012 20:26:41

VBASE021.VDF : 7.11.42.176 2048 Bytes 12/09/2012 20:26:41

VBASE022.VDF : 7.11.42.177 2048 Bytes 12/09/2012 20:26:41

VBASE023.VDF : 7.11.42.178 2048 Bytes 12/09/2012 20:26:41

VBASE024.VDF : 7.11.42.179 2048 Bytes 12/09/2012 20:26:41

VBASE025.VDF : 7.11.42.180 2048 Bytes 12/09/2012 20:26:41

VBASE026.VDF : 7.11.42.181 2048 Bytes 12/09/2012 20:26:42

VBASE027.VDF : 7.11.42.182 2048 Bytes 12/09/2012 20:26:42

VBASE028.VDF : 7.11.42.183 2048 Bytes 12/09/2012 20:26:42

VBASE029.VDF : 7.11.42.184 2048 Bytes 12/09/2012 20:26:42

VBASE030.VDF : 7.11.42.185 2048 Bytes 12/09/2012 20:26:42

VBASE031.VDF : 7.11.42.232 138240 Bytes 13/09/2012 20:26:36

Motore : 8.2.10.158

AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 14:09:30

AESCRIPT.DLL : 8.1.4.48 459130 Bytes 10/09/2012 20:26:52

AESCN.DLL : 8.1.8.2 131444 Bytes 11/05/2012 08:07:55

AESBX.DLL : 8.2.5.12 606578 Bytes 17/06/2012 15:08:58

AERDL.DLL : 8.1.9.15 639348 Bytes 20/01/2012 22:25:54

AEPACK.DLL : 8.3.0.34 811383 Bytes 10/09/2012 20:26:51

AEOFFICE.DLL : 8.1.2.42 201083 Bytes 19/07/2012 21:06:50

AEHEUR.DLL : 8.1.4.96 5267830 Bytes 10/09/2012 20:26:50

AEHELP.DLL : 8.1.23.2 258422 Bytes 30/06/2012 14:04:42

AEGEN.DLL : 8.1.5.36 434549 Bytes 25/08/2012 15:13:48

AEEXP.DLL : 8.1.0.86 90484 Bytes 10/09/2012 20:26:53

AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 14:09:27

AECORE.DLL : 8.1.27.4 201078 Bytes 07/08/2012 14:21:31

AEBB.DLL : 8.1.1.0 53618 Bytes 20/01/2012 22:25:50

AVWINLL.DLL : 12.3.0.15 27344 Bytes 13/08/2012 20:31:20

AVPREF.DLL : 12.3.0.15 51920 Bytes 13/08/2012 20:31:20

AVREP.DLL : 12.3.0.15 179208 Bytes 11/05/2012 08:07:57

AVARKT.DLL : 12.3.0.15 211408 Bytes 13/08/2012 20:31:20

AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 13/08/2012 20:31:20

SQLITE3.DLL : 3.7.0.1 398288 Bytes 13/08/2012 20:31:21

AVSMTP.DLL : 12.3.0.32 63480 Bytes 13/08/2012 20:31:20

NETNT.DLL : 12.3.0.15 17104 Bytes 13/08/2012 20:31:21

RCIMAGE.DLL : 12.1.0.13 4449488 Bytes 20/01/2012 22:26:50

RCTEXT.DLL : 12.3.0.31 100344 Bytes 13/08/2012 20:31:20

Impostazioni di configurazione per la scansione attuale:

Nome del job................................: Scansione completa del sistema

File di configurazione......................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp

Report......................................: standard

Azione primaria.............................: interattivo

Azione secondaria...........................: ignora

Scansione dei record master di avvio........: Attivo

Scansiona record di avvio...................: Attivo

Record di avvio.............................: C:, E:,

Scansione dei programmi attivi..............: Attivo

Processo esteso di scansione................: Attivo

Scansiona la registrazione..................: Attivo

Cerca Rootkits..............................: Attivo

Controllo di integrità dei file di sistema..: Non attivo

Modalità di scansione file..................: Tutti i file

Scansione degli archivi.....................: Attivo

Limita la profondità di ricorsione..........: 20

Archivio estensioni Smart...................: Attivo

Macro euristico.............................: Attivo

File euristico..............................: avanzato

Avvio della scansione: venerdì 14 settembre 2012 16:10

Avvio della scansione dei record master di avvio:

Record master di avvio dell'Hard Disk 0

[iNFO] Nessun virus è stato trovato!

Avvio della scansione dei record di avvio:

Record di avvio 'C:\'

[iNFO] Nessun virus è stato trovato!

Record di avvio 'E:\'

[iNFO] Nessun virus è stato trovato!

è stata avviata la scansione per accertare la presenza di oggetti nascosti.

Driver nascosto

[NOTA] è stata rilevata una modifica della memoria che potrebbe essere sfruttata per accessi nascosti ai file.

La scansione dei processi in esecuzione verrà avviata:

Scansione processo 'avscan.exe' - '82' modulo(i) scansionato(i)

Scansione processo 'DTProShellHlp.exe' - '32' modulo(i) scansionato(i)

Scansione processo 'eMule.exe' - '79' modulo(i) scansionato(i)

Scansione processo 'iexplore.exe' - '132' modulo(i) scansionato(i)

Scansione processo 'iexplore.exe' - '96' modulo(i) scansionato(i)

Scansione processo 'opera.exe' - '162' modulo(i) scansionato(i)

Scansione processo 'daemonu.exe' - '59' modulo(i) scansionato(i)

Scansione processo 'jusched.exe' - '25' modulo(i) scansionato(i)

Scansione processo 'avgnt.exe' - '82' modulo(i) scansionato(i)

Scansione processo 'acrotray.exe' - '28' modulo(i) scansionato(i)

Scansione processo 'GoogleCalendarSync.exe' - '34' modulo(i) scansionato(i)

Scansione processo 'PnkBstrA.exe' - '27' modulo(i) scansionato(i)

Scansione processo 'NMSAccessU.exe' - '18' modulo(i) scansionato(i)

Scansione processo 'avguard.exe' - '62' modulo(i) scansionato(i)

Scansione processo 'sched.exe' - '40' modulo(i) scansionato(i)

Scansione processo 'nvSCPAPISvr.exe' - '30' modulo(i) scansionato(i)

Avvio della scansione dei file eseguibili (registro):

C:\Program Files (x86)\SoulseekNS\uninstall.exe

[AVVISO] Chiusura inaspettata del file

C:\Windows\Sysnative\drivers\sptd.sys

[AVVISO] Impossibile aprire il file!

Il registro è stato scansionato ( 1548 file ).

Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\'

C:\Program Files\WinRAR\rarnew.dat

[AVVISO] L'archivio è sconosciuto o difettoso

C:\Program Files (x86)\eMule\incoming\Film\Giochi\Nuova cartella\Nero 9 Keymaker.exe.vir

[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen

C:\Program Files (x86)\SoulseekNS\uninstall.exe

[AVVISO] Chiusura inaspettata del file

C:\Users\ilWizard\AppData\Local\Temp\alcohol.120%(O.S.GR).exe.vir

[0] Tipo di archivio: RAR SFX (self extracting)

--> alcohol.120%(O.S.GR).exe

[RILEVAMENTO] Si tratta del cavallo di Troia TR/Agent.19456.BP

C:\Users\ilWizard\AppData\Local\Temp\jar_cache1571425911809790284.tmp.vir

[0] Tipo di archivio: ZIP

--> hop.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2010-0842

--> nom.class

[RILEVAMENTO] Contiene il modello di rilevamento del virus Java JAVA/Sincron.frt

C:\Users\ilWizard\AppData\Local\Temp\jar_cache2536698704157747471.tmp.vir

[0] Tipo di archivio: ZIP

--> sex.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2010-0840

C:\Users\ilWizard\AppData\Local\Temp\jar_cache2623738328233441370.tmp.vir

[0] Tipo di archivio: ZIP

--> counter.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/11-3544.CH.4

C:\Users\ilWizard\AppData\Local\Temp\jar_cache2717691358939140133.tmp.vir

[0] Tipo di archivio: ZIP

--> kue.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2010-0842

--> pud.class

[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.OpenStream.BA.2

C:\Users\ilWizard\AppData\Local\Temp\jar_cache275980516073403118.tmp.vir

[0] Tipo di archivio: ZIP

--> a.class

[RILEVAMENTO] Si tratta del cavallo di Troia TR/Maljava.A.77

--> vmain.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2010-0842

C:\Users\ilWizard\AppData\Local\Temp\jar_cache2842604337089660440.tmp.vir

[0] Tipo di archivio: ZIP

--> cagesSaggarsAgaze/ill.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2012-1723.A.141

--> cagesSaggarsAgaze/inTin.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2012-1723.A.123

--> cagesSaggarsAgaze/outHiker.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2012-1723.A.119

--> cagesSaggarsAgaze/string.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2012-1723.A.143

C:\Users\ilWizard\AppData\Local\Temp\jar_cache4095150503823193866.tmp.vir

[0] Tipo di archivio: ZIP

--> expl1it/Ae.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/11-3544.GK

--> expl1it/At00micArray.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/12-0507.O

--> expl1it/Is.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/11-3544.GZ

--> expl1it/MyStart.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/2010-0840.CJ

--> expl1it/oemloader.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/12-0507.Q

--> expl1it/Perm.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/2012-0507.bua.2

C:\Users\ilWizard\AppData\Local\Temp\jar_cache7951369464875650856.tmp.vir

[0] Tipo di archivio: ZIP

--> SuspendedInvocationException.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2010-0840

C:\Users\ilWizard\AppData\Local\Temp\jar_cache978217521497277497.tmp.vir

[0] Tipo di archivio: ZIP

--> vmain.class

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2010-0842

C:\Users\ilWizard\AppData\Local\VirtualStore\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\Mods\ace\zz_barrels.iwd.tmp

[AVVISO] Chiusura inaspettata del file

C:\VueScan\vuescan.dat

[AVVISO] Il file è protetto da password

Inizia con la scansione di 'E:\' <Dati>

E:\download\temp\001.part

[AVVISO] Chiusura inaspettata del file

E:\download\True Blood-The Ongoing Series 02 2012 Digital Zone Empire\True Blood-The Ongoing Series 02 2012 Digital Zone Empire.cbr

[AVVISO] Il file è protetto da password

E:\Music\Electronica\AGFDCR.rar

[AVVISO] L'archivio è protetto da password.

E:\Music\Electronica\FTLC.rar

[AVVISO] L'archivio è protetto da password.

Avvio della disinfezione:

C:\Users\ilWizard\AppData\Local\Temp\jar_cache978217521497277497.tmp.vir

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2010-0842

[NOTA] Il file è stato spostato in quarantena con il nome '56f3f222.qua'!

C:\Users\ilWizard\AppData\Local\Temp\jar_cache7951369464875650856.tmp.vir

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2010-0840

[NOTA] Il file è stato spostato in quarantena con il nome '4e64dd85.qua'!

C:\Users\ilWizard\AppData\Local\Temp\jar_cache4095150503823193866.tmp.vir

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/2012-0507.bua.2

[NOTA] Il file è stato spostato in quarantena con il nome '1c3b876d.qua'!

C:\Users\ilWizard\AppData\Local\Temp\jar_cache2842604337089660440.tmp.vir

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2012-1723.A.143

[NOTA] Il file è stato spostato in quarantena con il nome '7a0cc8af.qua'!

C:\Users\ilWizard\AppData\Local\Temp\jar_cache275980516073403118.tmp.vir

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2010-0842

[NOTA] Il file è stato spostato in quarantena con il nome '3f88e591.qua'!

C:\Users\ilWizard\AppData\Local\Temp\jar_cache2717691358939140133.tmp.vir

[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dldr.OpenStream.BA.2

[NOTA] Il file è stato spostato in quarantena con il nome '4093d7f0.qua'!

C:\Users\ilWizard\AppData\Local\Temp\jar_cache2623738328233441370.tmp.vir

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/11-3544.CH.4

[NOTA] Il file è stato spostato in quarantena con il nome '0c2bfbba.qua'!

C:\Users\ilWizard\AppData\Local\Temp\jar_cache2536698704157747471.tmp.vir

[RILEVAMENTO] Contiene il modello di rilevamento dell'exploit EXP/CVE-2010-0840

[NOTA] Il file è stato spostato in quarantena con il nome '7033bbea.qua'!

C:\Users\ilWizard\AppData\Local\Temp\jar_cache1571425911809790284.tmp.vir

[RILEVAMENTO] Contiene il modello di rilevamento del virus Java JAVA/Sincron.frt

[NOTA] Il file è stato spostato in quarantena con il nome '5d6994a7.qua'!

C:\Users\ilWizard\AppData\Local\Temp\alcohol.120%(O.S.GR).exe.vir

[RILEVAMENTO] Si tratta del cavallo di Troia TR/Agent.19456.BP

[NOTA] Il file è stato spostato in quarantena con il nome '4472af20.qua'!

C:\Program Files (x86)\eMule\incoming\Film\Giochi\Nuova cartella\Nero 9 Keymaker.exe.vir

[RILEVAMENTO] Si tratta del cavallo di Troia TR/Dropper.Gen

[NOTA] Il file è stato spostato in quarantena con il nome '285d8309.qua'!

Fine della scansione: venerdì 14 settembre 2012 18:35

Tempo impiegato: 2:24:24 Ora(e)

La scansione è stata completamente eseguita.

33495 Directory scansionate

1008972 I file sono stati scansionati

22 Rilevati virus e/o programmi indesiderati

0 I file sono stati classificati come sospetti

0 I file sono stati eliminati

0 I virus o i programmi indesiderati sono stati riparati

11 File spostati in quarantena

0 File rinominati

1 Impossibile scansionare i file

1008949 File non infetti

8864 Archivi scansionati

10 Avvisi

12 Note

730182 Oggetti scansionati durante la scansione dei rootkit

1 Sono stati rilevati oggetti nascosti

Avira Free Antivirus

Data del file di report: sabato 22 settembre 2012 17:35

Ricerca di 4251510 virus e programmi indesiderati.

Il programma funziona come versione completa e illimitata.

I servizi online sono disponibili.

Concesso in licenza a : Avira AntiVir Personal - Free Antivirus

Numero di serie : 0000149996-ADJIE-0000001

Piattaforma : Windows 7 Ultimate

Versione di Windows : (Service Pack 1) [6.1.7601]

Modalità di avvio : Booting eseguito regolarmente

Nome utente : SYSTEM

Nome computer : ILWIZARD-PC

Informazioni sulla versione:

BUILD.DAT : 12.0.0.330 40867 Bytes 07/09/2012 22:38:00

AVSCAN.EXE : 12.3.0.33 468472 Bytes 13/08/2012 20:31:20

AVSCAN.DLL : 12.3.0.15 63440 Bytes 13/08/2012 20:31:20

LUKE.DLL : 12.3.0.15 68304 Bytes 13/08/2012 20:31:21

AVSCPLR.DLL : 12.3.0.14 97032 Bytes 11/05/2012 08:07:57

AVREG.DLL : 12.3.0.17 232200 Bytes 11/05/2012 08:07:56

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 17:18:34

VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 22:26:32

VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 13:26:43

VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 08:07:37

VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 08:07:43

VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 14:04:30

VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 07:49:07

VBASE007.VDF : 7.11.41.251 2048 Bytes 06/09/2012 07:49:07

VBASE008.VDF : 7.11.41.252 2048 Bytes 06/09/2012 07:49:08

VBASE009.VDF : 7.11.41.253 2048 Bytes 06/09/2012 07:49:08

VBASE010.VDF : 7.11.41.254 2048 Bytes 06/09/2012 07:49:08

VBASE011.VDF : 7.11.41.255 2048 Bytes 06/09/2012 07:49:08

VBASE012.VDF : 7.11.42.0 2048 Bytes 06/09/2012 07:49:08

VBASE013.VDF : 7.11.42.1 2048 Bytes 06/09/2012 07:49:09

VBASE014.VDF : 7.11.42.65 203264 Bytes 09/09/2012 20:26:33

VBASE015.VDF : 7.11.42.125 156672 Bytes 11/09/2012 20:26:34

VBASE016.VDF : 7.11.42.171 187904 Bytes 12/09/2012 20:26:40

VBASE017.VDF : 7.11.42.235 141312 Bytes 13/09/2012 15:56:43

VBASE018.VDF : 7.11.43.35 133632 Bytes 15/09/2012 20:26:46

VBASE019.VDF : 7.11.43.89 129024 Bytes 18/09/2012 07:28:37

VBASE020.VDF : 7.11.43.141 130560 Bytes 19/09/2012 07:29:03

VBASE021.VDF : 7.11.43.187 121856 Bytes 21/09/2012 07:28:39

VBASE022.VDF : 7.11.43.188 2048 Bytes 21/09/2012 07:28:39

VBASE023.VDF : 7.11.43.189 2048 Bytes 21/09/2012 07:28:39

VBASE024.VDF : 7.11.43.190 2048 Bytes 21/09/2012 07:28:39

VBASE025.VDF : 7.11.43.191 2048 Bytes 21/09/2012 07:28:40

VBASE026.VDF : 7.11.43.192 2048 Bytes 21/09/2012 07:28:40

VBASE027.VDF : 7.11.43.193 2048 Bytes 21/09/2012 07:28:40

VBASE028.VDF : 7.11.43.194 2048 Bytes 21/09/2012 07:28:40

VBASE029.VDF : 7.11.43.195 2048 Bytes 21/09/2012 07:28:40

VBASE030.VDF : 7.11.43.196 2048 Bytes 21/09/2012 07:28:40

VBASE031.VDF : 7.11.43.226 90624 Bytes 22/09/2012 14:11:59

Motore : 8.2.10.164

AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 14:09:30

AESCRIPT.DLL : 8.1.4.54 459131 Bytes 19/09/2012 07:28:39

AESCN.DLL : 8.1.8.2 131444 Bytes 11/05/2012 08:07:55

AESBX.DLL : 8.2.5.12 606578 Bytes 17/06/2012 15:08:58

AERDL.DLL : 8.1.9.15 639348 Bytes 20/01/2012 22:25:54

AEPACK.DLL : 8.3.0.36 811382 Bytes 14/09/2012 15:56:58

AEOFFICE.DLL : 8.1.2.42 201083 Bytes 19/07/2012 21:06:50

AEHEUR.DLL : 8.1.4.100 5280120 Bytes 14/09/2012 15:56:57

AEHELP.DLL : 8.1.23.2 258422 Bytes 30/06/2012 14:04:42

AEGEN.DLL : 8.1.5.36 434549 Bytes 25/08/2012 15:13:48

AEEXP.DLL : 8.1.0.86 90484 Bytes 10/09/2012 20:26:53

AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 14:09:27

AECORE.DLL : 8.1.27.4 201078 Bytes 07/08/2012 14:21:31

AEBB.DLL : 8.1.1.0 53618 Bytes 20/01/2012 22:25:50

AVWINLL.DLL : 12.3.0.15 27344 Bytes 13/08/2012 20:31:20

AVPREF.DLL : 12.3.0.15 51920 Bytes 13/08/2012 20:31:20

AVREP.DLL : 12.3.0.15 179208 Bytes 11/05/2012 08:07:57

AVARKT.DLL : 12.3.0.15 211408 Bytes 13/08/2012 20:31:20

AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 13/08/2012 20:31:20

SQLITE3.DLL : 3.7.0.1 398288 Bytes 13/08/2012 20:31:21

AVSMTP.DLL : 12.3.0.32 63480 Bytes 13/08/2012 20:31:20

NETNT.DLL : 12.3.0.15 17104 Bytes 13/08/2012 20:31:21

RCIMAGE.DLL : 12.1.0.13 4449488 Bytes 20/01/2012 22:26:50

RCTEXT.DLL : 12.3.0.31 100344 Bytes 13/08/2012 20:31:20

Impostazioni di configurazione per la scansione attuale:

Nome del job................................: AVGuardAsyncScan

File di configurazione......................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_505dd65b\guard_slideup.avp

Report......................................: standard

Azione primaria.............................: ripara

Azione secondaria...........................: quarantena

Scansione dei record master di avvio........: Attivo

Scansiona record di avvio...................: Non attivo

Scansione dei programmi attivi..............: Attivo

Scansiona la registrazione..................: Non attivo

Cerca Rootkits..............................: Non attivo

Controllo di integrità dei file di sistema..: Non attivo

Modalità di scansione file..................: Tutti i file

Scansione degli archivi.....................: Attivo

Limita la profondità di ricorsione..........: 20

Archivio estensioni Smart...................: Attivo

Macro euristico.............................: Attivo

File euristico..............................: completo

Avvio della scansione: sabato 22 settembre 2012 17:35

La scansione dei processi in esecuzione verrà avviata:

Scansione processo 'avscan.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'DTProShellHlp.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'eMule.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'daemonu.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'opera.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'jusched.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'avgnt.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'acrotray.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'GoogleCalendarSync.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'mscorsvw.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'PnkBstrA.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'NMSAccessU.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'avguard.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'sched.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'nvSCPAPISvr.exe' - '1' modulo(i) scansionato(i)

Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\Users\ilWizard\Desktop\ODIN 1.3.7\odin.exe'

C:\Users\ilWizard\Desktop\ODIN 1.3.7\odin.exe

[RILEVAMENTO] Si tratta del cavallo di Troia TR/Drop.Agent.CE.10

[NOTA] Il file è stato spostato in quarantena con il nome '57b87746.qua'!

Fine della scansione: sabato 22 settembre 2012 17:35

Tempo impiegato: 00:09 Minuto(i)

La scansione è stata completamente eseguita.

0 Directory scansionate

16 I file sono stati scansionati

1 Rilevati virus e/o programmi indesiderati

0 I file sono stati classificati come sospetti

0 I file sono stati eliminati

0 I virus o i programmi indesiderati sono stati riparati

1 File spostati in quarantena

0 File rinominati

0 Impossibile scansionare i file

15 File non infetti

0 Archivi scansionati

0 Avvisi

1 Note

Avira Free Antivirus

Data del file di report: sabato 22 settembre 2012 17:40

Ricerca di 4251510 virus e programmi indesiderati.

Il programma funziona come versione completa e illimitata.

I servizi online sono disponibili.

Concesso in licenza a : Avira AntiVir Personal - Free Antivirus

Numero di serie : 0000149996-ADJIE-0000001

Piattaforma : Windows 7 Ultimate

Versione di Windows : (Service Pack 1) [6.1.7601]

Modalità di avvio : Booting eseguito regolarmente

Nome utente : SYSTEM

Nome computer : ILWIZARD-PC

Informazioni sulla versione:

BUILD.DAT : 12.0.0.330 40867 Bytes 07/09/2012 22:38:00

AVSCAN.EXE : 12.3.0.33 468472 Bytes 13/08/2012 20:31:20

AVSCAN.DLL : 12.3.0.15 63440 Bytes 13/08/2012 20:31:20

LUKE.DLL : 12.3.0.15 68304 Bytes 13/08/2012 20:31:21

AVSCPLR.DLL : 12.3.0.14 97032 Bytes 11/05/2012 08:07:57

AVREG.DLL : 12.3.0.17 232200 Bytes 11/05/2012 08:07:56

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 17:18:34

VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 22:26:32

VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 13:26:43

VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 08:07:37

VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 08:07:43

VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 14:04:30

VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 07:49:07

VBASE007.VDF : 7.11.41.251 2048 Bytes 06/09/2012 07:49:07

VBASE008.VDF : 7.11.41.252 2048 Bytes 06/09/2012 07:49:08

VBASE009.VDF : 7.11.41.253 2048 Bytes 06/09/2012 07:49:08

VBASE010.VDF : 7.11.41.254 2048 Bytes 06/09/2012 07:49:08

VBASE011.VDF : 7.11.41.255 2048 Bytes 06/09/2012 07:49:08

VBASE012.VDF : 7.11.42.0 2048 Bytes 06/09/2012 07:49:08

VBASE013.VDF : 7.11.42.1 2048 Bytes 06/09/2012 07:49:09

VBASE014.VDF : 7.11.42.65 203264 Bytes 09/09/2012 20:26:33

VBASE015.VDF : 7.11.42.125 156672 Bytes 11/09/2012 20:26:34

VBASE016.VDF : 7.11.42.171 187904 Bytes 12/09/2012 20:26:40

VBASE017.VDF : 7.11.42.235 141312 Bytes 13/09/2012 15:56:43

VBASE018.VDF : 7.11.43.35 133632 Bytes 15/09/2012 20:26:46

VBASE019.VDF : 7.11.43.89 129024 Bytes 18/09/2012 07:28:37

VBASE020.VDF : 7.11.43.141 130560 Bytes 19/09/2012 07:29:03

VBASE021.VDF : 7.11.43.187 121856 Bytes 21/09/2012 07:28:39

VBASE022.VDF : 7.11.43.188 2048 Bytes 21/09/2012 07:28:39

VBASE023.VDF : 7.11.43.189 2048 Bytes 21/09/2012 07:28:39

VBASE024.VDF : 7.11.43.190 2048 Bytes 21/09/2012 07:28:39

VBASE025.VDF : 7.11.43.191 2048 Bytes 21/09/2012 07:28:40

VBASE026.VDF : 7.11.43.192 2048 Bytes 21/09/2012 07:28:40

VBASE027.VDF : 7.11.43.193 2048 Bytes 21/09/2012 07:28:40

VBASE028.VDF : 7.11.43.194 2048 Bytes 21/09/2012 07:28:40

VBASE029.VDF : 7.11.43.195 2048 Bytes 21/09/2012 07:28:40

VBASE030.VDF : 7.11.43.196 2048 Bytes 21/09/2012 07:28:40

VBASE031.VDF : 7.11.43.226 90624 Bytes 22/09/2012 14:11:59

Motore : 8.2.10.164

AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 14:09:30

AESCRIPT.DLL : 8.1.4.54 459131 Bytes 19/09/2012 07:28:39

AESCN.DLL : 8.1.8.2 131444 Bytes 11/05/2012 08:07:55

AESBX.DLL : 8.2.5.12 606578 Bytes 17/06/2012 15:08:58

AERDL.DLL : 8.1.9.15 639348 Bytes 20/01/2012 22:25:54

AEPACK.DLL : 8.3.0.36 811382 Bytes 14/09/2012 15:56:58

AEOFFICE.DLL : 8.1.2.42 201083 Bytes 19/07/2012 21:06:50

AEHEUR.DLL : 8.1.4.100 5280120 Bytes 14/09/2012 15:56:57

AEHELP.DLL : 8.1.23.2 258422 Bytes 30/06/2012 14:04:42

AEGEN.DLL : 8.1.5.36 434549 Bytes 25/08/2012 15:13:48

AEEXP.DLL : 8.1.0.86 90484 Bytes 10/09/2012 20:26:53

AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 14:09:27

AECORE.DLL : 8.1.27.4 201078 Bytes 07/08/2012 14:21:31

AEBB.DLL : 8.1.1.0 53618 Bytes 20/01/2012 22:25:50

AVWINLL.DLL : 12.3.0.15 27344 Bytes 13/08/2012 20:31:20

AVPREF.DLL : 12.3.0.15 51920 Bytes 13/08/2012 20:31:20

AVREP.DLL : 12.3.0.15 179208 Bytes 11/05/2012 08:07:57

AVARKT.DLL : 12.3.0.15 211408 Bytes 13/08/2012 20:31:20

AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 13/08/2012 20:31:20

SQLITE3.DLL : 3.7.0.1 398288 Bytes 13/08/2012 20:31:21

AVSMTP.DLL : 12.3.0.32 63480 Bytes 13/08/2012 20:31:20

NETNT.DLL : 12.3.0.15 17104 Bytes 13/08/2012 20:31:21

RCIMAGE.DLL : 12.1.0.13 4449488 Bytes 20/01/2012 22:26:50

RCTEXT.DLL : 12.3.0.31 100344 Bytes 13/08/2012 20:31:20

Impostazioni di configurazione per la scansione attuale:

Nome del job................................: AVGuardAsyncScan

File di configurazione......................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_505ddba7\guard_slideup.avp

Report......................................: standard

Azione primaria.............................: ripara

Azione secondaria...........................: quarantena

Scansione dei record master di avvio........: Attivo

Scansiona record di avvio...................: Non attivo

Scansione dei programmi attivi..............: Attivo

Scansiona la registrazione..................: Non attivo

Cerca Rootkits..............................: Non attivo

Controllo di integrità dei file di sistema..: Non attivo

Modalità di scansione file..................: Tutti i file

Scansione degli archivi.....................: Attivo

Limita la profondità di ricorsione..........: 20

Archivio estensioni Smart...................: Attivo

Macro euristico.............................: Attivo

File euristico..............................: completo

Avvio della scansione: sabato 22 settembre 2012 17:40

La scansione dei processi in esecuzione verrà avviata:

Scansione processo 'avscan.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'DTProShellHlp.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'AcroDist.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'jusched.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'avgnt.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'acrotray.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'acrobat_sl.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'GoogleCalendarSync.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'UpdateChecker.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'PnkBstrA.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'NMSAccessU.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'avguard.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'sched.exe' - '1' modulo(i) scansionato(i)

Scansione processo 'nvSCPAPISvr.exe' - '1' modulo(i) scansionato(i)

Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\Users\ilWizard\Desktop\ODIN 1.3.7\odin.exe'

C:\Users\ilWizard\Desktop\ODIN 1.3.7\odin.exe

[RILEVAMENTO] Si tratta del cavallo di Troia TR/Drop.Agent.CE.10

[NOTA] Il file è stato spostato in quarantena con il nome '56ff72ad.qua'!

Fine della scansione: sabato 22 settembre 2012 17:40

Tempo impiegato: 00:15 Minuto(i)

La scansione è stata completamente eseguita.

0 Directory scansionate

15 I file sono stati scansionati

1 Rilevati virus e/o programmi indesiderati

0 I file sono stati classificati come sospetti

0 I file sono stati eliminati

0 I virus o i programmi indesiderati sono stati riparati

1 File spostati in quarantena

0 File rinominati

0 Impossibile scansionare i file

14 File non infetti

0 Archivi scansionati

0 Avvisi

1 Note

Link to post
Share on other sites

  • Staff

Hi,

Please see:

Forum Piracy Policy

We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you're using Peer 2 Peer software such as uTorrent or eMule you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

It's likely why your issue began in the first place.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.