Vba32 AntiRootKit Log File

TEST 12:38:41 14-04-2010

Microsoft Windows XP Professional Service Pack 3 (build 2600)

AntiRootKit version 3.12.5.0

AntiVirus checking is OFF

Sign checking is ON

AntiRootKit driver is working in ordinary mode

Kernel-Mode Hooks

Module	Type	Number	Name	State	Base Value	Current Value	Driver
No hooks found

Kernel-Mode Notificators

Type	State	Current Address	Driver
Create Process	Signed	0xF8683194	C:\WINDOWS\system32\DRIVERS\vmci.sys
Create Process	Signed	0xF87516AE	C:\WINDOWS\system32\Drivers\vmdebug.sys
Load Image	VBA32	0x81A8D540	Vba32 AntiRootKit Handler

Driver Input/Output Handler's Hooks (IRP & FastIo)

Driver Object	Handler Name	State	Current Address	Driver
No hooks found

Kernel modules

Module	Full Path	State	Base Address	Module Size
ntdll.dll	C:\WINDOWS\system32\ntdll.dll Description: Системная библиотека NT Company name: Корпорация Майкрософт Size: 718848 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 10:54:16 09.02.2009 Accessed: 09:33:18 14.04.2010	Signed	0x7C900000	733184
Fastfat	C:\WINDOWS\System32\Drivers\Fastfat.SYS Description: Fast FAT File System Driver Company name: Microsoft Corporation Size: 143744 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:38:22 14.04.2010	Signed	0xB1D85000	147456
d3lutwsc	C:\WINDOWS\system32\drivers\d3lutwsc.sys Description: Vba32 AntiRootkit driver Company name: VirusBlokAda Ltd. Size: 67592 Attrs: ----a Created: 09:38:14 14.04.2010 Modified: 09:38:14 14.04.2010 Accessed: 09:38:14 14.04.2010	Signed	0xB235C000	065536
HTTP	C:\WINDOWS\System32\Drivers\HTTP.sys Description: HTTP Protocol Stack Company name: Microsoft Corporation Size: 265728 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 16:20:16 20.10.2009 Accessed: 09:35:16 14.04.2010	Signed	0xB21A3000	266240
Srv	C:\WINDOWS\system32\DRIVERS\srv.sys Description: Server driver Company name: Microsoft Corporation Size: 353792 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 16:50:03 31.12.2009 Accessed: 09:34:50 14.04.2010	Signed	0xB243C000	356352
VMMEMCTL	C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys Description: VMware server memory controller Company name: VMware, Inc. Size: 14384 Attrs: ----a Created: 17:24:48 22.01.2010 Modified: 17:24:48 22.01.2010 Accessed: 09:33:45 14.04.2010	Signed	0xF8A98000	008192
vmdesched-driver	C:\WINDOWS\system32\Drivers\vmdesched.sys Description: VMware Descheduled Time Accounting Service [driver] Company name: VMware, Inc. Size: 28464 Attrs: ----a Created: 15:14:36 26.03.2009 Modified: 15:14:36 26.03.2009 Accessed: 09:33:45 14.04.2010	Signed	0xF8948000	024576
ParVdm	C:\WINDOWS\System32\Drivers\ParVdm.SYS Description: Драйвер параллельного VDM Company name: Корпорация Майкрософт Size: 6912 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:34:48 14.04.2010	Signed	0xF8A96000	008192
MRxDAV	C:\WINDOWS\system32\DRIVERS\mrxdav.sys Description: Windows NT WebDav Minirdr Company name: Microsoft Corporation Size: 180608 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:34:47 14.04.2010	Signed	0xB2583000	184320
sysaudio	C:\WINDOWS\system32\drivers\sysaudio.sys Description: System Audio WDM Filter Company name: Microsoft Corporation Size: 60800 Attrs: ----a Created: 20:02:21 15.05.2009 Modified: 00:45:56 14.04.2008 Accessed: 09:34:32 14.04.2010	Signed	0xB2B53000	061440
wdmaud	C:\WINDOWS\system32\drivers\wdmaud.sys Description: MMSYSTEM Wave/Midi API mapper Company name: Microsoft Corporation Size: 83072 Attrs: ----a Created: 20:02:11 15.05.2009 Modified: 00:47:20 14.04.2008 Accessed: 09:34:31 14.04.2010	Signed	0xB2796000	086016
Ndisuio	C:\WINDOWS\system32\DRIVERS\ndisuio.sys Description: NDIS User mode I/O Driver Company name: Microsoft Corporation Size: 14592 Attrs: ----a Created: 00:26:00 14.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:34:00 14.04.2010	Signed	0xB2ACF000	016384
vmx_fb.dll	C:\WINDOWS\System32\vmx_fb.dll Description: VMware SVGA II Display Driver Company name: VMware, Inc. Size: 217776 Attrs: ----a Created: 12:26:00 17.05.2009 Modified: 00:16:52 22.10.2009 Accessed: 09:33:45 14.04.2010	Signed	0xBF9D6000	212992
dxgthk.sys	C:\WINDOWS\System32\drivers\dxgthk.sys Description: DirectX Graphics Driver Thunk Company name: Microsoft Corporation Size: 3328 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:51 14.04.2010	Signed	0xF8B6B000	004096
dxg.sys	C:\WINDOWS\System32\drivers\dxg.sys Description: DirectX Graphics Driver Company name: Microsoft Corporation Size: 71168 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed	0xBF9C4000	073728
watchdog.sys	C:\WINDOWS\System32\watchdog.sys Description: Watchdog Driver Company name: Microsoft Corporation Size: 17664 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:50 14.04.2010	Signed	0xF88B0000	020480
Dxapi.sys	C:\WINDOWS\System32\drivers\Dxapi.sys Description: DirectX API Driver Company name: Microsoft Corporation Size: 10496 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:50 14.04.2010	Signed	0xF80DF000	012288
Win32k	C:\WINDOWS\System32\win32k.sys Description: Многопользовательский драйвер Win32 Company name: Корпорация Майкрософт Size: 1850752 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 15:15:12 14.08.2009 Accessed: 09:33:45 14.04.2010	Signed	0xBF800000	1851392
dump_WMILIB.SYS	C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS	File doesn't exist	0xF8A82000	008192
dump_atapi.sys	C:\WINDOWS\System32\Drivers\dump_atapi.sys	File doesn't exist	0xB2BE3000	098304
Cdfs	C:\WINDOWS\System32\Drivers\Cdfs.SYS Description: CD-ROM File System Driver Company name: Microsoft Corporation Size: 63744 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:47 14.04.2010	Signed	0xF85F0000	065536
mouhid	C:\WINDOWS\system32\DRIVERS\mouhid.sys Description: Драйвер фильтра мыши HID Company name: Корпорация Майкрософт Size: 12160 Attrs: ----a Created: 20:33:10 19.10.2001 Modified: 12:00:00 15.04.2008 Accessed: 09:33:41 14.04.2010	Signed	0xF8235000	012288
HIDPARSE.SYS	C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS Description: Hid Parsing Library Company name: Microsoft Corporation Size: 24960 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:41 14.04.2010	Signed	0xF8898000	028672
HIDCLASS.SYS	C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS Description: Hid Class Library Company name: Microsoft Corporation Size: 36864 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:41 14.04.2010	Signed	0xF8790000	036864
hidusb	C:\WINDOWS\system32\DRIVERS\hidusb.sys Description: USB Miniport Driver for Input Devices Company name: Microsoft Corporation Size: 10368 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:41 14.04.2010	Signed	0xF8239000	012288
usbccgp	C:\WINDOWS\system32\DRIVERS\usbccgp.sys Description: USB Common Class Generic Parent Driver Company name: Microsoft Corporation Size: 32128 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:40 14.04.2010	Signed	0xF8890000	032768
Wanarp	C:\WINDOWS\system32\DRIVERS\wanarp.sys Description: MS Remote Access and Routing ARP Driver Company name: Microsoft Corporation Size: 34560 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:37 14.04.2010	Signed	0xF8780000	036864
IpNat	C:\WINDOWS\system32\DRIVERS\ipnat.sys Description: IP Network Address Translator Company name: Microsoft Corporation Size: 152832 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:37 14.04.2010	Signed	0xB2C23000	155648
Fips	C:\WINDOWS\System32\Drivers\Fips.SYS Description: Драйвер FIPS Crypto Company name: Корпорация Майкрософт Size: 44544 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:37 14.04.2010	Signed	0xF8770000	045056
MRxSmb	C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Description: Windows NT SMB Minirdr Company name: Microsoft Corporation Size: 455424 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 18:22:22 04.12.2009 Accessed: 09:33:37 14.04.2010	Signed	0xB2C49000	458752
Rdbss	C:\WINDOWS\system32\DRIVERS\rdbss.sys Description: Redirected Drive Buffering SubSystem Driver Company name: Microsoft Corporation Size: 175744 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:37 14.04.2010	Signed	0xB2CB9000	176128
vmdebug	C:\WINDOWS\system32\Drivers\vmdebug.sys Description: VMware Replay Debugging Driver Company name: VMware, Inc. Size: 23088 Attrs: ----a Created: 00:18:42 22.10.2009 Modified: 00:18:42 22.10.2009 Accessed: 09:33:24 14.04.2010	Signed	0xF8750000	036864
vmhgfs	C:\WINDOWS\System32\DRIVERS\vmhgfs.sys Description: VMware HGFS File System Driver Company name: VMware, Inc. Size: 128688 Attrs: ----a Created: 12:26:05 17.05.2009 Modified: 17:25:06 22.01.2010 Accessed: 09:33:24 14.04.2010	Signed	0xB2CE4000	122880
NetBIOS	C:\WINDOWS\system32\DRIVERS\netbios.sys Description: NetBIOS interface driver Company name: Microsoft Corporation Size: 34688 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:37 14.04.2010	Signed	0xF8740000	036864
AFD	C:\WINDOWS\System32\drivers\afd.sys Description: Ancillary Function Driver for WinSock Company name: Microsoft Corporation Size: 138496 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 10:04:36 14.08.2008 Accessed: 09:33:37 14.04.2010	Signed	0xB2D02000	139264
WS2IFSL	C:\WINDOWS\System32\drivers\ws2ifsl.sys Description: Winsock2 IFS Layer Company name: Microsoft Corporation Size: 12032 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:37 14.04.2010	Signed	0xF8317000	012288
NetBT	C:\WINDOWS\system32\DRIVERS\netbt.sys Description: MBT Transport driver Company name: Microsoft Corporation Size: 162816 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:37 14.04.2010	Signed	0xB2D4C000	163840
Tcpip	C:\WINDOWS\system32\DRIVERS\tcpip.sys Description: TCP/IP Protocol Driver Company name: Microsoft Corporation Size: 361600 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 11:51:12 20.06.2008 Accessed: 09:33:37 14.04.2010	Signed	0xB2D74000	364544
IPSec	C:\WINDOWS\system32\DRIVERS\ipsec.sys Description: IPSec Driver Company name: Microsoft Corporation Size: 75264 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:36 14.04.2010	Signed	0xB2DCD000	077824
RasAcd	C:\WINDOWS\system32\DRIVERS\rasacd.sys Description: RAS Automatic Connection Driver Company name: Microsoft Corporation Size: 8832 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:36 14.04.2010	Signed	0xF831B000	012288
Npfs	C:\WINDOWS\System32\Drivers\Npfs.SYS Description: NPFS Driver Company name: Microsoft Corporation Size: 30848 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:36 14.04.2010	Signed	0xF8888000	032768
Msfs	C:\WINDOWS\System32\Drivers\Msfs.SYS Description: Mailslot driver Company name: Microsoft Corporation Size: 19072 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:36 14.04.2010	Signed	0xF8880000	020480
RDPCDD	C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Description: RDP Miniport Company name: Microsoft Corporation Size: 4224 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:36 14.04.2010	Signed	0xF8A72000	008192
mnmdd	C:\WINDOWS\System32\Drivers\mnmdd.SYS Description: Frame buffer simulator Company name: Microsoft Corporation Size: 4224 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:36 14.04.2010	Signed	0xF8A70000	008192
VgaSave	C:\WINDOWS\System32\drivers\vga.sys Description: VGA/Super VGA Video Driver Company name: Microsoft Corporation Size: 20992 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:36 14.04.2010	Signed	0xF8878000	024576
Beep	C:\WINDOWS\System32\Drivers\Beep.SYS Description: BEEP Driver Company name: Microsoft Corporation Size: 4224 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:36 14.04.2010	Signed	0xF8A6E000	008192
Null	C:\WINDOWS\System32\Drivers\Null.SYS Description: NULL Driver Company name: Microsoft Corporation Size: 2944 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:36 14.04.2010	Signed	0xF8C86000	004096
Fs_Rec	C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Description: File System Recognizer Driver Company name: Microsoft Corporation Size: 7936 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:36 14.04.2010	Signed	0xF8A6C000	008192
gameenum	C:\WINDOWS\system32\DRIVERS\gameenum.sys Description: Game Port Enumerator Company name: Microsoft Corporation Size: 10624 Attrs: ----a Created: 20:01:26 15.05.2009 Modified: 00:15:30 14.04.2008 Accessed: 09:33:36 14.04.2010	Signed	0xF8333000	012288
USBD.SYS	C:\WINDOWS\system32\DRIVERS\USBD.SYS Description: Universal Serial Bus Driver Company name: Microsoft Corporation Size: 4736 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:33 14.04.2010	Signed	0xF8A6A000	008192
usbhub	C:\WINDOWS\system32\DRIVERS\usbhub.sys Description: Default Hub Driver for USB Company name: Microsoft Corporation Size: 59520 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:33 14.04.2010	Signed	0xF8730000	061440
Flpydisk	C:\WINDOWS\system32\DRIVERS\flpydisk.sys Description: Floppy Driver Company name: Microsoft Corporation Size: 20480 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:33 14.04.2010	Signed	0xF8868000	020480
NDProxy	C:\WINDOWS\System32\Drivers\NDProxy.SYS Description: NDIS Proxy Company name: Microsoft Corporation Size: 40576 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:32 14.04.2010	Signed	0xF8710000	040960
mssmbios	C:\WINDOWS\system32\DRIVERS\mssmbios.sys Description: System Management BIOS Driver Company name: Microsoft Corporation Size: 15488 Attrs: ----a Created: 00:06:48 14.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:32 14.04.2010	Signed	0xF8A2C000	016384
Update	C:\WINDOWS\system32\DRIVERS\update.sys Description: Update Driver Company name: Microsoft Corporation Size: 384768 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:32 14.04.2010	Signed	0xF80EF000	385024
swenum	C:\WINDOWS\system32\DRIVERS\swenum.sys Description: Plug and Play Software Device Enumerator Company name: Microsoft Corporation Size: 4352 Attrs: ----a Created: 00:09:54 14.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:32 14.04.2010	Signed	0xF8A68000	008192
TermDD	C:\WINDOWS\system32\DRIVERS\termdd.sys Description: Terminal Server Driver Company name: Microsoft Corporation Size: 40840 Attrs: ----a Created: 17:16:12 15.05.2009 Modified: 18:41:42 14.04.2008 Accessed: 09:33:32 14.04.2010	Signed	0xF8700000	040960
rdpdr	C:\WINDOWS\system32\DRIVERS\rdpdr.sys Description: Microsoft RDP Device redirector Company name: Microsoft Corporation Size: 196224 Attrs: ----a Created: 17:16:12 15.05.2009 Modified: 21:02:52 13.04.2008 Accessed: 09:33:32 14.04.2010	Signed	0xF81ED000	196608
Raspti	C:\WINDOWS\system32\DRIVERS\raspti.sys Description: PTI DirectParallel(R) mini-port/call-manager driver Company name: Microsoft Corporation Size: 16512 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:32 14.04.2010	Signed	0xF8860000	020480
Ptilink	C:\WINDOWS\system32\DRIVERS\ptilink.sys Description: Parallel Technologies DirectParallel IO Library Company name: Parallel Technologies, Inc. Size: 17792 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:32 14.04.2010	Signed	0xF8858000	020480
Gpc	C:\WINDOWS\system32\DRIVERS\msgpc.sys Description: MS General Packet Classifier Company name: Microsoft Corporation Size: 35072 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:25 14.04.2010	Signed	0xF86F0000	036864
PSched	C:\WINDOWS\system32\DRIVERS\psched.sys Description: MS QoS Packet Scheduler Company name: Microsoft Corporation Size: 69120 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:25 14.04.2010	Signed	0xF8245000	069632
TDI.SYS	C:\WINDOWS\system32\DRIVERS\TDI.SYS Description: TDI Wrapper Company name: Microsoft Corporation Size: 19072 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:25 14.04.2010	Signed	0xF8848000	020480
PptpMiniport	C:\WINDOWS\system32\DRIVERS\raspptp.sys Description: Peer-to-Peer Tunneling Protocol Company name: Microsoft Corporation Size: 48384 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:25 14.04.2010	Signed	0xF86E0000	049152
RasPppoe	C:\WINDOWS\system32\DRIVERS\raspppoe.sys Description: RAS PPPoE mini-port/call-manager driver Company name: Microsoft Corporation Size: 41472 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF86D0000	045056
NdisWan	C:\WINDOWS\system32\DRIVERS\ndiswan.sys Description: MS PPP Framing Driver (Strong Encryption) Company name: Microsoft Corporation Size: 91520 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF8256000	094208
NdisTapi	C:\WINDOWS\system32\DRIVERS\ndistapi.sys Description: NDIS 3.0 connection wrapper driver Company name: Microsoft Corporation Size: 10112 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF8A10000	012288
Rasl2tp	C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Description: RAS L2TP mini-port/call-manager driver Company name: Microsoft Corporation Size: 51328 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF86C0000	053248
audstub	C:\WINDOWS\system32\DRIVERS\audstub.sys Description: AudStub Driver Company name: Microsoft Corporation Size: 3072 Attrs: ----a Created: 20:02:00 15.05.2009 Modified: 21:59:44 17.08.2001 Accessed: 09:33:24 14.04.2010	Signed	0xF8B9E000	004096
intelppm	C:\WINDOWS\system32\DRIVERS\intelppm.sys Description: Драйвер процессорного устройства Company name: Microsoft Corporation Size: 40704 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF86B0000	040960
CmBatt	C:\WINDOWS\system32\DRIVERS\CmBatt.sys Description: Control Method Battery Driver Company name: Microsoft Corporation Size: 13952 Attrs: ----a Created: 19:57:47 15.05.2009 Modified: 00:06:38 14.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF8A0C000	016384
usbehci	C:\WINDOWS\system32\DRIVERS\usbehci.sys Description: EHCI eUSB Miniport Driver Company name: Microsoft Corporation Size: 30208 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF8840000	032768
drmk.sys	C:\WINDOWS\system32\drivers\drmk.sys Description: Microsoft Kernel DRM Descrambler Filter Company name: Microsoft Corporation Size: 60160 Attrs: ----a Created: 19:58:52 15.05.2009 Modified: 21:15:16 13.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF86A0000	061440
portcls.sys	C:\WINDOWS\system32\drivers\portcls.sys Description: Port Class (Class Driver for Port/Miniport Devices) Company name: Microsoft Corporation Size: 146048 Attrs: ----a Created: 19:58:53 15.05.2009 Modified: 21:49:42 13.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF8284000	147456
es1371	C:\WINDOWS\system32\drivers\es1371mp.sys Description: ENSONIQ AudioPCI 97 WDM Audio Miniport Company name: Creative Technology Ltd. Size: 40832 Attrs: ----a Created: 19:58:54 15.05.2009 Modified: 08:18:32 03.06.2002 Accessed: 09:33:24 14.04.2010	Signed	0xF8690000	040960
vmxnet	C:\WINDOWS\system32\DRIVERS\vmxnet.sys Description: VMware PCI Ethernet Adapter Company name: VMware, Inc. Size: 36912 Attrs: r---a Created: 12:26:06 17.05.2009 Modified: 17:23:20 22.01.2010 Accessed: 09:33:24 14.04.2010	Signed	0xF8838000	032768
USBPORT.SYS	C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Description: USB 1.1 & 2.0 Port Driver Company name: Microsoft Corporation Size: 143872 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF82A8000	147456
usbuhci	C:\WINDOWS\system32\DRIVERS\usbuhci.sys Description: UHCI USB Miniport Driver Company name: Microsoft Corporation Size: 20608 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF8830000	024576
VIDEOPRT.SYS	C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Description: Video Port Driver Company name: Microsoft Corporation Size: 81664 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF82CC000	081920
vmx_svga	C:\WINDOWS\system32\DRIVERS\vmx_svga.sys Description: VMware SVGA II Miniport Company name: VMware, Inc. Size: 28080 Attrs: r---a Created: 12:26:00 17.05.2009 Modified: 17:22:10 22.01.2010 Accessed: 09:33:24 14.04.2010	Signed	0xF8828000	024576
vmci	C:\WINDOWS\system32\DRIVERS\vmci.sys Description: VMware PCI VMCI Bus Device Company name: VMware, Inc. Size: 61488 Attrs: r---a Created: 12:26:10 17.05.2009 Modified: 17:21:50 22.01.2010 Accessed: 09:33:24 14.04.2010	Signed	0xF8680000	057344
ks.sys	C:\WINDOWS\system32\DRIVERS\ks.sys Description: Kernel CSA Library Company name: Microsoft Corporation Size: 141056 Attrs: ----a Created: 00:46:38 14.04.2008 Modified: 21:46:38 13.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF82E0000	143360
redbook	C:\WINDOWS\system32\DRIVERS\redbook.sys Description: Драйвер фильтра звука "красной книги" Company name: Корпорация Майкрософт Size: 58368 Attrs: ----a Created: 20:00:12 15.05.2009 Modified: 21:11:48 14.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF8670000	061440
Cdrom	C:\WINDOWS\system32\DRIVERS\cdrom.sys Description: SCSI CD-ROM Driver Company name: Microsoft Corporation Size: 62976 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF8660000	065536
Fdc	C:\WINDOWS\system32\DRIVERS\fdc.sys Description: Floppy Disk Controller Driver Company name: Microsoft Corporation Size: 27392 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF8820000	028672
serenum	C:\WINDOWS\system32\DRIVERS\serenum.sys Description: Serial Port Enumerator Company name: Microsoft Corporation Size: 15744 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF8A04000	016384
Serial	C:\WINDOWS\system32\DRIVERS\serial.sys Description: Драйвер устройств последовательного порта Company name: Корпорация Майкрософт Size: 65024 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF8650000	065536
Parport	C:\WINDOWS\system32\DRIVERS\parport.sys Description: Драйвер параллельного порта Company name: Корпорация Майкрософт Size: 80128 Attrs: ----a Created: 21:22:22 14.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF8303000	081920
Mouclass	C:\WINDOWS\system32\DRIVERS\mouclass.sys Description: Драйвер класса мыши Company name: Корпорация Майкрософт Size: 23296 Attrs: ----a Created: 21:07:44 14.04.2008 Modified: 19:07:44 14.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF8818000	024576
vmmouse	C:\WINDOWS\system32\DRIVERS\vmmouse.sys Description: VMware Pointing Device Driver Company name: VMware, Inc. Size: 11440 Attrs: r---a Created: 12:26:04 17.05.2009 Modified: 17:23:18 22.01.2010 Accessed: 09:33:24 14.04.2010	Signed	0xF8A62000	008192
Kbdclass	C:\WINDOWS\system32\DRIVERS\kbdclass.sys Description: Драйвер класса клавиатуры Company name: Корпорация Майкрософт Size: 24832 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF8810000	028672
i8042prt	C:\WINDOWS\system32\DRIVERS\i8042prt.sys Description: Драйвер порта i8042 Company name: Корпорация Майкрософт Size: 53120 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 19:14:10 14.04.2008 Accessed: 09:33:24 14.04.2010	Signed	0xF8640000	053248
agp440	C:\WINDOWS\System32\Drivers\agp440.sys Description: 440 NT AGP Filter Company name: Microsoft Corporation Size: 42368 Attrs: ----a Created: 19:57:50 15.05.2009 Modified: 00:06:40 14.04.2008 Accessed: 09:39:37 14.04.2010	Signed	0xF85A0000	045056
Mup	C:\WINDOWS\System32\Drivers\Mup.sys Description: Multiple UNC Provider driver Company name: Microsoft Corporation Size: 105344 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:37 14.04.2010	Signed	0xF8370000	106496
NDIS	C:\WINDOWS\System32\Drivers\NDIS.sys Description: NDIS 5.1 wrapper driver Company name: Microsoft Corporation Size: 182656 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:37 14.04.2010	Signed	0xF838A000	184320
Ntfs	C:\WINDOWS\System32\Drivers\Ntfs.sys Description: NT File System Driver Company name: Microsoft Corporation Size: 574976 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:37 14.04.2010	Signed	0xF83B7000	577536
KSecDD	C:\WINDOWS\System32\Drivers\KSecDD.sys Description: Kernel Security Support Provider Interface Company name: Microsoft Corporation Size: 92928 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 11:18:41 24.06.2009 Accessed: 09:39:37 14.04.2010	Signed	0xF8444000	094208
FltMgr	C:\WINDOWS\System32\Drivers\fltMgr.sys Description: Microsoft Filesystem Filter Manager Company name: Microsoft Corporation Size: 129792 Attrs: ----a Created: 17:18:30 15.05.2009 Modified: 12:00:00 15.04.2008 Accessed: 09:39:37 14.04.2010	Signed	0xF845B000	131072
CLASSPNP.SYS	C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Description: SCSI Class System Dll Company name: Microsoft Corporation Size: 49536 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:37 14.04.2010	Signed	0xF8590000	053248
Disk	C:\WINDOWS\System32\Drivers\disk.sys Description: PnP Disk Driver Company name: Microsoft Corporation Size: 36352 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:38 14.04.2010	Signed	0xF8580000	036864
SCSIPORT.SYS	C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS Description: SCSI Port Driver Company name: Microsoft Corporation Size: 96384 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:38 14.04.2010	Signed	0xF847B000	098304
vmscsi	C:\WINDOWS\System32\Drivers\vmscsi.sys Description: VMware SCSI Controller Driver Company name: VMware, Inc. Size: 17968 Attrs: r---a Created: 12:26:08 17.05.2009 Modified: 03:30:01 23.01.2010 Accessed: 09:39:38 14.04.2010	Signed	0xF896C000	012288
atapi	C:\WINDOWS\System32\Drivers\atapi.sys Description: IDE/ATAPI Port Driver Company name: Microsoft Corporation Size: 96512 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:47 14.04.2010	Signed	0xF8493000	098304
VolSnap	C:\WINDOWS\System32\Drivers\VolSnap.sys Description: Драйвер теневого копирования тома Company name: Корпорация Майкрософт Size: 51968 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:38 14.04.2010	Signed	0xF8570000	053248
PartMgr	C:\WINDOWS\System32\Drivers\PartMgr.sys Description: Partition Manager Company name: Microsoft Corporation Size: 19712 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:38 14.04.2010	Signed	0xF87D8000	020480
dmio	C:\WINDOWS\System32\Drivers\dmio.sys Description: Драйвер ввода/вывода диспетчера дисков NT Company name: Корпорация Microsoft и VERITAS Software Size: 153600 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:38 14.04.2010	Signed	0xF84AB000	155648
dmload	C:\WINDOWS\System32\Drivers\dmload.sys Description: NT Disk Manager Startup Driver Company name: Microsoft Corp., Veritas Software. Size: 5888 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:38 14.04.2010	Signed	0xF8A56000	008192
Ftdisk	C:\WINDOWS\System32\Drivers\ftdisk.sys Description: Драйвер системы отказоустойчивости диска Company name: Корпорация Майкрософт Size: 125440 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:38 14.04.2010	Signed	0xF84D1000	126976
MountMgr	C:\WINDOWS\System32\Drivers\MountMgr.sys Description: Mount Manager Company name: Microsoft Corporation Size: 42368 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:38 14.04.2010	Signed	0xF8560000	045056
PCIIDEX.SYS	C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Description: PCI IDE Bus Driver Extension Company name: Microsoft Corporation Size: 24960 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:38 14.04.2010	Signed	0xF87D0000	028672
IntelIde	C:\WINDOWS\System32\Drivers\intelide.sys Description: Драйвер Intel PCI IDE Company name: Корпорация Майкрософт Size: 5504 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:38 14.04.2010	Signed	0xF8A54000	008192
BATTC.SYS	C:\WINDOWS\system32\DRIVERS\BATTC.SYS Description: Battery Class Driver Company name: Microsoft Corporation Size: 14208 Attrs: ----a Created: 19:57:48 15.05.2009 Modified: 00:06:34 14.04.2008 Accessed: 09:39:38 14.04.2010	Signed	0xF8968000	016384
Compbatt	C:\WINDOWS\System32\Drivers\compbatt.sys Description: Composite Battery Driver Company name: Microsoft Corporation Size: 10240 Attrs: ----a Created: 19:57:49 15.05.2009 Modified: 00:06:38 14.04.2008 Accessed: 09:39:38 14.04.2010	Signed	0xF8964000	012288
isapnp	C:\WINDOWS\System32\Drivers\isapnp.sys Description: Драйвер шины PNP ISA Company name: Корпорация Майкрософт Size: 37504 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:38 14.04.2010	Signed	0xF8550000	040960
PCI	C:\WINDOWS\System32\Drivers\pci.sys Description: NT Plug and Play PCI-перечислитель Company name: Корпорация Майкрософт Size: 68480 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:38 14.04.2010	Signed	0xF84F0000	069632
WMILIB.SYS	C:\WINDOWS\system32\DRIVERS\WMILIB.SYS Description: WMILIB WMI support library Dll Company name: Microsoft Corporation Size: 4352 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:47 14.04.2010	Signed	0xF8A52000	008192
ACPI	C:\WINDOWS\System32\Drivers\ACPI.sys Description: ACPI драйвер для NT Company name: Корпорация Майкрософт Size: 188288 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:39 14.04.2010	Signed	0xF8501000	188416
BOOTVID.dll	C:\WINDOWS\system32\BOOTVID.dll Description: VGA Boot Driver Company name: Microsoft Corporation Size: 12288 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:39 14.04.2010	Signed	0xF8960000	012288
kdcom.dll	C:\WINDOWS\system32\KDCOM.DLL Description: Kernel Debugger HW Extension DLL Company name: Microsoft Corporation Size: 7040 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:39 14.04.2010	Signed	0xF8A50000	008192
ACPI_HAL	C:\WINDOWS\system32\hal.dll Description: Hardware Abstraction Layer DLL Company name: Microsoft Corporation Size: 131840 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:39:39 14.04.2010	Signed	0x806EE000	135168
RAW	C:\WINDOWS\system32\ntoskrnl.exe Description: Системный модуль ядра NT Company name: Корпорация Майкрософт Size: 2190976 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 10:11:09 09.12.2009 Accessed: 09:33:56 14.04.2010	Signed	0x804D7000	2191360

Processes

Pid	Eprocess	Short Name	Full Path	State
3636	0x81E227E8	wuauclt.exe	C:\WINDOWS\system32\wuauclt.exe Description: Windows Update Company name: Microsoft Corporation Size: 53472 Attrs: ----a Created: 17:19:01 15.05.2009 Modified: 17:24:06 06.08.2009 Accessed: 09:41:06 14.04.2010	Signed
3248	0x81DE4830	Vba32arkit.exe	C:\Documents and Settings\1\Рабочий стол\Vba32arkit\Vba32arkit.exe Description: Vba32 AntiRootkit Company name: VirusBlokAda Ltd. Size: 825736 Attrs: ----a Created: 09:30:55 14.04.2010 Modified: 15:53:58 10.03.2010 Accessed: 09:38:10 14.04.2010	Signed
0592	0x81C67DA0	wscntfy.exe	C:\WINDOWS\system32\wscntfy.exe Description: Windows Security Center Notification App Company name: Microsoft Corporation Size: 13824 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed
1008	0x81E8F3C0	alg.exe	C:\WINDOWS\system32\alg.exe Description: Application Layer Gateway Service Company name: Microsoft Corporation Size: 44544 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed
2044	0x81D7FA88	wmiapsrv.exe	C:\WINDOWS\system32\wbem\wmiapsrv.exe Description: Служба адаптера производительности WMI Company name: Корпорация Майкрософт Size: 126464 Attrs: ----a Created: 17:16:16 15.05.2009 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed
1336	0x81E1A020	wuauclt.exe	C:\WINDOWS\system32\wuauclt.exe Description: Windows Update Company name: Microsoft Corporation Size: 53472 Attrs: ----a Created: 17:19:01 15.05.2009 Modified: 17:24:06 06.08.2009 Accessed: 09:41:06 14.04.2010	Signed
1148	0x81BE0230	VMUpgradeHelper	C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe Description: VMware virtual hardware upgrade helper application Company name: VMware, Inc. Size: 191024 Attrs: ----a Created: 17:24:42 22.01.2010 Modified: 17:24:42 22.01.2010 Accessed: 09:33:45 14.04.2010	Signed
0760	0x81CC9C10	vmtoolsd.exe	C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Description: VMware Tools Core Service Company name: VMware, Inc. Size: 72240 Attrs: ----a Created: 17:24:30 22.01.2010 Modified: 17:24:30 22.01.2010 Accessed: 09:33:45 14.04.2010	Signed
0528	0x81B60DA0	jqs.exe	C:\Program Files\Java\jre6\bin\jqs.exe Description: Java(TM) Quick Starter Service Company name: Sun Microsystems, Inc. Size: 153376 Attrs: ----a Created: 11:38:03 11.09.2009 Modified: 01:28:30 09.03.2010 Accessed: 09:33:45 14.04.2010	Signed
0464	0x81DC0390	svchost.exe	C:\WINDOWS\system32\svchost.exe Description: Generic Host Process for Win32 Services Company name: Microsoft Corporation Size: 14336 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed
0192	0x81BA42C8	ctfmon.exe	C:\WINDOWS\system32\ctfmon.exe Description: CTF Loader Company name: Microsoft Corporation Size: 15360 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed
2032	0x81EB3C10	jusched.exe	C:\Program Files\Common Files\Java\Java Update\jusched.exe Description: Java(TM) Update Scheduler Company name: Sun Microsystems, Inc. Size: 248040 Attrs: ----a Created: 08:43:18 18.02.2010 Modified: 08:43:18 18.02.2010 Accessed: 09:34:40 14.04.2010	Signed
1980	0x81AD7C78	VMwareUser.exe	C:\Program Files\VMware\VMware Tools\VMwareUser.exe Description: VMware Tools Service Company name: VMware, Inc. Size: 1083952 Attrs: ----a Created: 17:24:30 22.01.2010 Modified: 17:24:30 22.01.2010 Accessed: 09:33:45 14.04.2010	Signed
1968	0x81AB9020	VMwareTray.exe	C:\Program Files\VMware\VMware Tools\VMwareTray.exe Description: VMware Tools tray application Company name: VMware, Inc. Size: 141872 Attrs: ----a Created: 17:24:40 22.01.2010 Modified: 17:24:40 22.01.2010 Accessed: 09:33:45 14.04.2010	Signed
1628	0x81D91330	spoolsv.exe	C:\WINDOWS\system32\spoolsv.exe Description: Spooler SubSystem App Company name: Microsoft Corporation Size: 57856 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed
1524	0x81B64DA0	explorer.exe	C:\WINDOWS\explorer.exe Description: Проводник Company name: Корпорация Майкрософт Size: 1034240 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:34:53 14.04.2010	Signed
1316	0x81DA31D8	svchost.exe	C:\WINDOWS\system32\svchost.exe Description: Generic Host Process for Win32 Services Company name: Microsoft Corporation Size: 14336 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed
1164	0x81A7B1C8	svchost.exe	C:\WINDOWS\system32\svchost.exe Description: Generic Host Process for Win32 Services Company name: Microsoft Corporation Size: 14336 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed
1064	0x81DA8C88	svchost.exe	C:\WINDOWS\system32\svchost.exe Description: Generic Host Process for Win32 Services Company name: Microsoft Corporation Size: 14336 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed
0956	0x81ABB650	svchost.exe	C:\WINDOWS\system32\svchost.exe Description: Generic Host Process for Win32 Services Company name: Microsoft Corporation Size: 14336 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed
0868	0x81CC9020	svchost.exe	C:\WINDOWS\system32\svchost.exe Description: Generic Host Process for Win32 Services Company name: Microsoft Corporation Size: 14336 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed
0852	0x81E037E8	vmacthlp.exe	C:\Program Files\VMware\VMware Tools\vmacthlp.exe Description: VMware Activation Helper Company name: VMware, Inc. Size: 367152 Attrs: ----a Created: 17:24:14 22.01.2010 Modified: 17:24:14 22.01.2010 Accessed: 09:33:45 14.04.2010	Signed
0692	0x81924DA0	lsass.exe	C:\WINDOWS\system32\lsass.exe Description: LSA Shell (Export Version) Company name: Microsoft Corporation Size: 13312 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed
0680	0x81E36C08	services.exe	C:\WINDOWS\system32\services.exe Description: Приложение служб и контроллеров Company name: Корпорация Майкрософт Size: 111104 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 11:25:55 09.02.2009 Accessed: 09:33:45 14.04.2010	Signed
0636	0x81A2A8C8	winlogon.exe	C:\WINDOWS\system32\winlogon.exe Description: Программа входа в систему Windows NT Company name: Корпорация Майкрософт Size: 509440 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed
0612	0x81DB5228	csrss.exe	C:\WINDOWS\system32\csrss.exe Description: Client Server Runtime Process Company name: Microsoft Corporation Size: 6144 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed
0548	0x81AA6638	smss.exe	C:\WINDOWS\system32\smss.exe Description: Диспетчер сеанса Windows NT Company name: Корпорация Майкрософт Size: 50688 Attrs: ----a Created: 12:00:00 15.04.2008 Modified: 12:00:00 15.04.2008 Accessed: 09:33:45 14.04.2010	Signed
0004	0x81FC87C0	System

Autorun objects

Name	Image Path	State
Autostart Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
CTFMON.EXE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	C:\WINDOWS\system32\ctfmon.exe	Signed
SunJavaUpdateSched HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run	"C:\Program Files\Common Files\Java\Java Update\jusched.exe"	Signed
VMware Tools HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run	"C:\Program Files\VMware\VMware Tools\VMwareTray.exe"	Signed
VMware User Process HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run	"C:\Program Files\VMware\VMware Tools\VMwareUser.exe"	Signed
CTFMON.EXE HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run	C:\WINDOWS\system32\CTFMON.EXE	Signed
CTFMON.EXE HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run	C:\WINDOWS\system32\CTFMON.EXE	Signed
CTFMON.EXE HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run	C:\WINDOWS\system32\CTFMON.EXE	Signed
CTFMON.EXE HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run	C:\WINDOWS\system32\CTFMON.EXE	Signed
CTFMON.EXE HKEY_USERS\S-1-5-21-1214440339-1844823847-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run	C:\WINDOWS\system32\ctfmon.exe	Signed
Windows WinLogon HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, System HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, VmApplet HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, UIHost HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows, load HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows, run HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell HKEY_USERS\Software\Microsoft\Windows NT\CurrentVersion\Windows, load HKEY_USERS\Software\Microsoft\Windows NT\CurrentVersion\Windows, run HKEY_USERS\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell
Shell HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon	Explorer.exe	Signed
UIHost HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon	logonui.exe	Signed
Userinit HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon	C:\WINDOWS\system32\userinit.exe,	Signed
VmApplet HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon	rundll32 shell32,Control_RunDLL "sysdm.cpl"	Signed
Browser Helper Objects HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{DBC80044-A445-435b-BC74-9C25C1C588A9}	C:\Program Files\Java\jre6\bin\jp2ssv.dll	Signed
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}	C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll	Signed
ActiveX HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components, StubPath
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}	C:\WINDOWS\system32\ieudinit.exe	Signed
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}	C:\WINDOWS\inf\unregmp2.exe /ShowWMP	Signed
>{26923b43-4d38-484f-9b9e-de460746276c}	C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig	Signed
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}	"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP	Signed
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS	RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP	Signed
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}	%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE	Signed
{2C7339CF-2B09-4501-B3F3-F3508C9228ED}	%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll	Signed
{44BBA840-CC51-11CF-AAFA-00AA00B6015C}	"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install	Signed
{44BBA842-CC51-11CF-AAFA-00AA00B6015B}	rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT	Signed
{5945c046-1e7d-11d1-bc44-00c04fd912be}	rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser	Signed
{6BF52A52-394A-11d3-B153-00C04F79FAA6}	rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub	Signed
{7790769C-0471-11d2-AF11-00C04FA35D02}	"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install	Signed
{89820200-ECBD-11cf-8B85-00AA005B4340}	regsvr32.exe /s /n /i:U shell32.dll	Signed
{89820200-ECBD-11cf-8B85-00AA005B4383}	C:\WINDOWS\system32\ie4uinit.exe -BaseSettings	Signed
WinLogon Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify, DllName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions, DllName
{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}	gptext.dll	Signed
{0E28E245-9368-4853-AD84-6DA3BA35BB75} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}	gpprefcl.dll	Signed
{17D89FEC-5C44-4972-B12D-241CAEF74509} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}	gpprefcl.dll	Signed
{1A6364EB-776B-4120-ADE1-B63A406A76B5} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}	gpprefcl.dll	Signed
{25537BA6-77A8-11D2-9B6C-0000F8080861} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}	fdeploy.dll	Signed
{3610eda5-77ef-11d2-8dc5-00c04fa31a66} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}	dskquota.dll	Signed
{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}	gpprefcl.dll	Signed
{426031c0-0b47-4852-b0ca-ac3d37bfcb39} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}	gptext.dll	Signed
{42B5FAAE-6536-11d2-AE5A-0000F87571E3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}	gptext.dll	Signed
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}	C:\WINDOWS\system32\iedkcs32.dll	Signed
{5794DAFD-BE60-433f-88A2-1A31939AC01F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}	gpprefcl.dll	Signed
{6232C319-91AC-4931-9385-E70C2B099F0E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}	gpprefcl.dll	Signed
{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}	gpprefcl.dll	Signed
{7150F9BF-48AD-4da4-A49C-29EF4A8369BA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}	gpprefcl.dll	Signed
{728EE579-943C-4519-9EF7-AB56765798ED} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}	gpprefcl.dll	Signed
{74EE6C03-5363-4554-B161-627540339CAB} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}	gpprefcl.dll	Signed
{7B849a69-220F-451E-B3FE-2CB811AF94AE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}	C:\WINDOWS\system32\iedkcs32.dll	Signed
{827D319E-6EAC-11D2-A4EA-00C04F79F83A} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}	scecli.dll	Signed
{91FBB303-0CD5-4055-BF42-E512A681B325} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}	gpprefcl.dll	Signed
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}	C:\WINDOWS\system32\iedkcs32.dll	Signed
{A3F3E39B-5D83-4940-B954-28315B82F0A8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}	gpprefcl.dll	Signed
{AADCED64-746C-4633-A97C-D61349046527} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}	gpprefcl.dll	Signed
{B087BE9D-ED37-454f-AF9C-04291E351182} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}	gpprefcl.dll	Signed
{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}	scecli.dll	Signed
{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}	dot3gpclnt.dll	Signed
{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}	gpprefcl.dll	Signed
{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}	gpprefcl.dll	Signed
{C631DF4C-088F-4156-B058-4375F0853CD8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}	%SystemRoot%\System32\cscui.dll	Signed
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}	C:\WINDOWS\system32\iedkcs32.dll	Signed
{E47248BA-94CC-49c4-BBB5-9EB7F05183D0} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}	gpprefcl.dll	Signed
{E4F48E54-F38D-4884-BFB9-D4D2E5729C18} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}	gpprefcl.dll	Signed
{E5094040-C46C-4115-B030-04FB2E545B00} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}	gpprefcl.dll	Signed
{E62688F0-25FD-4c90-BFF5-F508B9D2E31F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}	gpprefcl.dll	Signed
{F9C77450-3A41-477E-9310-9ACD617BD9E3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}	gpprefcl.dll	Signed
{c6dc5466-785a-11d2-84d0-00c04fb169f7} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}	appmgmts.dll	Signed
{e437bc1c-aa7d-11d2-a382-00c04f991e27} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}	gptext.dll	Signed
ScCertProp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp	wlnotify.dll	Signed
Schedule HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule	wlnotify.dll	Signed
SensLogn HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn	WlNotify.dll	Signed
TPSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc	TPSvc.dll	Signed
WgaLogon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon	WgaLogon.dll
crypt32chain HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain	crypt32.dll	Signed
cryptnet HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet	cryptnet.dll	Signed
cscdll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll	cscdll.dll	Signed
dimsntfy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy	%SystemRoot%\System32\dimsntfy.dll	Signed
sclgntfy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy	sclgntfy.dll	Signed
termsrv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv	wlnotify.dll	Signed
wlballoon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon	wlnotify.dll	Signed
Security Providers HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders, SecurityProviders
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll	Signed
Value Run Keys HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, AutoRun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug, Debugger HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider, ProviderPath HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager, BootExecute HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Scripting Host\Locations, CScript HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Scripting Host\Locations, WScript HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls, AppSecDll HKEY_CURRENT_USER\Control Panel\Desktop, SCRNSAVE.EXE HKEY_CURRENT_USER\Software\Microsoft\Command Processor, AutoRun HKEY_CURRENT_USER\Control Panel\IOProcs, MVB HKEY_USERS\Control Panel\Desktop, SCRNSAVE.EXE HKEY_USERS\Software\Microsoft\Command Processor, AutoRun HKEY_USERS\Control Panel\IOProcs, MVB
SCRNSAVE.EXE HKEY_CURRENT_USER\Control Panel\Desktop	C:\WINDOWS\System32\logon.scr	Signed
MVB HKEY_CURRENT_USER\Control Panel\IOProcs	mvfs32.dll
Debugger HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug	drwtsn32 -p %ld -e %ld -g	Signed
CScript HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Scripting Host\Locations	%SystemRoot%\System32\cscript.exe	Signed
WScript HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Scripting Host\Locations	%SystemRoot%\System32\wscript.exe	Signed
ProviderPath HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider	%SystemRoot%\system32\ntmarta.dll	Signed
BootExecute HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager	autocheck autochk *	Signed
StartupPrograms HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd	rdpclip	Signed
SCRNSAVE.EXE HKEY_USERS\.DEFAULT\Control Panel\Desktop	logon.scr	Signed
MVB HKEY_USERS\.DEFAULT\Control Panel\IOProcs	mvfs32.dll
SCRNSAVE.EXE HKEY_USERS\S-1-5-18\Control Panel\Desktop	logon.scr	Signed
MVB HKEY_USERS\S-1-5-18\Control Panel\IOProcs	mvfs32.dll
SCRNSAVE.EXE HKEY_USERS\S-1-5-19\Control Panel\Desktop	%SystemRoot%\System32\logon.scr	Signed
MVB HKEY_USERS\S-1-5-19\Control Panel\IOProcs	mvfs32.dll
SCRNSAVE.EXE HKEY_USERS\S-1-5-20\Control Panel\Desktop	%SystemRoot%\System32\logon.scr	Signed
MVB HKEY_USERS\S-1-5-20\Control Panel\IOProcs	mvfs32.dll
SCRNSAVE.EXE HKEY_USERS\S-1-5-21-1214440339-1844823847-1177238915-1003\Control Panel\Desktop	C:\WINDOWS\System32\logon.scr	Signed
MVB HKEY_USERS\S-1-5-21-1214440339-1844823847-1177238915-1003\Control Panel\IOProcs	mvfs32.dll
Shared Task Scheduler HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1}	%SystemRoot%\system32\browseui.dll	Signed
{8C7461EF-2B13-11d2-BE35-3078302C2030}	%SystemRoot%\system32\browseui.dll	Signed
Shell Execute Hooks HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972}	shell32.dll	Signed
Shell Service Object Delay Load HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
CDBurn	%SystemRoot%\system32\SHELL32.dll	Signed
PostBootReminder	%SystemRoot%\system32\SHELL32.dll	Signed
SysTray	C:\WINDOWS\system32\stobject.dll	Signed
WebCheck	C:\WINDOWS\system32\webcheck.dll	Signed
My Computer (Backup, Cleanup, Defrag utilities) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\CleanupPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath
BackupPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath	%SystemRoot%\system32\ntbackup.exe	Signed
CleanupPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\CleanupPath	%SystemRoot%\system32\cleanmgr.exe /D %c	Signed
DefragPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath	%systemroot%\system32\dfrg.msc %c:	Signed
Utility Managers HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager, Application path
Magnifier	Magnify.exe	Signed
On-Screen Keyboard	osk.exe	Signed
LSP Providers
MSAFD NetBIOS [\Device\NetBT_Tcpip_{236BE07E-9D2A-43F8-A74B-35AF89688FAC}] DATAGRAM 1	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD NetBIOS [\Device\NetBT_Tcpip_{236BE07E-9D2A-43F8-A74B-35AF89688FAC}] SEQPACKET 1	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E45E89C-3192-4D1E-BF79-6EC61D78F78E}] DATAGRAM 2	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E45E89C-3192-4D1E-BF79-6EC61D78F78E}] SEQPACKET 2	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4C20D33-CF7B-4A04-9B35-E97EC5B3F29D}] DATAGRAM 0	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4C20D33-CF7B-4A04-9B35-E97EC5B3F29D}] SEQPACKET 0	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD Tcpip [RAW/IP]	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD Tcpip [TCP/IP]	%SystemRoot%\system32\mswsock.dll	Signed
MSAFD Tcpip [UDP/IP]	%SystemRoot%\system32\mswsock.dll	Signed
RSVP TCP Service Provider	%SystemRoot%\system32\rsvpsp.dll	Signed
RSVP UDP Service Provider	%SystemRoot%\system32\rsvpsp.dll	Signed
VMCI sockets DGRAM	C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll
VMCI sockets STREAM	C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll
Shell Spawning
Applications	"C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1	Signed
CLSID	"C:\Program Files\Internet Explorer\iexplore.exe"	Signed
Drive	%SystemRoot%\Explorer.exe	Signed
Folder	%SystemRoot%\Explorer.exe /e,/idlist,%I,%L	Signed
Folder	%SystemRoot%\Explorer.exe /idlist,%I,%L	Signed
InternetShortcut	"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l	Signed
Unknown	%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1	Signed
batfile	"%1" %*	Signed
comfile	"%1" %*	Signed
cplfile	rundll32.exe shell32.dll,Control_RunDLL "%1",%*	Signed
exefile	"%1" %*	Signed
htafile	C:\WINDOWS\system32\mshta.exe "%1" %*	Signed
inffile	%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1	Signed
jsefile	%SystemRoot%\System32\WScript.exe "%1" %*	Signed
jsfile	%SystemRoot%\System32\WScript.exe "%1" %*	Signed
piffile	"%1" %*	Signed
regfile	regedit.exe "%1"	Signed
scrfile	"%1"	Signed
scrfile	"%1" /S	Signed
txtfile	%SystemRoot%\system32\NOTEPAD.EXE %1	Signed
vbefile	%SystemRoot%\System32\WScript.exe "%1" %*	Signed
vbsfile	%SystemRoot%\System32\WScript.exe "%1" %*	Signed
wsffile	%SystemRoot%\System32\WScript.exe "%1" %*	Signed
wshfile	%SystemRoot%\System32\WScript.exe "%1" %*	Signed

Drivers\Services (from Registry)

Name and Description	Image Path	Start	State
Abiosdsk		DISABLED
abp480n5		DISABLED
ACPI Драйвер Microsoft ACPI	system32\DRIVERS\ACPI.sys	BOOT	Signed
ACPIEC		DISABLED
adpu160m		DISABLED
aec Подавитель акустического эхо ядра системы	system32\drivers\aec.sys	DEMAND	Signed
AFD AFD	\SystemRoot\System32\drivers\afd.sys	SYSTEM	Signed
agp440 Intel - фильтр шины AGP	system32\DRIVERS\agp440.sys	BOOT	Signed
Aha154x		DISABLED
aic78u2		DISABLED
aic78xx		DISABLED
Alerter Оповещатель	%SystemRoot%\system32\svchost.exe -k LocalService	DISABLED	Signed
ALG Служба шлюза уровня приложения	%SystemRoot%\System32\alg.exe	DEMAND	Signed
AliIde		DISABLED
amsint		DISABLED
AppMgmt Управление приложениями	%SystemRoot%\system32\svchost.exe -k netsvcs	DEMAND	Signed
asc		DISABLED
asc3350p		DISABLED
asc3550		DISABLED
AsyncMac Драйвер асинхронного носителя RAS	system32\DRIVERS\asyncmac.sys	DEMAND	Signed
atapi Standard IDE/ESDI Hard Disk Controller	system32\DRIVERS\atapi.sys	BOOT	Signed
Atdisk		DISABLED
Atmarpc Протокол клиента ATM ARP	system32\DRIVERS\atmarpc.sys	DEMAND	Signed
AudioSrv Windows Audio	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
audstub Драйвер заглушки аудио	system32\DRIVERS\audstub.sys	DEMAND	Signed
BattC
Beep		SYSTEM
BITS Фоновая интеллектуальная служба передачи (BITS)	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
Browser Обозреватель компьютеров	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
cbidf2k		DISABLED
cd20xrnt		DISABLED
Cdaudio		SYSTEM
Cdfs		DISABLED
Cdrom Драйвер CD-ROM дисковода	system32\DRIVERS\cdrom.sys	SYSTEM	Signed
Changer		SYSTEM
CiSvc Служба индексирования	%SystemRoot%\system32\cisvc.exe	DEMAND	Signed
ClipSrv Сервер папки обмена	%SystemRoot%\system32\clipsrv.exe	DISABLED	Signed
CmBatt Драйвер AC-адаптера блока питания (Майкрософт)	system32\DRIVERS\CmBatt.sys	DEMAND	Signed
CmdIde		DISABLED
Compbatt Драйвер составной батареи Microsoft	system32\DRIVERS\compbatt.sys	BOOT	Signed
COMSysApp Системное приложение COM+	C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}	DEMAND	Signed
ContentFilter
ContentIndex
Cpqarray		DISABLED
CryptSvc Службы криптографии	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
d3lutwsc Vba32 Armour Driver	\??\C:\WINDOWS\system32\drivers\d3lutwsc.sys	DEMAND	Signed
dac2w2k		DISABLED
dac960nt		DISABLED
DcomLaunch Запуск серверных процессов DCOM	%SystemRoot%\system32\svchost -k DcomLaunch	AUTO	Signed
Dhcp DHCP-клиент	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
Disk Драйвер диска	system32\DRIVERS\disk.sys	BOOT	Signed
dmadmin Служба администрирования диспетчера логических дисков	%SystemRoot%\System32\dmadmin.exe /com	DEMAND	Signed
dmboot	System32\drivers\dmboot.sys	DISABLED	Signed
dmio Драйвер диспетчера логических дисков	System32\drivers\dmio.sys	BOOT	Signed
dmload	System32\drivers\dmload.sys	BOOT	Signed
dmserver Диспетчер логических дисков	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
DMusic Синтезатор DLS ядра системы	system32\drivers\DMusic.sys	DEMAND	Signed
Dnscache DNS-клиент	%SystemRoot%\system32\svchost.exe -k NetworkService	AUTO	Signed
Dot3svc Автонастройка проводного доступа	%SystemRoot%\System32\svchost.exe -k dot3svc	DEMAND	Signed
dpti2o		DISABLED
drmkaud Звуковой дешифратор DRM ядра системы	system32\drivers\drmkaud.sys	DEMAND	Signed
EapHost Служба протокола EAP	%SystemRoot%\System32\svchost.exe -k eapsvcs	DEMAND	Signed
ERSvc Служба регистрации ошибок	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
es1371 Creative AudioPCI (ES1371,ES1373) (WDM)	system32\drivers\es1371mp.sys	DEMAND	Signed
Eventlog Журнал событий	%SystemRoot%\system32\services.exe	AUTO	Signed
EventSystem Система событий COM+	C:\WINDOWS\system32\svchost.exe -k netsvcs	DEMAND	Signed
Fastfat		DISABLED
FastUserSwitchingCompatibility Совместимость быстрого переключения пользователей	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
Fdc Драйвер контроллера гибких дисков	system32\DRIVERS\fdc.sys	DEMAND	Signed
Fips		SYSTEM
Flpydisk Драйвер дисковода гибких дисков	system32\DRIVERS\flpydisk.sys	DEMAND	Signed
FltMgr FltMgr	system32\DRIVERS\fltMgr.sys	BOOT	Signed
Fs_Rec		SYSTEM
Ftdisk Драйвер диспетчера томов	system32\DRIVERS\ftdisk.sys	BOOT	Signed
gameenum Перечислитель игровых портов	system32\DRIVERS\gameenum.sys	DEMAND	Signed
Gpc Общий классификатор пакетов	system32\DRIVERS\msgpc.sys	DEMAND	Signed
helpsvc Справка и поддержка	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
HidServ Доступ к HID-устройствам	%SystemRoot%\System32\svchost.exe -k netsvcs	DISABLED	Signed
hidusb Драйвер класса HID Microsoft	system32\DRIVERS\hidusb.sys	DEMAND	Signed
hkmsvc Служба управления сертификатами и ключами работоспособности	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
hpn		DISABLED
HTTP HTTP	System32\Drivers\HTTP.sys	DEMAND	Signed
HTTPFilter Протокол HTTP SSL	%SystemRoot%\System32\svchost.exe -k HTTPFilter	DEMAND	Signed
i2omgmt		SYSTEM
i2omp		DISABLED
i8042prt Драйвер i8042-клавиатуры и мыши для порта PS/2	system32\DRIVERS\i8042prt.sys	SYSTEM	Signed
Imapi Драйвер фильтра записи компакт-дисков	system32\DRIVERS\imapi.sys	SYSTEM	Signed
ImapiService Служба COM записи компакт-дисков IMAPI	C:\WINDOWS\system32\imapi.exe	DEMAND	Signed
inetaccs
ini910u		DISABLED
Inport
IntelIde	system32\DRIVERS\intelide.sys	BOOT	Signed
intelppm Драйвер Intel процессора	system32\DRIVERS\intelppm.sys	SYSTEM	Signed
Ip6Fw Драйвер брандмауэра Windows для IPv6	system32\DRIVERS\Ip6Fw.sys	DEMAND	Signed
IpFilterDriver Драйвер фильтра IP-трафика	system32\DRIVERS\ipfltdrv.sys	DEMAND	Signed
IpInIp Драйвер туннеля IP в IP	system32\DRIVERS\ipinip.sys	DEMAND	Signed
IpNat Транслятор сетевого IP-адреса	system32\DRIVERS\ipnat.sys	DEMAND	Signed
IPSec Драйвер IPSEC	system32\DRIVERS\ipsec.sys	SYSTEM	Signed
IRENUM Служба перечислителя IR	system32\DRIVERS\irenum.sys	DEMAND	Signed
ISAPISearch
isapnp Драйвер PnP ISA/EISA шины	system32\DRIVERS\isapnp.sys	BOOT	Signed
JavaQuickStarterService Java Quick Starter	"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"	AUTO
Kbdclass Драйвер класса клавиатуры	system32\DRIVERS\kbdclass.sys	SYSTEM	Signed
kmixer Микшер звукозаписи ядра системы	system32\drivers\kmixer.sys	DEMAND	Signed
KSecDD		BOOT
LanmanServer Сервер	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
lanmanworkstation Рабочая станция	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
lbrtfdc		SYSTEM
ldap
LicenseService
LmHosts Модуль поддержки NetBIOS через TCP/IP	%SystemRoot%\system32\svchost.exe -k LocalService	AUTO	Signed
Messenger Служба сообщений	%SystemRoot%\system32\svchost.exe -k netsvcs	DISABLED	Signed
mnmdd		SYSTEM
mnmsrvc NetMeeting Remote Desktop Sharing	C:\WINDOWS\system32\mnmsrvc.exe	DEMAND	Signed
Modem		DEMAND
Mouclass Драйвер класса мыши	system32\DRIVERS\mouclass.sys	SYSTEM	Signed
mouhid Драйвер мыши HID	system32\DRIVERS\mouhid.sys	DEMAND	Signed
MountMgr		BOOT
mraid35x		DISABLED
MRxDAV Перенаправиль клиентов WebDav	system32\DRIVERS\mrxdav.sys	DEMAND	Signed
MRxSmb MRXSMB	system32\DRIVERS\mrxsmb.sys	SYSTEM	Signed
MSDTC Координатор распределенных транзакций	C:\WINDOWS\system32\msdtc.exe	DEMAND	Signed
Msfs		SYSTEM
MSIServer Windows Installer	C:\WINDOWS\system32\msiexec.exe /V	DEMAND	Signed
MSKSSRV Представитель служб потоков Microsoft	system32\drivers\MSKSSRV.sys	DEMAND	Signed
MSPCLOCK Посредник синхронизации потоков Microsoft	system32\drivers\MSPCLOCK.sys	DEMAND	Signed
MSPQM Представитель диспетчера качества потоков Microsoft	system32\drivers\MSPQM.sys	DEMAND	Signed
mssmbios Драйвер Microsoft System Management BIOS	system32\DRIVERS\mssmbios.sys	DEMAND	Signed
Mup Служба MUP		BOOT
napagent Агент защиты доступа к сети	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
NDIS Системный драйвер NDIS		BOOT
NdisTapi NDIS-драйвер TAPI удаленного доступа	system32\DRIVERS\ndistapi.sys	DEMAND	Signed
Ndisuio NDIS-протокол ввода/вывода пользовательского режима	system32\DRIVERS\ndisuio.sys	DEMAND	Signed
NdisWan NDIS-драйвер WAN удаленного доступа	system32\DRIVERS\ndiswan.sys	DEMAND	Signed
NDProxy NDIS прокси		DEMAND
NetBIOS Интерфейс NetBIOS	system32\DRIVERS\netbios.sys	SYSTEM	Signed
NetBT NetBios через TCP/IP	system32\DRIVERS\netbt.sys	SYSTEM	Signed
NetDDE Служба сетевого DDE	%SystemRoot%\system32\netdde.exe	DISABLED	Signed
NetDDEdsdm Диспетчер сетевого DDE	%SystemRoot%\system32\netdde.exe	DISABLED	Signed
Netlogon Сетевой вход в систему	%SystemRoot%\system32\lsass.exe	DEMAND	Signed
Netman Сетевые подключения	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
Nla Служба сетевого расположения (NLA)	%SystemRoot%\system32\svchost.exe -k netsvcs	DEMAND	Signed
Npfs		SYSTEM
Ntfs		DISABLED
NtLmSsp Поставщик поддержки безопасности NT LM	%SystemRoot%\system32\lsass.exe	DEMAND	Signed
NtmsSvc Съемные ЗУ	%SystemRoot%\system32\svchost.exe -k netsvcs	DEMAND	Signed
Null		SYSTEM
NwlnkFlt Драйвер фильтра IPX-трафика	system32\DRIVERS\nwlnkflt.sys	DEMAND	Signed
NwlnkFwd Драйвер пересылки IPX-трафика	system32\DRIVERS\nwlnkfwd.sys	DEMAND	Signed
Parport Драйвер параллельного порта	system32\DRIVERS\parport.sys	DEMAND	Signed
PartMgr		BOOT
ParVdm		AUTO
PCI Драйвер PCI шины	system32\DRIVERS\pci.sys	BOOT	Signed
PCIDump		SYSTEM
PCIIde		DISABLED
Pcmcia		DISABLED
PCnet AMD PCNET совместимый адаптер, драйвер	system32\DRIVERS\pcntpci5.sys	DEMAND	Signed
PDCOMP		DEMAND
PDFRAME		DEMAND
PDRELI		DEMAND
PDRFRAME		DEMAND
perc2		DISABLED
perc2hib		DISABLED
PerfDisk
PerfNet
PerfOS
PerfProc
PlugPlay Plug and Play	%SystemRoot%\system32\services.exe	AUTO	Signed
PolicyAgent Службы IPSEC	%SystemRoot%\system32\lsass.exe	AUTO	Signed
PptpMiniport Минипорт WAN (PPTP)	system32\DRIVERS\raspptp.sys	DEMAND	Signed
ProtectedStorage Защищенное хранилище	%SystemRoot%\system32\lsass.exe	AUTO	Signed
PSched Планировщик пакетов QoS	system32\DRIVERS\psched.sys	DEMAND	Signed
Ptilink Драйвер прямой параллельной связи	system32\DRIVERS\ptilink.sys	DEMAND	Signed
ql1080		DISABLED
Ql10wnt		DISABLED
ql12160		DISABLED
ql1240		DISABLED
ql1280		DISABLED
RasAcd Драйвер авто-подключений удаленного доступа	system32\DRIVERS\rasacd.sys	SYSTEM	Signed
RasAuto Диспетчер авто-подключений удаленного доступа	%SystemRoot%\system32\svchost.exe -k netsvcs	DEMAND	Signed
Rasl2tp Минипорт WAN (L2TP)	system32\DRIVERS\rasl2tp.sys	DEMAND	Signed
RasMan Диспетчер подключений удаленного доступа	%SystemRoot%\system32\svchost.exe -k netsvcs	DEMAND	Signed
RasPppoe Драйвер PPPoE удаленного доступа	system32\DRIVERS\raspppoe.sys	DEMAND	Signed
Raspti Прямой параллельный порт	system32\DRIVERS\raspti.sys	DEMAND	Signed
Rdbss Rdbss	system32\DRIVERS\rdbss.sys	SYSTEM	Signed
RDPCDD	System32\DRIVERS\RDPCDD.sys	SYSTEM	Signed
RDPDD
rdpdr Драйвер перенаправителя устройства сервера терминалов	system32\DRIVERS\rdpdr.sys	DEMAND	Signed
RDPNP
RDPWD		DEMAND
RDSessMgr Диспетчер сеанса справки для удаленного рабочего стола	C:\WINDOWS\system32\sessmgr.exe	DEMAND	Signed
redbook Драйвер фильтра воспроизведения звука с цифровых компакт-дисков	system32\DRIVERS\redbook.sys	SYSTEM	Signed
RemoteAccess Маршрутизация и удаленный доступ	%SystemRoot%\system32\svchost.exe -k netsvcs	DISABLED	Signed
RemoteRegistry Удаленный реестр	%SystemRoot%\system32\svchost.exe -k LocalService	AUTO	Signed
RpcLocator Локатор удаленного вызова процедур (RPC)	%SystemRoot%\system32\locator.exe	DEMAND	Signed
RpcSs Удаленный вызов процедур (RPC)	%SystemRoot%\system32\svchost -k rpcss	AUTO	Signed
RSVP QoS RSVP	%SystemRoot%\system32\rsvp.exe	DEMAND	Signed
SamSs Диспетчер учетных записей безопасности	%SystemRoot%\system32\lsass.exe	AUTO	Signed
SCardSvr Смарт-карты	%SystemRoot%\System32\SCardSvr.exe	DEMAND	Signed
Schedule Планировщик заданий	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
Secdrv Secdrv	system32\DRIVERS\secdrv.sys	DEMAND	Signed
seclogon Вторичный вход в систему	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
SENS Уведомление о системных событиях	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
serenum Драйвер фильтра Serenum	system32\DRIVERS\serenum.sys	DEMAND	Signed
Serial Драйвер последовательного порта	system32\DRIVERS\serial.sys	SYSTEM	Signed
Sfloppy		SYSTEM
Shadow		BOOT
SharedAccess Брандмауэр Windows/Общий доступ к Интернету (ICS)	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
ShellHWDetection Определение оборудования оболочки	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
Simbad		DISABLED
Sparrow		DISABLED
splitter Разделитель звука ядра системы	system32\drivers\splitter.sys	DEMAND	Signed
Spooler Диспетчер очереди печати	%SystemRoot%\system32\spoolsv.exe	AUTO	Signed
sr Драйвер фильтра восстановления системы	\SystemRoot\system32\DRIVERS\sr.sys	DISABLED	Signed
srservice Служба восстановления системы	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
Srv Srv	system32\DRIVERS\srv.sys	DEMAND	Signed
SSDPSRV Служба обнаружения SSDP	%SystemRoot%\system32\svchost.exe -k LocalService	DEMAND	Signed
stisvc Служба загрузки изображений (WIA)	%SystemRoot%\system32\svchost.exe -k imgsvc	DEMAND	Signed
swenum Драйвер программной шины	system32\DRIVERS\swenum.sys	DEMAND	Signed
swmidi Синтезатор звуковой таблицы Microsoft Kernel GS	system32\drivers\swmidi.sys	DEMAND	Signed
SwPrv MS Software Shadow Copy Provider	C:\WINDOWS\system32\dllhost.exe /Processid:{6B1ADF90-CACC-422A-9E67-0C199B20D06B}	DEMAND	Signed
symc810		DISABLED
symc8xx		DISABLED
sym_hi		DISABLED
sym_u3		DISABLED
sysaudio Аудиоустройство ядра системы	system32\drivers\sysaudio.sys	DEMAND	Signed
SysmonLog Журналы и оповещения производительности	%SystemRoot%\system32\smlogsvc.exe	DEMAND	Signed
TapiSrv Телефония	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
Tcpip Драйвер протокола TCP/IP	system32\DRIVERS\tcpip.sys	SYSTEM	Signed
TDPIPE		DEMAND
TDTCP		DEMAND
TermDD Драйвер устройства терминала	system32\DRIVERS\termdd.sys	SYSTEM	Signed
TermService Службы терминалов	%SystemRoot%\System32\svchost -k DComLaunch	DEMAND	Signed
Themes Темы	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
TlntSvr Telnet	C:\WINDOWS\system32\tlntsvr.exe	DISABLED	Signed
TosIde		DISABLED
TPAutoConnSvc TP AutoConnect Service	"C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe"	DEMAND	Signed
TrkWks Клиент отслеживания изменившихся связей	%SystemRoot%\system32\svchost.exe -k netsvcs	AUTO	Signed
TSDDD
Udfs		DISABLED
ultra		DISABLED
Update Драйвер обновления микропрограмм	system32\DRIVERS\update.sys	DEMAND	Signed
upnphost Узел универсальных PnP-устройств	%SystemRoot%\system32\svchost.exe -k LocalService	DEMAND	Signed
UPS Источник бесперебойного питания	%SystemRoot%\System32\ups.exe	DEMAND	Signed
usbccgp Драйвер универсального родительского устройства USB (Microsoft)	system32\DRIVERS\usbccgp.sys	DEMAND	Signed
usbehci Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера	system32\DRIVERS\usbehci.sys	DEMAND	Signed
usbhub Драйвер стандартного концентратора USB (Microsoft)	system32\DRIVERS\usbhub.sys	DEMAND	Signed
usbuhci Драйвер минипорта Microsoft USB универсального хост-контроллера	system32\DRIVERS\usbuhci.sys	DEMAND	Signed
VgaSave	\SystemRoot\System32\drivers\vga.sys	SYSTEM	Signed
ViaIde		DISABLED
vmci VMware VMCI Bus Driver	system32\DRIVERS\vmci.sys	DEMAND	Signed
vmdebug VMware Replay Debugging Helper	\??\C:\WINDOWS\system32\Drivers\vmdebug.sys	SYSTEM	Signed
vmdesched VMware Descheduled Time Accounting Service	"C:\Program Files\VMware\VMware Tools\vmdesched.exe"	DEMAND	Signed
vmdesched-driver VMware Descheduled Time Accounting Service (driver)	\??\C:\WINDOWS\system32\Drivers\vmdesched.sys	AUTO	Signed
vmhgfs	System32\DRIVERS\vmhgfs.sys	SYSTEM	Signed
VMMEMCTL Memory Control Driver	\??\C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys	AUTO	Signed
vmmouse VMware Pointing Device	system32\DRIVERS\vmmouse.sys	DEMAND	Signed
vmrawdsk VMware Vista Physical Disk Helper	\??\C:\Program Files\VMware\VMware Tools\vmrawdsk.sys	SYSTEM
vmscsi vmscsi	system32\DRIVERS\vmscsi.sys	BOOT	Signed
VMTools VMware Tools Service	"C:\Program Files\VMware\VMware Tools\vmtoolsd.exe"	AUTO	Signed
VMUpgradeHelper VMware Upgrade Helper	"C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe" /service	AUTO	Signed
VMware Physical Disk Helper Service VMware Physical Disk Helper Service	"C:\Program Files\VMware\VMware Tools\vmacthlp.exe"	AUTO	Signed
vmxnet VMware Ethernet Adapter Driver	system32\DRIVERS\vmxnet.sys	DEMAND	Signed
vmx_svga	system32\DRIVERS\vmx_svga.sys	DEMAND	Signed
VolSnap		BOOT
VSS Теневое копирование тома	%SystemRoot%\System32\vssvc.exe	DEMAND	Signed
W32Time Служба времени Windows	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
W3SVC
Wanarp Драйвер IP ARP удаленного доступа	system32\DRIVERS\wanarp.sys	DEMAND	Signed
WDICA		DEMAND
wdmaud Драйвер совместимости звука Microsoft (WINMM WDM)	system32\drivers\wdmaud.sys	DEMAND	Signed
WebClient Веб-клиент	%SystemRoot%\system32\svchost.exe -k LocalService	AUTO	Signed
winmgmt Инструментарий управления Windows	%systemroot%\system32\svchost.exe -k netsvcs	AUTO	Signed
Winsock		DEMAND
WinSock2
WinTrust
WmdmPmSN Служба серийных номеров переносных устройств мультимедиа	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
Wmi Расширения драйверов WMI (Windows Management Instrumentation)	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
WmiApRpl
WmiApSrv Адаптер производительности WMI	C:\WINDOWS\system32\wbem\wmiapsrv.exe	DEMAND	Signed
WS2IFSL Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб	\SystemRoot\System32\drivers\ws2ifsl.sys	SYSTEM	Signed
wscsvc Центр обеспечения безопасности	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
wuauserv Автоматическое обновление	%systemroot%\system32\svchost.exe -k netsvcs	AUTO	Signed
WZCSVC Беспроводная настройка	%SystemRoot%\System32\svchost.exe -k netsvcs	AUTO	Signed
xmlprov Служба обеспечения сети	%SystemRoot%\System32\svchost.exe -k netsvcs	DEMAND	Signed
{F4C20D33-CF7B-4A04-9B35-E97EC5B3F29D}