17:05:44.0667 2540	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
17:05:46.0667 2540	============================================================
17:05:46.0667 2540	Current date / time: 2012/05/15 17:05:46.0667
17:05:46.0667 2540	SystemInfo:
17:05:46.0667 2540	
17:05:46.0667 2540	OS Version: 5.2.3790 ServicePack: 2.0
17:05:46.0667 2540	Product type: Domain controller
17:05:46.0667 2540	ComputerName: SBS2007
17:05:46.0667 2540	UserName: administrator
17:05:46.0667 2540	Windows directory: C:\WINDOWS
17:05:46.0667 2540	System windows directory: C:\WINDOWS
17:05:46.0667 2540	Processor architecture: Intel x86
17:05:46.0667 2540	Number of processors: 2
17:05:46.0667 2540	Page size: 0x1000
17:05:46.0667 2540	Boot type: Normal boot
17:05:46.0667 2540	============================================================
17:05:53.0073 2540	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:05:53.0073 2540	Drive \Device\Harddisk1\DR6 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:05:53.0073 2540	============================================================
17:05:53.0073 2540	\Device\Harddisk0\DR0:
17:05:53.0089 2540	MBR partitions:
17:05:53.0089 2540	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
17:05:53.0089 2540	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x2711676
17:05:53.0089 2540	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E22CEC, BlocksNum 0xDBF5DD5
17:05:53.0089 2540	\Device\Harddisk1\DR6:
17:05:53.0089 2540	MBR partitions:
17:05:53.0089 2540	============================================================
17:05:53.0198 2540	C: <-> \Device\Harddisk0\DR0\Partition0
17:05:53.0292 2540	R: <-> \Device\Harddisk0\DR0\Partition1
17:05:53.0339 2540	O: <-> \Device\Harddisk0\DR0\Partition2
17:05:53.0339 2540	============================================================
17:05:53.0339 2540	Initialize success
17:05:53.0339 2540	============================================================
17:05:55.0620 5884	============================================================
17:05:55.0620 5884	Scan started
17:05:55.0620 5884	Mode: Manual; 
17:05:55.0620 5884	============================================================
17:05:59.0573 5884	a320raid        (0532434d53314ee8858b7bfdbe761837) C:\WINDOWS\system32\drivers\a320raid.sys
17:05:59.0620 5884	a320raid - ok
17:05:59.0745 5884	ABConfSV        (d1912134d2b8f1ea8676d75976bac884) C:\Program Files\ArcaBit\Common\ArcaConfSV.exe
17:05:59.0745 5884	ABConfSV - ok
17:05:59.0745 5884	Abiosdsk - ok
17:05:59.0776 5884	ACPI            (940a6614ff17f5dd25e10513cd62fbea) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:05:59.0823 5884	ACPI - ok
17:05:59.0823 5884	ACPIEC          (5de4506ba8ceb13b68ffb8e3a3645e45) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:05:59.0823 5884	ACPIEC - ok
17:05:59.0870 5884	adpahci         (4aa6e382ca9614f922972555e12317ab) C:\WINDOWS\system32\drivers\adpahci.sys
17:05:59.0885 5884	adpahci - ok
17:05:59.0901 5884	adpu160m        (bbe35985c5e9e5ed87b8c1dad5b7d725) C:\WINDOWS\system32\drivers\adpu160m.sys
17:05:59.0901 5884	adpu160m - ok
17:05:59.0917 5884	adpu320         (5a23754571bbfa93564c04e7a20b1762) C:\WINDOWS\system32\drivers\adpu320.sys
17:05:59.0932 5884	adpu320 - ok
17:05:59.0964 5884	aec             (53847f4df76170ac87bb441c39edb5f1) C:\WINDOWS\system32\drivers\aec.sys
17:05:59.0964 5884	aec - ok
17:05:59.0979 5884	AeLookupSvc     (a23f006920dff33c2ab18b50e6646bc8) C:\WINDOWS\System32\aelupsvc.dll
17:05:59.0979 5884	AeLookupSvc - ok
17:05:59.0995 5884	afcnt           (2dad567d6c05b12db4567860a6256ac2) C:\WINDOWS\system32\drivers\afcnt.sys
17:06:00.0010 5884	afcnt - ok
17:06:00.0057 5884	AFD             (317e75d96065ac6af5ef8857ce2e399b) C:\WINDOWS\System32\drivers\afd.sys
17:06:00.0057 5884	AFD - ok
17:06:00.0073 5884	aic78u2         (b06e2a2a7ceb0ef894520cafc2f1feaf) C:\WINDOWS\system32\drivers\aic78u2.sys
17:06:00.0073 5884	aic78u2 - ok
17:06:00.0073 5884	aic78xx         (ec7d7f96e97bad83a0b8a96969d19f2d) C:\WINDOWS\system32\drivers\aic78xx.sys
17:06:00.0073 5884	aic78xx - ok
17:06:00.0089 5884	Alerter         (2348cddd21784d1f33d5d8f3ba59bd76) C:\WINDOWS\system32\alrsvc.dll
17:06:00.0089 5884	Alerter - ok
17:06:00.0120 5884	ALG             (c6dae09de4d7b86d53786468d7b05f35) C:\WINDOWS\System32\alg.exe
17:06:00.0120 5884	ALG - ok
17:06:00.0120 5884	AliIde - ok
17:06:00.0151 5884	AmdIde          (aacd06b75e8f7e04e0b084277761c575) C:\WINDOWS\system32\drivers\AmdIde.sys
17:06:00.0151 5884	AmdIde - ok
17:06:00.0182 5884	AN983           (9e9474fbc0eb913d6680350b6ea9b6e6) C:\WINDOWS\system32\DRIVERS\AN983.sys
17:06:00.0182 5884	AN983 - ok
17:06:00.0214 5884	AppMgmt         (24651df94200883d932b3965e27e1da4) C:\WINDOWS\System32\appmgmts.dll
17:06:00.0214 5884	AppMgmt - ok
17:06:00.0229 5884	arc             (a9c7273645a06a01ac2ca070d7d7ec87) C:\WINDOWS\system32\drivers\arc.sys
17:06:00.0229 5884	arc - ok
17:06:00.0385 5884	ArcaRemoteService (8ba5b2c209bc2f01b600c31569747230) C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe
17:06:00.0448 5884	ArcaRemoteService - ok
17:06:00.0589 5884	aspnet_state    (e1633440859f9a1b3ceaf73ba85225ca) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:06:00.0589 5884	aspnet_state - ok
17:06:00.0604 5884	AsyncMac        (a35b971f631d4dfdeb68d71e770d2ce9) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:06:00.0604 5884	AsyncMac - ok
17:06:00.0620 5884	atapi           (ff953a8f08ca3f822127654375786bbe) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:06:00.0620 5884	atapi - ok
17:06:00.0651 5884	AtcL002         (45426146548b373efb9d39205007c1fb) C:\WINDOWS\system32\DRIVERS\atl02_03.sys
17:06:00.0667 5884	AtcL002 - ok
17:06:00.0667 5884	Atdisk - ok
17:06:00.0682 5884	Atmarpc         (d12dad5032285343ce3aa4906f661181) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:06:00.0682 5884	Atmarpc - ok
17:06:00.0776 5884	AudioSrv        (df132365662af2400eff338eba76972a) C:\WINDOWS\System32\audiosrv.dll
17:06:00.0776 5884	AudioSrv - ok
17:06:00.0792 5884	audstub         (5bfd980c2107d88101d1dc14055526fc) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:06:00.0792 5884	audstub - ok
17:06:00.0870 5884	AVBackup        (84e76eccefaba72994ad4f7a6f41aa17) C:\Program Files\ArcaBit\ArcaTools\ArcaBackup\ArcaBackupService.exe
17:06:00.0885 5884	AVBackup - ok
17:06:00.0964 5884	AVTasks2        (906801687a55274307892d9a50f747f1) C:\Program Files\ArcaBit\Common\ArcaTasksService.exe
17:06:00.0964 5884	AVTasks2 - ok
17:06:01.0026 5884	AVUpdate        (9b55f0b9a014986860d0c52c93124286) C:\Program Files\ArcaBit\ArcaUpdate\update.exe
17:06:01.0026 5884	AVUpdate - ok
17:06:01.0057 5884	Beep            (99572503e15a3d10239b7b9887cbaf89) C:\WINDOWS\system32\drivers\Beep.sys
17:06:01.0057 5884	Beep - ok
17:06:01.0089 5884	BITS            (53e23a0e587d7869c5f539772620dc4b) C:\WINDOWS\system32\qmgr.dll
17:06:01.0260 5884	BITS - ok
17:06:01.0385 5884	Browser         (edf1696abea7412c0128c7dfc735d624) C:\WINDOWS\System32\browser.dll
17:06:01.0385 5884	Browser - ok
17:06:01.0417 5884	cbidf2k         (1342877de604a5a6bff986e288e3a8a7) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:06:01.0417 5884	cbidf2k - ok
17:06:01.0448 5884	cd20xrnt        (431d1b3dc3de617da27055c87b424a21) C:\WINDOWS\system32\drivers\cd20xrnt.sys
17:06:01.0448 5884	cd20xrnt - ok
17:06:01.0479 5884	Cdfs            (e6d72780c957b69c48bfc66bc3ecdad4) C:\WINDOWS\system32\drivers\Cdfs.sys
17:06:01.0479 5884	Cdfs - ok
17:06:01.0479 5884	Cdrom           (825aa877a852ecc731fa0c39c8c37744) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:06:01.0479 5884	Cdrom - ok
17:06:01.0495 5884	Changer - ok
17:06:01.0495 5884	CiSvc           (8a918c53a175c7fcebb928cc45422f93) C:\WINDOWS\system32\cisvc.exe
17:06:01.0495 5884	CiSvc - ok
17:06:01.0510 5884	ClipSrv         (d03f0b7ad11883a12d3987a44518358d) C:\WINDOWS\system32\clipsrv.exe
17:06:01.0510 5884	ClipSrv - ok
17:06:01.0651 5884	clr_optimization_v2.0.50727_32 (3d560af01bdc50b4a1e1bfb5cdc06d63) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:06:01.0667 5884	clr_optimization_v2.0.50727_32 - ok
17:06:01.0682 5884	ClusDisk        (54308cdf97622fae1620bb1ec39ef014) C:\WINDOWS\system32\DRIVERS\ClusDisk.sys
17:06:01.0682 5884	ClusDisk - ok
17:06:01.0698 5884	CmdIde - ok
17:06:01.0745 5884	COMSysApp - ok
17:06:01.0776 5884	Cpqarray        (126d049a6e6b6cb8df1c69d3e2a8c0c4) C:\WINDOWS\system32\drivers\Cpqarray.sys
17:06:01.0776 5884	Cpqarray - ok
17:06:01.0776 5884	cpqarry2        (d31cb94a4acad58abb6cf74b7ef1ce1f) C:\WINDOWS\system32\drivers\cpqarry2.sys
17:06:01.0776 5884	cpqarry2 - ok
17:06:01.0776 5884	cpqcissm        (0c5dcc2df112b7352b9427d943cf56bc) C:\WINDOWS\system32\drivers\cpqcissm.sys
17:06:01.0776 5884	cpqcissm - ok
17:06:01.0792 5884	cpqfcalm        (fed86c9f250fc641b37c933e4c214a8a) C:\WINDOWS\system32\drivers\cpqfcalm.sys
17:06:01.0807 5884	cpqfcalm - ok
17:06:01.0823 5884	crcdisk         (0ee27d9dbb208c13314f3c60f66aed26) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
17:06:01.0823 5884	crcdisk - ok
17:06:01.0839 5884	CryptSvc        (7db5020817bafac898e28d7dadb1b56e) C:\WINDOWS\System32\cryptsvc.dll
17:06:01.0839 5884	CryptSvc - ok
17:06:01.0854 5884	dac2w2k         (8ce90c5c311592273ab0fb39a2d23896) C:\WINDOWS\system32\drivers\dac2w2k.sys
17:06:01.0854 5884	dac2w2k - ok
17:06:01.0854 5884	dac960nt        (19b8202934b660c4ec2e64354437a854) C:\WINDOWS\system32\drivers\dac960nt.sys
17:06:01.0854 5884	dac960nt - ok
17:06:01.0901 5884	DcomLaunch      (d36be78f1404ff273726925f77ca9628) C:\WINDOWS\system32\rpcss.dll
17:06:01.0917 5884	DcomLaunch - ok
17:06:01.0932 5884	dellcerc        (264e592a99801b682c98984588a7d7b5) C:\WINDOWS\system32\drivers\dellcerc.sys
17:06:01.0932 5884	dellcerc - ok
17:06:01.0948 5884	Dfs             (e54594d24084cdbbea7b99900ba260e1) C:\WINDOWS\system32\Dfssvc.exe
17:06:01.0964 5884	Dfs - ok
17:06:01.0979 5884	DfsDriver       (444726b01c31d29c70e60f7c35de43e5) C:\WINDOWS\system32\drivers\Dfs.sys
17:06:01.0979 5884	DfsDriver - ok
17:06:02.0010 5884	Dhcp            (50b7b7832b3c9331f8ba49ff1d84eb41) C:\WINDOWS\System32\dhcpcsvc.dll
17:06:02.0026 5884	Dhcp - ok
17:06:02.0057 5884	DHCPServer      (32b40a978d7623bef317a5b363706f85) C:\WINDOWS\system32\tcpsvcs.exe
17:06:02.0057 5884	DHCPServer - ok
17:06:02.0057 5884	Disk            (98433302c02f1168efb7364f8111a179) C:\WINDOWS\system32\DRIVERS\disk.sys
17:06:02.0057 5884	Disk - ok
17:06:02.0057 5884	dmadmin - ok
17:06:02.0104 5884	dmboot          (9ae2dbf649e5ba45bba6684e064586b1) C:\WINDOWS\system32\drivers\dmboot.sys
17:06:02.0120 5884	dmboot - ok
17:06:02.0135 5884	dmio            (c36c0dc331040e3250f78e283fffc378) C:\WINDOWS\system32\drivers\dmio.sys
17:06:02.0135 5884	dmio - ok
17:06:02.0167 5884	dmload          (3d9bfa13b6f1cd2d91c50c52b32e91a2) C:\WINDOWS\system32\drivers\dmload.sys
17:06:02.0167 5884	dmload - ok
17:06:02.0182 5884	dmserver        (4e1fcc1ac2d6aba1c3636c3714cdfdb6) C:\WINDOWS\System32\dmserver.dll
17:06:02.0182 5884	dmserver - ok
17:06:02.0182 5884	DMusic          (f22e49c8681116e2fd74d7021aa32f13) C:\WINDOWS\system32\drivers\DMusic.sys
17:06:02.0198 5884	DMusic - ok
17:06:02.0276 5884	DNS             (dfa5b3128fb21ff331dc5805b1cd6236) C:\WINDOWS\System32\dns.exe
17:06:02.0276 5884	DNS - ok
17:06:02.0307 5884	Dnscache        (dee3c28959f74c34cd710acd52dc16ad) C:\WINDOWS\System32\dnsrslvr.dll
17:06:02.0307 5884	Dnscache - ok
17:06:02.0339 5884	dpti2o          (110406bc22a72e2dcbb0a86e0542ab1c) C:\WINDOWS\system32\drivers\dpti2o.sys
17:06:02.0339 5884	dpti2o - ok
17:06:02.0354 5884	drmkaud         (3f31fa82741d2b1c53e4144ef817444e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:06:02.0354 5884	drmkaud - ok
17:06:02.0354 5884	elxstor - ok
17:06:02.0432 5884	ERSvc           (63e71d7d77ca835d8d04b68bf2e6b2a8) C:\WINDOWS\System32\ersvc.dll
17:06:02.0432 5884	ERSvc - ok
17:06:02.0479 5884	Eventlog        (82ff02e9a843f7706fe364a995d44ef5) C:\WINDOWS\system32\services.exe
17:06:02.0479 5884	Eventlog - ok
17:06:02.0510 5884	EventSystem     (9911e62376bac4aaf424e67734cec35d) C:\WINDOWS\system32\es.dll
17:06:02.0526 5884	EventSystem - ok
17:06:02.0557 5884	EXIFS           (2e925f25917a75021f66f407e7913b9b) C:\WINDOWS\system32\drivers\exifs.sys
17:06:02.0557 5884	EXIFS - ok
17:06:02.0589 5884	Fastfat         (e792a18abdc32286212dce8e75baa124) C:\WINDOWS\system32\drivers\Fastfat.sys
17:06:02.0604 5884	Fastfat - ok
17:06:02.0635 5884	Fax             (f818c07ceddbedd1713ed001ce36804a) C:\WINDOWS\system32\fxssvc.exe
17:06:02.0729 5884	Fax - ok
17:06:02.0807 5884	Fdc             (5090cd3f6ab1d71ad507953cff556ea9) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:06:02.0807 5884	Fdc - ok
17:06:02.0901 5884	Fips            (cfcee801bab60f3f1f5d6afd056e837d) C:\WINDOWS\system32\drivers\Fips.sys
17:06:02.0901 5884	Fips - ok
17:06:02.0917 5884	Flpydisk        (c621a51f415419a3145a5939abde39fa) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:06:02.0917 5884	Flpydisk - ok
17:06:02.0948 5884	FltMgr          (f978277ef786532195cdd9f88e908632) C:\WINDOWS\system32\drivers\fltmgr.sys
17:06:02.0964 5884	FltMgr - ok
17:06:02.0979 5884	Fs_Rec          (aebff3d810b74971b91b2b77b289a98b) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:06:02.0979 5884	Fs_Rec - ok
17:06:02.0995 5884	Ftdisk          (5b2d242073557000268a55891a2d6a5a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:06:03.0010 5884	Ftdisk - ok
17:06:03.0042 5884	Fweng           (146ca871c9dff4a62371bf992faf6e97) C:\WINDOWS\system32\drivers\fweng.sys
17:06:03.0057 5884	Fweng - ok
17:06:03.0167 5884	fwsrv           (c7e7e1c52cb53a1d73844252212d0164) C:\Program Files\Microsoft ISA Server\wspsrv.exe
17:06:03.0198 5884	fwsrv - ok
17:06:03.0229 5884	Gpc             (30b1653a955f548352024a5fee203cc3) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:06:03.0229 5884	Gpc - ok
17:06:03.0276 5884	Groveler        (64d2570f26f8f183def377e54875cf3b) C:\WINDOWS\system32\grovel.exe
17:06:03.0276 5884	Groveler - ok
17:06:03.0307 5884	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:06:03.0323 5884	HDAudBus - ok
17:06:03.0323 5884	HidServ - ok
17:06:03.0354 5884	hpcisss         (8a445379d6e73731a6a37318dbb0c880) C:\WINDOWS\system32\drivers\hpcisss.sys
17:06:03.0354 5884	hpcisss - ok
17:06:03.0385 5884	hpn             (cf54b5f4192fa5f669d13ee700fc9dce) C:\WINDOWS\system32\drivers\hpn.sys
17:06:03.0385 5884	hpn - ok
17:06:03.0385 5884	hpt3xx          (d3704da43183412dfa0dc1f31051d447) C:\WINDOWS\system32\drivers\hpt3xx.sys
17:06:03.0385 5884	hpt3xx - ok
17:06:03.0432 5884	HTTP            (ecdc1ac15edf3553d09f9d60b889cb41) C:\WINDOWS\system32\Drivers\HTTP.sys
17:06:03.0479 5884	HTTP - ok
17:06:03.0495 5884	HTTPFilter      (071a5a23068c922488d14dedf4ae7222) C:\WINDOWS\system32\lsass.exe
17:06:03.0495 5884	HTTPFilter - ok
17:06:03.0510 5884	i2omgmt - ok
17:06:03.0510 5884	i2omp           (615395fc46eeea7e7e822d4be8006862) C:\WINDOWS\system32\drivers\i2omp.sys
17:06:03.0510 5884	i2omp - ok
17:06:03.0542 5884	i8042prt        (52b025af01b54e1059fee6e1eae9769d) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:06:03.0542 5884	i8042prt - ok
17:06:03.0573 5884	iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys
17:06:03.0589 5884	iaStor - ok
17:06:03.0604 5884	iirsp           (aa9ab3b793401463bb938adef5fa8266) C:\WINDOWS\system32\drivers\iirsp.sys
17:06:03.0604 5884	iirsp - ok
17:06:03.0635 5884	IISADMIN        (93ca69511f398b9e205a7445c6ff953d) C:\WINDOWS\system32\inetsrv\inetinfo.exe
17:06:03.0635 5884	IISADMIN - ok
17:06:03.0635 5884	IMAP4Svc        (93ca69511f398b9e205a7445c6ff953d) C:\WINDOWS\system32\inetsrv\inetinfo.exe
17:06:03.0635 5884	IMAP4Svc - ok
17:06:03.0651 5884	imapi           (44c132b35921b54b4a9ac64369d86d83) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:06:03.0667 5884	imapi - ok
17:06:03.0682 5884	ImapiService    (634d4af11fdf6992278df1da7b99a85b) C:\WINDOWS\system32\imapi.exe
17:06:03.0776 5884	ImapiService - ok
17:06:04.0370 5884	IntcAzAudAddService (41ef008d7b089ce6f5f2e4a61d5638e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:06:04.0479 5884	IntcAzAudAddService - ok
17:06:05.0526 5884	IntelIde - ok
17:06:05.0542 5884	intelppm        (9a4f573bbb569247d455b770bc633414) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:06:05.0542 5884	intelppm - ok
17:06:05.0557 5884	Ip6Fw           (d7e7e7898a05c53dd862b49828747c1e) C:\WINDOWS\system32\drivers\ip6fw.sys
17:06:05.0557 5884	Ip6Fw - ok
17:06:05.0573 5884	IpFilterDriver  (5a41f207b7c39ee4918f7496a4f19b14) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:06:05.0573 5884	IpFilterDriver - ok
17:06:05.0573 5884	IpInIp - ok
17:06:05.0573 5884	IpNat - ok
17:06:05.0604 5884	IPSec           (1a9aeac49683b32df55b7fb1516f3028) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:06:05.0604 5884	IPSec - ok
17:06:05.0620 5884	ipsraidn        (c8594550880b16a31c99ec42b106e14f) C:\WINDOWS\system32\drivers\ipsraidn.sys
17:06:05.0635 5884	ipsraidn - ok
17:06:05.0651 5884	IRENUM          (11407ee682a2d5b0248de8af0f1a6996) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:06:05.0651 5884	IRENUM - ok
17:06:06.0057 5884	isactrl         (ea8990f3712cfe25ea3e5cde30e34724) C:\Program Files\Microsoft ISA Server\mspadmin.exe
17:06:06.0089 5884	isactrl - ok
17:06:06.0120 5884	isapnp          (dd3fd0bd8de0f66674c210d30c50d30a) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:06:06.0120 5884	isapnp - ok
17:06:06.0151 5884	isasched        (798445d65ed91e471ccfb4c4e82ecf7b) C:\Program Files\Microsoft ISA Server\W3Prefch.exe
17:06:06.0151 5884	isasched - ok
17:06:06.0167 5884	ISASTG          (4c096f28a77e197e6bea30a1f9384ac4) C:\Program Files\Microsoft ISA Server\isastg.exe
17:06:06.0167 5884	ISASTG - ok
17:06:06.0182 5884	IsmServ         (81836994258561899f4de0c3b1876f66) C:\WINDOWS\System32\ismserv.exe
17:06:06.0182 5884	IsmServ - ok
17:06:06.0214 5884	Kbdclass        (2bcd57897e93c6bafe744a859945fe5a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:06:06.0214 5884	Kbdclass - ok
17:06:06.0245 5884	kdc             (071a5a23068c922488d14dedf4ae7222) C:\WINDOWS\System32\lsass.exe
17:06:06.0245 5884	kdc - ok
17:06:06.0260 5884	kmixer          (80e7673fda20c7baca5749bbb2797866) C:\WINDOWS\system32\drivers\kmixer.sys
17:06:06.0292 5884	kmixer - ok
17:06:06.0323 5884	KSecDD          (519758af331cc1ee6155402e015b4e47) C:\WINDOWS\system32\drivers\KSecDD.sys
17:06:06.0323 5884	KSecDD - ok
17:06:06.0339 5884	lanmanserver    (55eae63461d264f0b5399de228876897) C:\WINDOWS\System32\srvsvc.dll
17:06:06.0339 5884	lanmanserver - ok
17:06:06.0385 5884	lanmanworkstation (9fea21141104b9fefea75f6212ba0f54) C:\WINDOWS\System32\wkssvc.dll
17:06:06.0401 5884	lanmanworkstation - ok
17:06:06.0432 5884	LicenseService  (80b574720a33f40f69bff9429e90c415) C:\WINDOWS\System32\llssrv.exe
17:06:06.0432 5884	LicenseService - ok
17:06:06.0448 5884	LmHosts         (5b5f48081025b837765cebb039d15143) C:\WINDOWS\System32\lmhsvc.dll
17:06:06.0464 5884	LmHosts - ok
17:06:06.0495 5884	lp6nds35        (fdd8ba3317e07f2e5af608468821a093) C:\WINDOWS\system32\drivers\lp6nds35.sys
17:06:06.0495 5884	lp6nds35 - ok
17:06:06.0526 5884	Messenger       (386c59178759b1cc0904eb9ea403ba8a) C:\WINDOWS\System32\msgsvc.dll
17:06:06.0526 5884	Messenger - ok
17:06:06.0542 5884	mnmdd           (c35bb38904d843c0465858195b30dab7) C:\WINDOWS\system32\drivers\mnmdd.sys
17:06:06.0542 5884	mnmdd - ok
17:06:06.0573 5884	mnmsrvc         (610267a4c5c00e5f11802d4591d1788d) C:\WINDOWS\system32\mnmsrvc.exe
17:06:06.0573 5884	mnmsrvc - ok
17:06:06.0573 5884	Modem           (072f5e4964830ac9ef8a9529132a1fa2) C:\WINDOWS\system32\drivers\Modem.sys
17:06:06.0573 5884	Modem - ok
17:06:06.0589 5884	Mouclass        (c42a88171f0f40ec857c955d5e8b6c46) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:06:06.0589 5884	Mouclass - ok
17:06:06.0620 5884	MountMgr        (fc43a7a34309c750b9daeadf2f6ec9b9) C:\WINDOWS\system32\drivers\MountMgr.sys
17:06:06.0620 5884	MountMgr - ok
17:06:06.0620 5884	mraid35x        (4fa93ba7ae719fb6c0a2be09ac357863) C:\WINDOWS\system32\drivers\mraid35x.sys
17:06:06.0620 5884	mraid35x - ok
17:06:06.0651 5884	MRxDAV          (ab6db63a1791f8e86b085291686464fd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:06:06.0667 5884	MRxDAV - ok
17:06:06.0885 5884	MRxSmb          (16936142fa1d989cf63fd22c8b9d4a6d) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:06:06.0901 5884	MRxSmb - ok
17:06:06.0932 5884	MSDTC           (2eaa1763a77be385b9a71a843c7f159e) C:\WINDOWS\system32\msdtc.exe
17:06:06.0932 5884	MSDTC - ok
17:06:07.0010 5884	MSExchangeES    (b3a81fdbcbe84136ab5abdc7b802683d) C:\Program Files\Exchsrvr\bin\events.exe
17:06:07.0010 5884	MSExchangeES - ok
17:06:07.0292 5884	MSExchangeIS    (7be3f37c3f7abd067d21d04bb235a8b6) C:\Program Files\Exchsrvr\bin\store.exe
17:06:07.0401 5884	MSExchangeIS - ok
17:06:07.0589 5884	MSExchangeMGMT  (b4cdb17c573e06ddbfa700cf99158515) C:\Program Files\Exchsrvr\bin\exmgmt.exe
17:06:07.0667 5884	MSExchangeMGMT - ok
17:06:08.0120 5884	MSExchangeMTA   (d2020844a5f02fb20e58c9117c86e006) C:\Program Files\Exchsrvr\bin\emsmta.exe
17:06:08.0198 5884	MSExchangeMTA - ok
17:06:08.0667 5884	MSExchangeSA    (32c13adadc481636f0b157baa8eaa800) C:\Program Files\Exchsrvr\bin\mad.exe
17:06:09.0260 5884	MSExchangeSA - ok
17:06:09.0370 5884	MSExchangeSRS   (2d952ba8df9b5f3c13f92bafb0ef5122) C:\Program Files\Exchsrvr\bin\srsmain.exe
17:06:09.0401 5884	MSExchangeSRS - ok
17:06:39.0370 5884	Msfs            (8f50b87361585763841c6b603d23260c) C:\WINDOWS\system32\drivers\Msfs.sys
17:06:39.0401 5884	Msfs - ok
17:06:39.0870 5884	msftesql        (f7e0900f9a8e3f71f2c16a932f0e03e0) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
17:06:39.0917 5884	msftesql - ok
17:06:40.0042 5884	MSFtpsvc        (93ca69511f398b9e205a7445c6ff953d) C:\WINDOWS\system32\inetsrv\inetinfo.exe
17:06:40.0042 5884	MSFtpsvc - ok
17:06:40.0042 5884	MSIServer - ok
17:06:40.0104 5884	MSKSSRV         (baa279ecaaff6564ba289d38be2e1e83) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:06:40.0104 5884	MSKSSRV - ok
17:06:40.0120 5884	MSPCLOCK        (5d3de11af7f2adf006fb723b0f6b2afa) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:06:40.0135 5884	MSPCLOCK - ok
17:06:40.0370 5884	MSPOP3Connector (7dfd09bd1c9bc7166efe4658776c54e9) C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
17:06:40.0385 5884	MSPOP3Connector - ok
17:06:40.0464 5884	MSPQM           (ee4171d3f3ceaa7386561aad262f8bd3) C:\WINDOWS\system32\drivers\MSPQM.sys
17:06:40.0479 5884	MSPQM - ok
17:06:41.0135 5884	MSSEARCH        (5c7157451da94116443b96c4d59d059c) C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
17:06:41.0167 5884	MSSEARCH - ok
17:06:41.0339 5884	mssmbios        (92afab2f216ce8ffbad3bc510fcf4a33) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:06:41.0339 5884	mssmbios - ok
17:06:48.0479 5884	MSSQL$MSFW      (751961e128dbcc7a32304339c4bdeff0) C:\Program Files\Microsoft SQL Server\MSSQL$MSFW\Binn\sqlservr.exe
17:06:52.0167 5884	MSSQL$MSFW - ok
17:07:02.0057 5884	MSSQL$SBSMONITORING (751961e128dbcc7a32304339c4bdeff0) C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe
17:07:06.0307 5884	MSSQL$SBSMONITORING - ok
17:07:17.0448 5884	MSSQL$SHAREPOINT (751961e128dbcc7a32304339c4bdeff0) C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
17:07:21.0917 5884	MSSQL$SHAREPOINT - ok
17:07:24.0120 5884	MSSQL$WSUS      (751961e128dbcc7a32304339c4bdeff0) C:\Program Files\Microsoft SQL Server\MSSQL$WSUS\Binn\sqlservr.exe
17:07:24.0370 5884	MSSQL$WSUS - ok
17:07:24.0557 5884	MSSQLSERVER - ok
17:07:24.0620 5884	MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:07:24.0620 5884	MSSQLServerADHelper - ok
17:07:25.0057 5884	MTsensor        (dcdaab8697a47894a554050ce18d0b56) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:07:25.0057 5884	MTsensor - ok
17:07:25.0089 5884	Mup             (834560abee4eae62620f4026263aa051) C:\WINDOWS\system32\drivers\Mup.sys
17:07:25.0089 5884	Mup - ok
17:07:25.0135 5884	NDIS            (33739ab31d36184772af1ee132d5c2e2) C:\WINDOWS\system32\drivers\NDIS.sys
17:07:25.0182 5884	NDIS - ok
17:07:25.0214 5884	NdisTapi        (888b08f81b7d8428a37439d15c27f419) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:07:25.0214 5884	NdisTapi - ok
17:07:25.0229 5884	Ndisuio         (8b8e682b03483092e17ab9dfe70fedff) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:07:25.0229 5884	Ndisuio - ok
17:07:25.0245 5884	NdisWan         (1b397eef4614419be5679e0209f7848b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:07:25.0245 5884	NdisWan - ok
17:07:25.0276 5884	NDProxy         (5298ed90bbe5c5eeedc363eed2888a25) C:\WINDOWS\system32\drivers\NDProxy.sys
17:07:25.0276 5884	NDProxy - ok
17:07:25.0292 5884	NetBIOS         (a0d5d6ae530ca78a062fc0471f1e6f78) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:07:25.0292 5884	NetBIOS - ok
17:07:25.0307 5884	NetBT           (5cd7cca08498ec8753b22e92d367ca11) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:07:25.0339 5884	NetBT - ok
17:07:25.0354 5884	NetDDE          (63cafd2981f9bbc3aa83b66a6bcd38f3) C:\WINDOWS\system32\netdde.exe
17:07:25.0354 5884	NetDDE - ok
17:07:25.0370 5884	NetDDEdsdm      (63cafd2981f9bbc3aa83b66a6bcd38f3) C:\WINDOWS\system32\netdde.exe
17:07:25.0370 5884	NetDDEdsdm - ok
17:07:25.0385 5884	Netlogon        (071a5a23068c922488d14dedf4ae7222) C:\WINDOWS\system32\lsass.exe
17:07:25.0385 5884	Netlogon - ok
17:07:25.0401 5884	Netman          (ce5f3ddd57bee6345754a51410d5fca5) C:\WINDOWS\System32\netman.dll
17:07:25.0417 5884	Netman - ok
17:07:25.0417 5884	nfrd960 - ok
17:07:25.0448 5884	Nla             (ed82852981d1179de268d31b9156ac56) C:\WINDOWS\System32\mswsock.dll
17:07:25.0495 5884	Nla - ok
17:07:25.0510 5884	NntpSvc         (93ca69511f398b9e205a7445c6ff953d) C:\WINDOWS\system32\inetsrv\inetinfo.exe
17:07:25.0510 5884	NntpSvc - ok
17:07:25.0526 5884	Npfs            (d5bb605f6dcbdfe0129670c8de57913e) C:\WINDOWS\system32\drivers\Npfs.sys
17:07:25.0526 5884	Npfs - ok
17:07:25.0589 5884	NtFrs           (8883194f276caeeb181877303b5a3272) C:\WINDOWS\system32\ntfrs.exe
17:07:25.0604 5884	NtFrs - ok
17:07:25.0651 5884	Ntfs            (482ea51aadb8763a0f67588c394ec693) C:\WINDOWS\system32\drivers\Ntfs.sys
17:07:25.0667 5884	Ntfs - ok
17:07:25.0682 5884	NtLmSsp         (071a5a23068c922488d14dedf4ae7222) C:\WINDOWS\system32\lsass.exe
17:07:25.0682 5884	NtLmSsp - ok
17:07:25.0792 5884	NtmsSvc         (abb9c6b452a11c24292b7f8089060f48) C:\WINDOWS\system32\ntmssvc.dll
17:07:25.0839 5884	NtmsSvc - ok
17:07:25.0854 5884	Null            (5db0ede7aaf3a7bc9110d18c12524be0) C:\WINDOWS\system32\drivers\Null.sys
17:07:25.0854 5884	Null - ok
17:07:25.0917 5884	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:07:25.0917 5884	ose - ok
17:07:25.0932 5884	Parport         (cd9df6e81dbc63d7d9a4b27f6845ca6f) C:\WINDOWS\system32\DRIVERS\parport.sys
17:07:25.0932 5884	Parport - ok
17:07:25.0964 5884	PartMgr         (4eb6f7418959444a06d3c51eb81bff04) C:\WINDOWS\system32\drivers\PartMgr.sys
17:07:25.0964 5884	PartMgr - ok
17:07:25.0979 5884	Parvdm          (f27fedde92d64ed9d807dd879bd95bb6) C:\WINDOWS\system32\DRIVERS\parvdm.sys
17:07:25.0979 5884	Parvdm - ok
17:07:25.0995 5884	PCI             (e68f3877a00c442306ad1f471130462f) C:\WINDOWS\system32\DRIVERS\pci.sys
17:07:25.0995 5884	PCI - ok
17:07:26.0010 5884	PCIIde          (3cda4d199314519c6289ed660b92b2f5) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:07:26.0010 5884	PCIIde - ok
17:07:26.0042 5884	Pcmcia          (d97e192a466a6061e33d79fa01ca0a01) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:07:26.0057 5884	Pcmcia - ok
17:07:26.0057 5884	PDCOMP - ok
17:07:26.0073 5884	PDFRAME - ok
17:07:26.0073 5884	PDRELI - ok
17:07:26.0073 5884	PDRFRAME - ok
17:07:26.0089 5884	perc2 - ok
17:07:26.0089 5884	perc2hib - ok
17:07:26.0135 5884	PlugPlay        (82ff02e9a843f7706fe364a995d44ef5) C:\WINDOWS\system32\services.exe
17:07:26.0135 5884	PlugPlay - ok
17:07:26.0135 5884	PolicyAgent     (071a5a23068c922488d14dedf4ae7222) C:\WINDOWS\system32\lsass.exe
17:07:26.0135 5884	PolicyAgent - ok
17:07:26.0182 5884	POP3Svc         (93ca69511f398b9e205a7445c6ff953d) C:\WINDOWS\system32\inetsrv\inetinfo.exe
17:07:26.0182 5884	POP3Svc - ok
17:07:26.0245 5884	PowerSoft Klient sieciowy (19d35c6db34c73082770c8fbbc4e7ed1) C:\Program Files\PowerSoft Plus\NetClnNt.exe
17:07:26.0245 5884	PowerSoft Klient sieciowy - ok
17:07:26.0307 5884	PowerSoft Plus  (e3dce88bb3beae6d60424dbc21352a2b) C:\Program Files\PowerSoft Plus\PSCoreNt.exe
17:07:26.0307 5884	PowerSoft Plus - ok
17:07:26.0339 5884	PptpMiniport    (4454f2639bcca93be86a45137e427277) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:07:26.0339 5884	PptpMiniport - ok
17:07:26.0339 5884	ProtectedStorage (071a5a23068c922488d14dedf4ae7222) C:\WINDOWS\system32\lsass.exe
17:07:26.0339 5884	ProtectedStorage - ok
17:07:26.0354 5884	PSched          (7ab9e10b929573f7ea072c6b6ce97dd2) C:\WINDOWS\system32\DRIVERS\psched.sys
17:07:26.0354 5884	PSched - ok
17:07:26.0370 5884	Ptilink         (0320fd91fb5ed4298355977cecfc0eb4) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:07:26.0370 5884	Ptilink - ok
17:07:26.0385 5884	ql1080          (8485bd4c7a781fd1754ff42b1dc36a9a) C:\WINDOWS\system32\drivers\ql1080.sys
17:07:26.0385 5884	ql1080 - ok
17:07:26.0401 5884	Ql10wnt         (fe6256e7714e96df9e8df44a9f3db791) C:\WINDOWS\system32\drivers\Ql10wnt.sys
17:07:26.0401 5884	Ql10wnt - ok
17:07:26.0401 5884	ql12160         (ca811eaeb772d19a8d37db71564368f9) C:\WINDOWS\system32\drivers\ql12160.sys
17:07:26.0401 5884	ql12160 - ok
17:07:26.0401 5884	ql1240          (7e88fd1baa8b3e6510e83a62040582d6) C:\WINDOWS\system32\drivers\ql1240.sys
17:07:26.0401 5884	ql1240 - ok
17:07:26.0417 5884	ql1280          (d78e91dace023a05faaf5ee6ce7f289c) C:\WINDOWS\system32\drivers\ql1280.sys
17:07:26.0417 5884	ql1280 - ok
17:07:26.0417 5884	ql2100          (e6bdb78d0f8108487709ead87ac848da) C:\WINDOWS\system32\drivers\ql2100.sys
17:07:26.0432 5884	ql2100 - ok
17:07:26.0432 5884	ql2200          (c6587711b694feb0521ae2639307cf59) C:\WINDOWS\system32\drivers\ql2200.sys
17:07:26.0448 5884	ql2200 - ok
17:07:26.0479 5884	ql2300          (5d60b4db95d1a85fe102217f815696a3) C:\WINDOWS\system32\drivers\ql2300.sys
17:07:26.0510 5884	ql2300 - ok
17:07:26.0526 5884	RasAcd          (48ee7b6802c0306f9a66f34db7e9ef75) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:07:26.0526 5884	RasAcd - ok
17:07:26.0557 5884	RasAuto         (194ac8aef43d837a33dd73deb4541a85) C:\WINDOWS\System32\rasauto.dll
17:07:26.0557 5884	RasAuto - ok
17:07:26.0573 5884	Rasl2tp         (3633175613e052ecb41776dee2777a89) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:07:26.0573 5884	Rasl2tp - ok
17:07:26.0604 5884	RasMan          (ddf8f21f4f17e7e254e24b74e94da487) C:\WINDOWS\System32\rasmans.dll
17:07:26.0620 5884	RasMan - ok
17:07:26.0635 5884	RasPppoe        (59842f0a22216a71cade6f89fe84c973) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:07:26.0635 5884	RasPppoe - ok
17:07:26.0682 5884	Raspti          (5b11871de804d3ed28bbdcc65fe14ede) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:07:26.0682 5884	Raspti - ok
17:07:26.0745 5884	Rdbss           (4496b15c44ccb703fbc54f2cf5b67f15) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:07:26.0745 5884	Rdbss - ok
17:07:26.0760 5884	RDPCDD          (ac5bb528ecd2bea4ff4bff9df9baf749) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:07:26.0760 5884	RDPCDD - ok
17:07:26.0792 5884	rdpdr           (ff678596b761e1ccba79f49981ef51bc) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:07:26.0807 5884	rdpdr - ok
17:07:26.0839 5884	RDPWD           (4e2e9b17a618433d68697a3c6d8ddd6e) C:\WINDOWS\system32\drivers\RDPWD.sys
17:07:26.0854 5884	RDPWD - ok
17:07:26.0870 5884	RDSessMgr       (14ec422317e93f7803c281804eef4e4e) C:\WINDOWS\system32\sessmgr.exe
17:07:26.0885 5884	RDSessMgr - ok
17:07:26.0917 5884	redbook         (4cd4d253d86214176cead90e5dc520b2) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:07:26.0917 5884	redbook - ok
17:07:26.0948 5884	RemoteAccess    (9bfeb696c9e42a74911373b36e0674b3) C:\WINDOWS\System32\mprdim.dll
17:07:26.0948 5884	RemoteAccess - ok
17:07:26.0995 5884	RemoteRegistry  (ca82a5c33909c335028d4a43ffec51f6) C:\WINDOWS\system32\regsvc.dll
17:07:26.0995 5884	RemoteRegistry - ok
17:07:27.0104 5884	ReportServer    (0d3b092e636ed2b4c791766848587c7b) C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\bin\ReportingServicesService.exe
17:07:27.0104 5884	ReportServer - ok
17:07:27.0151 5884	RESvc           (93ca69511f398b9e205a7445c6ff953d) C:\WINDOWS\system32\inetsrv\inetinfo.exe
17:07:27.0167 5884	RESvc - ok
17:07:27.0167 5884	ROOTMODEM       (60e80a6ef556e09a1baaf59d3da462ee) C:\WINDOWS\system32\Drivers\RootMdm.sys
17:07:27.0167 5884	ROOTMODEM - ok
17:07:27.0182 5884	RpcLocator      (3d7f304158179ba19ac5e992696faab6) C:\WINDOWS\system32\locator.exe
17:07:27.0182 5884	RpcLocator - ok
17:07:27.0229 5884	RpcSs           (d36be78f1404ff273726925f77ca9628) C:\WINDOWS\system32\rpcss.dll
17:07:27.0276 5884	RpcSs - ok
17:07:27.0292 5884	RSoPProv        (ba551438c925ddbcb34c7ed0e81007b4) C:\WINDOWS\system32\RSoPProv.exe
17:07:27.0292 5884	RSoPProv - ok
17:07:27.0323 5884	RTL8023xp       (c8b370b2b520ac1b8bc66203fcec73db) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
17:07:27.0323 5884	RTL8023xp - ok
17:07:27.0339 5884	sacdrv          (a0e9cf9ceb95629513251d46ce60d758) C:\WINDOWS\system32\drivers\sacdrv.sys
17:07:27.0354 5884	sacdrv - ok
17:07:27.0354 5884	sacsvr          (f45caa3ab0bc7411db46ea62b0d4de58) C:\WINDOWS\system32\sacsvr.dll
17:07:27.0354 5884	sacsvr - ok
17:07:27.0385 5884	SamSs           (071a5a23068c922488d14dedf4ae7222) C:\WINDOWS\system32\lsass.exe
17:07:27.0385 5884	SamSs - ok
17:07:27.0385 5884	Suspicious service (NoAccess): SBCore
17:07:27.0401 5884	SBCore          (7c0a97d2da02fda76d0a58094bc0a9dd) C:\WINDOWS\System32\sbscrexe.exe
17:07:27.0401 5884	SBCore ( LockedService.Multi.Generic ) - warning
17:07:27.0401 5884	SBCore - detected LockedService.Multi.Generic (1)
17:07:27.0432 5884	SCardSvr        (0a4ba3b92025e219f5735a1a27f72e9f) C:\WINDOWS\System32\SCardSvr.exe
17:07:27.0432 5884	SCardSvr - ok
17:07:27.0448 5884	Schedule        (e6db558349603e503093fdc9bc6732a2) C:\WINDOWS\system32\schedsvc.dll
17:07:27.0495 5884	Schedule - ok
17:07:27.0526 5884	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:07:27.0526 5884	Secdrv - ok
17:07:27.0620 5884	seclogon        (48f461b64f152745b5fcfab77c78dafc) C:\WINDOWS\System32\seclogon.dll
17:07:27.0635 5884	seclogon - ok
17:07:27.0667 5884	SENS            (7c5dec1a580b72fe541934b7ad33031e) C:\WINDOWS\system32\sens.dll
17:07:27.0667 5884	SENS - ok
17:07:27.0901 5884	serenum         (b261d4597bf9a2723b7020207260c72a) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:07:27.0917 5884	serenum - ok
17:07:28.0089 5884	Serial          (939c7bc53e716df8bc566e3c64ab2420) C:\WINDOWS\system32\DRIVERS\serial.sys
17:07:28.0104 5884	Serial - ok
17:07:28.0135 5884	Sfloppy         (831826dc54fa225f0b654ef2f1e13af9) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:07:28.0135 5884	Sfloppy - ok
17:07:28.0151 5884	SharedAccess    (04698e531db8ef8a21979d8e054735a5) C:\WINDOWS\system32\ipnathlp.dll
17:07:28.0167 5884	SharedAccess - ok
17:07:28.0229 5884	ShellHWDetection (d2823226c801d2504bbe42489a7f2395) C:\WINDOWS\System32\shsvcs.dll
17:07:28.0229 5884	ShellHWDetection - ok
17:07:28.0229 5884	Simbad - ok
17:07:28.0245 5884	SIS             (7668635315c63f0a5efff92d06efa772) C:\WINDOWS\system32\DRIVERS\sis.sys
17:07:28.0245 5884	SIS - ok
17:07:28.0276 5884	SMTPSVC         (93ca69511f398b9e205a7445c6ff953d) C:\WINDOWS\system32\inetsrv\inetinfo.exe
17:07:28.0276 5884	SMTPSVC - ok
17:07:28.0307 5884	splitter        (b49a94bf901af449c25f41a3cfaaae6b) C:\WINDOWS\system32\drivers\splitter.sys
17:07:28.0307 5884	splitter - ok
17:07:28.0339 5884	Spooler         (9779e8fd913d18f02ce4003d6a9b796c) C:\WINDOWS\system32\spoolsv.exe
17:07:28.0339 5884	Spooler - ok
17:07:28.0417 5884	SPTimer         (8937298818fe74c3b84d1a74c9d4d17e) C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE
17:07:28.0417 5884	SPTimer - ok
17:07:28.0495 5884	SQLAgent$MSFW   (352e375ab298c23b0f9bc307652c7f50) C:\Program Files\Microsoft SQL Server\MSSQL$MSFW\Binn\sqlagent.EXE
17:07:28.0604 5884	SQLAgent$MSFW - ok
17:07:29.0010 5884	SQLAgent$SBSMONITORING (352e375ab298c23b0f9bc307652c7f50) C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE
17:07:29.0010 5884	SQLAgent$SBSMONITORING - ok
17:07:29.0057 5884	SQLAgent$SHAREPOINT (352e375ab298c23b0f9bc307652c7f50) C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlagent.EXE
17:07:29.0073 5884	SQLAgent$SHAREPOINT - ok
17:07:29.0135 5884	SQLAgent$WSUS   (352e375ab298c23b0f9bc307652c7f50) C:\Program Files\Microsoft SQL Server\MSSQL$WSUS\Binn\sqlagent.EXE
17:07:29.0167 5884	SQLAgent$WSUS - ok
17:07:29.0245 5884	SQLBrowser      (d2b096cd2f56fac6eeeed9a77ddf6dc8) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:07:29.0276 5884	SQLBrowser - ok
17:07:29.0339 5884	SQLSERVERAGENT  (a2b96e2e86e11f9aabf69fb199c28966) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
17:07:29.0385 5884	SQLSERVERAGENT - ok
17:07:29.0417 5884	SQLWriter       (54902536aad0e9b99bc65f89c0caf93f) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:07:29.0417 5884	SQLWriter - ok
17:07:30.0214 5884	Srv             (e8b1a07774a9e4fec3105cbad49bf289) C:\WINDOWS\system32\DRIVERS\srv.sys
17:07:30.0229 5884	Srv - ok
17:07:30.0260 5884	stisvc          (4a57b929649b85265594eead7a54ea54) C:\WINDOWS\system32\wiaservc.dll
17:07:30.0276 5884	stisvc - ok
17:07:30.0307 5884	swenum          (93965919785102ba847545ab460ce2df) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:07:30.0307 5884	swenum - ok
17:07:30.0323 5884	swmidi          (e28a71b057f89abe9e3133548d3fbc1d) C:\WINDOWS\system32\drivers\swmidi.sys
17:07:30.0323 5884	swmidi - ok
17:07:30.0354 5884	swprv           (8a0eb194f7b3f10ea1dc89c498fbaa90) C:\WINDOWS\System32\swprv.dll
17:07:30.0370 5884	swprv - ok
17:07:30.0385 5884	symc810         (3d05bfdaef2d2d7eed998ba126fb3466) C:\WINDOWS\system32\drivers\symc810.sys
17:07:30.0385 5884	symc810 - ok
17:07:30.0401 5884	symc8xx         (57f992062e8ff2d37572ec5823f956e7) C:\WINDOWS\system32\drivers\symc8xx.sys
17:07:30.0401 5884	symc8xx - ok
17:07:30.0432 5884	symmpi          (868204832e011e2d64281d7eabee572e) C:\WINDOWS\system32\drivers\symmpi.sys
17:07:30.0432 5884	symmpi - ok
17:07:30.0432 5884	sym_hi          (1fbddf0dc4583922c904195823ebd795) C:\WINDOWS\system32\drivers\sym_hi.sys
17:07:30.0432 5884	sym_hi - ok
17:07:30.0448 5884	sym_u3          (ebd31469527afa05814b3d1a140c24e2) C:\WINDOWS\system32\drivers\sym_u3.sys
17:07:30.0448 5884	sym_u3 - ok
17:07:30.0464 5884	sysaudio        (e69064b5e7e85201db55fad909912fd0) C:\WINDOWS\system32\drivers\sysaudio.sys
17:07:30.0464 5884	sysaudio - ok
17:07:30.0495 5884	SysmonLog       (ce9f815939077acaa4581b749ac3278b) C:\WINDOWS\system32\smlogsvc.exe
17:07:30.0510 5884	SysmonLog - ok
17:07:30.0542 5884	TapiSrv         (f339d8341da8967f66b7b6ce2dcb11bc) C:\WINDOWS\System32\tapisrv.dll
17:07:30.0573 5884	TapiSrv - ok
17:07:30.0604 5884	Tcpip           (238dc2b879d1b37b91f8d5d44f3815d3) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:07:30.0620 5884	Tcpip - ok
17:07:30.0651 5884	TDPIPE          (45d49fb800463de84d1cc2e231319ad5) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:07:30.0651 5884	TDPIPE - ok
17:07:30.0651 5884	TDTCP           (d7c31008de209b8b11ced207580e9c91) C:\WINDOWS\system32\drivers\TDTCP.sys
17:07:30.0651 5884	TDTCP - ok
17:07:30.0667 5884	TermDD          (a01e46fff445a38d35db188c5458582c) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:07:30.0667 5884	TermDD - ok
17:07:30.0682 5884	TermService     (442bd4c39dfbc3dd7f49b585104aacbf) C:\WINDOWS\System32\termsrv.dll
17:07:30.0760 5884	TermService - ok
17:07:30.0839 5884	TFTPD           (8622bbdde707ea837ddf24c2bdd0196c) C:\WINDOWS\system32\tftpd.exe
17:07:30.0839 5884	TFTPD - ok
17:07:30.0995 5884	Themes          (d2823226c801d2504bbe42489a7f2395) C:\WINDOWS\System32\shsvcs.dll
17:07:30.0995 5884	Themes - ok
17:07:30.0995 5884	TosIde - ok
17:07:31.0026 5884	TrkSvr          (94795bebef1a004044299c3e9c846701) C:\WINDOWS\system32\trksvr.dll
17:07:31.0026 5884	TrkSvr - ok
17:07:31.0042 5884	TrkWks          (8be7e94a02be06a7c8f1086ae8310a39) C:\WINDOWS\system32\trkwks.dll
17:07:31.0057 5884	TrkWks - ok
17:07:31.0089 5884	Tssdis          (371564c7b736e060c9cb84cee453fafc) C:\WINDOWS\System32\tssdis.exe
17:07:31.0089 5884	Tssdis - ok
17:07:31.0120 5884	Udfs            (c26024265a7523312a5d06fc33aa57aa) C:\WINDOWS\system32\drivers\Udfs.sys
17:07:31.0120 5884	Udfs - ok
17:07:31.0120 5884	ultra           (b4bfee4ae295853065f1695a196d9790) C:\WINDOWS\system32\drivers\ultra.sys
17:07:31.0135 5884	ultra - ok
17:07:31.0214 5884	UMWdf           (9e2e67a46c03ed79d89bc5dcec5c2b54) C:\WINDOWS\system32\wdfmgr.exe
17:07:31.0214 5884	UMWdf - ok
17:07:31.0323 5884	Update          (b0e133858e63940755b496761834f334) C:\WINDOWS\system32\DRIVERS\update.sys
17:07:31.0339 5884	Update - ok
17:07:31.0370 5884	UPS             (3c072ce836e7b6d56ebfaf0354ae48e1) C:\WINDOWS\System32\ups.exe
17:07:31.0370 5884	UPS - ok
17:07:31.0401 5884	usbehci         (9dd4aba9462938734bcbf51d8669c884) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:07:31.0401 5884	usbehci - ok
17:07:31.0401 5884	usbhub          (17859937740bc0d422fe71a588d6ddf7) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:07:31.0401 5884	usbhub - ok
17:07:31.0432 5884	USBSTOR         (d0740ff9f7e819486e88096826b4dc37) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:07:31.0432 5884	USBSTOR - ok
17:07:31.0448 5884	usbuhci         (cbd3053337bb475f442a892edf671312) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:07:31.0464 5884	usbuhci - ok
17:07:31.0479 5884	vds             (f849212281fcdd12a08a2e2d002afa43) C:\WINDOWS\System32\vds.exe
17:07:31.0510 5884	vds - ok
17:07:31.0526 5884	vga             (2eb062b434792bb6bb614f107dd3a5cf) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
17:07:31.0526 5884	vga - ok
17:07:31.0526 5884	VgaSave         (062fbc10147fd837d819f94aa394e661) C:\WINDOWS\System32\drivers\vga.sys
17:07:31.0526 5884	VgaSave - ok
17:07:31.0526 5884	ViaIde - ok
17:07:31.0557 5884	VolSnap         (03e33c234d34e11da1b7ce64bf0c60e2) C:\WINDOWS\system32\DRIVERS\volsnap.sys
17:07:31.0589 5884	VolSnap - ok
17:07:31.0651 5884	VSS             (c0db37e3c0d7f6ebdeea35dc1c3cf760) C:\WINDOWS\System32\vssvc.exe
17:07:31.0667 5884	VSS - ok
17:07:31.0792 5884	W32Time         (48a5e7bc2899d6680967774c64a8b962) C:\WINDOWS\system32\w32time.dll
17:07:31.0854 5884	W32Time - ok
17:07:31.0979 5884	W3SVC           (2a7f8db23b6b4f2bba28952b27ee7727) C:\WINDOWS\system32\inetsrv\iisw3adm.dll
17:07:32.0010 5884	W3SVC - ok
17:07:32.0057 5884	Wanarp          (ce030b1d05a01fa012d32f2d25676b1c) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:07:32.0057 5884	Wanarp - ok
17:07:32.0057 5884	WDICA - ok
17:07:32.0073 5884	wdmaud          (fd5a720d7997ab69122c96cdd014d43a) C:\WINDOWS\system32\drivers\wdmaud.sys
17:07:32.0073 5884	wdmaud - ok
17:07:32.0104 5884	WDSServer       (71ec80e0e720be4bef9e5542a29eeec0) C:\WINDOWS\system32\wdssrv.dll
17:07:32.0104 5884	WDSServer - ok
17:07:32.0135 5884	WebClient       (e6c1ae87f451723c0a68fd65858976c0) C:\WINDOWS\System32\webclnt.dll
17:07:32.0135 5884	WebClient - ok
17:07:32.0214 5884	WinDefend       (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
17:07:32.0214 5884	WinDefend - ok
17:07:32.0214 5884	WinHttpAutoProxySvc - ok
17:07:32.0542 5884	winmgmt         (ca8cf558cf51048f3ccd6778f83b77a0) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:07:32.0542 5884	winmgmt - ok
17:07:32.0589 5884	WINS            (d8bfec6ef6a5a02f637deb6e3e36f11e) C:\WINDOWS\System32\wins.exe
17:07:32.0620 5884	WINS - ok
17:07:32.0964 5884	WmdmPmSN        (80f09742d78b196d4b8bd06cdaef70e2) C:\WINDOWS\system32\mspmsnsv.dll
17:07:32.0979 5884	WmdmPmSN - ok
17:07:33.0151 5884	Wmi             (36610926a4bba679eca5cec5e0559fb9) C:\WINDOWS\System32\advapi32.dll
17:07:33.0198 5884	Wmi - ok
17:07:33.0214 5884	WmiApSrv        (c3d99bdc0c42ebd1b9cee80cf5fba589) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:07:33.0229 5884	WmiApSrv - ok
17:07:33.0245 5884	MBR (0x1B8)     (32052574bf9f325ae309abc7bfd04460) \Device\Harddisk0\DR0
17:07:33.0401 5884	\Device\Harddisk0\DR0 - ok
17:07:33.0401 5884	MBR (0x1B8)     (33071cf70a9da9cba4b4c534060b6ac3) \Device\Harddisk1\DR6
17:07:40.0354 5884	\Device\Harddisk1\DR6 - ok
17:07:40.0354 5884	Boot (0x1200)   (e3076e87163d3cb2c81a23968072f7a6) \Device\Harddisk0\DR0\Partition0
17:07:40.0354 5884	\Device\Harddisk0\DR0\Partition0 - ok
17:07:40.0370 5884	Boot (0x1200)   (174062e064c9b5b6eabd83163abff6fa) \Device\Harddisk0\DR0\Partition1
17:07:40.0370 5884	\Device\Harddisk0\DR0\Partition1 - ok
17:07:40.0385 5884	Boot (0x1200)   (5352df398aa978d16bca2b81a0d22c5f) \Device\Harddisk0\DR0\Partition2
17:07:40.0385 5884	\Device\Harddisk0\DR0\Partition2 - ok
17:07:40.0385 5884	============================================================
17:07:40.0385 5884	Scan finished
17:07:40.0385 5884	============================================================
17:07:40.0401 4968	Detected object count: 1
17:07:40.0401 4968	Actual detected object count: 1
17:09:12.0557 4968	SBCore ( LockedService.Multi.Generic ) - skipped by user
17:09:12.0557 4968	SBCore ( LockedService.Multi.Generic ) - User select action: Skip