Vba32 AntiRootKit Log File

TEST 00:41:30 11-04-2010

Microsoft Windows XP Professional Service Pack 3 (build 2600)

AntiRootKit version 3.12.5.0

AntiVirus checking is OFF

Sign checking is ON

AntiRootKit driver is working in ordinary mode

Kernel-Mode Hooks

Module	Type	Number	Name	State	Base Value	Current Value	Driver
No hooks found

Kernel-Mode Notificators

Type	State	Current Address	Driver
No notificators installed

Driver Input/Output Handler's Hooks (IRP & FastIo)

Driver Object	Handler Name	State	Current Address	Driver
!Unnamed DriverObject!	IRP_MJ_PNP	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_SET_QUOTA	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_QUERY_QUOTA	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_DEVICE_CHANGE	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_SYSTEM_CONTROL	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_POWER	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_SET_SECURITY	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_QUERY_SECURITY	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_CREATE_MAILSLOT	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_CLEANUP	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_LOCK_CONTROL	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_SHUTDOWN	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_INTERNAL_DEVICE_CONTROL	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_DEVICE_CONTROL	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_FILE_SYSTEM_CONTROL	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_DIRECTORY_CONTROL	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_SET_VOLUME_INFORMATION	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_QUERY_VOLUME_INFORMATION	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_FLUSH_BUFFERS	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_SET_EA	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_QUERY_EA	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_SET_INFORMATION	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_QUERY_INFORMATION	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_WRITE	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_READ	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_CLOSE	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_CREATE_NAMED_PIPE	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]
!Unnamed DriverObject!	IRP_MJ_CREATE	Hidden IRP handler	0x81BE7AC8	[Unknown Handler]

Kernel modules

Module	Full Path	State	Base Address	Module Size
!Unnamed DriverObject!	!Unnamed DriverObject!	File doesn't exist Hidden in memory	0x81BE9B36	000000
ntdll.dll	C:\WINDOWS\system32\ntdll.dll Description: Системная библиотека NT Company name: Корпорация Майкрософт Size: 718848 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 10:54:16 09.02.2009 Accessed: 20:43:42 10.04.2010	Signed	0x7C900000	733184
im9ssmie	C:\WINDOWS\system32\drivers\im9ssmie.sys Description: Vba32 AntiRootkit driver Company name: VirusBlokAda Ltd. Size: 67592 Attrs: ----a Created: 21:01:55 10.04.2010 Modified: 21:01:55 10.04.2010 Accessed: 21:01:55 10.04.2010	Signed	0xB27EB000	065536
kmixer.sys	C:\WINDOWS\system32\drivers\kmixer.sys Description: Kernel Mode Audio Mixer Company name: Microsoft Corporation Size: 172416 Attrs: ----a Created: 20:02:07 15.05.2009 Modified: 00:15:10 14.04.2008 Accessed: 21:01:51 10.04.2010	Signed	0xB1E82000	176128
pxtdipow	C:\DOCUME~1\1\LOCALS~1\Temp\pxtdipow.sys	File doesn't exist	0xB1ED5000	094208
HTTP	C:\WINDOWS\System32\Drivers\HTTP.sys Description: HTTP Protocol Stack Company name: Microsoft Corporation Size: 265728 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 16:20:16 20.10.2009 Accessed: 20:54:47 10.04.2010	Signed	0xB20F7000	266240
Srv	C:\WINDOWS\system32\DRIVERS\srv.sys Description: Server driver Company name: Microsoft Corporation Size: 353792 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 16:50:03 31.12.2009 Accessed: 20:54:36 10.04.2010	Signed	0xB24A8000	356352
VMMEMCTL	C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys Description: VMware server memory controller Company name: VMware, Inc. Size: 14384 Attrs: ----a Created: 17:24:48 22.01.2010 Modified: 17:24:48 22.01.2010 Accessed: 20:43:58 10.04.2010	Signed	0xF8BB8000	008192
vmdesched-driver	C:\WINDOWS\system32\Drivers\vmdesched.sys Description: VMware Descheduled Time Accounting Service [driver] Company name: VMware, Inc. Size: 28464 Attrs: ----a Created: 15:14:36 26.03.2009 Modified: 15:14:36 26.03.2009 Accessed: 20:43:58 10.04.2010	Signed	0xF8A2A000	024576
ParVdm	C:\WINDOWS\System32\Drivers\ParVdm.SYS Description: Драйвер параллельного VDM Company name: Корпорация Майкрософт Size: 6912 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:36 10.04.2010	Signed	0xF8BAA000	008192
MRxDAV	C:\WINDOWS\system32\DRIVERS\mrxdav.sys Description: Windows NT WebDav Minirdr Company name: Microsoft Corporation Size: 180608 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:36 10.04.2010	Signed	0xB254F000	184320
sysaudio	C:\WINDOWS\system32\drivers\sysaudio.sys Description: System Audio WDM Filter Company name: Microsoft Corporation Size: 60800 Attrs: ----a Created: 20:02:21 15.05.2009 Modified: 00:45:56 14.04.2008 Accessed: 20:54:21 10.04.2010	Signed	0xF876A000	061440
wdmaud	C:\WINDOWS\system32\drivers\wdmaud.sys Description: MMSYSTEM Wave/Midi API mapper Company name: Microsoft Corporation Size: 83072 Attrs: ----a Created: 20:02:11 15.05.2009 Modified: 00:47:20 14.04.2008 Accessed: 20:54:21 10.04.2010	Signed	0xB2762000	086016
Fastfat	C:\WINDOWS\System32\Drivers\Fastfat.SYS Description: Fast FAT File System Driver Company name: Microsoft Corporation Size: 143744 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:20 10.04.2010	Signed	0xB2777000	147456
Ndisuio	C:\WINDOWS\system32\DRIVERS\ndisuio.sys Description: NDIS User mode I/O Driver Company name: Microsoft Corporation Size: 14592 Attrs: ----a Created: 00:26:00 14.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:17 10.04.2010	Signed	0xB2AA7000	016384
vmx_fb.dll	C:\WINDOWS\System32\vmx_fb.dll Description: VMware SVGA II Display Driver Company name: VMware, Inc. Size: 217776 Attrs: ----a Created: 12:26:00 17.05.2009 Modified: 00:16:52 22.10.2009 Accessed: 20:43:58 10.04.2010	Signed	0xBF9D6000	212992
dxgthk.sys	C:\WINDOWS\System32\drivers\dxgthk.sys Description: DirectX Graphics Driver Thunk Company name: Microsoft Corporation Size: 3328 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:16 10.04.2010	Signed	0xF8CBE000	004096
dxg.sys	C:\WINDOWS\System32\drivers\dxg.sys Description: DirectX Graphics Driver Company name: Microsoft Corporation Size: 71168 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:43:58 10.04.2010	Signed	0xBF9C4000	073728
watchdog.sys	C:\WINDOWS\System32\watchdog.sys Description: Watchdog Driver Company name: Microsoft Corporation Size: 17664 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:16 10.04.2010	Signed	0xF89F2000	020480
Dxapi.sys	C:\WINDOWS\System32\drivers\Dxapi.sys Description: DirectX API Driver Company name: Microsoft Corporation Size: 10496 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:16 10.04.2010	Signed	0xF829E000	012288
Win32k	C:\WINDOWS\System32\win32k.sys Description: Многопользовательский драйвер Win32 Company name: Корпорация Майкрософт Size: 1850752 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 15:15:12 14.08.2009 Accessed: 20:43:58 10.04.2010	Signed	0xBF800000	1851392
mouhid	C:\WINDOWS\system32\DRIVERS\mouhid.sys Description: Драйвер фильтра мыши HID Company name: Корпорация Майкрософт Size: 12160 Attrs: ----a Created: 20:33:10 19.10.2001 Modified: 12:00:00 15.04.2008 Accessed: 20:54:14 10.04.2010	Signed	0xF82B6000	012288
HIDPARSE.SYS	C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS Description: Hid Parsing Library Company name: Microsoft Corporation Size: 24960 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:14 10.04.2010	Signed	0xF89EA000	028672
HIDCLASS.SYS	C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS Description: Hid Class Library Company name: Microsoft Corporation Size: 36864 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:14 10.04.2010	Signed	0xF890A000	036864
hidusb	C:\WINDOWS\system32\DRIVERS\hidusb.sys Description: USB Miniport Driver for Input Devices Company name: Microsoft Corporation Size: 10368 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:14 10.04.2010	Signed	0xF82BA000	012288
usbccgp	C:\WINDOWS\system32\DRIVERS\usbccgp.sys Description: USB Common Class Generic Parent Driver Company name: Microsoft Corporation Size: 32128 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:14 10.04.2010	Signed	0xF89E2000	032768
Cdfs	C:\WINDOWS\System32\Drivers\Cdfs.SYS Description: CD-ROM File System Driver Company name: Microsoft Corporation Size: 63744 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xF88FA000	065536
Wanarp	C:\WINDOWS\system32\DRIVERS\wanarp.sys Description: MS Remote Access and Routing ARP Driver Company name: Microsoft Corporation Size: 34560 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xF88CA000	036864
IpNat	C:\WINDOWS\system32\DRIVERS\ipnat.sys Description: IP Network Address Translator Company name: Microsoft Corporation Size: 152832 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xB2C23000	155648
Fips	C:\WINDOWS\System32\Drivers\Fips.SYS Description: Драйвер FIPS Crypto Company name: Корпорация Майкрософт Size: 44544 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:43:54 10.04.2010	Signed	0xF88BA000	045056
MRxSmb	C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Description: Windows NT SMB Minirdr Company name: Microsoft Corporation Size: 455424 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 18:22:22 04.12.2009 Accessed: 20:54:13 10.04.2010	Signed	0xB2C49000	458752
Rdbss	C:\WINDOWS\system32\DRIVERS\rdbss.sys Description: Redirected Drive Buffering SubSystem Driver Company name: Microsoft Corporation Size: 175744 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xB2CE1000	176128
vmdebug	C:\WINDOWS\system32\Drivers\vmdebug.sys Description: VMware Replay Debugging Driver Company name: VMware, Inc. Size: 23088 Attrs: ----a Created: 00:18:42 22.10.2009 Modified: 00:18:42 22.10.2009 Accessed: 20:43:46 10.04.2010	Signed	0xF889A000	036864
vmhgfs	C:\WINDOWS\System32\DRIVERS\vmhgfs.sys Description: VMware HGFS File System Driver Company name: VMware, Inc. Size: 128688 Attrs: ----a Created: 12:26:05 17.05.2009 Modified: 17:25:06 22.01.2010 Accessed: 20:43:46 10.04.2010	Signed	0xB2D0C000	122880
NetBIOS	C:\WINDOWS\system32\DRIVERS\netbios.sys Description: NetBIOS interface driver Company name: Microsoft Corporation Size: 34688 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xF888A000	036864
AFD	C:\WINDOWS\System32\drivers\afd.sys Description: Ancillary Function Driver for WinSock Company name: Microsoft Corporation Size: 138496 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 10:04:36 14.08.2008 Accessed: 20:54:13 10.04.2010	Signed	0xB2D2A000	139264
WS2IFSL	C:\WINDOWS\System32\drivers\ws2ifsl.sys Description: Winsock2 IFS Layer Company name: Microsoft Corporation Size: 12032 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xF839D000	012288
NetBT	C:\WINDOWS\system32\DRIVERS\netbt.sys Description: MBT Transport driver Company name: Microsoft Corporation Size: 162816 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xB2D4C000	163840
Tcpip	C:\WINDOWS\system32\DRIVERS\tcpip.sys Description: TCP/IP Protocol Driver Company name: Microsoft Corporation Size: 361600 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 11:51:12 20.06.2008 Accessed: 20:54:13 10.04.2010	Signed	0xB2D74000	364544
IPSec	C:\WINDOWS\system32\DRIVERS\ipsec.sys Description: IPSec Driver Company name: Microsoft Corporation Size: 75264 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xB2DCD000	077824
RasAcd	C:\WINDOWS\system32\DRIVERS\rasacd.sys Description: RAS Automatic Connection Driver Company name: Microsoft Corporation Size: 8832 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xF83A1000	012288
Npfs	C:\WINDOWS\System32\Drivers\Npfs.SYS Description: NPFS Driver Company name: Microsoft Corporation Size: 30848 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xF89DA000	032768
Msfs	C:\WINDOWS\System32\Drivers\Msfs.SYS Description: Mailslot driver Company name: Microsoft Corporation Size: 19072 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xF89D2000	020480
RDPCDD	C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Description: RDP Miniport Company name: Microsoft Corporation Size: 4224 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xF8BB6000	008192
mnmdd	C:\WINDOWS\System32\Drivers\mnmdd.SYS Description: Frame buffer simulator Company name: Microsoft Corporation Size: 4224 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xF8BB4000	008192
VgaSave	C:\WINDOWS\System32\drivers\vga.sys Description: VGA/Super VGA Video Driver Company name: Microsoft Corporation Size: 20992 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xF89CA000	024576
Beep	C:\WINDOWS\System32\Drivers\Beep.SYS Description: BEEP Driver Company name: Microsoft Corporation Size: 4224 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xF8BB2000	008192
Null	C:\WINDOWS\System32\Drivers\Null.SYS Description: NULL Driver Company name: Microsoft Corporation Size: 2944 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xF8DE0000	004096
Fs_Rec	C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Description: File System Recognizer Driver Company name: Microsoft Corporation Size: 7936 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xF8BB0000	008192
gameenum	C:\WINDOWS\system32\DRIVERS\gameenum.sys Description: Game Port Enumerator Company name: Microsoft Corporation Size: 10624 Attrs: ----a Created: 20:01:26 15.05.2009 Modified: 00:15:30 14.04.2008 Accessed: 20:54:13 10.04.2010	Signed	0xF8B8A000	012288
USBD.SYS	C:\WINDOWS\system32\DRIVERS\USBD.SYS Description: Universal Serial Bus Driver Company name: Microsoft Corporation Size: 4736 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF8BAE000	008192
usbhub	C:\WINDOWS\system32\DRIVERS\usbhub.sys Description: Default Hub Driver for USB Company name: Microsoft Corporation Size: 59520 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF887A000	061440
Flpydisk	C:\WINDOWS\system32\DRIVERS\flpydisk.sys Description: Floppy Driver Company name: Microsoft Corporation Size: 20480 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF89BA000	020480
NDProxy	C:\WINDOWS\System32\Drivers\NDProxy.SYS Description: NDIS Proxy Company name: Microsoft Corporation Size: 40576 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF885A000	040960
mssmbios	C:\WINDOWS\system32\DRIVERS\mssmbios.sys Description: System Management BIOS Driver Company name: Microsoft Corporation Size: 15488 Attrs: ----a Created: 00:06:48 14.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF8B62000	016384
Update	C:\WINDOWS\system32\DRIVERS\update.sys Description: Update Driver Company name: Microsoft Corporation Size: 384768 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF8170000	385024
swenum	C:\WINDOWS\system32\DRIVERS\swenum.sys Description: Plug and Play Software Device Enumerator Company name: Microsoft Corporation Size: 4352 Attrs: ----a Created: 00:09:54 14.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF8BAC000	008192
TermDD	C:\WINDOWS\system32\DRIVERS\termdd.sys Description: Terminal Server Driver Company name: Microsoft Corporation Size: 40840 Attrs: ----a Created: 17:16:12 15.05.2009 Modified: 18:41:42 14.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF884A000	040960
rdpdr	C:\WINDOWS\system32\DRIVERS\rdpdr.sys Description: Microsoft RDP Device redirector Company name: Microsoft Corporation Size: 196224 Attrs: ----a Created: 17:16:12 15.05.2009 Modified: 21:02:52 13.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF826E000	196608
Raspti	C:\WINDOWS\system32\DRIVERS\raspti.sys Description: PTI DirectParallel(R) mini-port/call-manager driver Company name: Microsoft Corporation Size: 16512 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF89A2000	020480
Ptilink	C:\WINDOWS\system32\DRIVERS\ptilink.sys Description: Parallel Technologies DirectParallel IO Library Company name: Parallel Technologies, Inc. Size: 17792 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF899A000	020480
Gpc	C:\WINDOWS\system32\DRIVERS\msgpc.sys Description: MS General Packet Classifier Company name: Microsoft Corporation Size: 35072 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF883A000	036864
PSched	C:\WINDOWS\system32\DRIVERS\psched.sys Description: MS QoS Packet Scheduler Company name: Microsoft Corporation Size: 69120 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF82C6000	069632
TDI.SYS	C:\WINDOWS\system32\DRIVERS\TDI.SYS Description: TDI Wrapper Company name: Microsoft Corporation Size: 19072 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF8992000	020480
PptpMiniport	C:\WINDOWS\system32\DRIVERS\raspptp.sys Description: Peer-to-Peer Tunneling Protocol Company name: Microsoft Corporation Size: 48384 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF882A000	049152
RasPppoe	C:\WINDOWS\system32\DRIVERS\raspppoe.sys Description: RAS PPPoE mini-port/call-manager driver Company name: Microsoft Corporation Size: 41472 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF881A000	045056
NdisWan	C:\WINDOWS\system32\DRIVERS\ndiswan.sys Description: MS PPP Framing Driver (Strong Encryption) Company name: Microsoft Corporation Size: 91520 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF82D7000	094208
NdisTapi	C:\WINDOWS\system32\DRIVERS\ndistapi.sys Description: NDIS 3.0 connection wrapper driver Company name: Microsoft Corporation Size: 10112 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF8B46000	012288
Rasl2tp	C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Description: RAS L2TP mini-port/call-manager driver Company name: Microsoft Corporation Size: 51328 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF880A000	053248
audstub	C:\WINDOWS\system32\DRIVERS\audstub.sys Description: AudStub Driver Company name: Microsoft Corporation Size: 3072 Attrs: ----a Created: 20:02:00 15.05.2009 Modified: 21:59:44 17.08.2001 Accessed: 20:54:12 10.04.2010	Signed	0xF8DAE000	004096
intelppm	C:\WINDOWS\system32\DRIVERS\intelppm.sys Description: Драйвер процессорного устройства Company name: Microsoft Corporation Size: 40704 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF87FA000	040960
CmBatt	C:\WINDOWS\system32\DRIVERS\CmBatt.sys Description: Control Method Battery Driver Company name: Microsoft Corporation Size: 13952 Attrs: ----a Created: 19:57:47 15.05.2009 Modified: 00:06:38 14.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF8B42000	016384
usbehci	C:\WINDOWS\system32\DRIVERS\usbehci.sys Description: EHCI eUSB Miniport Driver Company name: Microsoft Corporation Size: 30208 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF898A000	032768
drmk.sys	C:\WINDOWS\system32\drivers\drmk.sys Description: Microsoft Kernel DRM Descrambler Filter Company name: Microsoft Corporation Size: 60160 Attrs: ----a Created: 19:58:52 15.05.2009 Modified: 21:15:16 13.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF87EA000	061440
portcls.sys	C:\WINDOWS\system32\drivers\portcls.sys Description: Port Class (Class Driver for Port/Miniport Devices) Company name: Microsoft Corporation Size: 146048 Attrs: ----a Created: 19:58:53 15.05.2009 Modified: 21:49:42 13.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF82EE000	147456
es1371	C:\WINDOWS\system32\drivers\es1371mp.sys Description: ENSONIQ AudioPCI 97 WDM Audio Miniport Company name: Creative Technology Ltd. Size: 40832 Attrs: ----a Created: 19:58:54 15.05.2009 Modified: 08:18:32 03.06.2002 Accessed: 20:54:12 10.04.2010	Signed	0xF87DA000	040960
vmxnet	C:\WINDOWS\system32\DRIVERS\vmxnet.sys Description: VMware PCI Ethernet Adapter Company name: VMware, Inc. Size: 36912 Attrs: r---a Created: 12:26:06 17.05.2009 Modified: 17:23:20 22.01.2010 Accessed: 20:43:46 10.04.2010	Signed	0xF8982000	032768
USBPORT.SYS	C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Description: USB 1.1 & 2.0 Port Driver Company name: Microsoft Corporation Size: 143872 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF8312000	147456
usbuhci	C:\WINDOWS\system32\DRIVERS\usbuhci.sys Description: UHCI USB Miniport Driver Company name: Microsoft Corporation Size: 20608 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF897A000	024576
VIDEOPRT.SYS	C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Description: Video Port Driver Company name: Microsoft Corporation Size: 81664 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF8336000	081920
vmx_svga	C:\WINDOWS\system32\DRIVERS\vmx_svga.sys Description: VMware SVGA II Miniport Company name: VMware, Inc. Size: 28080 Attrs: r---a Created: 12:26:00 17.05.2009 Modified: 17:22:10 22.01.2010 Accessed: 20:43:46 10.04.2010	Signed	0xF8972000	024576
vmci	C:\WINDOWS\system32\DRIVERS\vmci.sys Description: VMware PCI VMCI Bus Device Company name: VMware, Inc. Size: 61488 Attrs: r---a Created: 12:26:10 17.05.2009 Modified: 17:21:50 22.01.2010 Accessed: 20:43:46 10.04.2010	Signed	0xF87CA000	057344
ks.sys	C:\WINDOWS\system32\DRIVERS\ks.sys Description: Kernel CSA Library Company name: Microsoft Corporation Size: 141056 Attrs: ----a Created: 00:46:38 14.04.2008 Modified: 21:46:38 13.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF834A000	143360
redbook	C:\WINDOWS\system32\DRIVERS\redbook.sys Description: Драйвер фильтра звука "красной книги" Company name: Корпорация Майкрософт Size: 58368 Attrs: ----a Created: 20:00:12 15.05.2009 Modified: 21:11:48 14.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF87BA000	061440
Cdrom	C:\WINDOWS\system32\DRIVERS\cdrom.sys Description: SCSI CD-ROM Driver Company name: Microsoft Corporation Size: 62976 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF87AA000	065536
Fdc	C:\WINDOWS\system32\DRIVERS\fdc.sys Description: Floppy Disk Controller Driver Company name: Microsoft Corporation Size: 27392 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF896A000	028672
serenum	C:\WINDOWS\system32\DRIVERS\serenum.sys Description: Serial Port Enumerator Company name: Microsoft Corporation Size: 15744 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF8B3E000	016384
Serial	C:\WINDOWS\system32\DRIVERS\serial.sys Description: Драйвер устройств последовательного порта Company name: Корпорация Майкрософт Size: 65024 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF879A000	065536
Parport	C:\WINDOWS\system32\DRIVERS\parport.sys Description: Драйвер параллельного порта Company name: Корпорация Майкрософт Size: 80128 Attrs: ----a Created: 21:22:22 14.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed	0xF836D000	081920
Mouclass	C:\WINDOWS\system32\DRIVERS\mouclass.sys Description: Company name: Size: 23296 Attrs: ----a Created: 21:07:44 14.04.2008 Modified: 19:07:44 14.04.2008 Accessed: 20:53:56 10.04.2010	Forged file	0xF8962000	024576
vmmouse	C:\WINDOWS\system32\DRIVERS\vmmouse.sys Description: VMware Pointing Device Driver Company name: VMware, Inc. Size: 11440 Attrs: r---a Created: 12:26:04 17.05.2009 Modified: 17:23:18 22.01.2010 Accessed: 20:43:46 10.04.2010	Signed	0xF8BA6000	008192
Kbdclass	C:\WINDOWS\system32\DRIVERS\kbdclass.sys Description: Драйвер класса клавиатуры Company name: Корпорация Майкрософт Size: 24832 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:53:56 10.04.2010	Signed	0xF895A000	028672
i8042prt	C:\WINDOWS\system32\DRIVERS\i8042prt.sys Description: Драйвер порта i8042 Company name: Корпорация Майкрософт Size: 53120 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 19:14:10 14.04.2008 Accessed: 20:53:56 10.04.2010	Signed	0xF878A000	053248
agp440	C:\WINDOWS\System32\Drivers\agp440.sys Description: 440 NT AGP Filter Company name: Microsoft Corporation Size: 42368 Attrs: ----a Created: 19:57:50 15.05.2009 Modified: 00:06:40 14.04.2008 Accessed: 20:55:17 10.04.2010	Signed	0xF86EA000	045056
Mup	C:\WINDOWS\System32\Drivers\Mup.sys Description: Multiple UNC Provider driver Company name: Microsoft Corporation Size: 105344 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:17 10.04.2010	Signed	0xF83DA000	106496
NDIS	C:\WINDOWS\System32\Drivers\NDIS.sys Description: NDIS 5.1 wrapper driver Company name: Microsoft Corporation Size: 182656 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:17 10.04.2010	Signed	0xF83F4000	184320
Ntfs	C:\WINDOWS\System32\Drivers\Ntfs.sys Description: NT File System Driver Company name: Microsoft Corporation Size: 574976 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:17 10.04.2010	Signed	0xF8421000	577536
KSecDD	C:\WINDOWS\System32\Drivers\KSecDD.sys Description: Kernel Security Support Provider Interface Company name: Microsoft Corporation Size: 92928 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 11:18:41 24.06.2009 Accessed: 20:55:17 10.04.2010	Signed	0xF84AE000	094208
FltMgr	C:\WINDOWS\System32\Drivers\fltMgr.sys Description: Microsoft Filesystem Filter Manager Company name: Microsoft Corporation Size: 129792 Attrs: ----a Created: 17:18:30 15.05.2009 Modified: 12:00:00 15.04.2008 Accessed: 20:55:17 10.04.2010	Signed	0xF84C5000	131072
CLASSPNP.SYS	C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Description: SCSI Class System Dll Company name: Microsoft Corporation Size: 49536 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:17 10.04.2010	Signed	0xF86DA000	053248
Disk	C:\WINDOWS\System32\Drivers\disk.sys Description: PnP Disk Driver Company name: Microsoft Corporation Size: 36352 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:17 10.04.2010	Signed	0xF86CA000	036864
SCSIPORT.SYS	C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS Description: SCSI Port Driver Company name: Microsoft Corporation Size: 96384 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:17 10.04.2010	Signed	0xF84E5000	098304
vmscsi	C:\WINDOWS\System32\Drivers\vmscsi.sys Description: VMware SCSI Controller Driver Company name: VMware, Inc. Size: 17968 Attrs: r---a Created: 12:26:08 17.05.2009 Modified: 03:30:01 23.01.2010 Accessed: 20:55:17 10.04.2010	Signed	0xF8AB6000	012288
atapi	C:\WINDOWS\System32\Drivers\atapi.sys Description: IDE/ATAPI Port Driver Company name: Microsoft Corporation Size: 96512 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:51:38 10.04.2010	Signed	0xF84FD000	098304
VolSnap	C:\WINDOWS\System32\Drivers\VolSnap.sys Description: Драйвер теневого копирования тома Company name: Корпорация Майкрософт Size: 51968 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:16 10.04.2010	Signed	0xF86BA000	053248
PartMgr	C:\WINDOWS\System32\Drivers\PartMgr.sys Description: Partition Manager Company name: Microsoft Corporation Size: 19712 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:16 10.04.2010	Signed	0xF8922000	020480
dmio	C:\WINDOWS\System32\Drivers\dmio.sys Description: Драйвер ввода/вывода диспетчера дисков NT Company name: Корпорация Microsoft и VERITAS Software Size: 153600 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:16 10.04.2010	Signed	0xF8515000	155648
dmload	C:\WINDOWS\System32\Drivers\dmload.sys Description: NT Disk Manager Startup Driver Company name: Microsoft Corp., Veritas Software. Size: 5888 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:16 10.04.2010	Signed	0xF8BA0000	008192
Ftdisk	C:\WINDOWS\System32\Drivers\ftdisk.sys Description: Драйвер системы отказоустойчивости диска Company name: Корпорация Майкрософт Size: 125440 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:16 10.04.2010	Signed	0xF853B000	126976
MountMgr	C:\WINDOWS\System32\Drivers\MountMgr.sys Description: Mount Manager Company name: Microsoft Corporation Size: 42368 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:16 10.04.2010	Signed	0xF86AA000	045056
PCIIDEX.SYS	C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Description: PCI IDE Bus Driver Extension Company name: Microsoft Corporation Size: 24960 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:16 10.04.2010	Signed	0xF891A000	028672
IntelIde	C:\WINDOWS\System32\Drivers\intelide.sys Description: Драйвер Intel PCI IDE Company name: Корпорация Майкрософт Size: 5504 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:16 10.04.2010	Signed	0xF8B9E000	008192
BATTC.SYS	C:\WINDOWS\system32\DRIVERS\BATTC.SYS Description: Battery Class Driver Company name: Microsoft Corporation Size: 14208 Attrs: ----a Created: 19:57:48 15.05.2009 Modified: 00:06:34 14.04.2008 Accessed: 20:55:16 10.04.2010	Signed	0xF8AB2000	016384
Compbatt	C:\WINDOWS\System32\Drivers\compbatt.sys Description: Composite Battery Driver Company name: Microsoft Corporation Size: 10240 Attrs: ----a Created: 19:57:49 15.05.2009 Modified: 00:06:38 14.04.2008 Accessed: 20:55:16 10.04.2010	Signed	0xF8AAE000	012288
isapnp	C:\WINDOWS\System32\Drivers\isapnp.sys Description: Драйвер шины PNP ISA Company name: Корпорация Майкрософт Size: 37504 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:16 10.04.2010	Signed	0xF869A000	040960
PCI	C:\WINDOWS\System32\Drivers\pci.sys Description: NT Plug and Play PCI-перечислитель Company name: Корпорация Майкрософт Size: 68480 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:16 10.04.2010	Signed	0xF855A000	069632
WMILIB.SYS	C:\WINDOWS\system32\DRIVERS\WMILIB.SYS Description: WMILIB WMI support library Dll Company name: Microsoft Corporation Size: 4352 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:51:38 10.04.2010	Signed	0xF8B9C000	008192
ACPI	C:\WINDOWS\System32\Drivers\ACPI.sys Description: ACPI драйвер для NT Company name: Корпорация Майкрософт Size: 188288 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:15 10.04.2010	Signed	0xF856B000	188416
BOOTVID.dll	C:\WINDOWS\system32\BOOTVID.dll Description: VGA Boot Driver Company name: Microsoft Corporation Size: 12288 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:15 10.04.2010	Signed	0xF8AAA000	012288
kdcom.dll	C:\WINDOWS\system32\KDCOM.DLL Description: Kernel Debugger HW Extension DLL Company name: Microsoft Corporation Size: 7040 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:15 10.04.2010	Signed	0xF8B9A000	008192
ACPI_HAL	C:\WINDOWS\system32\hal.dll Description: Hardware Abstraction Layer DLL Company name: Microsoft Corporation Size: 131840 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:55:15 10.04.2010	Signed	0x806D0000	135168
RAW	C:\WINDOWS\system32\ntkrnlpa.exe Description: Системный модуль ядра NT Company name: Корпорация Майкрософт Size: 2067840 Attrs: ----a Created: 21:20:40 14.04.2008 Modified: 10:11:09 09.12.2009 Accessed: 20:44:07 10.04.2010	Signed	0x804D7000	2068480

Processes

Pid	Eprocess	Short Name	Full Path	State
0780	0x81A58620	jucheck.exe	C:\Program Files\Java\jre6\bin\jucheck.exe Description: Java(TM) Update Checker Company name: Sun Microsystems, Inc. Size: 386872 Attrs: ----a Created: 11:38:03 11.09.2009 Modified: 02:17:45 11.10.2009 Accessed: 21:26:08 10.04.2010	Signed
4028	0x81D6E020	Vba32arkit.exe	C:\Documents and Settings\1\Рабочий стол\Vba32arkit\Vba32arkit.exe Description: Vba32 AntiRootkit Company name: VirusBlokAda Ltd. Size: 825736 Attrs: ----a Created: 20:52:13 10.04.2010 Modified: 15:53:58 10.03.2010 Accessed: 21:01:55 10.04.2010	Signed
2588	0x81D23620	wmiapsrv.exe	C:\WINDOWS\system32\wbem\wmiapsrv.exe Description: Служба адаптера производительности WMI Company name: Корпорация Майкрософт Size: 126464 Attrs: ----a Created: 17:16:16 15.05.2009 Modified: 12:00:00 15.04.2008 Accessed: 20:43:58 10.04.2010	Signed
0588	0x81D05C10	wscntfy.exe	C:\WINDOWS\system32\wscntfy.exe Description: Windows Security Center Notification App Company name: Microsoft Corporation Size: 13824 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:43:58 10.04.2010	Signed
0404	0x81F32548	alg.exe	C:\WINDOWS\system32\alg.exe Description: Application Layer Gateway Service Company name: Microsoft Corporation Size: 44544 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:43:58 10.04.2010	Signed
0524	0x81DFADA0	VMUpgradeHelper	C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe Description: VMware virtual hardware upgrade helper application Company name: VMware, Inc. Size: 191024 Attrs: ----a Created: 17:24:42 22.01.2010 Modified: 17:24:42 22.01.2010 Accessed: 20:43:58 10.04.2010	Signed
0308	0x81D3E990	vmtoolsd.exe	C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Description: VMware Tools Core Service Company name: VMware, Inc. Size: 72240 Attrs: ----a Created: 17:24:30 22.01.2010 Modified: 17:24:30 22.01.2010 Accessed: 20:43:58 10.04.2010	Signed
0184	0x81D25228	jqs.exe	C:\Program Files\Java\jre6\bin\jqs.exe Description: Java(TM) Quick Starter Service Company name: Sun Microsystems, Inc. Size: 153376 Attrs: ----a Created: 11:38:03 11.09.2009 Modified: 02:17:35 11.10.2009 Accessed: 20:43:58 10.04.2010	Signed
2008	0x81D27898	svchost.exe	C:\WINDOWS\system32\svchost.exe Description: Generic Host Process for Win32 Services Company name: Microsoft Corporation Size: 14336 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:43:58 10.04.2010	Signed
1896	0x8209BA50	ctfmon.exe	C:\WINDOWS\system32\ctfmon.exe Description: CTF Loader Company name: Microsoft Corporation Size: 15360 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:54:12 10.04.2010	Signed
1888	0x81FE75F8	jusched.exe	C:\Program Files\Java\jre6\bin\jusched.exe Description: Java(TM) Platform SE binary Company name: Sun Microsystems, Inc. Size: 149280 Attrs: ----a Created: 11:38:03 11.09.2009 Modified: 02:17:36 11.10.2009 Accessed: 20:54:12 10.04.2010	Signed
1880	0x820E67A8	VMwareUser.exe	C:\Program Files\VMware\VMware Tools\VMwareUser.exe Description: VMware Tools Service Company name: VMware, Inc. Size: 1083952 Attrs: ----a Created: 17:24:30 22.01.2010 Modified: 17:24:30 22.01.2010 Accessed: 20:54:12 10.04.2010	Signed
1872	0x8209F6F0	VMwareTray.exe	C:\Program Files\VMware\VMware Tools\VMwareTray.exe Description: VMware Tools tray application Company name: VMware, Inc. Size: 141872 Attrs: ----a Created: 17:24:40 22.01.2010 Modified: 17:24:40 22.01.2010 Accessed: 20:54:12 10.04.2010	Signed
1660	0x81D4A1E0	spoolsv.exe	C:\WINDOWS\system32\spoolsv.exe Description: Spooler SubSystem App Company name: Microsoft Corporation Size: 57856 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:43:58 10.04.2010	Signed
1536	0x81BCE020	explorer.exe	C:\WINDOWS\explorer.exe Description: Проводник Company name: Корпорация Майкрософт Size: 1034240 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 21:41:16 10.04.2010	Signed
1264	0x8203C578	svchost.exe	C:\WINDOWS\system32\svchost.exe Description: Generic Host Process for Win32 Services Company name: Microsoft Corporation Size: 14336 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:43:58 10.04.2010	Signed
1116	0x81BBCDA0	svchost.exe	C:\WINDOWS\system32\svchost.exe Description: Generic Host Process for Win32 Services Company name: Microsoft Corporation Size: 14336 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:43:58 10.04.2010	Signed
1060	0x81BBBDA0	svchost.exe	C:\WINDOWS\system32\svchost.exe Description: Generic Host Process for Win32 Services Company name: Microsoft Corporation Size: 14336 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:43:58 10.04.2010	Signed
0960	0x8211D790	svchost.exe	C:\WINDOWS\system32\svchost.exe Description: Generic Host Process for Win32 Services Company name: Microsoft Corporation Size: 14336 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:43:58 10.04.2010	Signed
0876	0x82036788	svchost.exe	C:\WINDOWS\system32\svchost.exe Description: Generic Host Process for Win32 Services Company name: Microsoft Corporation Size: 14336 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:43:58 10.04.2010	Signed
0860	0x8208C360	vmacthlp.exe	C:\Program Files\VMware\VMware Tools\vmacthlp.exe Description: VMware Activation Helper Company name: VMware, Inc. Size: 367152 Attrs: ----a Created: 17:24:14 22.01.2010 Modified: 17:24:14 22.01.2010 Accessed: 20:43:58 10.04.2010	Signed
0696	0x82088020	lsass.exe	C:\WINDOWS\system32\lsass.exe Description: LSA Shell (Export Version) Company name: Microsoft Corporation Size: 13312 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:43:58 10.04.2010	Signed
0684	0x81CB9740	services.exe	C:\WINDOWS\system32\services.exe Description: Приложение служб и контроллеров Company name: Корпорация Майкрософт Size: 111104 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 11:25:55 09.02.2009 Accessed: 20:43:58 10.04.2010	Signed
0636	0x81C88A18	winlogon.exe	C:\WINDOWS\system32\winlogon.exe Description: Программа входа в систему Windows NT Company name: Корпорация Майкрософт Size: 509440 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:43:58 10.04.2010	Signed
0604	0x8209C458	csrss.exe	C:\WINDOWS\system32\csrss.exe Description: Client Server Runtime Process Company name: Microsoft Corporation Size: 6144 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:43:58 10.04.2010	Signed
0540	0x81CB25F0	smss.exe	C:\WINDOWS\system32\smss.exe Description: Диспетчер сеанса Windows NT Company name: Корпорация Майкрософт Size: 50688 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 20:43:58 10.04.2010	Signed
0004	0x821C87C0	System

Autorun objects

Name	Image Path	State
Autostart Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
CTFMON.EXE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	C:\WINDOWS\system32\ctfmon.exe	Signed
SunJavaUpdateSched HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run	"C:\Program Files\Java\jre6\bin\jusched.exe"	Signed
VMware Tools HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run	"C:\Program Files\VMware\VMware Tools\VMwareTray.exe"	Signed
VMware User Process HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run	"C:\Program Files\VMware\VMware Tools\VMwareUser.exe"	Signed
CTFMON.EXE HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run	C:\WINDOWS\system32\CTFMON.EXE	Signed
CTFMON.EXE HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run	C:\WINDOWS\system32\CTFMON.EXE	Signed
CTFMON.EXE HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run	C:\WINDOWS\system32\CTFMON.EXE	Signed
CTFMON.EXE HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run	C:\WINDOWS\system32\CTFMON.EXE	Signed
CTFMON.EXE HKEY_USERS\S-1-5-21-1214440339-1844823847-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run	C:\WINDOWS\system32\ctfmon.exe	Signed
Windows WinLogon HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, System HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, VmApplet HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, UIHost HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows, load HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows, run HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell HKEY_USERS\Software\Microsoft\Windows NT\CurrentVersion\Windows, load HKEY_USERS\Software\Microsoft\Windows NT\CurrentVersion\Windows, run HKEY_USERS\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell
Shell HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon	Explorer.exe	Signed
UIHost HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon	logonui.exe	Signed
Userinit HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon	C:\WINDOWS\system32\userinit.exe,	Signed
VmApplet HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon	rundll32 shell32,Control_RunDLL "sysdm.cpl"	Signed
Browser Helper Objects HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{DBC80044-A445-435b-BC74-9C25C1C588A9}	C:\Program Files\Java\jre6\bin\jp2ssv.dll	Signed
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}	C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
ActiveX HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components, StubPath
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}	C:\WINDOWS\system32\ieudinit.exe	Signed
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}	C:\WINDOWS\inf\unregmp2.exe /ShowWMP	Signed
>{26923b43-4d38-484f-9b9e-de460746276c}	C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig	Signed
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}	"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP	Signed
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS	RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP	Signed
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}	%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE	Signed
{2C7339CF-2B09-4501-B3F3-F3508C9228ED}	%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll	Signed
{44BBA840-CC51-11CF-AAFA-00AA00B6015C}	"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install	Signed
{44BBA842-CC51-11CF-AAFA-00AA00B6015B}	rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT	Signed
{5945c046-1e7d-11d1-bc44-00c04fd912be}	rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser	Signed
{6BF52A52-394A-11d3-B153-00C04F79FAA6}	rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub	Signed
{7790769C-0471-11d2-AF11-00C04FA35D02}	"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install	Signed
{89820200-ECBD-11cf-8B85-00AA005B4340}	regsvr32.exe /s /n /i:U shell32.dll	Signed
{89820200-ECBD-11cf-8B85-00AA005B4383}	C:\WINDOWS\system32\ie4uinit.exe -BaseSettings	Signed
WinLogon Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify, DllName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions, DllName
{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}	gptext.dll	Signed
{0E28E245-9368-4853-AD84-6DA3BA35BB75} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}	gpprefcl.dll	Signed
{17D89FEC-5C44-4972-B12D-241CAEF74509} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}	gpprefcl.dll	Signed
{1A6364EB-776B-4120-ADE1-B63A406A76B5} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}	gpprefcl.dll	Signed
{25537BA6-77A8-11D2-9B6C-0000F8080861} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}	fdeploy.dll	Signed
{3610eda5-77ef-11d2-8dc5-00c04fa31a66} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}	dskquota.dll	Signed
{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}	gpprefcl.dll	Signed
{426031c0-0b47-4852-b0ca-ac3d37bfcb39} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}	gptext.dll	Signed
{42B5FAAE-6536-11d2-AE5A-0000F87571E3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}	gptext.dll	Signed
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}	C:\WINDOWS\system32\iedkcs32.dll	Signed
{5794DAFD-BE60-433f-88A2-1A31939AC01F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}	gpprefcl.dll	Signed
{6232C319-91AC-4931-9385-E70C2B099F0E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}	gpprefcl.dll	Signed
{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}	gpprefcl.dll	Signed
{7150F9BF-48AD-4da4-A49C-29EF4A8369BA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}	gpprefcl.dll	Signed
{728EE579-943C-4519-9EF7-AB56765798ED} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}	gpprefcl.dll	Signed
{74EE6C03-5363-4554-B161-627540339CAB} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}	gpprefcl.dll	Signed
{7B849a69-220F-451E-B3FE-2CB811AF94AE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}	C:\WINDOWS\system32\iedkcs32.dll	Signed
{827D319E-6EAC-11D2-A4EA-00C04F79F83A} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}	scecli.dll	Signed
{91FBB303-0CD5-4055-BF42-E512A681B325} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}	gpprefcl.dll	Signed
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}	C:\WINDOWS\system32\iedkcs32.dll	Signed
{A3F3E39B-5D83-4940-B954-28315B82F0A8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}	gpprefcl.dll	Signed
{AADCED64-746C-4633-A97C-D61349046527} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}	gpprefcl.dll	Signed
{B087BE9D-ED37-454f-AF9C-04291E351182} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}	gpprefcl.dll	Signed
{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}	scecli.dll	Signed
{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}	dot3gpclnt.dll	Signed
{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}	gpprefcl.dll	Signed
{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}	gpprefcl.dll	Signed
{C631DF4C-088F-4156-B058-4375F0853CD8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}	%SystemRoot%\System32\cscui.dll	Signed
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}	C:\WINDOWS\system32\iedkcs32.dll	Signed
{E47248BA-94CC-49c4-BBB5-9EB7F05183D0} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}	gpprefcl.dll	Signed
{E4F48E54-F38D-4884-BFB9-D4D2E5729C18} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}	gpprefcl.dll	Signed
{E5094040-C46C-4115-B030-04FB2E545B00} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}	gpprefcl.dll	Signed
{E62688F0-25FD-4c90-BFF5-F508B9D2E31F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}	gpprefcl.dll	Signed
{F9C77450-3A41-477E-9310-9ACD617BD9E3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}	gpprefcl.dll	Signed
{c6dc5466-785a-11d2-84d0-00c04fb169f7} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}	appmgmts.dll	Signed
{e437bc1c-aa7d-11d2-a382-00c04f991e27} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}	gptext.dll	Signed
ScCertProp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp	wlnotify.dll	Signed
Schedule HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule	wlnotify.dll	Signed
SensLogn HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn	WlNotify.dll	Signed
TPSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc	TPSvc.dll	Signed
WgaLogon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon	WgaLogon.dll
crypt32chain HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain	crypt32.dll	Signed
cryptnet HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet	cryptnet.dll	Signed
cscdll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll	cscdll.dll	Signed
dimsntfy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy	%SystemRoot%\System32\dimsntfy.dll	Signed
sclgntfy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy	sclgntfy.dll	Signed
termsrv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv	wlnotify.dll	Signed
wlballoon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon	wlnotify.dll	Signed
Security Providers HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders, SecurityProviders
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll	Signed
Value Run Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, AutoRun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug, Debugger HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider, ProviderPath HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager, BootExecute HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Scripting Host\Locations, CScript HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Scripting Host\Locations, WScript HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls, AppSecDll HKEY_CURRENT_USER\Control Panel\Desktop, SCRNSAVE.EXE HKEY_CURRENT_USER\Software\Microsoft\Command Processor, AutoRun HKEY_CURRENT_USER\Control Panel\IOProcs, MVB HKEY_USERS\Control Panel\Desktop, SCRNSAVE.EXE HKEY_USERS\Software\Microsoft\Command Processor, AutoRun HKEY_USERS\Control Panel\IOProcs, MVB
SCRNSAVE.EXE HKEY_CURRENT_USER\Control Panel\Desktop	C:\WINDOWS\System32\logon.scr	Signed
MVB HKEY_CURRENT_USER\Control Panel\IOProcs	mvfs32.dll
Debugger HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug	drwtsn32 -p %ld -e %ld -g	Signed
CScript HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Scripting Host\Locations	%SystemRoot%\System32\cscript.exe	Signed
WScript HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Scripting Host\Locations	%SystemRoot%\System32\wscript.exe	Signed
ProviderPath HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider	%SystemRoot%\system32\ntmarta.dll	Signed
BootExecute HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager	autocheck autochk *	Signed
StartupPrograms HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd	rdpclip	Signed
SCRNSAVE.EXE HKEY_USERS\.DEFAULT\Control Panel\Desktop	logon.scr	Signed
MVB HKEY_USERS\.DEFAULT\Control Panel\IOProcs	mvfs32.dll
SCRNSAVE.EXE HKEY_USERS\S-1-5-18\Control Panel\Desktop	logon.scr	Signed
MVB HKEY_USERS\S-1-5-18\Control Panel\IOProcs	mvfs32.dll
SCRNSAVE.EXE HKEY_USERS\S-1-5-19\Control Panel\Desktop	%SystemRoot%\System32\logon.scr	Signed
MVB HKEY_USERS\S-1-5-19\Control Panel\IOProcs	mvfs32.dll
SCRNSAVE.EXE HKEY_USERS\S-1-5-20\Control Panel\Desktop	%SystemRoot%\System32\logon.scr	Signed
MVB HKEY_USERS\S-1-5-20\Control Panel\IOProcs	mvfs32.dll
SCRNSAVE.EXE HKEY_USERS\S-1-5-21-1214440339-1844823847-1177238915-1003\Control Panel\Desktop	C:\WINDOWS\System32\logon.scr	Signed
MVB HKEY_USERS\S-1-5-21-1214440339-1844823847-1177238915-1003\Control Panel\IOProcs	mvfs32.dll
Shared Task Scheduler HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1}	%SystemRoot%\system32\browseui.dll	Signed
{8C7461EF-2B13-11d2-BE35-3078302C2030}	%SystemRoot%\system32\browseui.dll	Signed
Shell Execute Hooks HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972}	shell32.dll	Signed
Shell Service Object Delay Load HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
CDBurn	%SystemRoot%\system32\SHELL32.dll	Signed
PostBootReminder	%SystemRoot%\system32\SHELL32.dll	Signed
SysTray	C:\WINDOWS\system32\stobject.dll	Signed
WebCheck	C:\WINDOWS\system32\webcheck.dll	Signed
My Computer (Backup, Cleanup, Defrag utilities) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\CleanupPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath
BackupPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath	%SystemRoot%\system32\ntbackup.exe	Signed
CleanupPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\CleanupPath	%SystemRoot%\system32\cleanmgr.exe /D %c	Signed
DefragPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath	%systemroot%\system32\dfrg.msc %c:	Signed
Utility Managers HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager, Application path
Magnifier	Magnify.exe	Signed
On-Screen Keyboard	osk.exe	Signed
LSP Providers
MSAFD NetBIOS [\Device\NetBT_Tcpip_{236BE07E-9D2A-43F8-A74B-35AF89688FAC}] DATAGRAM 1	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD NetBIOS [\Device\NetBT_Tcpip_{236BE07E-9D2A-43F8-A74B-35AF89688FAC}] SEQPACKET 1	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E45E89C-3192-4D1E-BF79-6EC61D78F78E}] DATAGRAM 2	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E45E89C-3192-4D1E-BF79-6EC61D78F78E}] SEQPACKET 2	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4C20D33-CF7B-4A04-9B35-E97EC5B3F29D}] DATAGRAM 0	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4C20D33-CF7B-4A04-9B35-E97EC5B3F29D}] SEQPACKET 0	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD Tcpip [RAW/IP]	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD Tcpip [TCP/IP]	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD Tcpip [UDP/IP]	%SystemRoot%\system32\mswsock.dll	Signed
RSVP TCP Service Provider	%SystemRoot%\system32\rsvpsp.dll	Signed
RSVP UDP Service Provider	%SystemRoot%\system32\rsvpsp.dll	Signed
VMCI sockets DGRAM	C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll
VMCI sockets STREAM	C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll
Shell Spawning
Applications	"C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1	Signed
CLSID	"C:\Program Files\Internet Explorer\iexplore.exe"	Signed
Drive	%SystemRoot%\Explorer.exe	Signed
Folder	%SystemRoot%\Explorer.exe /e,/idlist,%I,%L	Signed
Folder	%SystemRoot%\Explorer.exe /idlist,%I,%L	Signed
InternetShortcut	"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l	Signed
Unknown	%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1	Signed
batfile	"%1" %*	Signed
comfile	"%1" %*	Signed
cplfile	rundll32.exe shell32.dll,Control_RunDLL "%1",%*	Signed
exefile	"%1" %*	Signed
htafile	C:\WINDOWS\system32\mshta.exe "%1" %*	Signed
inffile	%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1	Signed
jsefile	%SystemRoot%\System32\WScript.exe "%1" %*	Signed
jsfile	%SystemRoot%\System32\WScript.exe "%1" %*	Signed
piffile	"%1" %*	Signed
regfile	regedit.exe "%1"	Signed
scrfile	"%1"	Signed
scrfile	"%1" /S	Signed
txtfile	%SystemRoot%\system32\NOTEPAD.EXE %1	Signed
vbefile	%SystemRoot%\System32\WScript.exe "%1" %*	Signed
vbsfile	%SystemRoot%\System32\WScript.exe "%1" %*	Signed
wsffile	%SystemRoot%\System32\WScript.exe "%1" %*	Signed
wshfile	%SystemRoot%\System32\WScript.exe "%1" %*	Signed

Drivers\Services (from Registry)

Name and Description	Image Path	Start	State
Abiosdsk		DISABLED
abp480n5		DISABLED
ACPI Драйвер Microsoft ACPI	system32\DRIVERS\ACPI.sys	BOOT	Signed
ACPIEC		DISABLED
adpu160m		DISABLED
aec Подавитель акустического эхо ядра системы	system32\drivers\aec.sys	DEMAND	Signed
AFD AFD	\SystemRoot\System32\drivers\afd.sys	SYSTEM	Signed
agp440 Intel - фильтр шины AGP	system32\DRIVERS\agp440.sys	BOOT	Signed
Aha154x		DISABLED
aic78u2		DISABLED
aic78xx		DISABLED
Alerter Оповещатель	%SystemRoot%\system32\svchost.exe -k LocalService	DISABLED	Signed
ALG Служба шлюза уровня приложения	%SystemRoot%\System32\alg.exe	DEMAND	Signed
AliIde		DISABLED
amsint		DISABLED
AppMgmt Управление приложениями	%SystemRoot%\system32\svchost.exe -k netsvcs	DEMAND	Signed
asc		DISABLED
asc3350p		DISABLED
asc3550		DISABLED
AsyncMac Драйвер асинхронного носителя RAS	system32\DRIVERS\asyncmac.sys	DEMAND	Signed
atapi Standard IDE/ESDI Hard Disk Controller	system32\DRIVERS\atapi.sys	BOOT	Signed
Atdisk		DISABLED
Atmarpc Протокол клиента ATM ARP	system32\DRIVERS\atmarpc.sys	DEMAND	Signed
AudioSrv Windows Audio	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
audstub Драйвер заглушки аудио	system32\DRIVERS\audstub.sys	DEMAND	Signed
BattC
Beep		SYSTEM
BITS Фоновая интеллектуальная служба передачи (BITS)	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
Browser Обозреватель компьютеров	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
cbidf2k		DISABLED
cd20xrnt		DISABLED
Cdaudio		SYSTEM
Cdfs		DISABLED
Cdrom Драйвер CD-ROM дисковода	system32\DRIVERS\cdrom.sys	SYSTEM	Signed
Changer		SYSTEM
CiSvc Служба индексирования	%SystemRoot%\system32\cisvc.exe	DEMAND	Signed
ClipSrv Сервер папки обмена	%SystemRoot%\system32\clipsrv.exe	DISABLED	Signed
CmBatt Драйвер AC-адаптера блока питания (Майкрософт)	system32\DRIVERS\CmBatt.sys	DEMAND	Signed
CmdIde		DISABLED
Compbatt Драйвер составной батареи Microsoft	system32\DRIVERS\compbatt.sys	BOOT	Signed
COMSysApp Системное приложение COM+	C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}	DEMAND	Signed
ContentFilter
ContentIndex
Cpqarray		DISABLED
CryptSvc Службы криптографии	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
dac2w2k		DISABLED
dac960nt		DISABLED
DcomLaunch Запуск серверных процессов DCOM	%SystemRoot%\system32\svchost -k DcomLaunch	AUTO	Signed
Dhcp DHCP-клиент	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
Disk Драйвер диска	system32\DRIVERS\disk.sys	BOOT	Signed
dmadmin Служба администрирования диспетчера логических дисков	%SystemRoot%\System32\dmadmin.exe /com	DEMAND	Signed
dmboot	System32\drivers\dmboot.sys	DISABLED	Signed
dmio Драйвер диспетчера логических дисков	System32\drivers\dmio.sys	BOOT	Signed
dmload	System32\drivers\dmload.sys	BOOT	Signed
dmserver Диспетчер логических дисков	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
DMusic Синтезатор DLS ядра системы	system32\drivers\DMusic.sys	DEMAND	Signed
Dnscache DNS-клиент	%SystemRoot%\system32\svchost.exe -k NetworkService	AUTO	Signed
Dot3svc Автонастройка проводного доступа	%SystemRoot%\System32\svchost.exe -k dot3svc	DEMAND	Signed
dpti2o		DISABLED
drmkaud Звуковой дешифратор DRM ядра системы	system32\drivers\drmkaud.sys	DEMAND	Signed
EapHost Служба протокола EAP	%SystemRoot%\System32\svchost.exe -k eapsvcs	DEMAND	Signed
ERSvc Служба регистрации ошибок	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
es1371 Creative AudioPCI (ES1371,ES1373) (WDM)	system32\drivers\es1371mp.sys	DEMAND	Signed
Eventlog Журнал событий	%SystemRoot%\system32\services.exe	AUTO	Signed
EventSystem Система событий COM+	C:\WINDOWS\system32\svchost.exe -k netsvcs	DEMAND	Signed
Fastfat		DISABLED
FastUserSwitchingCompatibility Совместимость быстрого переключения пользователей	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
Fdc Драйвер контроллера гибких дисков	system32\DRIVERS\fdc.sys	DEMAND	Signed
Fips		SYSTEM
Flpydisk Драйвер дисковода гибких дисков	system32\DRIVERS\flpydisk.sys	DEMAND	Signed
FltMgr FltMgr	system32\DRIVERS\fltMgr.sys	BOOT	Signed
Fs_Rec		SYSTEM
Ftdisk Драйвер диспетчера томов	system32\DRIVERS\ftdisk.sys	BOOT	Signed
gameenum Перечислитель игровых портов	system32\DRIVERS\gameenum.sys	DEMAND	Signed
Gpc Общий классификатор пакетов	system32\DRIVERS\msgpc.sys	DEMAND	Signed
helpsvc Справка и поддержка	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
HidServ Доступ к HID-устройствам	%SystemRoot%\System32\svchost.exe -k netsvcs	DISABLED	Signed
hidusb Драйвер класса HID Microsoft	system32\DRIVERS\hidusb.sys	DEMAND	Signed
hkmsvc Служба управления сертификатами и ключами работоспособности	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
hpn		DISABLED
HTTP HTTP	System32\Drivers\HTTP.sys	DEMAND	Signed
HTTPFilter Протокол HTTP SSL	%SystemRoot%\System32\svchost.exe -k HTTPFilter	DEMAND	Signed
i2omgmt		SYSTEM
i2omp		DISABLED
i8042prt Драйвер i8042-клавиатуры и мыши для порта PS/2	system32\DRIVERS\i8042prt.sys	SYSTEM	Signed
im9ssmie Vba32 Armour Driver	\??\C:\WINDOWS\system32\drivers\im9ssmie.sys	DEMAND	Signed
Imapi Драйвер фильтра записи компакт-дисков	system32\DRIVERS\imapi.sys	SYSTEM	Signed
ImapiService Служба COM записи компакт-дисков IMAPI	C:\WINDOWS\system32\imapi.exe	DEMAND	Signed
inetaccs
ini910u		DISABLED
Inport
IntelIde	system32\DRIVERS\intelide.sys	BOOT	Signed
intelppm Драйвер Intel процессора	system32\DRIVERS\intelppm.sys	SYSTEM	Signed
Ip6Fw Драйвер брандмауэра Windows для IPv6	system32\DRIVERS\Ip6Fw.sys	DEMAND	Signed
IpFilterDriver Драйвер фильтра IP-трафика	system32\DRIVERS\ipfltdrv.sys	DEMAND	Signed
IpInIp Драйвер туннеля IP в IP	system32\DRIVERS\ipinip.sys	DEMAND	Signed
IpNat Транслятор сетевого IP-адреса	system32\DRIVERS\ipnat.sys	DEMAND	Signed
IPSec Драйвер IPSEC	system32\DRIVERS\ipsec.sys	SYSTEM	Signed
IRENUM Служба перечислителя IR	system32\DRIVERS\irenum.sys	DEMAND	Signed
ISAPISearch
isapnp Драйвер PnP ISA/EISA шины	system32\DRIVERS\isapnp.sys	BOOT	Signed
JavaQuickStarterService Java Quick Starter	"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"	AUTO
Kbdclass Драйвер класса клавиатуры	system32\DRIVERS\kbdclass.sys	SYSTEM	Signed
kmixer Микшер звукозаписи ядра системы	system32\drivers\kmixer.sys	DEMAND	Signed
KSecDD		BOOT
LanmanServer Сервер	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
lanmanworkstation Рабочая станция	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
lbrtfdc		SYSTEM
ldap
LicenseService
LmHosts Модуль поддержки NetBIOS через TCP/IP	%SystemRoot%\system32\svchost.exe -k LocalService	AUTO	Signed
Messenger Служба сообщений	%SystemRoot%\system32\svchost.exe -k netsvcs	DISABLED	Signed
mnmdd		SYSTEM
mnmsrvc NetMeeting Remote Desktop Sharing	C:\WINDOWS\system32\mnmsrvc.exe	DEMAND	Signed
Modem		DEMAND
Mouclass Драйвер класса мыши	system32\DRIVERS\mouclass.sys	SYSTEM	Forged file
mouhid Драйвер мыши HID	system32\DRIVERS\mouhid.sys	DEMAND	Signed
MountMgr		BOOT
mraid35x		DISABLED
MRxDAV Перенаправиль клиентов WebDav	system32\DRIVERS\mrxdav.sys	DEMAND	Signed
MRxSmb MRXSMB	system32\DRIVERS\mrxsmb.sys	SYSTEM	Signed
MSDTC Координатор распределенных транзакций	C:\WINDOWS\system32\msdtc.exe	DEMAND	Signed
Msfs		SYSTEM
MSIServer Windows Installer	C:\WINDOWS\system32\msiexec.exe /V	DEMAND	Signed
MSKSSRV Представитель служб потоков Microsoft	system32\drivers\MSKSSRV.sys	DEMAND	Signed
MSPCLOCK Посредник синхронизации потоков Microsoft	system32\drivers\MSPCLOCK.sys	DEMAND	Signed
MSPQM Представитель диспетчера качества потоков Microsoft	system32\drivers\MSPQM.sys	DEMAND	Signed
mssmbios Драйвер Microsoft System Management BIOS	system32\DRIVERS\mssmbios.sys	DEMAND	Signed
Mup Служба MUP		BOOT
napagent Агент защиты доступа к сети	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
NDIS Системный драйвер NDIS		BOOT
NdisTapi NDIS-драйвер TAPI удаленного доступа	system32\DRIVERS\ndistapi.sys	DEMAND	Signed
Ndisuio NDIS-протокол ввода/вывода пользовательского режима	system32\DRIVERS\ndisuio.sys	DEMAND	Signed
NdisWan NDIS-драйвер WAN удаленного доступа	system32\DRIVERS\ndiswan.sys	DEMAND	Signed
NDProxy NDIS прокси		DEMAND
NetBIOS Интерфейс NetBIOS	system32\DRIVERS\netbios.sys	SYSTEM	Signed
NetBT NetBios через TCP/IP	system32\DRIVERS\netbt.sys	SYSTEM	Signed
NetDDE Служба сетевого DDE	%SystemRoot%\system32\netdde.exe	DISABLED	Signed
NetDDEdsdm Диспетчер сетевого DDE	%SystemRoot%\system32\netdde.exe	DISABLED	Signed
Netlogon Сетевой вход в систему	%SystemRoot%\system32\lsass.exe	DEMAND	Signed
Netman Сетевые подключения	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
Nla Служба сетевого расположения (NLA)	%SystemRoot%\system32\svchost.exe -k netsvcs	DEMAND	Signed
Npfs		SYSTEM
Ntfs		DISABLED
NtLmSsp Поставщик поддержки безопасности NT LM	%SystemRoot%\system32\lsass.exe	DEMAND	Signed
NtmsSvc Съемные ЗУ	%SystemRoot%\system32\svchost.exe -k netsvcs	DEMAND	Signed
Null		SYSTEM
NwlnkFlt Драйвер фильтра IPX-трафика	system32\DRIVERS\nwlnkflt.sys	DEMAND	Signed
NwlnkFwd Драйвер пересылки IPX-трафика	system32\DRIVERS\nwlnkfwd.sys	DEMAND	Signed
Parport Драйвер параллельного порта	system32\DRIVERS\parport.sys	DEMAND	Signed
PartMgr		BOOT
ParVdm		AUTO
PCI Драйвер PCI шины	system32\DRIVERS\pci.sys	BOOT	Signed
PCIDump		SYSTEM
PCIIde		DISABLED
Pcmcia		DISABLED
PCnet AMD PCNET совместимый адаптер, драйвер	system32\DRIVERS\pcntpci5.sys	DEMAND	Signed
PDCOMP		DEMAND
PDFRAME		DEMAND
PDRELI		DEMAND
PDRFRAME		DEMAND
perc2		DISABLED
perc2hib		DISABLED
PerfDisk
PerfNet
PerfOS
PerfProc
PlugPlay Plug and Play	%SystemRoot%\system32\services.exe	AUTO	Signed
PolicyAgent Службы IPSEC	%SystemRoot%\system32\lsass.exe	AUTO	Signed
PptpMiniport Минипорт WAN (PPTP)	system32\DRIVERS\raspptp.sys	DEMAND	Signed
ProtectedStorage Защищенное хранилище	%SystemRoot%\system32\lsass.exe	AUTO	Signed
PSched Планировщик пакетов QoS	system32\DRIVERS\psched.sys	DEMAND	Signed
Ptilink Драйвер прямой параллельной связи	system32\DRIVERS\ptilink.sys	DEMAND	Signed
ql1080		DISABLED
Ql10wnt		DISABLED
ql12160		DISABLED
ql1240		DISABLED
ql1280		DISABLED
RasAcd Драйвер авто-подключений удаленного доступа	system32\DRIVERS\rasacd.sys	SYSTEM	Signed
RasAuto Диспетчер авто-подключений удаленного доступа	%SystemRoot%\system32\svchost.exe -k netsvcs	DEMAND	Signed
Rasl2tp Минипорт WAN (L2TP)	system32\DRIVERS\rasl2tp.sys	DEMAND	Signed
RasMan Диспетчер подключений удаленного доступа	%SystemRoot%\system32\svchost.exe -k netsvcs	DEMAND	Signed
RasPppoe Драйвер PPPoE удаленного доступа	system32\DRIVERS\raspppoe.sys	DEMAND	Signed
Raspti Прямой параллельный порт	system32\DRIVERS\raspti.sys	DEMAND	Signed
Rdbss Rdbss	system32\DRIVERS\rdbss.sys	SYSTEM	Signed
RDPCDD	System32\DRIVERS\RDPCDD.sys	SYSTEM	Signed
RDPDD
rdpdr Драйвер перенаправителя устройства сервера терминалов	system32\DRIVERS\rdpdr.sys	DEMAND	Signed
RDPNP
RDPWD		DEMAND
RDSessMgr Диспетчер сеанса справки для удаленного рабочего стола	C:\WINDOWS\system32\sessmgr.exe	DEMAND	Signed
redbook Драйвер фильтра воспроизведения звука с цифровых компакт-дисков	system32\DRIVERS\redbook.sys	SYSTEM	Signed
RemoteAccess Маршрутизация и удаленный доступ	%SystemRoot%\system32\svchost.exe -k netsvcs	DISABLED	Signed
RemoteRegistry Удаленный реестр	%SystemRoot%\system32\svchost.exe -k LocalService	AUTO	Signed
RpcLocator Локатор удаленного вызова процедур (RPC)	%SystemRoot%\system32\locator.exe	DEMAND	Signed
RpcSs Удаленный вызов процедур (RPC)	%SystemRoot%\system32\svchost -k rpcss	AUTO	Signed
RSVP QoS RSVP	%SystemRoot%\system32\rsvp.exe	DEMAND	Signed
SamSs Диспетчер учетных записей безопасности	%SystemRoot%\system32\lsass.exe	AUTO	Signed
SCardSvr Смарт-карты	%SystemRoot%\System32\SCardSvr.exe	DEMAND	Signed
Schedule Планировщик заданий	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
Secdrv Secdrv	system32\DRIVERS\secdrv.sys	DEMAND	Signed
seclogon Вторичный вход в систему	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
SENS Уведомление о системных событиях	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
serenum Драйвер фильтра Serenum	system32\DRIVERS\serenum.sys	DEMAND	Signed
Serial Драйвер последовательного порта	system32\DRIVERS\serial.sys	SYSTEM	Signed
Sfloppy		SYSTEM
Shadow		BOOT
SharedAccess Брандмауэр Windows/Общий доступ к Интернету (ICS)	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
ShellHWDetection Определение оборудования оболочки	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
Simbad		DISABLED
Sparrow		DISABLED
splitter Разделитель звука ядра системы	system32\drivers\splitter.sys	DEMAND	Signed
Spooler Диспетчер очереди печати	%SystemRoot%\system32\spoolsv.exe	AUTO	Signed
sr Драйвер фильтра восстановления системы	\SystemRoot\system32\DRIVERS\sr.sys	DISABLED	Signed
srservice Служба восстановления системы	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
Srv Srv	system32\DRIVERS\srv.sys	DEMAND	Signed
SSDPSRV Служба обнаружения SSDP	%SystemRoot%\system32\svchost.exe -k LocalService	DEMAND	Signed
stisvc Служба загрузки изображений (WIA)	%SystemRoot%\system32\svchost.exe -k imgsvc	DEMAND	Signed
swenum Драйвер программной шины	system32\DRIVERS\swenum.sys	DEMAND	Signed
swmidi Синтезатор звуковой таблицы Microsoft Kernel GS	system32\drivers\swmidi.sys	DEMAND	Signed
SwPrv MS Software Shadow Copy Provider	C:\WINDOWS\system32\dllhost.exe /Processid:{6B1ADF90-CACC-422A-9E67-0C199B20D06B}	DEMAND	Signed
symc810		DISABLED
symc8xx		DISABLED
sym_hi		DISABLED
sym_u3		DISABLED
sysaudio Аудиоустройство ядра системы	system32\drivers\sysaudio.sys	DEMAND	Signed
SysmonLog Журналы и оповещения производительности	%SystemRoot%\system32\smlogsvc.exe	DEMAND	Signed
TapiSrv Телефония	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
Tcpip Драйвер протокола TCP/IP	system32\DRIVERS\tcpip.sys	SYSTEM	Signed
TDPIPE		DEMAND
TDTCP		DEMAND
TermDD Драйвер устройства терминала	system32\DRIVERS\termdd.sys	SYSTEM	Signed
TermService Службы терминалов	%SystemRoot%\System32\svchost -k DComLaunch	DEMAND	Signed
Themes Темы	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
TlntSvr Telnet	C:\WINDOWS\system32\tlntsvr.exe	DISABLED	Signed
TosIde		DISABLED
TPAutoConnSvc TP AutoConnect Service	"C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe"	DEMAND	Signed
TrkWks Клиент отслеживания изменившихся связей	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
TSDDD
Udfs		DISABLED
ultra		DISABLED
Update Драйвер обновления микропрограмм	system32\DRIVERS\update.sys	DEMAND	Signed
upnphost Узел универсальных PnP-устройств	%SystemRoot%\system32\svchost.exe -k LocalService	DEMAND	Signed
UPS Источник бесперебойного питания	%SystemRoot%\System32\ups.exe	DEMAND	Signed
usbccgp Драйвер универсального родительского устройства USB (Microsoft)	system32\DRIVERS\usbccgp.sys	DEMAND	Signed
usbehci Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера	system32\DRIVERS\usbehci.sys	DEMAND	Signed
usbhub Драйвер стандартного концентратора USB (Microsoft)	system32\DRIVERS\usbhub.sys	DEMAND	Signed
usbuhci Драйвер минипорта Microsoft USB универсального хост-контроллера	system32\DRIVERS\usbuhci.sys	DEMAND	Signed
VgaSave	\SystemRoot\System32\drivers\vga.sys	SYSTEM	Signed
ViaIde		DISABLED
vmci VMware VMCI Bus Driver	system32\DRIVERS\vmci.sys	DEMAND	Signed
vmdebug VMware Replay Debugging Helper	\??\C:\WINDOWS\system32\Drivers\vmdebug.sys	SYSTEM	Signed
vmdesched VMware Descheduled Time Accounting Service	"C:\Program Files\VMware\VMware Tools\vmdesched.exe"	DEMAND	Signed
vmdesched-driver VMware Descheduled Time Accounting Service (driver)	\??\C:\WINDOWS\system32\Drivers\vmdesched.sys	AUTO	Signed
vmhgfs	System32\DRIVERS\vmhgfs.sys	SYSTEM	Signed
VMMEMCTL Memory Control Driver	\??\C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys	AUTO	Signed
vmmouse VMware Pointing Device	system32\DRIVERS\vmmouse.sys	DEMAND	Signed
vmrawdsk VMware Vista Physical Disk Helper	\??\C:\Program Files\VMware\VMware Tools\vmrawdsk.sys	SYSTEM
vmscsi vmscsi	system32\DRIVERS\vmscsi.sys	BOOT	Signed
VMTools VMware Tools Service	"C:\Program Files\VMware\VMware Tools\vmtoolsd.exe"	AUTO	Signed
VMUpgradeHelper VMware Upgrade Helper	"C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe" /service	AUTO	Signed
VMware Physical Disk Helper Service VMware Physical Disk Helper Service	"C:\Program Files\VMware\VMware Tools\vmacthlp.exe"	AUTO	Signed
vmxnet VMware Ethernet Adapter Driver	system32\DRIVERS\vmxnet.sys	DEMAND	Signed
vmx_svga	system32\DRIVERS\vmx_svga.sys	DEMAND	Signed
VolSnap		BOOT
VSS Теневое копирование тома	%SystemRoot%\System32\vssvc.exe	DEMAND	Signed
W32Time Служба времени Windows	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
W3SVC
Wanarp Драйвер IP ARP удаленного доступа	system32\DRIVERS\wanarp.sys	DEMAND	Signed
WDICA		DEMAND
wdmaud Драйвер совместимости звука Microsoft (WINMM WDM)	system32\drivers\wdmaud.sys	DEMAND	Signed
WebClient Веб-клиент	%SystemRoot%\system32\svchost.exe -k LocalService	AUTO	Signed
winmgmt Инструментарий управления Windows	%systemroot%\system32\svchost.exe -k netsvcs	AUTO	Signed
Winsock		DEMAND
WinSock2
WinTrust
WmdmPmSN Служба серийных номеров переносных устройств мультимедиа	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
Wmi Расширения драйверов WMI (Windows Management Instrumentation)	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
WmiApRpl
WmiApSrv Адаптер производительности WMI	C:\WINDOWS\system32\wbem\wmiapsrv.exe	DEMAND	Signed
WS2IFSL Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб	\SystemRoot\System32\drivers\ws2ifsl.sys	SYSTEM	Signed
wscsvc Центр обеспечения безопасности	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
wuauserv Автоматическое обновление	%systemroot%\system32\svchost.exe -k netsvcs	AUTO	Signed
WZCSVC Беспроводная настройка	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
xmlprov Служба обеспечения сети	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
{F4C20D33-CF7B-4A04-9B35-E97EC5B3F29D}
pxtdipow	\??\C:\DOCUME~1\1\LOCALS~1\Temp\pxtdipow.sys	DEMAND