| |
| |||||||
Log-Analyse und Auswertung: Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.09.2012, 16:34
| #1 |
 |  Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) Hallo, seit einiger Zeit meldet Antivir bei jedem Systemstart den Fund des o.g. Virus, der sich nicht entfernen lässt. Habe gestern zusätzlich noch den Bundespolizei-Virus drauf gehabt, der nach einem Malwarebyte-Durchlauf(anscheinend) entfernt wurde. Auch nach mehrmaligen Malwarebyte-Scans und anschließendem Entfernen finde ich immer noch weitere Viren. Was soll ich tun, um mein system vollständig zu desinfizieren? Eine Neuinstallation des Betriebssystems würde ich gerne verhindern. Anbei die logs: malwarebyte Durchlauf 1 Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.06.12 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 xx:: xx-PC [Administrator] 9/7/2012 12:31:35 AM mbam-log-2012-09-07 (00-31-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 199538 Laufzeit: 4 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|kwlfoxhgedvlfzv (Trojan.Phex.THAGen9) -> Daten: C:\ProgramData\kwlfoxhg.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\ProgramData\kwlfoxhg.exe (Trojan.Phex.THAGen9) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xx\0.7485654216681638.exe (Trojan.Phex.THAGen9) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.06.12 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 xx :: XX-PC [Administrator] 9/7/2012 1:18:47 AM mbam-log-2012-09-07 (01-18-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 596589 Laufzeit: 4 Stunde(n), 21 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 F:\exchange semester Exeter\General\downloads\setupwavtomp3-c.exe (PUP.Installer.WH) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\XX\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.07.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 xx :: xx-PC [Administrator] 9/7/2012 2:00:19 PM mbam-log-2012-09-07 (14-00-19).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207244 Laufzeit: 10 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\ProgramData\NkH7rLHY.exe (Spyware.Zbot.DGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xx\AppData\Local\Temp\awt43abr.exe (Spyware.Zbot.DGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a6920bed8e3a674ca42844cfcf47980e
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-07 03:00:54
# local_time=2012-09-07 05:00:54 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 15805586 15805586 0 0
# compatibility_mode=5893 16776573 100 94 774 98652636 0 0
# compatibility_mode=8192 67108863 100 0 149 149 0 0
# scanned=492525
# found=9
# cleaned=0
# scan_time=8609
C:\ProgramData\xtffwgbyekmqwbw\main.html HTML/Ransom.B Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\All Users\xtffwgbyekmqwbw\main.html HTML/Ransom.B Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\xx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\6b225264-6cfd9f2f Variante von Win32/Kryptik.ALNT Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\xx\Downloads\cnet2_FarCryResearchDemo_zip.exe Variante von Win32/InstallCore.D Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\xx\Downloads\SoftonicDownloader_for_freepdf-xp.exe Variante von Win32/SoftonicDownloader.A Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\xx\Downloads\SoftonicDownloader_fuer_fl-studio.exe Win32/SoftonicDownloader.D Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\xx\Downloads\winamp5581_full_bundle_emusic-7plus_en-us.exe Win32/OpenCandy Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\xx\Downloads\winamp563_full_emusic-7plus_all.exe Win32/OpenCandy Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
F:\Eigene Dateien-Laptop-Backup\Downloads\strun_setup.exe Win32/StartupRun.AB Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
kann mir niemand helfen...?  |
|
11.09.2012, 07:59
| #2 |
| /// the machine /// TB-Ausbilder    | Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) Hi,
__________________Sorry für die Verspätung, brauchst Du noch Hilfe?
__________________ |
|
11.09.2012, 11:44
| #3 |
| | Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) Hi, ja, die bräuchte ich noch.. den whistler krieg ich nicht runter....
__________________ |
|
11.09.2012, 11:56
| #4 |
| /// the machine /// TB-Ausbilder | Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) hi, Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.09.2012, 12:13
| #5 |
| | Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)Code:
ATTFilter 13:09:23.0671 12052 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:09:23.0762 12052 ============================================================
13:09:23.0762 12052 Current date / time: 2012/09/11 13:09:23.0762
13:09:23.0762 12052 SystemInfo:
13:09:23.0762 12052
13:09:23.0762 12052 OS Version: 6.1.7601 ServicePack: 1.0
13:09:23.0762 12052 Product type: Workstation
13:09:23.0762 12052 ComputerName: xx-PC
13:09:23.0762 12052 UserName: xx
13:09:23.0762 12052 Windows directory: C:\Windows
13:09:23.0762 12052 System windows directory: C:\Windows
13:09:23.0762 12052 Processor architecture: Intel x86
13:09:23.0762 12052 Number of processors: 2
13:09:23.0762 12052 Page size: 0x1000
13:09:23.0762 12052 Boot type: Normal boot
13:09:23.0762 12052 ============================================================
13:09:25.0691 12052 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:09:25.0693 12052 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:09:25.0727 12052 ============================================================
13:09:25.0727 12052 \Device\Harddisk0\DR0:
13:09:25.0728 12052 MBR partitions:
13:09:25.0728 12052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1D1C3000
13:09:25.0728 12052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D4B1800, BlocksNum 0x1CED4800
13:09:25.0728 12052 \Device\Harddisk1\DR1:
13:09:25.0735 12052 MBR partitions:
13:09:25.0735 12052 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
13:09:25.0735 12052 ============================================================
13:09:25.0750 12052 C: <-> \Device\Harddisk0\DR0\Partition1
13:09:25.0788 12052 D: <-> \Device\Harddisk0\DR0\Partition2
13:09:25.0789 12052 F: <-> \Device\Harddisk1\DR1\Partition1
13:09:25.0824 12052 ============================================================
13:09:25.0824 12052 Initialize success
13:09:25.0824 12052 ============================================================
13:09:28.0031 9804 ============================================================
13:09:28.0031 9804 Scan started
13:09:28.0031 9804 Mode: Manual;
13:09:28.0031 9804 ============================================================
13:09:28.0989 9804 ================ Scan system memory ========================
13:09:28.0989 9804 System memory - ok
13:09:28.0989 9804 ================ Scan services =============================
13:09:29.0194 9804 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:09:29.0203 9804 1394ohci - ok
13:09:29.0236 9804 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:09:29.0246 9804 ACPI - ok
13:09:29.0279 9804 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:09:29.0282 9804 AcpiPmi - ok
13:09:29.0404 9804 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:09:29.0405 9804 AdobeARMservice - ok
13:09:29.0544 9804 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:09:29.0555 9804 AdobeFlashPlayerUpdateSvc - ok
13:09:29.0629 9804 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:09:29.0641 9804 adp94xx - ok
13:09:29.0667 9804 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:09:29.0677 9804 adpahci - ok
13:09:29.0687 9804 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:09:29.0695 9804 adpu320 - ok
13:09:29.0741 9804 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:09:29.0748 9804 AeLookupSvc - ok
13:09:29.0809 9804 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
13:09:29.0812 9804 AFD - ok
13:09:29.0835 9804 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
13:09:29.0842 9804 agp440 - ok
13:09:29.0922 9804 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
13:09:29.0932 9804 aic78xx - ok
13:09:29.0986 9804 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
13:09:29.0992 9804 ALG - ok
13:09:30.0042 9804 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
13:09:30.0046 9804 aliide - ok
13:09:30.0105 9804 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:09:30.0107 9804 AMD External Events Utility - ok
13:09:30.0121 9804 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:09:30.0127 9804 amdagp - ok
13:09:30.0144 9804 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
13:09:30.0148 9804 amdide - ok
13:09:30.0199 9804 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:09:30.0205 9804 AmdK8 - ok
13:09:30.0259 9804 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\Windows\system32\DRIVERS\AmdLLD.sys
13:09:30.0264 9804 AmdLLD - ok
13:09:30.0285 9804 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:09:30.0290 9804 AmdPPM - ok
13:09:30.0348 9804 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:09:30.0354 9804 amdsata - ok
13:09:30.0405 9804 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:09:30.0415 9804 amdsbs - ok
13:09:30.0434 9804 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:09:30.0440 9804 amdxata - ok
13:09:30.0480 9804 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
13:09:30.0485 9804 androidusb - ok
13:09:30.0603 9804 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:09:30.0604 9804 AntiVirSchedulerService - ok
13:09:30.0654 9804 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:09:30.0655 9804 AntiVirService - ok
13:09:30.0727 9804 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
13:09:30.0754 9804 AppID - ok
13:09:30.0801 9804 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:09:30.0807 9804 AppIDSvc - ok
13:09:30.0853 9804 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
13:09:30.0859 9804 Appinfo - ok
13:09:30.0927 9804 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:09:30.0929 9804 Apple Mobile Device - ok
13:09:30.0985 9804 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
13:09:30.0992 9804 AppMgmt - ok
13:09:31.0044 9804 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:09:31.0050 9804 arc - ok
13:09:31.0063 9804 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:09:31.0069 9804 arcsas - ok
13:09:31.0183 9804 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:09:31.0188 9804 aspnet_state - ok
13:09:31.0231 9804 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:09:31.0235 9804 AsyncMac - ok
13:09:31.0276 9804 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
13:09:31.0277 9804 atapi - ok
13:09:31.0481 9804 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:09:31.0815 9804 atikmdag - ok
13:09:31.0974 9804 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:09:32.0029 9804 AudioEndpointBuilder - ok
13:09:32.0109 9804 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:09:32.0112 9804 Audiosrv - ok
13:09:32.0344 9804 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:09:32.0369 9804 avgntflt - ok
13:09:32.0505 9804 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:09:32.0525 9804 avipbb - ok
13:09:32.0741 9804 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:09:32.0834 9804 avkmgr - ok
13:09:32.0930 9804 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:09:32.0964 9804 AxInstSV - ok
13:09:33.0109 9804 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
13:09:33.0421 9804 b06bdrv - ok
13:09:33.0681 9804 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:09:33.0720 9804 b57nd60x - ok
13:09:33.0862 9804 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
13:09:33.0882 9804 BDESVC - ok
13:09:33.0970 9804 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
13:09:33.0986 9804 Beep - ok
13:09:34.0163 9804 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
13:09:34.0238 9804 BFE - ok
13:09:34.0365 9804 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
13:09:34.0430 9804 BITS - ok
13:09:34.0495 9804 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:09:34.0515 9804 blbdrive - ok
13:09:34.0750 9804 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:09:34.0770 9804 Bonjour Service - ok
13:09:34.0865 9804 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:09:34.0918 9804 bowser - ok
13:09:34.0944 9804 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:09:34.0962 9804 BrFiltLo - ok
13:09:35.0006 9804 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:09:35.0029 9804 BrFiltUp - ok
13:09:35.0121 9804 [ C711ED965009BDCFF9AA62CEB6FF1AAD ] Brother XP spl Service C:\Windows\system32\brsvc01a.exe
13:09:35.0121 9804 Brother XP spl Service - ok
13:09:35.0202 9804 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
13:09:35.0238 9804 Browser - ok
13:09:35.0317 9804 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:09:35.0364 9804 Brserid - ok
13:09:35.0396 9804 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:09:35.0477 9804 BrSerWdm - ok
13:09:35.0517 9804 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:09:35.0549 9804 BrUsbMdm - ok
13:09:35.0572 9804 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:09:35.0591 9804 BrUsbSer - ok
13:09:35.0617 9804 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:09:35.0634 9804 BTHMODEM - ok
13:09:35.0705 9804 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
13:09:35.0723 9804 bthserv - ok
13:09:35.0801 9804 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:09:35.0827 9804 cdfs - ok
13:09:35.0947 9804 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:09:35.0975 9804 cdrom - ok
13:09:36.0072 9804 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
13:09:36.0089 9804 CertPropSvc - ok
13:09:36.0176 9804 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:09:36.0199 9804 circlass - ok
13:09:36.0258 9804 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
13:09:36.0274 9804 CLFS - ok
13:09:36.0361 9804 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:09:36.0390 9804 clr_optimization_v2.0.50727_32 - ok
13:09:36.0631 9804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:09:36.0658 9804 clr_optimization_v4.0.30319_32 - ok
13:09:36.0702 9804 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:09:36.0720 9804 CmBatt - ok
13:09:36.0773 9804 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:09:36.0803 9804 cmdide - ok
13:09:36.0889 9804 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
13:09:36.0952 9804 CNG - ok
13:09:37.0053 9804 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:09:37.0074 9804 Compbatt - ok
13:09:37.0157 9804 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:09:37.0173 9804 CompositeBus - ok
13:09:37.0228 9804 COMSysApp - ok
13:09:37.0278 9804 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:09:37.0296 9804 crcdisk - ok
13:09:37.0413 9804 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:09:37.0426 9804 CryptSvc - ok
13:09:37.0539 9804 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
13:09:37.0630 9804 CSC - ok
13:09:37.0771 9804 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
13:09:37.0779 9804 CscService - ok
13:09:37.0862 9804 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
13:09:37.0870 9804 DcomLaunch - ok
13:09:37.0932 9804 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
13:09:37.0991 9804 defragsvc - ok
13:09:38.0064 9804 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:09:38.0090 9804 DfsC - ok
13:09:38.0220 9804 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:09:38.0261 9804 Dhcp - ok
13:09:38.0301 9804 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
13:09:38.0301 9804 discache - ok
13:09:38.0390 9804 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:09:38.0413 9804 Disk - ok
13:09:38.0491 9804 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:09:38.0505 9804 Dnscache - ok
13:09:38.0553 9804 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
13:09:38.0584 9804 dot3svc - ok
13:09:38.0977 9804 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
13:09:39.0004 9804 Dot4 - ok
13:09:39.0158 9804 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
13:09:39.0184 9804 Dot4Print - ok
13:09:39.0236 9804 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
13:09:39.0253 9804 dot4usb - ok
13:09:39.0324 9804 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
13:09:39.0343 9804 DPS - ok
13:09:39.0412 9804 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:09:39.0441 9804 drmkaud - ok
13:09:39.0653 9804 [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32 C:\Windows\system32\Drivers\DrvAgent32.sys
13:09:39.0684 9804 DrvAgent32 - ok
13:09:39.0824 9804 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:09:40.0003 9804 DXGKrnl - ok
13:09:40.0089 9804 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
13:09:40.0114 9804 EapHost - ok
13:09:40.0599 9804 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
13:09:40.0839 9804 ebdrv - ok
13:09:40.0882 9804 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
13:09:40.0916 9804 EFS - ok
13:09:41.0152 9804 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:09:41.0271 9804 ehRecvr - ok
13:09:41.0327 9804 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
13:09:41.0353 9804 ehSched - ok
13:09:41.0467 9804 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:09:41.0516 9804 elxstor - ok
13:09:41.0590 9804 [ 6C74035909B31F873D85B25E00BEB984 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
13:09:41.0619 9804 enecir - ok
13:09:41.0694 9804 [ E45E5F047AE06BF450B458660A0F1DDE ] enecirhid C:\Windows\system32\DRIVERS\enecirhid.sys
13:09:41.0714 9804 enecirhid - ok
13:09:41.0763 9804 [ 97D41E2831AC117AF9BF8D0D9E9D027F ] enecirhidma C:\Windows\system32\DRIVERS\enecirhidma.sys
13:09:41.0776 9804 enecirhidma - ok
13:09:41.0835 9804 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:09:41.0890 9804 ErrDev - ok
13:09:42.0041 9804 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
13:09:42.0055 9804 EventSystem - ok
13:09:42.0134 9804 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
13:09:42.0157 9804 exfat - ok
13:09:42.0192 9804 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:09:42.0215 9804 fastfat - ok
13:09:42.0370 9804 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
13:09:42.0429 9804 Fax - ok
13:09:42.0479 9804 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:09:42.0514 9804 fdc - ok
13:09:42.0566 9804 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
13:09:42.0597 9804 fdPHost - ok
13:09:42.0667 9804 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
13:09:42.0690 9804 FDResPub - ok
13:09:42.0716 9804 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:09:42.0749 9804 FileInfo - ok
13:09:42.0774 9804 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:09:42.0838 9804 Filetrace - ok
13:09:42.0898 9804 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:09:42.0918 9804 flpydisk - ok
13:09:42.0997 9804 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:09:43.0034 9804 FltMgr - ok
13:09:43.0153 9804 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
13:09:43.0168 9804 FontCache - ok
13:09:43.0323 9804 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:09:43.0359 9804 FontCache3.0.0.0 - ok
13:09:43.0404 9804 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:09:43.0434 9804 FsDepends - ok
13:09:43.0490 9804 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:09:43.0505 9804 Fs_Rec - ok
13:09:43.0621 9804 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:09:43.0623 9804 fvevol - ok
13:09:43.0710 9804 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:09:43.0741 9804 gagp30kx - ok
13:09:43.0917 9804 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:09:43.0939 9804 GEARAspiWDM - ok
13:09:44.0073 9804 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
13:09:44.0109 9804 gpsvc - ok
13:09:44.0617 9804 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:09:44.0627 9804 gupdate - ok
13:09:45.0078 9804 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:09:45.0079 9804 gupdatem - ok
13:09:45.0176 9804 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:09:45.0209 9804 hcw85cir - ok
13:09:45.0364 9804 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:09:45.0434 9804 HdAudAddService - ok
13:09:45.0490 9804 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:09:45.0495 9804 HDAudBus - ok
13:09:45.0546 9804 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:09:45.0563 9804 HidBatt - ok
13:09:45.0594 9804 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:09:45.0623 9804 HidBth - ok
13:09:45.0728 9804 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:09:45.0744 9804 HidIr - ok
13:09:45.0795 9804 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
13:09:45.0821 9804 hidserv - ok
13:09:45.0912 9804 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:09:45.0943 9804 HidUsb - ok
13:09:45.0985 9804 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:09:46.0007 9804 hkmsvc - ok
13:09:46.0063 9804 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:09:46.0074 9804 HomeGroupListener - ok
13:09:46.0148 9804 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:09:46.0180 9804 HomeGroupProvider - ok
13:09:46.0286 9804 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:09:46.0332 9804 HpSAMD - ok
13:09:46.0615 9804 [ B7CFE93627E7796624004687125A729F ] hshld C:\Program Files\Hotspot Shield\bin\openvpnas.exe
13:09:46.0619 9804 hshld - ok
13:09:46.0756 9804 [ 4F28652EC514FA1BA473BC1A695A5C98 ] HssDrv C:\Windows\system32\DRIVERS\HssDrv.sys
13:09:46.0807 9804 HssDrv - ok
13:09:46.0953 9804 [ 2CFEA9C337B699ACA38487E8A7438F35 ] HssSrv C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
13:09:46.0956 9804 HssSrv - ok
13:09:47.0069 9804 [ B3C6EEEFF5C5EA3235B7D84317C1FB3F ] HssTrayService C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
13:09:47.0074 9804 HssTrayService - ok
13:09:47.0143 9804 HssWd - ok
13:09:47.0263 9804 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:09:47.0278 9804 HTTP - ok
13:09:47.0328 9804 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:09:47.0330 9804 hwpolicy - ok
13:09:47.0447 9804 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:09:47.0472 9804 i8042prt - ok
13:09:47.0567 9804 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:09:47.0634 9804 iaStorV - ok
13:09:47.0892 9804 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:09:47.0923 9804 IDriverT - ok
13:09:48.0158 9804 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:09:48.0539 9804 idsvc - ok
13:09:48.0629 9804 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:09:48.0649 9804 iirsp - ok
13:09:48.0800 9804 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
13:09:48.0895 9804 IKEEXT - ok
13:09:48.0944 9804 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
13:09:48.0962 9804 intelide - ok
13:09:49.0020 9804 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:09:49.0025 9804 intelppm - ok
13:09:49.0089 9804 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:09:49.0107 9804 IPBusEnum - ok
13:09:49.0131 9804 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:09:49.0164 9804 IpFilterDriver - ok
13:09:49.0326 9804 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:09:49.0353 9804 iphlpsvc - ok
13:09:49.0418 9804 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:09:49.0450 9804 IPMIDRV - ok
13:09:49.0500 9804 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:09:49.0527 9804 IPNAT - ok
13:09:49.0683 9804 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:09:49.0813 9804 iPod Service - ok
13:09:49.0860 9804 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:09:49.0878 9804 IRENUM - ok
13:09:49.0898 9804 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:09:49.0932 9804 isapnp - ok
13:09:49.0990 9804 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:09:50.0023 9804 iScsiPrt - ok
13:09:50.0108 9804 [ 96C4439A37EE719769D446DD430E9A33 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
13:09:50.0135 9804 JMCR - ok
13:09:50.0389 9804 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:09:50.0412 9804 kbdclass - ok
13:09:50.0497 9804 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:09:50.0523 9804 kbdhid - ok
13:09:50.0551 9804 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
13:09:50.0552 9804 KeyIso - ok
13:09:50.0649 9804 [ C420616B42CA194D5716AE9E7423534A ] KOBCCEX C:\Windows\system32\drivers\KOBCCEX.sys
13:09:50.0672 9804 KOBCCEX - ok
13:09:50.0707 9804 [ 74E9FFA254368B58FD934A8F127E8DBD ] KOBCCID C:\Windows\system32\drivers\KOBCCID.sys
13:09:50.0735 9804 KOBCCID - ok
13:09:50.0815 9804 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:09:50.0847 9804 KSecDD - ok
13:09:50.0905 9804 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:09:50.0919 9804 KSecPkg - ok
13:09:51.0000 9804 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
13:09:51.0033 9804 KtmRm - ok
13:09:51.0082 9804 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
13:09:51.0124 9804 LanmanServer - ok
13:09:51.0179 9804 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:09:51.0220 9804 LanmanWorkstation - ok
13:09:51.0348 9804 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:09:51.0368 9804 lltdio - ok
13:09:51.0418 9804 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:09:51.0465 9804 lltdsvc - ok
13:09:51.0493 9804 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
13:09:51.0518 9804 lmhosts - ok
13:09:51.0614 9804 [ 31F74D5D47EEA83E5E89447586917774 ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
13:09:51.0651 9804 LPCFilter - ok
13:09:51.0730 9804 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:09:51.0761 9804 LSI_FC - ok
13:09:51.0802 9804 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:09:51.0838 9804 LSI_SAS - ok
13:09:51.0919 9804 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:09:51.0949 9804 LSI_SAS2 - ok
13:09:52.0002 9804 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:09:52.0024 9804 LSI_SCSI - ok
13:09:52.0049 9804 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
13:09:52.0075 9804 luafv - ok
13:09:52.0133 9804 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:09:52.0201 9804 Mcx2Svc - ok
13:09:52.0244 9804 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:09:52.0269 9804 megasas - ok
13:09:52.0345 9804 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:09:52.0367 9804 MegaSR - ok
13:09:52.0702 9804 Microsoft SharePoint Workspace Audit Service - ok
13:09:52.0758 9804 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
13:09:52.0760 9804 MMCSS - ok
13:09:52.0996 9804 [ 8AEEB5397543568860C6F681E2ED6686 ] mod7700 C:\Windows\system32\Drivers\dvb7700all.sys
13:09:53.0082 9804 mod7700 - ok
13:09:53.0105 9804 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
13:09:53.0117 9804 Modem - ok
13:09:53.0210 9804 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:09:53.0214 9804 monitor - ok
13:09:53.0248 9804 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:09:53.0282 9804 mouclass - ok
13:09:53.0324 9804 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:09:53.0393 9804 mouhid - ok
13:09:53.0444 9804 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:09:53.0446 9804 mountmgr - ok
13:09:53.0645 9804 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:09:53.0683 9804 MozillaMaintenance - ok
13:09:53.0746 9804 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
13:09:53.0808 9804 mpio - ok
13:09:53.0859 9804 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:09:53.0887 9804 mpsdrv - ok
13:09:54.0065 9804 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:09:54.0159 9804 MpsSvc - ok
13:09:54.0212 9804 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:09:54.0286 9804 MRxDAV - ok
13:09:54.0362 9804 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:09:54.0391 9804 mrxsmb - ok
13:09:54.0461 9804 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:09:54.0499 9804 mrxsmb10 - ok
13:09:54.0557 9804 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:09:54.0590 9804 mrxsmb20 - ok
13:09:54.0624 9804 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
13:09:54.0649 9804 msahci - ok
13:09:54.0855 9804 [ B03E3F64B70F8031E65EB26DA23DE91A ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
13:09:54.0857 9804 MSCamSvc - ok
13:09:54.0881 9804 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:09:54.0901 9804 msdsm - ok
13:09:54.0947 9804 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
13:09:54.0979 9804 MSDTC - ok
13:09:55.0072 9804 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:09:55.0092 9804 Msfs - ok
13:09:55.0113 9804 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:09:55.0132 9804 mshidkmdf - ok
13:09:55.0222 9804 [ 7A0F9CBDBDB135113B9A3C138E20C85D ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
13:09:55.0254 9804 MSHUSBVideo - ok
13:09:55.0308 9804 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:09:55.0326 9804 msisadrv - ok
13:09:55.0398 9804 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:09:55.0439 9804 MSiSCSI - ok
13:09:55.0450 9804 msiserver - ok
13:09:55.0508 9804 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:09:55.0538 9804 MSKSSRV - ok
13:09:55.0572 9804 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:09:55.0583 9804 MSPCLOCK - ok
13:09:55.0609 9804 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:09:55.0627 9804 MSPQM - ok
13:09:55.0648 9804 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:09:55.0676 9804 MsRPC - ok
13:09:55.0728 9804 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:09:55.0732 9804 mssmbios - ok
13:09:55.0835 9804 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:09:55.0856 9804 MSTEE - ok
13:09:55.0885 9804 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:09:55.0906 9804 MTConfig - ok
13:09:55.0937 9804 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
13:09:56.0031 9804 Mup - ok
13:09:56.0122 9804 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
13:09:56.0135 9804 napagent - ok
13:09:56.0266 9804 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:09:56.0363 9804 NativeWifiP - ok
13:09:56.0473 9804 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:09:56.0493 9804 NDIS - ok
13:09:56.0585 9804 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:09:56.0606 9804 NdisCap - ok
13:09:56.0664 9804 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:09:56.0685 9804 NdisTapi - ok
13:09:56.0774 9804 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:09:56.0794 9804 Ndisuio - ok
13:09:56.0849 9804 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:09:56.0882 9804 NdisWan - ok
13:09:56.0927 9804 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:09:56.0956 9804 NDProxy - ok
13:09:57.0039 9804 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:09:57.0068 9804 NetBIOS - ok
13:09:57.0123 9804 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:09:57.0125 9804 NetBT - ok
13:09:57.0173 9804 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
13:09:57.0175 9804 Netlogon - ok
13:09:57.0288 9804 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
13:09:57.0352 9804 Netman - ok
13:09:57.0429 9804 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
13:09:57.0562 9804 netprofm - ok
13:09:57.0622 9804 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:09:57.0659 9804 NetTcpPortSharing - ok
13:09:58.0650 9804 [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
13:09:58.0951 9804 NETw5s32 - ok
13:09:59.0612 9804 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
13:10:00.0040 9804 netw5v32 - ok
13:10:00.0154 9804 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:10:00.0224 9804 nfrd960 - ok
13:10:00.0469 9804 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:10:00.0597 9804 NlaSvc - ok
13:10:00.0622 9804 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:10:00.0652 9804 Npfs - ok
13:10:00.0705 9804 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
13:10:00.0727 9804 nsi - ok
13:10:00.0773 9804 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:10:00.0774 9804 nsiproxy - ok
13:10:01.0003 9804 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:10:01.0194 9804 Ntfs - ok
13:10:01.0256 9804 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
13:10:01.0270 9804 Null - ok
13:10:01.0331 9804 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:10:01.0361 9804 nvraid - ok
13:10:01.0442 9804 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:10:01.0467 9804 nvstor - ok
13:10:01.0522 9804 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:10:01.0543 9804 nv_agp - ok
13:10:01.0638 9804 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:10:01.0665 9804 ohci1394 - ok
13:10:01.0935 9804 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:10:01.0952 9804 ose - ok
13:10:02.0605 9804 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:10:03.0219 9804 osppsvc - ok
13:10:03.0301 9804 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:10:03.0312 9804 p2pimsvc - ok
13:10:03.0402 9804 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
13:10:03.0424 9804 p2psvc - ok
13:10:03.0469 9804 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:10:03.0486 9804 Parport - ok
13:10:03.0525 9804 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:10:03.0547 9804 partmgr - ok
13:10:03.0581 9804 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:10:03.0630 9804 Parvdm - ok
13:10:03.0703 9804 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:10:03.0734 9804 PcaSvc - ok
13:10:03.0799 9804 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
13:10:03.0800 9804 pci - ok
13:10:03.0835 9804 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
13:10:03.0855 9804 pciide - ok
13:10:03.0919 9804 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:10:03.0992 9804 pcmcia - ok
13:10:04.0010 9804 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
13:10:04.0027 9804 pcw - ok
13:10:04.0171 9804 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:10:04.0214 9804 PEAUTH - ok
13:10:04.0453 9804 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:10:04.0496 9804 PeerDistSvc - ok
13:10:04.0786 9804 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
13:10:04.0941 9804 pla - ok
13:10:05.0051 9804 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:10:05.0073 9804 PlugPlay - ok
13:10:05.0118 9804 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:10:05.0136 9804 PNRPAutoReg - ok
13:10:05.0191 9804 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:10:05.0194 9804 PNRPsvc - ok
13:10:05.0313 9804 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:10:05.0348 9804 PolicyAgent - ok
13:10:05.0407 9804 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
13:10:05.0415 9804 Power - ok
13:10:05.0505 9804 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:10:05.0531 9804 PptpMiniport - ok
13:10:05.0587 9804 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:10:05.0906 9804 Processor - ok
13:10:05.0974 9804 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
13:10:06.0000 9804 ProfSvc - ok
13:10:06.0030 9804 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:10:06.0032 9804 ProtectedStorage - ok
13:10:06.0102 9804 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:10:06.0103 9804 Psched - ok
13:10:06.0326 9804 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:10:06.0512 9804 ql2300 - ok
13:10:06.0531 9804 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:10:06.0551 9804 ql40xx - ok
13:10:06.0639 9804 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
13:10:06.0712 9804 QWAVE - ok
13:10:06.0751 9804 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:10:06.0776 9804 QWAVEdrv - ok
13:10:06.0799 9804 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:10:06.0817 9804 RasAcd - ok
13:10:06.0892 9804 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:10:06.0916 9804 RasAgileVpn - ok
13:10:06.0959 9804 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
13:10:06.0997 9804 RasAuto - ok
13:10:07.0051 9804 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:10:07.0084 9804 Rasl2tp - ok
13:10:07.0232 9804 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
13:10:07.0297 9804 RasMan - ok
13:10:07.0350 9804 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:10:07.0368 9804 RasPppoe - ok
13:10:07.0432 9804 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:10:07.0449 9804 RasSstp - ok
13:10:07.0508 9804 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:10:07.0586 9804 rdbss - ok
13:10:07.0627 9804 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:10:07.0652 9804 rdpbus - ok
13:10:07.0721 9804 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:10:07.0722 9804 RDPCDD - ok
13:10:07.0804 9804 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:10:07.0822 9804 RDPDR - ok
13:10:07.0874 9804 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:10:07.0874 9804 RDPENCDD - ok
13:10:07.0940 9804 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:10:07.0941 9804 RDPREFMP - ok
13:10:08.0005 9804 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:10:08.0035 9804 RDPWD - ok
13:10:08.0152 9804 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:10:08.0191 9804 rdyboost - ok
13:10:08.0248 9804 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
13:10:08.0314 9804 RemoteAccess - ok
13:10:08.0397 9804 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:10:08.0420 9804 RemoteRegistry - ok
13:10:08.0455 9804 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:10:08.0480 9804 RpcEptMapper - ok
13:10:08.0537 9804 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
13:10:08.0554 9804 RpcLocator - ok
13:10:08.0600 9804 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
13:10:08.0604 9804 RpcSs - ok
13:10:08.0709 9804 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:10:08.0740 9804 rspndr - ok
13:10:08.0855 9804 [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
13:10:08.0868 9804 RTL8167 - ok
13:10:08.0922 9804 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:10:08.0979 9804 s3cap - ok
13:10:09.0008 9804 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
13:10:09.0010 9804 SamSs - ok
13:10:09.0091 9804 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:10:09.0119 9804 sbp2port - ok
13:10:09.0263 9804 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:10:09.0278 9804 SCardSvr - ok
13:10:09.0309 9804 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:10:09.0332 9804 scfilter - ok
13:10:09.0456 9804 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
13:10:09.0541 9804 Schedule - ok
13:10:09.0598 9804 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:10:09.0599 9804 SCPolicySvc - ok
13:10:09.0686 9804 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
13:10:09.0706 9804 sdbus - ok
13:10:09.0748 9804 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:10:09.0771 9804 SDRSVC - ok
13:10:09.0866 9804 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:10:09.0913 9804 secdrv - ok
13:10:09.0970 9804 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
13:10:09.0986 9804 seclogon - ok
13:10:10.0038 9804 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
13:10:10.0058 9804 SENS - ok
13:10:10.0112 9804 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:10:10.0151 9804 SensrSvc - ok
13:10:10.0177 9804 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:10:10.0197 9804 Serenum - ok
13:10:10.0251 9804 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:10:10.0274 9804 Serial - ok
13:10:10.0336 9804 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:10:10.0363 9804 sermouse - ok
13:10:10.0414 9804 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
13:10:10.0438 9804 SessionEnv - ok
13:10:10.0490 9804 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:10:10.0530 9804 sffdisk - ok
13:10:10.0565 9804 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:10:10.0589 9804 sffp_mmc - ok
13:10:10.0621 9804 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:10:10.0645 9804 sffp_sd - ok
13:10:10.0689 9804 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:10:10.0708 9804 sfloppy - ok
13:10:10.0816 9804 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:10:10.0881 9804 SharedAccess - ok
13:10:11.0197 9804 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:10:11.0254 9804 ShellHWDetection - ok
13:10:11.0381 9804 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:10:11.0499 9804 sisagp - ok
13:10:11.0677 9804 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:10:11.0708 9804 SiSRaid2 - ok
13:10:11.0747 9804 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:10:11.0770 9804 SiSRaid4 - ok
13:10:11.0924 9804 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:10:11.0979 9804 SkypeUpdate - ok
13:10:12.0034 9804 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:10:12.0057 9804 Smb - ok
13:10:12.0192 9804 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:10:12.0209 9804 SNMPTRAP - ok
13:10:12.0290 9804 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
13:10:12.0326 9804 spldr - ok
13:10:12.0483 9804 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
13:10:12.0540 9804 Spooler - ok
13:10:12.0971 9804 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
13:10:13.0256 9804 sppsvc - ok
13:10:13.0315 9804 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:10:13.0341 9804 sppuinotify - ok
13:10:13.0421 9804 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:10:13.0523 9804 srv - ok
13:10:13.0608 9804 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:10:13.0661 9804 srv2 - ok
13:10:13.0709 9804 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:10:13.0733 9804 srvnet - ok
13:10:13.0864 9804 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
13:10:13.0934 9804 ssadbus - ok
13:10:13.0997 9804 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
13:10:14.0014 9804 ssadmdfl - ok
13:10:14.0088 9804 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
13:10:14.0119 9804 ssadmdm - ok
13:10:14.0168 9804 [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
13:10:14.0189 9804 sscdbus - ok
13:10:14.0268 9804 [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
13:10:14.0333 9804 sscdmdfl - ok
13:10:14.0383 9804 [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
13:10:14.0406 9804 sscdmdm - ok
13:10:14.0479 9804 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:10:14.0489 9804 SSDPSRV - ok
13:10:14.0600 9804 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
13:10:14.0618 9804 ssmdrv - ok
13:10:14.0665 9804 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:10:14.0672 9804 SstpSvc - ok
13:10:14.0724 9804 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:10:14.0759 9804 stexstor - ok
13:10:14.0894 9804 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
13:10:14.0952 9804 StiSvc - ok
13:10:14.0989 9804 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:10:15.0070 9804 storflt - ok
13:10:15.0130 9804 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
13:10:15.0149 9804 StorSvc - ok
13:10:15.0210 9804 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:10:15.0261 9804 storvsc - ok
13:10:15.0289 9804 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
13:10:15.0311 9804 swenum - ok
13:10:15.0426 9804 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
13:10:15.0446 9804 swprv - ok
13:10:15.0645 9804 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
13:10:15.0681 9804 SysMain - ok
13:10:15.0732 9804 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:10:15.0750 9804 TabletInputService - ok
13:10:15.0803 9804 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
13:10:15.0822 9804 taphss - ok
13:10:15.0894 9804 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
13:10:15.0934 9804 TapiSrv - ok
13:10:15.0983 9804 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
13:10:15.0989 9804 TBS - ok
13:10:16.0200 9804 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:10:16.0497 9804 Tcpip - ok
13:10:16.0645 9804 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:10:16.0651 9804 TCPIP6 - ok
13:10:16.0989 9804 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:10:17.0005 9804 tcpipreg - ok
13:10:17.0044 9804 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:10:17.0068 9804 TDPIPE - ok
13:10:17.0111 9804 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:10:17.0139 9804 TDTCP - ok
13:10:17.0194 9804 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:10:17.0218 9804 tdx - ok
13:10:17.0249 9804 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:10:17.0273 9804 TermDD - ok
13:10:17.0358 9804 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
13:10:17.0417 9804 TermService - ok
13:10:17.0480 9804 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
13:10:17.0502 9804 Themes - ok
13:10:17.0602 9804 [ 9528F2A39CB660A49F0592D57127F370 ] Thpdrv C:\Windows\system32\DRIVERS\thpdrv.sys
13:10:17.0620 9804 Thpdrv - ok
13:10:17.0725 9804 [ E17DCDE74FF00CA802643B4A9A4A4A5C ] Thpevm C:\Windows\system32\DRIVERS\Thpevm.SYS
13:10:17.0742 9804 Thpevm - ok
13:10:17.0828 9804 [ D440EE9E119D16304B9FA5D3284EE781 ] Thpsrv C:\Windows\system32\ThpSrv.exe
13:10:17.0834 9804 Thpsrv - ok
13:10:17.0861 9804 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
13:10:17.0862 9804 THREADORDER - ok
13:10:18.0141 9804 [ 66C35016E01746715F8F606A9F081BF9 ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
13:10:18.0143 9804 TosCoSrv - ok
13:10:18.0338 9804 [ AC88D258F20909EEB91796F490CFBB73 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
13:10:18.0396 9804 TOSHIBA Bluetooth Service - ok
13:10:18.0492 9804 Tosrfcom - ok
13:10:18.0574 9804 [ 9EE240F7029771B21CC6200BE6516D60 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
13:10:18.0591 9804 tosrfec - ok
13:10:18.0645 9804 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
13:10:18.0678 9804 TrkWks - ok
13:10:18.0826 9804 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:10:18.0827 9804 TrustedInstaller - ok
13:10:18.0878 9804 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:10:18.0932 9804 tssecsrv - ok
13:10:19.0137 9804 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:10:19.0162 9804 TsUsbFlt - ok
13:10:19.0274 9804 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:10:19.0300 9804 tunnel - ok
13:10:19.0381 9804 [ FC24015B4052600C324C43E3A79C0664 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
13:10:19.0408 9804 TVALZ - ok
13:10:19.0472 9804 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:10:19.0504 9804 uagp35 - ok
13:10:19.0530 9804 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:10:19.0569 9804 udfs - ok
13:10:19.0630 9804 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:10:19.0652 9804 UI0Detect - ok
13:10:19.0714 9804 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:10:19.0767 9804 uliagpkx - ok
13:10:19.0817 9804 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
13:10:19.0833 9804 umbus - ok
13:10:19.0879 9804 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:10:19.0904 9804 UmPass - ok
13:10:19.0974 9804 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
13:10:20.0016 9804 UmRdpService - ok
13:10:20.0115 9804 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
13:10:20.0136 9804 upnphost - ok
13:10:20.0220 9804 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
13:10:20.0244 9804 USBAAPL - ok
13:10:20.0325 9804 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:10:20.0347 9804 usbaudio - ok
13:10:20.0388 9804 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:10:20.0392 9804 usbccgp - ok
13:10:20.0431 9804 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:10:20.0467 9804 usbcir - ok
13:10:20.0521 9804 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:10:20.0536 9804 usbehci - ok
13:10:20.0619 9804 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:10:20.0680 9804 usbhub - ok
13:10:20.0732 9804 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:10:20.0754 9804 usbohci - ok
13:10:20.0819 9804 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:10:20.0843 9804 usbprint - ok
13:10:20.0931 9804 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:10:20.0957 9804 USBSTOR - ok
13:10:21.0003 9804 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:10:21.0309 9804 usbuhci - ok
13:10:21.0472 9804 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:10:21.0498 9804 usbvideo - ok
13:10:21.0697 9804 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
13:10:21.0721 9804 UxSms - ok
13:10:21.0744 9804 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
13:10:21.0745 9804 VaultSvc - ok
13:10:21.0801 9804 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:10:21.0819 9804 vdrvroot - ok
13:10:21.0920 9804 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
13:10:22.0077 9804 vds - ok
13:10:22.0153 9804 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:10:22.0166 9804 vga - ok
13:10:22.0186 9804 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:10:22.0208 9804 VgaSave - ok
13:10:22.0306 9804 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:10:22.0353 9804 vhdmp - ok
13:10:22.0417 9804 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:10:22.0441 9804 viaagp - ok
13:10:22.0487 9804 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
13:10:22.0502 9804 ViaC7 - ok
13:10:22.0559 9804 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
13:10:22.0579 9804 viaide - ok
13:10:22.0654 9804 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:10:22.0685 9804 vmbus - ok
13:10:22.0717 9804 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:10:22.0741 9804 VMBusHID - ok
13:10:22.0769 9804 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:10:22.0794 9804 volmgr - ok
13:10:22.0869 9804 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:10:22.0873 9804 volmgrx - ok
13:10:22.0919 9804 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:10:23.0097 9804 volsnap - ok
13:10:23.0301 9804 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:10:23.0325 9804 vsmraid - ok
13:10:23.0643 9804 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
13:10:23.0666 9804 VSS - ok
13:10:23.0742 9804 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:10:23.0761 9804 vwifibus - ok
13:10:23.0863 9804 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:10:23.0899 9804 vwififlt - ok
13:10:23.0996 9804 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:10:23.0999 9804 vwifimp - ok
13:10:24.0111 9804 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
13:10:24.0171 9804 W32Time - ok
13:10:24.0212 9804 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:10:24.0229 9804 WacomPen - ok
13:10:24.0346 9804 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:10:24.0406 9804 WANARP - ok
13:10:24.0409 9804 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:10:24.0411 9804 Wanarpv6 - ok
13:10:24.0661 9804 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:10:24.0856 9804 WatAdminSvc - ok
13:10:25.0040 9804 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
13:10:25.0214 9804 wbengine - ok
13:10:25.0277 9804 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:10:25.0301 9804 WbioSrvc - ok
13:10:25.0378 9804 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:10:25.0407 9804 wcncsvc - ok
13:10:25.0447 9804 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:10:25.0463 9804 WcsPlugInService - ok
13:10:25.0503 9804 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:10:25.0520 9804 Wd - ok
13:10:25.0647 9804 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:10:25.0764 9804 Wdf01000 - ok
13:10:25.0828 9804 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:10:25.0836 9804 WdiServiceHost - ok
13:10:25.0849 9804 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:10:25.0852 9804 WdiSystemHost - ok
13:10:25.0949 9804 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
13:10:25.0988 9804 WebClient - ok
13:10:26.0049 9804 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:10:26.0073 9804 Wecsvc - ok
13:10:26.0100 9804 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:10:26.0135 9804 wercplsupport - ok
13:10:26.0242 9804 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
13:10:26.0245 9804 WerSvc - ok
13:10:26.0361 9804 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:10:26.0408 9804 WfpLwf - ok
13:10:26.0435 9804 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:10:26.0450 9804 WIMMount - ok
13:10:26.0658 9804 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:10:26.0717 9804 WinDefend - ok
13:10:26.0726 9804 WinHttpAutoProxySvc - ok
13:10:26.0872 9804 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:10:26.0906 9804 Winmgmt - ok
13:10:27.0101 9804 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
13:10:27.0244 9804 WinRM - ok
13:10:27.0364 9804 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:10:27.0389 9804 WinUsb - ok
13:10:27.0593 9804 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:10:27.0672 9804 Wlansvc - ok
13:10:28.0080 9804 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:10:28.0139 9804 wlidsvc - ok
13:10:28.0188 9804 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:10:28.0201 9804 WmiAcpi - ok
13:10:28.0302 9804 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:10:28.0340 9804 wmiApSrv - ok
13:10:28.0647 9804 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:10:29.0103 9804 WMPNetworkSvc - ok
13:10:29.0191 9804 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:10:29.0227 9804 WPCSvc - ok
13:10:29.0284 9804 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:10:29.0309 9804 WPDBusEnum - ok
13:10:29.0355 9804 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:10:29.0389 9804 ws2ifsl - ok
13:10:29.0438 9804 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
13:10:29.0472 9804 wscsvc - ok
13:10:29.0481 9804 WSearch - ok
13:10:29.0763 9804 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:10:29.0823 9804 wuauserv - ok
13:10:29.0875 9804 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:10:29.0911 9804 WudfPf - ok
13:10:29.0974 9804 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:10:30.0019 9804 WUDFRd - ok
13:10:30.0103 9804 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:10:30.0129 9804 wudfsvc - ok
13:10:30.0210 9804 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:10:30.0296 9804 WwanSvc - ok
13:10:30.0543 9804 XDva382 - ok
13:10:30.0719 9804 XDva383 - ok
13:10:30.0772 9804 ================ Scan global ===============================
13:10:30.0823 9804 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
13:10:30.0921 9804 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
13:10:31.0016 9804 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
13:10:31.0064 9804 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:10:31.0155 9804 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:10:31.0162 9804 [Global] - ok
13:10:31.0163 9804 ================ Scan MBR ==================================
13:10:31.0189 9804 [ 4C54042F5B2569C9DDCF173120D730F9 ] \Device\Harddisk0\DR0
13:10:31.0342 9804 \Device\Harddisk0\DR0 - ok
13:10:31.0364 9804 [ 3DFBD33517922022AAB2367021B4BBEC ] \Device\Harddisk1\DR1
13:10:31.0390 9804 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected
13:10:31.0390 9804 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0)
13:10:31.0390 9804 ================ Scan VBR ==================================
13:10:31.0428 9804 [ 9CFAEBADF382E842B38F9D983EF3E048 ] \Device\Harddisk0\DR0\Partition1
13:10:31.0526 9804 \Device\Harddisk0\DR0\Partition1 - ok
13:10:31.0554 9804 [ E40CA1D1ED09EAB052F526F196B97060 ] \Device\Harddisk0\DR0\Partition2
13:10:31.0577 9804 \Device\Harddisk0\DR0\Partition2 - ok
13:10:31.0581 9804 [ 10A63FA7D35293F8F85402D2FE087710 ] \Device\Harddisk1\DR1\Partition1
13:10:31.0582 9804 \Device\Harddisk1\DR1\Partition1 - ok
13:10:31.0582 9804 ============================================================
13:10:31.0582 9804 Scan finished
13:10:31.0582 9804 ============================================================
13:10:31.0596 10412 Detected object count: 1
13:10:31.0596 10412 Actual detected object count: 1
13:10:37.0001 10412 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - skipped by user
13:10:37.0001 10412 \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
13:10:55.0264 7844 Deinitialize success
|
|
11.09.2012, 12:24
| #6 |
| /// the machine /// TB-Ausbilder | Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) Programm noch offen? Hast Du zur Auswahl "Cure"? Wenn ja, bitte auswählen und weitermachen, wenn nicht bitte Rückmeldung!
__________________ --> Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) |
|
11.09.2012, 12:46
| #7 |
| | Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) der whistler scheint entfernt zu sein! vielen dank für die hilfe. ich werde heute nacht nochmal einen komplett-scan durchlaufen lassen und mich dann noch mal melden... mifi |
|
11.09.2012, 13:03
| #8 |
| /// the machine /// TB-Ausbilder | Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) Mooooooment, hab ich gesagt wir sind fertig?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.09.2012, 13:22
| #9 |
| | Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) ok..heißt? |
|
11.09.2012, 13:45
| #10 |
| /// the machine /// TB-Ausbilder | Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) dass jetzt, wo das bootkit weg ist, evtl noch mehr aufgetaucht ist, also haben wir noch arbeit 
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!(ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.09.2012, 21:33
| #11 |
| | Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) hallo, habe jetzt mehrmals combofix über mehrere stunden laufen lassen. Hintergrundprogramme aus, und laptop in ruhe gelassen.. leider stürzt es jedesmal während des scanvorgangs ab und ich kann den computer nur durch ein hard reset in gang bringen... gibt es eine alternative zu diesem programm? evtl. im abgesichert modus versuchen?? Viele grüße, mifi |
|
12.09.2012, 21:34
| #12 |
| /// the machine /// TB-Ausbilder | Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) Ja versuch es im Abgesicherten Modus, wenn das nicht geht kurz Rückmeldung
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.09.2012, 11:27
| #13 |
| | Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) habs über die nacht im abgesicherten modus laufen lassen, wieder abgestürzt... |
|
13.09.2012, 11:38
| #14 |
| /// the machine /// TB-Ausbilder | Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) Ok, Start > Ausführen "%userprofile%\desktop\Combofix" /nombr und enter. da ist ein leerzeichen zwischen Combofix" und dem /nombr.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.09.2012, 14:15
| #15 |
| | Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) jep, so hats geklappt! hier der log: Code:
ATTFilter ComboFix 12-09-12.03 - xx 09/13/2012 14:54:16.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3037.2223 [GMT 2:00]
Running from: c:\users\xx\Desktop\Combofix.exe
Command switches used :: /nombr
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20110217.txt
c:\cflog\CrashLog_20110218.txt
c:\cflog\CrashLog_20110223.txt
c:\users\xx\058.jpg
c:\users\xx\4.0
c:\users\xx\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\xx\AppData\Roaming\pudplg.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\pt
c:\windows\system32\pt\ThpProp.exe.mui
c:\windows\system32\pt\ThpSrv.exe.mui
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\system32\tmp1058.tmp
c:\windows\system32\tmp1097.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-13 to 2012-09-13 )))))))))))))))))))))))))))))))
.
.
2012-09-13 13:03 . 2012-09-13 13:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-12 07:27 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 07:27 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 07:27 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 07:27 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 07:27 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 07:27 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 23:43 . 2012-09-13 13:03 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F4F3636-887A-4822-A7E7-C03F73C8E4D8}\offreg.dll
2012-09-11 10:52 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F4F3636-887A-4822-A7E7-C03F73C8E4D8}\mpengine.dll
2012-09-08 13:39 . 2012-09-11 11:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-07 21:57 . 2012-09-07 21:57 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-07 12:34 . 2012-09-07 12:34 -------- d-----w- c:\program files\ESET
2012-09-07 12:21 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-09-06 23:00 . 2012-09-07 00:28 -------- d-----w- c:\programdata\SecTaskMan
2012-09-06 23:00 . 2012-09-06 23:00 -------- d-----w- c:\program files\Security Task Manager
2012-09-06 22:28 . 2012-09-06 22:28 -------- d-----w- c:\users\xx\AppData\Roaming\Malwarebytes
2012-09-06 22:28 . 2012-09-06 22:28 -------- d-----w- c:\programdata\Malwarebytes
2012-09-06 22:28 . 2012-09-06 22:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-06 22:28 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-06 20:07 . 2012-09-06 20:07 -------- d-----w- C:\bd_logs
2012-09-06 12:15 . 2012-09-07 23:07 -------- d-----w- c:\programdata\xtffwgbyekmqwbw
2012-08-21 06:52 . 2012-08-21 06:52 565616 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor14.dll
2012-08-16 05:27 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 05:27 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-16 05:27 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-16 05:27 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-16 05:27 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-16 05:27 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-16 05:27 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 16:24 . 2012-06-14 12:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 16:24 . 2011-05-14 14:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-17 18:22 . 2011-02-06 00:48 22328 ----a-w- c:\users\xx\AppData\Roaming\PnkBstrK.sys
2012-07-17 18:21 . 2012-02-10 10:13 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-12 15:03 . 2012-07-12 15:03 3262 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2012-09-07 21:57 . 2011-04-23 18:23 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\xx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardManagementTool.lnk - c:\program files\KOBIL Systems\KOBIL Smart Key\Smart Key\Microsoft CSP\CMT.exe [2010-8-22 1069056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys [x]
R3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva382;XDva382;c:\windows\system32\XDva382.sys [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 16:24]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 19:25]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKCU-Run-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
HKCU-Run-pudplg - c:\users\xx\AppData\Roaming\pudplg.dll
MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-17185805-2931279960-2750159110-1000\Software\SecuROM\License information*]
"datasecu"=hex:9e,be,b3,9e,6a,11,91,95,53,25,7e,5d,fe,6e,9b,eb,f4,a8,d9,3a,56,
d0,25,a9,b0,bc,27,16,70,5d,90,18,f3,8f,de,dd,2b,e4,74,c7,5c,0a,db,28,d4,68,\
"rkeysecu"=hex:54,a7,5e,99,73,31,48,81,08,cb,af,ec,2b,7b,90,b1
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\ThpSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-09-13 15:10:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-13 13:10
.
Pre-Run: 60,863,430,656 bytes free
Post-Run: 60,773,543,936 bytes free
.
- - End Of File - - E3E84B51E8F60F5711F624C0D4F941B9
|
|
| Themen zu Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) |
| administrator, anti-malware, antivir, anwendung, appdata, autostart, bundespolizei-virus, cache, code, dateien, downloader, entfernen, escan, explorer, fund, gelöscht, java, mas, microsoft, neuinstallation, nicht möglich, software, speicher, spyware.zbot.dgen, systemstart, temp, trojan.phex.thagen, trojaner, virus, wgsdgsdgdsgsd.exe, win32/installcore.d |
Linear-Darstellung
