| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.10.2012, 15:43
| #1 |
 |  Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden Hallo erstmal! Ich werde versuchen, alles detailgetreu zu beschreiben, ihr könnt aber auch gerne nochmal nachhaken. Mein Rechner fuhr in den Ruhemodus, als ich in wieder wecken wollte, benötigte er derart lange, das sich der Monitor wieder abstellte. Beim aufstehen meldete er mir dann, es sei nicht möglich eine Treiberdatei zu scannen, da deren Struktur unbekannt sei. Während ich im Internet nachschlug was es damit auf sich hat, meldete er das Gleiche erneut. Der Unterschied bestand in lediglich in einem IP Wert, die Adresse war identisch. Weitere Informationen dazu fehlen leider, da ich daraufhin den Rechner neugestartet habe und diese Warnungen nicht im Ereignisprotokoll verzeichnet sind. Nach dem Neustart war das Datum insofern falsch gesetzt, alsdass ich mich 1.600 Jahre in der Zukunft befand. Das Ganze war mich nicht koscher, also wollte ich nen gesamten Scan über den Rechner fahren lassen. Da AVG aber sagte zwei Datenbanken seien veraltet, ließ ich ein Update ziehen, welches mit dem Kommentar, es seien keine verfügbar abgeschlossen wurde. Neuer Versuch, selbes Spiel. Ließ dann eben mit den "veralteten" Datenbank einen Vollscan, incl. Wechseldatenträger über den Rechner laufen und stieß dabei auf mehrere Tracking Cookies. Haben die Tracking Cookies etwas mit dem, was geschah zu tun? Sollte sich mein Problem als kein Problem herausstellen, weil zum Beispiel einfach die Batterie auf dem Mainboard einen zu geringen Spannungswert besitzt, hätte ich gerne Informationen wie ich Tracking Cookies möglichst vermeide, trotz Bewegung im Netz, bzw. diese regelmäßig entfernen kann. Ein  vorab, dass sich wer meiner Hilfesuche annimt. |
|
09.10.2012, 06:58
| #2 |
| /// Malwareteam    | Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:
__________________An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten? Hinweis: Poste die erstellten Logfiles hier in deinem Thema - erstelle kein neues!
__________________ |
|
10.10.2012, 11:15
| #3 |
| | Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden Danke, dass du dich meiner Hilfesuche angenommen hast.
__________________Hoffe, ich habe diesmal alles richtig gemacht. Der Defogger lief ohne Fehlermeldung und ohne Bitte um Neustart. GMer habe ich nicht heruntergeladen, da ich ein 64er System habe. Und hier die OTL Ergebnisse. OTL.txt Code:
ATTFilter OTL logfile created on: 10.10.2012 12:01:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Koishi\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 72,64% Memory free 8,00 Gb Paging File | 6,78 Gb Available in Paging File | 84,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,00 Gb Total Space | 76,24 Gb Free Space | 76,24% Space Free | Partition Type: NTFS Drive D: | 100,00 Gb Total Space | 81,10 Gb Free Space | 81,10% Space Free | Partition Type: NTFS Drive E: | 531,51 Gb Total Space | 399,37 Gb Free Space | 75,14% Space Free | Partition Type: NTFS Drive F: | 200,00 Gb Total Space | 17,07 Gb Free Space | 8,53% Space Free | Partition Type: NTFS Drive H: | 15,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KOISHI-PC | User Name: Koishi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.10 12:00:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Koishi\Desktop\OTL.exe PRC - [2012.08.29 00:43:37 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe PRC - [2012.08.29 00:43:35 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.11.25 05:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.09.27 19:40:28 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.29 00:43:35 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.29 00:43:30 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64) DRV:64bit: - [2012.08.28 12:20:20 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA) DRV:64bit: - [2012.08.28 12:20:20 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.12.07 19:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.12.07 19:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2009.11.25 05:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.10.12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C 75 D3 E4 8B 84 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: nasanightlaunch@example.com:0.6.20120915 FF - user.js - File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2012.08.28 12:43:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.27 19:40:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.27 19:40:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.27 22:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koishi\AppData\Roaming\mozilla\Extensions [2012.10.02 21:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koishi\AppData\Roaming\mozilla\Firefox\Profiles\cf7h4h2q.default\extensions [2012.08.27 22:28:47 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Koishi\AppData\Roaming\mozilla\firefox\profiles\cf7h4h2q.default\extensions\elemhidehelper@adblockplus.org.xpi [2012.10.02 21:08:50 | 002,282,522 | ---- | M] () (No name found) -- C:\Users\Koishi\AppData\Roaming\mozilla\firefox\profiles\cf7h4h2q.default\extensions\nasanightlaunch@example.com.xpi [2012.08.27 22:27:47 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Koishi\AppData\Roaming\mozilla\firefox\profiles\cf7h4h2q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.27 19:40:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.27 19:40:28 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.31 17:00:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.31 17:00:04 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45AE3C2B-F5E0-4869-9578-5181DAC2AD8F}: NameServer = 212.23.115.132 212.23.115.148 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - H:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.09.19 03:12:34 | 000,000,045 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{5d208789-f078-11e1-9427-0022152470d9}\Shell - "" = AutoRun O33 - MountPoints2\{5d208789-f078-11e1-9427-0022152470d9}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{5d208797-f078-11e1-9427-0022152470d9}\Shell - "" = AutoRun O33 - MountPoints2\{5d208797-f078-11e1-9427-0022152470d9}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.10 12:00:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Koishi\Desktop\OTL.exe [2012.10.04 04:31:14 | 000,000,000 | ---D | C] -- C:\Users\Koishi\Desktop\GW [2012.09.27 19:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.10.10 12:00:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Koishi\Desktop\OTL.exe [2012.10.10 11:59:52 | 000,000,000 | ---- | M] () -- C:\Users\Koishi\defogger_reenable [2012.10.10 11:59:20 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 11:59:20 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 11:58:34 | 000,050,477 | ---- | M] () -- C:\Users\Koishi\Desktop\Defogger.exe [2012.10.10 11:57:03 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.10 11:57:03 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.10 11:57:03 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.10 11:57:03 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.10 11:57:03 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.10 11:52:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.10 11:52:00 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys [2012.10.10 11:35:29 | 097,040,550 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm ========== Files Created - No Company Name ========== [2012.10.10 11:59:52 | 000,000,000 | ---- | C] () -- C:\Users\Koishi\defogger_reenable [2012.10.10 11:58:33 | 000,050,477 | ---- | C] () -- C:\Users\Koishi\Desktop\Defogger.exe [2012.08.28 12:26:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.08.27 20:46:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.28 12:33:34 | 000,000,000 | ---D | M] -- C:\Users\Koishi\AppData\Roaming\AVG9 ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.10.2012 12:01:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Koishi\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 72,64% Memory free
8,00 Gb Paging File | 6,78 Gb Available in Paging File | 84,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 76,24 Gb Free Space | 76,24% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 81,10 Gb Free Space | 81,10% Space Free | Partition Type: NTFS
Drive E: | 531,51 Gb Total Space | 399,37 Gb Free Space | 75,14% Space Free | Partition Type: NTFS
Drive F: | 200,00 Gb Total Space | 17,07 Gb Free Space | 8,53% Space Free | Partition Type: NTFS
Drive H: | 15,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: KOISHI-PC | User Name: Koishi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E2F6DD6-27DF-412F-B90D-73D8C597D820}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{FC475E50-7B6D-426C-B582-310DCB636C4E}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
"{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
"{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
"{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
"{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
"{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
"{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"AVG9Uninstall" = AVG Free 9.0
"Guild Wars" = GUILD WARS
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
Error encountered while reading event logs.
< End of report >
|
|
10.10.2012, 11:18
| #4 |
| /// Malwareteam | Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
10.10.2012, 12:20
| #5 |
| | Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-10 12:24:02
-----------------------------
12:24:02.250 OS Version: Windows x64 6.1.7601 Service Pack 1
12:24:02.250 Number of processors: 4 586 0x1707
12:24:02.250 ComputerName: KOISHI-PC UserName: Koishi
12:24:02.686 Initialize success
13:13:04.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
13:13:04.390 Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 3
13:13:04.400 Disk 0 MBR read successfully
13:13:04.400 Disk 0 MBR scan
13:13:04.410 Disk 0 Windows 7 default MBR code
13:13:04.420 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102401 MB offset 2048
13:13:04.440 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102401 MB offset 209719296
13:13:04.450 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 544262 MB offset 419436544
13:13:04.470 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 204803 MB offset 1534085120
13:13:04.500 Disk 0 scanning C:\Windows\system32\drivers
13:13:07.270 Service scanning
13:13:14.520 Modules scanning
13:13:14.520 Disk 0 trace - called modules:
13:13:14.540 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:13:14.550 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a1f060]
13:13:14.550 3 CLASSPNP.SYS[fffff8800192843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80043da060]
13:13:14.560 Scan finished successfully
13:13:33.680 Disk 0 MBR has been saved successfully to "C:\Users\Koishi\Desktop\MBR.dat"
13:13:33.680 The log file has been saved successfully to "C:\Users\Koishi\Desktop\aswMBR.txt"
Code:
ATTFilter 13:16:16.0530 3476 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:16:17.0990 3476 ============================================================
13:16:17.0990 3476 Current date / time: 2012/10/10 13:16:17.0990
13:16:17.0990 3476 SystemInfo:
13:16:17.0990 3476
13:16:17.0990 3476 OS Version: 6.1.7601 ServicePack: 1.0
13:16:17.0990 3476 Product type: Workstation
13:16:17.0990 3476 ComputerName: KOISHI-PC
13:16:17.0990 3476 UserName: Koishi
13:16:17.0990 3476 Windows directory: C:\Windows
13:16:17.0990 3476 System windows directory: C:\Windows
13:16:17.0990 3476 Running under WOW64
13:16:17.0990 3476 Processor architecture: Intel x64
13:16:17.0990 3476 Number of processors: 4
13:16:17.0990 3476 Page size: 0x1000
13:16:17.0990 3476 Boot type: Normal boot
13:16:17.0990 3476 ============================================================
13:16:19.0050 3476 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:16:19.0060 3476 Drive \Device\Harddisk2\DR2 - Size: 0xF3400000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1F0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:16:19.0060 3476 ============================================================
13:16:19.0060 3476 \Device\Harddisk0\DR0:
13:16:19.0060 3476 MBR partitions:
13:16:19.0060 3476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800800
13:16:19.0060 3476 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC801000, BlocksNum 0xC800800
13:16:19.0060 3476 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x19001800, BlocksNum 0x42703000
13:16:19.0060 3476 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x5B704800, BlocksNum 0x19001800
13:16:19.0060 3476 \Device\Harddisk2\DR2:
13:16:19.0060 3476 MBR partitions:
13:16:19.0060 3476 ============================================================
13:16:19.0090 3476 C: <-> \Device\Harddisk0\DR0\Partition1
13:16:19.0120 3476 D: <-> \Device\Harddisk0\DR0\Partition2
13:16:19.0160 3476 E: <-> \Device\Harddisk0\DR0\Partition3
13:16:19.0200 3476 F: <-> \Device\Harddisk0\DR0\Partition4
13:16:19.0200 3476 ============================================================
13:16:19.0200 3476 Initialize success
13:16:19.0200 3476 ============================================================
13:16:34.0410 2812 ============================================================
13:16:34.0410 2812 Scan started
13:16:34.0410 2812 Mode: Manual;
13:16:34.0410 2812 ============================================================
13:16:34.0950 2812 ================ Scan system memory ========================
13:16:34.0950 2812 System memory - ok
13:16:34.0950 2812 ================ Scan services =============================
13:16:35.0090 2812 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
13:16:35.0090 2812 1394ohci - ok
13:16:35.0100 2812 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:16:35.0110 2812 ACPI - ok
13:16:35.0120 2812 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:16:35.0130 2812 AcpiPmi - ok
13:16:35.0140 2812 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:16:35.0140 2812 adp94xx - ok
13:16:35.0150 2812 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:16:35.0160 2812 adpahci - ok
13:16:35.0170 2812 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:16:35.0170 2812 adpu320 - ok
13:16:35.0190 2812 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:16:35.0190 2812 AeLookupSvc - ok
13:16:35.0250 2812 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:16:35.0250 2812 AFD - ok
13:16:35.0270 2812 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:16:35.0270 2812 agp440 - ok
13:16:35.0290 2812 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:16:35.0290 2812 ALG - ok
13:16:35.0290 2812 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:16:35.0300 2812 aliide - ok
13:16:35.0340 2812 [ 1D317EA326423FF7630CF1DA3BD46A1C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:16:35.0340 2812 AMD External Events Utility - ok
13:16:35.0340 2812 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:16:35.0340 2812 amdide - ok
13:16:35.0350 2812 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:16:35.0350 2812 AmdK8 - ok
13:16:35.0360 2812 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
13:16:35.0360 2812 AmdPPM - ok
13:16:35.0360 2812 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:16:35.0360 2812 amdsata - ok
13:16:35.0380 2812 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:16:35.0380 2812 amdsbs - ok
13:16:35.0380 2812 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:16:35.0390 2812 amdxata - ok
13:16:35.0410 2812 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:16:35.0410 2812 AppID - ok
13:16:35.0410 2812 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:16:35.0410 2812 AppIDSvc - ok
13:16:35.0420 2812 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:16:35.0420 2812 Appinfo - ok
13:16:35.0450 2812 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:16:35.0460 2812 AppMgmt - ok
13:16:35.0460 2812 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
13:16:35.0460 2812 arc - ok
13:16:35.0470 2812 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:16:35.0470 2812 arcsas - ok
13:16:35.0490 2812 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:16:35.0490 2812 AsyncMac - ok
13:16:35.0490 2812 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:16:35.0490 2812 atapi - ok
13:16:35.0610 2812 [ 19B5C61CB09BFF2BD69E063EE54B56C3 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:16:35.0690 2812 atikmdag - ok
13:16:35.0720 2812 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:16:35.0730 2812 AudioEndpointBuilder - ok
13:16:35.0740 2812 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:16:35.0750 2812 AudioSrv - ok
13:16:35.0860 2812 [ C4D15594DB5BE042D3346EA58DF87D89 ] avg9wd C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
13:16:35.0860 2812 avg9wd - ok
13:16:35.0890 2812 [ B447DB072BF939DB9E07BEF2ADF4ECBD ] AvgLdx64 C:\Windows\System32\Drivers\avgldx64.sys
13:16:35.0890 2812 AvgLdx64 - ok
13:16:35.0920 2812 [ 0DB5A749ACD8E66091736F88C40207BD ] AvgMfx64 C:\Windows\System32\Drivers\avgmfx64.sys
13:16:35.0920 2812 AvgMfx64 - ok
13:16:35.0940 2812 [ 8AA68C0BA2B84FD7EB3E1F10BBFC825B ] AvgTdiA C:\Windows\System32\Drivers\avgtdia.sys
13:16:35.0940 2812 AvgTdiA - ok
13:16:35.0960 2812 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:16:35.0960 2812 AxInstSV - ok
13:16:35.0980 2812 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:16:35.0990 2812 b06bdrv - ok
13:16:36.0000 2812 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:16:36.0010 2812 b57nd60a - ok
13:16:36.0020 2812 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:16:36.0030 2812 BDESVC - ok
13:16:36.0040 2812 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:16:36.0040 2812 Beep - ok
13:16:36.0080 2812 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:16:36.0090 2812 BFE - ok
13:16:36.0130 2812 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:16:36.0140 2812 BITS - ok
13:16:36.0150 2812 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:16:36.0160 2812 blbdrive - ok
13:16:36.0180 2812 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:16:36.0180 2812 bowser - ok
13:16:36.0190 2812 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:16:36.0190 2812 BrFiltLo - ok
13:16:36.0190 2812 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:16:36.0190 2812 BrFiltUp - ok
13:16:36.0220 2812 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:16:36.0220 2812 Browser - ok
13:16:36.0250 2812 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:16:36.0250 2812 Brserid - ok
13:16:36.0260 2812 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:16:36.0260 2812 BrSerWdm - ok
13:16:36.0260 2812 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:16:36.0260 2812 BrUsbMdm - ok
13:16:36.0270 2812 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:16:36.0270 2812 BrUsbSer - ok
13:16:36.0270 2812 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:16:36.0270 2812 BTHMODEM - ok
13:16:36.0290 2812 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:16:36.0290 2812 bthserv - ok
13:16:36.0300 2812 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:16:36.0300 2812 cdfs - ok
13:16:36.0310 2812 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:16:36.0310 2812 cdrom - ok
13:16:36.0320 2812 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:16:36.0320 2812 CertPropSvc - ok
13:16:36.0330 2812 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
13:16:36.0330 2812 circlass - ok
13:16:36.0360 2812 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:16:36.0360 2812 CLFS - ok
13:16:36.0430 2812 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:16:36.0430 2812 clr_optimization_v2.0.50727_32 - ok
13:16:36.0480 2812 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:16:36.0480 2812 clr_optimization_v2.0.50727_64 - ok
13:16:36.0490 2812 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
13:16:36.0490 2812 CmBatt - ok
13:16:36.0490 2812 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:16:36.0490 2812 cmdide - ok
13:16:36.0530 2812 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:16:36.0530 2812 CNG - ok
13:16:36.0540 2812 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:16:36.0540 2812 Compbatt - ok
13:16:36.0540 2812 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:16:36.0550 2812 CompositeBus - ok
13:16:36.0550 2812 COMSysApp - ok
13:16:36.0570 2812 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:16:36.0570 2812 crcdisk - ok
13:16:36.0600 2812 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:16:36.0600 2812 CryptSvc - ok
13:16:36.0630 2812 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:16:36.0640 2812 CSC - ok
13:16:36.0650 2812 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:16:36.0660 2812 CscService - ok
13:16:36.0690 2812 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:16:36.0700 2812 DcomLaunch - ok
13:16:36.0720 2812 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:16:36.0720 2812 defragsvc - ok
13:16:36.0730 2812 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:16:36.0730 2812 DfsC - ok
13:16:36.0760 2812 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:16:36.0760 2812 Dhcp - ok
13:16:36.0770 2812 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:16:36.0770 2812 discache - ok
13:16:36.0780 2812 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
13:16:36.0780 2812 Disk - ok
13:16:36.0810 2812 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
13:16:36.0810 2812 dmvsc - ok
13:16:36.0850 2812 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:16:36.0860 2812 Dnscache - ok
13:16:36.0970 2812 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:16:36.0970 2812 dot3svc - ok
13:16:36.0980 2812 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:16:36.0990 2812 DPS - ok
13:16:37.0030 2812 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:16:37.0030 2812 drmkaud - ok
13:16:37.0050 2812 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:16:37.0060 2812 DXGKrnl - ok
13:16:37.0070 2812 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:16:37.0070 2812 EapHost - ok
13:16:37.0130 2812 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:16:37.0170 2812 ebdrv - ok
13:16:37.0190 2812 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:16:37.0190 2812 EFS - ok
13:16:37.0250 2812 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:16:37.0260 2812 ehRecvr - ok
13:16:37.0280 2812 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:16:37.0280 2812 ehSched - ok
13:16:37.0290 2812 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:16:37.0300 2812 elxstor - ok
13:16:37.0320 2812 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:16:37.0330 2812 ErrDev - ok
13:16:37.0370 2812 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:16:37.0370 2812 EventSystem - ok
13:16:37.0450 2812 [ 8ADACFFAD67394C711698EA074CE3BAB ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
13:16:37.0450 2812 ewusbnet - ok
13:16:37.0460 2812 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:16:37.0470 2812 exfat - ok
13:16:37.0470 2812 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:16:37.0480 2812 fastfat - ok
13:16:37.0520 2812 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:16:37.0530 2812 Fax - ok
13:16:37.0540 2812 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
13:16:37.0540 2812 fdc - ok
13:16:37.0550 2812 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:16:37.0550 2812 fdPHost - ok
13:16:37.0560 2812 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:16:37.0560 2812 FDResPub - ok
13:16:37.0570 2812 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:16:37.0570 2812 FileInfo - ok
13:16:37.0580 2812 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:16:37.0580 2812 Filetrace - ok
13:16:37.0580 2812 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:16:37.0580 2812 flpydisk - ok
13:16:37.0590 2812 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:16:37.0590 2812 FltMgr - ok
13:16:37.0620 2812 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
13:16:37.0640 2812 FontCache - ok
13:16:37.0680 2812 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:16:37.0680 2812 FontCache3.0.0.0 - ok
13:16:37.0690 2812 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:16:37.0690 2812 FsDepends - ok
13:16:37.0720 2812 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:16:37.0720 2812 Fs_Rec - ok
13:16:37.0730 2812 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:16:37.0740 2812 fvevol - ok
13:16:37.0750 2812 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:16:37.0760 2812 gagp30kx - ok
13:16:37.0770 2812 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:16:37.0780 2812 gpsvc - ok
13:16:37.0800 2812 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:16:37.0800 2812 hcw85cir - ok
13:16:37.0840 2812 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:16:37.0840 2812 HdAudAddService - ok
13:16:37.0860 2812 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:16:37.0860 2812 HDAudBus - ok
13:16:37.0860 2812 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:16:37.0860 2812 HidBatt - ok
13:16:37.0880 2812 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:16:37.0880 2812 HidBth - ok
13:16:37.0890 2812 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:16:37.0890 2812 HidIr - ok
13:16:37.0900 2812 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:16:37.0900 2812 hidserv - ok
13:16:37.0930 2812 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:16:37.0930 2812 HidUsb - ok
13:16:37.0940 2812 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:16:37.0940 2812 hkmsvc - ok
13:16:37.0950 2812 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:16:37.0960 2812 HomeGroupListener - ok
13:16:37.0980 2812 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:16:37.0980 2812 HomeGroupProvider - ok
13:16:37.0990 2812 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:16:37.0990 2812 HpSAMD - ok
13:16:38.0010 2812 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:16:38.0020 2812 HTTP - ok
13:16:38.0050 2812 [ D969D0E26C5B1E813B17066A8318D5D4 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:16:38.0050 2812 hwdatacard - ok
13:16:38.0060 2812 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:16:38.0060 2812 hwpolicy - ok
13:16:38.0080 2812 [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
13:16:38.0080 2812 hwusbdev - ok
13:16:38.0090 2812 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:16:38.0090 2812 i8042prt - ok
13:16:38.0100 2812 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:16:38.0110 2812 iaStorV - ok
13:16:38.0150 2812 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:16:38.0160 2812 idsvc - ok
13:16:38.0170 2812 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:16:38.0170 2812 iirsp - ok
13:16:38.0210 2812 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:16:38.0220 2812 IKEEXT - ok
13:16:38.0270 2812 [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:16:38.0290 2812 IntcAzAudAddService - ok
13:16:38.0290 2812 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:16:38.0290 2812 intelide - ok
13:16:38.0300 2812 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:16:38.0300 2812 intelppm - ok
13:16:38.0320 2812 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:16:38.0320 2812 IPBusEnum - ok
13:16:38.0340 2812 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:16:38.0340 2812 IpFilterDriver - ok
13:16:38.0350 2812 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:16:38.0360 2812 iphlpsvc - ok
13:16:38.0360 2812 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:16:38.0360 2812 IPMIDRV - ok
13:16:38.0370 2812 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:16:38.0370 2812 IPNAT - ok
13:16:38.0370 2812 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:16:38.0370 2812 IRENUM - ok
13:16:38.0380 2812 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:16:38.0380 2812 isapnp - ok
13:16:38.0400 2812 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:16:38.0400 2812 iScsiPrt - ok
13:16:38.0410 2812 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:16:38.0410 2812 kbdclass - ok
13:16:38.0410 2812 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:16:38.0410 2812 kbdhid - ok
13:16:38.0420 2812 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:16:38.0430 2812 KeyIso - ok
13:16:38.0450 2812 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:16:38.0450 2812 KSecDD - ok
13:16:38.0460 2812 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:16:38.0460 2812 KSecPkg - ok
13:16:38.0470 2812 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:16:38.0470 2812 ksthunk - ok
13:16:38.0490 2812 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:16:38.0500 2812 KtmRm - ok
13:16:38.0520 2812 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
13:16:38.0520 2812 L1E - ok
13:16:38.0550 2812 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:16:38.0560 2812 LanmanServer - ok
13:16:38.0590 2812 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:16:38.0590 2812 LanmanWorkstation - ok
13:16:38.0620 2812 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:16:38.0620 2812 lltdio - ok
13:16:38.0640 2812 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:16:38.0650 2812 lltdsvc - ok
13:16:38.0670 2812 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:16:38.0670 2812 lmhosts - ok
13:16:38.0680 2812 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:16:38.0690 2812 LSI_FC - ok
13:16:38.0700 2812 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:16:38.0700 2812 LSI_SAS - ok
13:16:38.0700 2812 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:16:38.0710 2812 LSI_SAS2 - ok
13:16:38.0710 2812 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:16:38.0710 2812 LSI_SCSI - ok
13:16:38.0720 2812 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:16:38.0720 2812 luafv - ok
13:16:38.0750 2812 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:16:38.0750 2812 Mcx2Svc - ok
13:16:38.0760 2812 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
13:16:38.0760 2812 megasas - ok
13:16:38.0770 2812 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:16:38.0770 2812 MegaSR - ok
13:16:38.0800 2812 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:16:38.0800 2812 MMCSS - ok
13:16:38.0800 2812 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:16:38.0800 2812 Modem - ok
13:16:38.0820 2812 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:16:38.0820 2812 monitor - ok
13:16:38.0830 2812 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:16:38.0830 2812 mouclass - ok
13:16:38.0840 2812 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:16:38.0840 2812 mouhid - ok
13:16:38.0850 2812 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:16:38.0850 2812 mountmgr - ok
13:16:38.0880 2812 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:16:38.0880 2812 MozillaMaintenance - ok
13:16:38.0880 2812 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:16:38.0890 2812 mpio - ok
13:16:38.0890 2812 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:16:38.0890 2812 mpsdrv - ok
13:16:38.0910 2812 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:16:38.0930 2812 MpsSvc - ok
13:16:38.0950 2812 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:16:38.0950 2812 MRxDAV - ok
13:16:38.0980 2812 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:16:38.0980 2812 mrxsmb - ok
13:16:38.0990 2812 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:16:38.0990 2812 mrxsmb10 - ok
13:16:39.0000 2812 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:16:39.0000 2812 mrxsmb20 - ok
13:16:39.0000 2812 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:16:39.0000 2812 msahci - ok
13:16:39.0010 2812 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:16:39.0010 2812 msdsm - ok
13:16:39.0030 2812 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:16:39.0030 2812 MSDTC - ok
13:16:39.0040 2812 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:16:39.0040 2812 Msfs - ok
13:16:39.0050 2812 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:16:39.0050 2812 mshidkmdf - ok
13:16:39.0060 2812 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:16:39.0060 2812 msisadrv - ok
13:16:39.0090 2812 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:16:39.0090 2812 MSiSCSI - ok
13:16:39.0100 2812 msiserver - ok
13:16:39.0130 2812 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:16:39.0130 2812 MSKSSRV - ok
13:16:39.0130 2812 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:16:39.0130 2812 MSPCLOCK - ok
13:16:39.0140 2812 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:16:39.0140 2812 MSPQM - ok
13:16:39.0150 2812 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:16:39.0160 2812 MsRPC - ok
13:16:39.0160 2812 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:16:39.0170 2812 mssmbios - ok
13:16:39.0180 2812 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:16:39.0180 2812 MSTEE - ok
13:16:39.0190 2812 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:16:39.0190 2812 MTConfig - ok
13:16:39.0190 2812 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:16:39.0190 2812 Mup - ok
13:16:39.0210 2812 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:16:39.0220 2812 napagent - ok
13:16:39.0280 2812 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:16:39.0280 2812 NativeWifiP - ok
13:16:39.0340 2812 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:16:39.0350 2812 NDIS - ok
13:16:39.0380 2812 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:16:39.0380 2812 NdisCap - ok
13:16:39.0390 2812 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:16:39.0390 2812 NdisTapi - ok
13:16:39.0400 2812 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:16:39.0400 2812 Ndisuio - ok
13:16:39.0410 2812 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:16:39.0410 2812 NdisWan - ok
13:16:39.0420 2812 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:16:39.0420 2812 NDProxy - ok
13:16:39.0420 2812 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:16:39.0420 2812 NetBIOS - ok
13:16:39.0430 2812 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:16:39.0440 2812 NetBT - ok
13:16:39.0450 2812 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:16:39.0450 2812 Netlogon - ok
13:16:39.0480 2812 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:16:39.0490 2812 Netman - ok
13:16:39.0500 2812 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:16:39.0510 2812 netprofm - ok
13:16:39.0530 2812 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:16:39.0540 2812 NetTcpPortSharing - ok
13:16:39.0540 2812 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:16:39.0540 2812 nfrd960 - ok
13:16:39.0550 2812 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:16:39.0560 2812 NlaSvc - ok
13:16:39.0560 2812 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:16:39.0560 2812 Npfs - ok
13:16:39.0580 2812 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:16:39.0580 2812 nsi - ok
13:16:39.0590 2812 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:16:39.0590 2812 nsiproxy - ok
13:16:39.0640 2812 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:16:39.0660 2812 Ntfs - ok
13:16:39.0670 2812 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:16:39.0670 2812 Null - ok
13:16:39.0690 2812 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:16:39.0690 2812 nvraid - ok
13:16:39.0700 2812 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:16:39.0700 2812 nvstor - ok
13:16:39.0710 2812 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:16:39.0710 2812 nv_agp - ok
13:16:39.0710 2812 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:16:39.0710 2812 ohci1394 - ok
13:16:39.0740 2812 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:16:39.0740 2812 p2pimsvc - ok
13:16:39.0770 2812 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:16:39.0770 2812 p2psvc - ok
13:16:39.0780 2812 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
13:16:39.0780 2812 Parport - ok
13:16:39.0810 2812 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:16:39.0810 2812 partmgr - ok
13:16:39.0810 2812 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:16:39.0820 2812 PcaSvc - ok
13:16:39.0830 2812 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:16:39.0830 2812 pci - ok
13:16:39.0840 2812 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:16:39.0840 2812 pciide - ok
13:16:39.0850 2812 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:16:39.0860 2812 pcmcia - ok
13:16:39.0860 2812 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:16:39.0860 2812 pcw - ok
13:16:39.0870 2812 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:16:39.0880 2812 PEAUTH - ok
13:16:39.0930 2812 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:16:39.0950 2812 PeerDistSvc - ok
13:16:40.0020 2812 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:16:40.0020 2812 PerfHost - ok
13:16:40.0070 2812 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:16:40.0090 2812 pla - ok
13:16:40.0120 2812 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:16:40.0130 2812 PlugPlay - ok
13:16:40.0140 2812 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:16:40.0140 2812 PNRPAutoReg - ok
13:16:40.0150 2812 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:16:40.0160 2812 PNRPsvc - ok
13:16:40.0200 2812 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:16:40.0200 2812 PolicyAgent - ok
13:16:40.0230 2812 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:16:40.0230 2812 Power - ok
13:16:40.0250 2812 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:16:40.0250 2812 PptpMiniport - ok
13:16:40.0260 2812 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
13:16:40.0260 2812 Processor - ok
13:16:40.0280 2812 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
13:16:40.0290 2812 ProfSvc - ok
13:16:40.0300 2812 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:16:40.0310 2812 ProtectedStorage - ok
13:16:40.0320 2812 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:16:40.0320 2812 Psched - ok
13:16:40.0350 2812 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:16:40.0370 2812 ql2300 - ok
13:16:40.0380 2812 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:16:40.0380 2812 ql40xx - ok
13:16:40.0400 2812 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:16:40.0410 2812 QWAVE - ok
13:16:40.0410 2812 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:16:40.0410 2812 QWAVEdrv - ok
13:16:40.0430 2812 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:16:40.0430 2812 RasAcd - ok
13:16:40.0450 2812 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:16:40.0450 2812 RasAgileVpn - ok
13:16:40.0460 2812 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:16:40.0470 2812 RasAuto - ok
13:16:40.0470 2812 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:16:40.0470 2812 Rasl2tp - ok
13:16:40.0490 2812 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:16:40.0490 2812 RasMan - ok
13:16:40.0500 2812 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:16:40.0500 2812 RasPppoe - ok
13:16:40.0510 2812 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:16:40.0510 2812 RasSstp - ok
13:16:40.0510 2812 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:16:40.0520 2812 rdbss - ok
13:16:40.0520 2812 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:16:40.0520 2812 rdpbus - ok
13:16:40.0540 2812 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:16:40.0540 2812 RDPCDD - ok
13:16:40.0570 2812 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:16:40.0570 2812 RDPDR - ok
13:16:40.0590 2812 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:16:40.0590 2812 RDPENCDD - ok
13:16:40.0600 2812 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:16:40.0600 2812 RDPREFMP - ok
13:16:40.0630 2812 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:16:40.0630 2812 RDPWD - ok
13:16:40.0640 2812 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:16:40.0640 2812 rdyboost - ok
13:16:40.0670 2812 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:16:40.0670 2812 RemoteAccess - ok
13:16:40.0690 2812 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:16:40.0690 2812 RemoteRegistry - ok
13:16:40.0710 2812 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:16:40.0710 2812 RpcEptMapper - ok
13:16:40.0740 2812 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:16:40.0740 2812 RpcLocator - ok
13:16:40.0760 2812 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:16:40.0760 2812 RpcSs - ok
13:16:40.0770 2812 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:16:40.0770 2812 rspndr - ok
13:16:40.0800 2812 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:16:40.0800 2812 s3cap - ok
13:16:40.0810 2812 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:16:40.0810 2812 SamSs - ok
13:16:40.0810 2812 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:16:40.0820 2812 sbp2port - ok
13:16:40.0820 2812 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:16:40.0830 2812 SCardSvr - ok
13:16:40.0830 2812 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:16:40.0830 2812 scfilter - ok
13:16:40.0850 2812 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:16:40.0870 2812 Schedule - ok
13:16:40.0880 2812 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:16:40.0880 2812 SCPolicySvc - ok
13:16:40.0890 2812 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:16:40.0890 2812 SDRSVC - ok
13:16:40.0890 2812 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:16:40.0890 2812 secdrv - ok
13:16:40.0910 2812 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:16:40.0910 2812 seclogon - ok
13:16:40.0920 2812 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:16:40.0920 2812 SENS - ok
13:16:40.0930 2812 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:16:40.0930 2812 SensrSvc - ok
13:16:40.0930 2812 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:16:40.0930 2812 Serenum - ok
13:16:40.0940 2812 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:16:40.0940 2812 Serial - ok
13:16:40.0950 2812 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:16:40.0950 2812 sermouse - ok
13:16:40.0970 2812 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:16:40.0970 2812 SessionEnv - ok
13:16:40.0970 2812 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:16:40.0970 2812 sffdisk - ok
13:16:40.0980 2812 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:16:40.0980 2812 sffp_mmc - ok
13:16:40.0980 2812 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:16:40.0980 2812 sffp_sd - ok
13:16:40.0990 2812 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:16:40.0990 2812 sfloppy - ok
13:16:41.0020 2812 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:16:41.0020 2812 SharedAccess - ok
13:16:41.0040 2812 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:16:41.0050 2812 ShellHWDetection - ok
13:16:41.0050 2812 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:16:41.0050 2812 SiSRaid2 - ok
13:16:41.0060 2812 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:16:41.0060 2812 SiSRaid4 - ok
13:16:41.0070 2812 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:16:41.0070 2812 Smb - ok
13:16:41.0080 2812 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:16:41.0080 2812 SNMPTRAP - ok
13:16:41.0090 2812 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:16:41.0090 2812 spldr - ok
13:16:41.0110 2812 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
13:16:41.0120 2812 Spooler - ok
13:16:41.0170 2812 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:16:41.0220 2812 sppsvc - ok
13:16:41.0220 2812 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:16:41.0220 2812 sppuinotify - ok
13:16:41.0270 2812 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:16:41.0270 2812 srv - ok
13:16:41.0300 2812 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:16:41.0310 2812 srv2 - ok
13:16:41.0340 2812 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:16:41.0340 2812 srvnet - ok
13:16:41.0360 2812 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:16:41.0370 2812 SSDPSRV - ok
13:16:41.0370 2812 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:16:41.0370 2812 SstpSvc - ok
13:16:41.0390 2812 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:16:41.0390 2812 stexstor - ok
13:16:41.0420 2812 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:16:41.0430 2812 stisvc - ok
13:16:41.0470 2812 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:16:41.0470 2812 storflt - ok
13:16:41.0490 2812 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
13:16:41.0490 2812 StorSvc - ok
13:16:41.0520 2812 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:16:41.0520 2812 storvsc - ok
13:16:41.0520 2812 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:16:41.0520 2812 swenum - ok
13:16:41.0530 2812 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:16:41.0540 2812 swprv - ok
13:16:41.0590 2812 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:16:41.0610 2812 SysMain - ok
13:16:41.0620 2812 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:16:41.0620 2812 TabletInputService - ok
13:16:41.0640 2812 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:16:41.0650 2812 TapiSrv - ok
13:16:41.0650 2812 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:16:41.0650 2812 TBS - ok
13:16:41.0710 2812 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:16:41.0740 2812 Tcpip - ok
13:16:41.0770 2812 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:16:41.0780 2812 TCPIP6 - ok
13:16:41.0790 2812 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:16:41.0790 2812 tcpipreg - ok
13:16:41.0820 2812 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:16:41.0820 2812 TDPIPE - ok
13:16:41.0840 2812 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:16:41.0840 2812 TDTCP - ok
13:16:41.0880 2812 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:16:41.0880 2812 tdx - ok
13:16:41.0890 2812 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:16:41.0890 2812 TermDD - ok
13:16:41.0910 2812 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:16:41.0920 2812 TermService - ok
13:16:41.0930 2812 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:16:41.0930 2812 Themes - ok
13:16:41.0950 2812 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:16:41.0950 2812 THREADORDER - ok
13:16:41.0950 2812 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:16:41.0960 2812 TrkWks - ok
13:16:42.0000 2812 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:16:42.0000 2812 TrustedInstaller - ok
13:16:42.0010 2812 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:16:42.0010 2812 tssecsrv - ok
13:16:42.0020 2812 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:16:42.0020 2812 TsUsbFlt - ok
13:16:42.0030 2812 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:16:42.0030 2812 TsUsbGD - ok
13:16:42.0050 2812 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:16:42.0050 2812 tunnel - ok
13:16:42.0050 2812 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:16:42.0050 2812 uagp35 - ok
13:16:42.0060 2812 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:16:42.0070 2812 udfs - ok
13:16:42.0080 2812 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:16:42.0080 2812 UI0Detect - ok
13:16:42.0100 2812 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:16:42.0100 2812 uliagpkx - ok
13:16:42.0100 2812 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:16:42.0110 2812 umbus - ok
13:16:42.0110 2812 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
13:16:42.0110 2812 UmPass - ok
13:16:42.0130 2812 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:16:42.0140 2812 UmRdpService - ok
13:16:42.0160 2812 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:16:42.0160 2812 upnphost - ok
13:16:42.0170 2812 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:16:42.0170 2812 usbccgp - ok
13:16:42.0180 2812 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:16:42.0190 2812 usbcir - ok
13:16:42.0190 2812 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:16:42.0190 2812 usbehci - ok
13:16:42.0200 2812 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:16:42.0200 2812 usbhub - ok
13:16:42.0230 2812 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:16:42.0230 2812 usbohci - ok
13:16:42.0230 2812 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:16:42.0230 2812 usbprint - ok
13:16:42.0240 2812 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:16:42.0240 2812 USBSTOR - ok
13:16:42.0240 2812 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:16:42.0240 2812 usbuhci - ok
13:16:42.0260 2812 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:16:42.0260 2812 UxSms - ok
13:16:42.0270 2812 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:16:42.0270 2812 VaultSvc - ok
13:16:42.0280 2812 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:16:42.0280 2812 vdrvroot - ok
13:16:42.0300 2812 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:16:42.0310 2812 vds - ok
13:16:42.0320 2812 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:16:42.0320 2812 vga - ok
13:16:42.0320 2812 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:16:42.0320 2812 VgaSave - ok
13:16:42.0340 2812 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:16:42.0340 2812 vhdmp - ok
13:16:42.0350 2812 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:16:42.0350 2812 viaide - ok
13:16:42.0380 2812 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:16:42.0380 2812 vmbus - ok
13:16:42.0400 2812 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:16:42.0400 2812 VMBusHID - ok
13:16:42.0400 2812 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:16:42.0400 2812 volmgr - ok
13:16:42.0430 2812 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:16:42.0430 2812 volmgrx - ok
13:16:42.0440 2812 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:16:42.0440 2812 volsnap - ok
13:16:42.0460 2812 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:16:42.0460 2812 vsmraid - ok
13:16:42.0500 2812 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:16:42.0520 2812 VSS - ok
13:16:42.0530 2812 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:16:42.0530 2812 vwifibus - ok
13:16:42.0540 2812 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:16:42.0550 2812 W32Time - ok
13:16:42.0560 2812 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:16:42.0560 2812 WacomPen - ok
13:16:42.0570 2812 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:16:42.0570 2812 WANARP - ok
13:16:42.0570 2812 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:16:42.0570 2812 Wanarpv6 - ok
13:16:42.0610 2812 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:16:42.0630 2812 wbengine - ok
13:16:42.0640 2812 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:16:42.0640 2812 WbioSrvc - ok
13:16:42.0660 2812 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:16:42.0660 2812 wcncsvc - ok
13:16:42.0680 2812 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:16:42.0680 2812 WcsPlugInService - ok
13:16:42.0680 2812 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
13:16:42.0690 2812 Wd - ok
13:16:42.0700 2812 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:16:42.0710 2812 Wdf01000 - ok
13:16:42.0710 2812 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:16:42.0710 2812 WdiServiceHost - ok
13:16:42.0720 2812 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:16:42.0720 2812 WdiSystemHost - ok
13:16:42.0730 2812 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:16:42.0730 2812 WebClient - ok
13:16:42.0740 2812 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:16:42.0750 2812 Wecsvc - ok
13:16:42.0750 2812 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:16:42.0760 2812 wercplsupport - ok
13:16:42.0770 2812 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:16:42.0770 2812 WerSvc - ok
13:16:42.0770 2812 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:16:42.0770 2812 WfpLwf - ok
13:16:42.0790 2812 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:16:42.0790 2812 WIMMount - ok
13:16:42.0820 2812 WinDefend - ok
13:16:42.0820 2812 WinHttpAutoProxySvc - ok
13:16:42.0900 2812 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:16:42.0900 2812 Winmgmt - ok
13:16:42.0950 2812 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:16:42.0980 2812 WinRM - ok
13:16:43.0020 2812 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:16:43.0040 2812 Wlansvc - ok
13:16:43.0040 2812 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:16:43.0040 2812 WmiAcpi - ok
13:16:43.0060 2812 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:16:43.0060 2812 wmiApSrv - ok
13:16:43.0070 2812 WMPNetworkSvc - ok
13:16:43.0090 2812 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:16:43.0090 2812 WPCSvc - ok
13:16:43.0100 2812 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:16:43.0100 2812 WPDBusEnum - ok
13:16:43.0110 2812 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:16:43.0110 2812 ws2ifsl - ok
13:16:43.0130 2812 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:16:43.0130 2812 wscsvc - ok
13:16:43.0140 2812 WSearch - ok
13:16:43.0210 2812 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:16:43.0240 2812 wuauserv - ok
13:16:43.0250 2812 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:16:43.0250 2812 WudfPf - ok
13:16:43.0270 2812 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:16:43.0270 2812 WUDFRd - ok
13:16:43.0280 2812 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:16:43.0280 2812 wudfsvc - ok
13:16:43.0300 2812 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:16:43.0300 2812 WwanSvc - ok
13:16:43.0340 2812 ================ Scan global ===============================
13:16:43.0360 2812 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:16:43.0380 2812 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:16:43.0410 2812 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:16:43.0450 2812 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:16:43.0470 2812 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:16:43.0470 2812 [Global] - ok
13:16:43.0470 2812 ================ Scan MBR ==================================
13:16:43.0490 2812 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:16:43.0730 2812 \Device\Harddisk0\DR0 - ok
13:16:43.0730 2812 [ 8CC334FF0237D42BB0093CF4E075DDE9 ] \Device\Harddisk2\DR2
13:16:45.0240 2812 \Device\Harddisk2\DR2 - ok
13:16:45.0240 2812 ================ Scan VBR ==================================
13:16:45.0240 2812 [ A2E9CB3CEF9FEE96953E37129218AD84 ] \Device\Harddisk0\DR0\Partition1
13:16:45.0240 2812 \Device\Harddisk0\DR0\Partition1 - ok
13:16:45.0260 2812 [ FE8B72514B35120FED98381473B1193B ] \Device\Harddisk0\DR0\Partition2
13:16:45.0260 2812 \Device\Harddisk0\DR0\Partition2 - ok
13:16:45.0280 2812 [ 7FB87E16BAB94091918061AE4A539D0D ] \Device\Harddisk0\DR0\Partition3
13:16:45.0280 2812 \Device\Harddisk0\DR0\Partition3 - ok
13:16:45.0290 2812 [ 987E94E77F68534B5A33672650ED6F4F ] \Device\Harddisk0\DR0\Partition4
13:16:45.0300 2812 \Device\Harddisk0\DR0\Partition4 - ok
13:16:45.0300 2812 ============================================================
13:16:45.0300 2812 Scan finished
13:16:45.0300 2812 ============================================================
13:16:45.0310 4440 Detected object count: 0
13:16:45.0310 4440 Actual detected object count: 0
13:17:33.0530 2012 Deinitialize success
|
|
10.10.2012, 12:38
| #6 |
| /// Malwareteam | Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden Ich kann nichts entdecken - kontrollieren wir das! Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ --> Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden |
|
10.10.2012, 12:40
| #7 |
| | Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden Ich habe regelmäßig einen USB Stick angeschlossen, welchen ich zum Surfen nutze. Sollte es dafür ein Häckchen geben, dieses ebenfalls anwählen? |
|
10.10.2012, 12:47
| #8 |
| /// Malwareteam | Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden Falls er ein Datenträger ist, ja!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
10.10.2012, 13:19
| #9 |
| | Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden Ich habe vorsichtshalber alles was Dateien enthalten könnte ausgewählt. Irritiert hatte mich, dass auch (I:\) zur Auswahl stand, diese mir am Arbeitsplatz jedoch nicht angezeigt wird. Malware Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.10.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Koishi :: KOISHI-PC [Administrator] 10.10.2012 13:57:08 mbam-log-2012-10-10 (13-57-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|I:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 296225 Laufzeit: 17 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Solltest du die Benutzeroberfläche des AVG 9 kennen, wüßte ich gern, wo ich diesen für den ESET Scan temporär abschalten kann.  Ebenso habe ich nicht den Hauch einer Idee, wo ich die Firewall runterfahren kann. AVG ging partiell zu deaktivieren, bei der Firewall bleibe ich ahnungslos. |
|
10.10.2012, 15:57
| #10 |
| /// Malwareteam | Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden Es reicht, wenn du den Hintergrundwächter deaktiviert hast. Also los mit ESET! 
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
10.10.2012, 17:10
| #11 |
| | Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden Hoffe, er war deaktiviert.^^ eset.txt Code:
ATTFilter E:\Downloads\CD-Images\Armed Assault 2.iso probably a variant of Win32/Spy.Agent.FVJVWOY trojan
|
|
11.10.2012, 06:15
| #12 | |
| /// Malwareteam | Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefundenZitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
11.10.2012, 08:14
| #13 |
| | Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden Keine Ahnung, dass ist ein Überrest vom Vorbesitzer. Habe das System erst Anfang September übernommen und wollte vor Semesterstart aufräumen. Das einzige was ich bisher gemacht habe, ist mein Betriebssystem draufzuspielen. Ich hab bei Downloads immer ein derartigen Schiss mir was einzufangen, dass ich nur Sachen runterlade, die es auf Originalseiten gibt, wie den FF. Und wenn selbst da was schief läuft, sowie gestern abend, dreht sich in meinem Kopf nen Karusell. Das Geschehen um den FF Download war äußerst seltsam. Wäre es angebracht, das hier zu schildern? |
|
11.10.2012, 08:24
| #14 | |
| /// Malwareteam | Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden Was war denn beim FF-Download? Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
11.10.2012, 08:41
| #15 |
| | Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden Hab ich gemacht. Muss da drumherum noch was gemacht werden? Vorab Info zum Download, ich habe bei 224,06kbits/s eine Netzwerkauslastung von 99%. Die Werte springen auch gerne mal, leider zu selten, mal drüber. Jedoch nie höher als um die 270kbits/s. Beim Download gestern brach dieser ab, weil die Verbindung nicht mehr stand. An sich kein Problem, tritt gerne mal auf. Hab dann manuell die Verbindung getrennt und wieder eingerichtet. Und da ging dann die Post ab. Wenn ich nichts bzgl Datenverkehr mache, habe ich uploads von 10kbits/s und zwischendrin immer mal ne spitze von 6kbits/s im download. Gestern aber hatte mein Verbindung über den Zeitraum den ich mir angeschaut hatte eine Spitze von 29.900.100 kbits/s, (ich habs nich umgerechnet, weil ich mir nicht sicher bin, ob bei bits auch der wert 1024 gilt), im download und die upload kurve war tot. Den FF hatte ich nicht an und der Download war ja voher schon abgebrochen. An sich ist der hohe Wert ne schöne Sache, wenns standard wäre, aber wie gesagt normalerweise beweg ich mich einige zehnerpotenzen drunter. Ich pack die gestrigen Screenshots mal in den Anhang, da ich nicht weiß, ob ichs verbal ausreichend schildern konnte. ^^'''' Nachdem ich mir das ausreichend lange angesehen hatte, wollte ich die Verbindung wieder trennen und das Programm schließen. Nach ca. 5 Minuten war es immer noch dabei, die Befehle umzusetzen. Habe mich dann für einen Neustart entschieden, welche nach etwa der gleichen Zeit auch nicht wollte. Also gab es nen Kaltstart, der dann darauf hinwies, das Windows nicht sauber heruntergefahren werden konnte. Wie es wieder da war, schien es, als sei nichts gewesen. Ich hab echt keine Ahnung was da los war. Habe diese Inet Verbindung jetzt seit 1,5 Jahren, aber das ist zum ersten Mal aufgetreten. Ich hab nochmal die ersten Bilder angesehen und es scheint, dass ich während dieser hohen Raten insgesamt einen Download von um die 70 GByte hatte. |
|
| Themen zu Ruhemodus->defekte Treiber->Neustart->falsches Datum, AVG Update unmöglich, Tracking Cookies gefunden |
| adresse, avg, bat, board, einfach, entfernen, falsch, gen, ide, internet, jahre, mainboard, monitor, neuer, neustart, nicht möglich, problem, rechner, ruhemodus, scan, scannen, tracking, trotz, unbekannt, update, warnungen, wechseldatenträger |
Linear-Darstellung
