| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: CPU Auslastung verdächtig hoch, kein Grund erkennbarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.11.2012, 15:05
| #1 |
| |  CPU Auslastung verdächtig hoch, kein Grund erkennbar Hallo, das ist mein erster Beitrag. Meine CPU ist all the Time auf 100% und weiß nicht wiso, das Problem geht auch oft von alleien wieder weg und taucht dann unvermittelt und aus dem nichts wieder auf. Ich habe gerade einen ähnlichen Fall gelesen auch hier auf dem Board und bin genau so vorgegangen wie Cosinus es empfohlen hat. Deshalb ohne weiter Zeit zu verschwenden mein ASWmbr Log sowie der TDSSKiller LOG TDSSKiller Code:
ATTFilter 14:47:34.0397 5648 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:47:34.0686 5648 ============================================================
14:47:34.0686 5648 Current date / time: 2012/11/30 14:47:34.0686
14:47:34.0686 5648 SystemInfo:
14:47:34.0686 5648
14:47:34.0686 5648 OS Version: 6.1.7600 ServicePack: 0.0
14:47:34.0686 5648 Product type: Workstation
14:47:34.0687 5648 ComputerName: MASTER-PC
14:47:34.0690 5648 UserName: Student
14:47:34.0690 5648 Windows directory: C:\Windows
14:47:34.0690 5648 System windows directory: C:\Windows
14:47:34.0690 5648 Processor architecture: Intel x86
14:47:34.0690 5648 Number of processors: 2
14:47:34.0691 5648 Page size: 0x1000
14:47:34.0691 5648 Boot type: Normal boot
14:47:34.0691 5648 ============================================================
14:47:35.0687 5648 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:47:35.0697 5648 ============================================================
14:47:35.0697 5648 \Device\Harddisk0\DR0:
14:47:35.0698 5648 MBR partitions:
14:47:35.0698 5648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x35AF1B, BlocksNum 0x6F4A460
14:47:35.0698 5648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72A537B, BlocksNum 0x6CEE446
14:47:35.0698 5648 ============================================================
14:47:35.0718 5648 C: <-> \Device\Harddisk0\DR0\Partition1
14:47:35.0755 5648 D: <-> \Device\Harddisk0\DR0\Partition2
14:47:35.0759 5648 ============================================================
14:47:35.0759 5648 Initialize success
14:47:35.0759 5648 ============================================================
14:47:41.0164 4068 ============================================================
14:47:41.0164 4068 Scan started
14:47:41.0164 4068 Mode: Manual; SigCheck; TDLFS;
14:47:41.0164 4068 ============================================================
14:47:42.0359 4068 ================ Scan system memory ========================
14:47:42.0359 4068 System memory - ok
14:47:42.0363 4068 ================ Scan services =============================
14:47:42.0579 4068 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
14:47:43.0199 4068 1394ohci - ok
14:47:43.0268 4068 [ BEB5E6A8C17C3C7485563281E0F9E77E ] 61883 C:\Windows\system32\DRIVERS\61883.sys
14:47:43.0415 4068 61883 - ok
14:47:43.0461 4068 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:47:43.0579 4068 ACPI - ok
14:47:43.0680 4068 [ 79D6B28027C398B728CE7CD0570248B0 ] acpials C:\Windows\system32\DRIVERS\acpials.sys
14:47:44.0112 4068 acpials - ok
14:47:44.0155 4068 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
14:47:44.0563 4068 AcpiPmi - ok
14:47:44.0638 4068 [ 73685E15EF8B0BD9C30F1AF413F13D49 ] adfs C:\Windows\system32\drivers\adfs.sys
14:47:44.0724 4068 adfs - ok
14:47:44.0859 4068 [ 9444A3530C2E88B7ED96A566FF9CCC13 ] Adobe Version Cue CS4 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
14:47:44.0939 4068 Adobe Version Cue CS4 - ok
14:47:45.0014 4068 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:47:45.0152 4068 adp94xx - ok
14:47:45.0230 4068 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:47:45.0331 4068 adpahci - ok
14:47:45.0373 4068 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:47:45.0463 4068 adpu320 - ok
14:47:45.0516 4068 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:47:45.0604 4068 AeLookupSvc - ok
14:47:45.0696 4068 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
14:47:45.0780 4068 AESTFilters - ok
14:47:45.0867 4068 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
14:47:46.0016 4068 AFD - ok
14:47:46.0180 4068 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
14:47:46.0282 4068 agp440 - ok
14:47:46.0322 4068 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
14:47:46.0395 4068 aic78xx - ok
14:47:46.0447 4068 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
14:47:46.0542 4068 ALG - ok
14:47:46.0571 4068 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
14:47:46.0676 4068 aliide - ok
14:47:46.0757 4068 [ 5E14E9877BB47BABDCFB33CDCC4136ED ] alssvc C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
14:47:46.0852 4068 alssvc - ok
14:47:46.0879 4068 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
14:47:46.0955 4068 amdagp - ok
14:47:46.0985 4068 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
14:47:47.0051 4068 amdide - ok
14:47:47.0081 4068 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:47:47.0181 4068 AmdK8 - ok
14:47:47.0215 4068 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:47:47.0334 4068 AmdPPM - ok
14:47:47.0376 4068 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:47:47.0460 4068 amdsata - ok
14:47:47.0504 4068 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:47:47.0602 4068 amdsbs - ok
14:47:47.0646 4068 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:47:47.0775 4068 amdxata - ok
14:47:47.0876 4068 [ 22403504E15810E99A563782E9D45311 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
14:47:48.0076 4068 ApfiltrService - ok
14:47:48.0173 4068 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
14:47:48.0442 4068 AppID - ok
14:47:48.0481 4068 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:47:48.0706 4068 AppIDSvc - ok
14:47:48.0740 4068 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
14:47:49.0103 4068 Appinfo - ok
14:47:49.0175 4068 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:47:49.0242 4068 Apple Mobile Device - ok
14:47:49.0292 4068 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
14:47:49.0406 4068 AppMgmt - ok
14:47:49.0442 4068 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
14:47:49.0524 4068 arc - ok
14:47:49.0574 4068 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:47:49.0657 4068 arcsas - ok
14:47:49.0697 4068 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:47:49.0912 4068 AsyncMac - ok
14:47:49.0945 4068 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
14:47:50.0022 4068 atapi - ok
14:47:50.0078 4068 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:47:50.0266 4068 AudioEndpointBuilder - ok
14:47:50.0311 4068 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:47:50.0745 4068 Audiosrv - ok
14:47:50.0803 4068 [ C44BDD77E06053CF5AFE046F3A47C16B ] Avc C:\Windows\system32\DRIVERS\avc.sys
14:47:50.0907 4068 Avc - ok
14:47:50.0977 4068 [ 5E3F0AAEA4642BF184DEEA311C7201DE ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
14:47:51.0072 4068 AVP - ok
14:47:51.0137 4068 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:47:51.0304 4068 AxInstSV - ok
14:47:51.0374 4068 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
14:47:51.0501 4068 b06bdrv - ok
14:47:51.0549 4068 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:47:51.0657 4068 b57nd60x - ok
14:47:51.0722 4068 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
14:47:51.0823 4068 BDESVC - ok
14:47:51.0852 4068 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
14:47:52.0026 4068 Beep - ok
14:47:52.0099 4068 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
14:47:52.0293 4068 BFE - ok
14:47:52.0357 4068 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
14:47:52.0593 4068 BITS - ok
14:47:52.0621 4068 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:47:52.0776 4068 blbdrive - ok
14:47:53.0176 4068 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:47:53.0255 4068 Bonjour Service - ok
14:47:53.0313 4068 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:47:53.0555 4068 bowser - ok
14:47:53.0624 4068 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:47:53.0732 4068 BrFiltLo - ok
14:47:53.0791 4068 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:47:54.0331 4068 BrFiltUp - ok
14:47:54.0372 4068 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
14:47:54.0556 4068 Browser - ok
14:47:54.0648 4068 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:47:54.0813 4068 Brserid - ok
14:47:54.0865 4068 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:47:55.0043 4068 BrSerWdm - ok
14:47:55.0094 4068 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:47:55.0193 4068 BrUsbMdm - ok
14:47:55.0226 4068 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:47:55.0362 4068 BrUsbSer - ok
14:47:55.0434 4068 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
14:47:55.0602 4068 BthEnum - ok
14:47:55.0638 4068 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:47:55.0805 4068 BTHMODEM - ok
14:47:55.0854 4068 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:47:55.0983 4068 BthPan - ok
14:47:56.0027 4068 [ 88059FF1DED4472ACD17EEBABD393069 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
14:47:56.0226 4068 BTHPORT - ok
14:47:56.0280 4068 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
14:47:56.0444 4068 bthserv - ok
14:47:56.0472 4068 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
14:47:56.0703 4068 BTHUSB - ok
14:47:56.0772 4068 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
14:47:56.0849 4068 btwaudio - ok
14:47:56.0897 4068 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
14:47:56.0961 4068 btwavdt - ok
14:47:57.0052 4068 [ F7434401AE320BB97903A3C1865242FB ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:47:57.0183 4068 btwdins - ok
14:47:57.0211 4068 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
14:47:57.0268 4068 btwl2cap - ok
14:47:57.0301 4068 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
14:47:57.0362 4068 btwrchid - ok
14:47:57.0398 4068 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:47:57.0624 4068 cdfs - ok
14:47:57.0729 4068 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:47:57.0822 4068 cdrom - ok
14:47:57.0870 4068 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
14:47:58.0033 4068 CertPropSvc - ok
14:47:58.0061 4068 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:47:58.0153 4068 circlass - ok
14:47:58.0194 4068 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
14:47:58.0286 4068 CLFS - ok
14:47:58.0356 4068 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:47:58.0422 4068 clr_optimization_v2.0.50727_32 - ok
14:47:58.0489 4068 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:47:58.0582 4068 clr_optimization_v4.0.30319_32 - ok
14:47:58.0611 4068 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:47:58.0704 4068 CmBatt - ok
14:47:58.0733 4068 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
14:47:58.0812 4068 cmdide - ok
14:47:58.0879 4068 [ 36C252E474B2FFA0F0FBBFF20D92A640 ] CNG C:\Windows\system32\Drivers\cng.sys
14:47:59.0043 4068 CNG - ok
14:47:59.0073 4068 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:47:59.0153 4068 Compbatt - ok
14:47:59.0211 4068 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:47:59.0305 4068 CompositeBus - ok
14:47:59.0331 4068 COMSysApp - ok
14:47:59.0371 4068 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:47:59.0446 4068 crcdisk - ok
14:47:59.0507 4068 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:47:59.0665 4068 CryptSvc - ok
14:47:59.0860 4068 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
14:47:59.0963 4068 CSC - ok
14:48:00.0006 4068 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
14:48:00.0172 4068 CscService - ok
14:48:00.0255 4068 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
14:48:00.0443 4068 DcomLaunch - ok
14:48:00.0478 4068 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
14:48:00.0653 4068 defragsvc - ok
14:48:00.0704 4068 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:48:00.0927 4068 DfsC - ok
14:48:00.0991 4068 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:48:01.0197 4068 Dhcp - ok
14:48:01.0263 4068 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
14:48:01.0469 4068 discache - ok
14:48:01.0531 4068 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:48:01.0606 4068 Disk - ok
14:48:01.0665 4068 [ A0500678A33802D8954153839301D539 ] DLABMFSM C:\Windows\system32\Drivers\DLABMFSM.SYS
14:48:01.0753 4068 DLABMFSM - ok
14:48:01.0781 4068 [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM C:\Windows\system32\Drivers\DLABOIOM.SYS
14:48:01.0840 4068 DLABOIOM - ok
14:48:01.0867 4068 [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM C:\Windows\system32\Drivers\DLACDBHM.SYS
14:48:01.0930 4068 DLACDBHM - ok
14:48:01.0964 4068 [ F8B70D38845C4694B28ADC4768676FD0 ] DLADResM C:\Windows\system32\Drivers\DLADResM.SYS
14:48:02.0024 4068 DLADResM - ok
14:48:02.0047 4068 [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M C:\Windows\system32\Drivers\DLAIFS_M.SYS
14:48:02.0110 4068 DLAIFS_M - ok
14:48:02.0143 4068 [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM C:\Windows\system32\Drivers\DLAOPIOM.SYS
14:48:02.0204 4068 DLAOPIOM - ok
14:48:02.0236 4068 [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM C:\Windows\system32\Drivers\DLAPoolM.SYS
14:48:02.0296 4068 DLAPoolM - ok
14:48:02.0322 4068 [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M C:\Windows\system32\Drivers\DLARTL_M.SYS
14:48:02.0391 4068 DLARTL_M - ok
14:48:02.0460 4068 [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM C:\Windows\system32\Drivers\DLAUDFAM.SYS
14:48:02.0543 4068 DLAUDFAM - ok
14:48:02.0568 4068 [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M C:\Windows\system32\Drivers\DLAUDF_M.SYS
14:48:02.0632 4068 DLAUDF_M - ok
14:48:02.0683 4068 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:48:02.0807 4068 Dnscache - ok
14:48:02.0867 4068 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
14:48:03.0024 4068 dot3svc - ok
14:48:03.0060 4068 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
14:48:03.0240 4068 DPS - ok
14:48:03.0405 4068 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:48:03.0522 4068 drmkaud - ok
14:48:03.0559 4068 [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB C:\Windows\system32\Drivers\DRVMCDB.SYS
14:48:03.0618 4068 DRVMCDB - ok
14:48:03.0656 4068 [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM C:\Windows\system32\Drivers\DRVNDDM.SYS
14:48:03.0718 4068 DRVNDDM - ok
14:48:03.0794 4068 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:48:03.0928 4068 DXGKrnl - ok
14:48:04.0005 4068 [ 44A91D98D6719B49BCD649A863225B5C ] e1yexpress C:\Windows\system32\DRIVERS\e1y6232.sys
14:48:04.0075 4068 e1yexpress - ok
14:48:04.0122 4068 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
14:48:04.0283 4068 EapHost - ok
14:48:04.0449 4068 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
14:48:04.0779 4068 ebdrv - ok
14:48:04.0829 4068 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
14:48:04.0984 4068 EFS - ok
14:48:05.0075 4068 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:48:05.0205 4068 elxstor - ok
14:48:05.0245 4068 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
14:48:05.0343 4068 ErrDev - ok
14:48:05.0454 4068 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
14:48:05.0712 4068 EventSystem - ok
14:48:05.0839 4068 [ A57BE3307ADA2FC086B5B43135735283 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:48:05.0981 4068 EvtEng - ok
14:48:06.0067 4068 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
14:48:06.0215 4068 exfat - ok
14:48:06.0253 4068 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:48:06.0432 4068 fastfat - ok
14:48:06.0501 4068 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
14:48:06.0656 4068 Fax - ok
14:48:06.0721 4068 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:48:06.0809 4068 fdc - ok
14:48:06.0838 4068 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
14:48:07.0066 4068 fdPHost - ok
14:48:07.0105 4068 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
14:48:07.0331 4068 FDResPub - ok
14:48:07.0365 4068 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:48:07.0441 4068 FileInfo - ok
14:48:07.0475 4068 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:48:07.0625 4068 Filetrace - ok
14:48:07.0696 4068 [ D60EF46DC0E757FE5EB579DB95B88954 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:48:07.0833 4068 FLEXnet Licensing Service - ok
14:48:07.0863 4068 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:48:07.0952 4068 flpydisk - ok
14:48:07.0994 4068 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:48:08.0122 4068 FltMgr - ok
14:48:08.0230 4068 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
14:48:08.0385 4068 FontCache - ok
14:48:08.0445 4068 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:48:08.0570 4068 FontCache3.0.0.0 - ok
14:48:08.0602 4068 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:48:08.0687 4068 FsDepends - ok
14:48:08.0751 4068 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:48:08.0828 4068 Fs_Rec - ok
14:48:08.0905 4068 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:48:09.0015 4068 fvevol - ok
14:48:09.0078 4068 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:48:09.0154 4068 gagp30kx - ok
14:48:09.0202 4068 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:48:09.0260 4068 GEARAspiWDM - ok
14:48:09.0324 4068 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
14:48:09.0511 4068 gpsvc - ok
14:48:09.0628 4068 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:48:09.0697 4068 gupdate - ok
14:48:09.0735 4068 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:48:09.0790 4068 gupdatem - ok
14:48:09.0824 4068 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:48:09.0932 4068 hcw85cir - ok
14:48:09.0990 4068 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:48:10.0121 4068 HdAudAddService - ok
14:48:10.0189 4068 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:48:10.0285 4068 HDAudBus - ok
14:48:10.0340 4068 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:48:10.0414 4068 HidBatt - ok
14:48:10.0454 4068 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:48:10.0592 4068 HidBth - ok
14:48:10.0653 4068 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:48:10.0833 4068 HidIr - ok
14:48:10.0876 4068 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
14:48:11.0051 4068 hidserv - ok
14:48:11.0087 4068 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:48:11.0188 4068 HidUsb - ok
14:48:11.0234 4068 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:48:11.0416 4068 hkmsvc - ok
14:48:11.0481 4068 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:48:11.0595 4068 HomeGroupListener - ok
14:48:11.0654 4068 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:48:11.0782 4068 HomeGroupProvider - ok
14:48:11.0821 4068 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
14:48:11.0922 4068 HpSAMD - ok
14:48:11.0982 4068 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:48:12.0173 4068 HTTP - ok
14:48:12.0228 4068 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:48:12.0303 4068 hwpolicy - ok
14:48:12.0336 4068 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:48:12.0433 4068 i8042prt - ok
14:48:12.0550 4068 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:48:12.0643 4068 IAANTMON - ok
14:48:12.0718 4068 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\drivers\iaStor.sys
14:48:12.0826 4068 iaStor - ok
14:48:12.0883 4068 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:48:13.0013 4068 iaStorV - ok
14:48:13.0092 4068 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:48:13.0134 4068 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:48:13.0134 4068 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:48:13.0236 4068 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:48:13.0369 4068 idsvc - ok
14:48:13.0795 4068 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
14:48:14.0567 4068 igfx - ok
14:48:14.0621 4068 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:48:14.0701 4068 iirsp - ok
14:48:14.0763 4068 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
14:48:15.0027 4068 IKEEXT - ok
14:48:15.0061 4068 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
14:48:15.0189 4068 intelide - ok
14:48:15.0246 4068 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
14:48:15.0324 4068 intelppm - ok
14:48:15.0360 4068 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:48:15.0569 4068 IPBusEnum - ok
14:48:15.0607 4068 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:48:15.0775 4068 IpFilterDriver - ok
14:48:15.0835 4068 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:48:16.0045 4068 iphlpsvc - ok
14:48:16.0095 4068 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:48:16.0193 4068 IPMIDRV - ok
14:48:16.0230 4068 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:48:16.0376 4068 IPNAT - ok
14:48:16.0464 4068 [ 0CA8C2E721617AA2F923A8151C96FB33 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:48:16.0594 4068 iPod Service - ok
14:48:16.0630 4068 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:48:16.0734 4068 IRENUM - ok
14:48:16.0769 4068 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
14:48:16.0853 4068 isapnp - ok
14:48:16.0895 4068 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:48:16.0990 4068 iScsiPrt - ok
14:48:17.0047 4068 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:48:17.0123 4068 kbdclass - ok
14:48:17.0160 4068 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:48:17.0269 4068 kbdhid - ok
14:48:17.0330 4068 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
14:48:17.0405 4068 KeyIso - ok
14:48:17.0449 4068 [ A884729B0E98CD93D6511DE6D58CDC98 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
14:48:17.0532 4068 kl1 - ok
14:48:17.0577 4068 [ ADDA474C9B18FD829A6C8351485C4842 ] KLFLTDEV C:\Windows\system32\DRIVERS\klfltdev.sys
14:48:17.0646 4068 KLFLTDEV - ok
14:48:17.0710 4068 [ 9D51D6F7845F0248C67A8A36CD7CDF05 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
14:48:17.0784 4068 KLIF - ok
14:48:17.0811 4068 [ 00DC8637480A8A26DF1407D8207781C8 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
14:48:17.0882 4068 KLIM6 - ok
14:48:17.0958 4068 [ 0263364ACB9C834ACE52FB85C2C064EC ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:48:18.0044 4068 KSecDD - ok
14:48:18.0091 4068 [ 27391DB553BE2A4E2B0ADEEA2873B2AF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:48:18.0176 4068 KSecPkg - ok
14:48:18.0257 4068 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
14:48:18.0493 4068 KtmRm - ok
14:48:18.0574 4068 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
14:48:18.0723 4068 LanmanServer - ok
14:48:18.0813 4068 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:48:19.0032 4068 LanmanWorkstation - ok
14:48:19.0091 4068 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:48:19.0268 4068 lltdio - ok
14:48:19.0313 4068 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:48:19.0482 4068 lltdsvc - ok
14:48:19.0560 4068 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
14:48:19.0813 4068 lmhosts - ok
14:48:19.0908 4068 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:48:19.0988 4068 LSI_FC - ok
14:48:20.0039 4068 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:48:20.0144 4068 LSI_SAS - ok
14:48:20.0177 4068 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:48:20.0256 4068 LSI_SAS2 - ok
14:48:20.0297 4068 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:48:20.0378 4068 LSI_SCSI - ok
14:48:20.0430 4068 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
14:48:20.0804 4068 luafv - ok
14:48:21.0090 4068 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
14:48:21.0171 4068 MDM ( UnsignedFile.Multi.Generic ) - warning
14:48:21.0200 4068 MDM - detected UnsignedFile.Multi.Generic (1)
14:48:21.0268 4068 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:48:21.0345 4068 megasas - ok
14:48:21.0385 4068 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:48:21.0482 4068 MegaSR - ok
14:48:21.0757 4068 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2011_32 C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
14:48:22.0135 4068 mi-raysat_3dsmax2011_32 ( UnsignedFile.Multi.Generic ) - warning
14:48:22.0135 4068 mi-raysat_3dsmax2011_32 - detected UnsignedFile.Multi.Generic (1)
14:48:22.0175 4068 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
14:48:22.0551 4068 MMCSS - ok
14:48:22.0618 4068 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
14:48:22.0857 4068 Modem - ok
14:48:22.0897 4068 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:48:23.0052 4068 monitor - ok
14:48:23.0127 4068 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:48:23.0204 4068 mouclass - ok
14:48:23.0234 4068 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:48:23.0330 4068 mouhid - ok
14:48:23.0362 4068 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:48:23.0453 4068 mountmgr - ok
14:48:23.0556 4068 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:48:23.0640 4068 MozillaMaintenance - ok
14:48:23.0669 4068 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
14:48:23.0842 4068 mpio - ok
14:48:23.0924 4068 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:48:24.0071 4068 mpsdrv - ok
14:48:24.0160 4068 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
14:48:24.0526 4068 MpsSvc - ok
14:48:24.0570 4068 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:48:24.0682 4068 MRxDAV - ok
14:48:24.0736 4068 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:48:24.0828 4068 mrxsmb - ok
14:48:24.0880 4068 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:48:25.0013 4068 mrxsmb10 - ok
14:48:25.0071 4068 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:48:25.0186 4068 mrxsmb20 - ok
14:48:25.0237 4068 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
14:48:25.0312 4068 msahci - ok
14:48:25.0347 4068 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
14:48:25.0423 4068 msdsm - ok
14:48:25.0514 4068 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
14:48:25.0636 4068 MSDTC - ok
14:48:25.0716 4068 [ 114B67C324D64C8195FD3BF93B4DF02A ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
14:48:25.0819 4068 MSDV - ok
14:48:26.0097 4068 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:48:26.0284 4068 Msfs - ok
14:48:26.0318 4068 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:48:26.0486 4068 mshidkmdf - ok
14:48:26.0518 4068 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:48:26.0603 4068 msisadrv - ok
14:48:26.0665 4068 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:48:26.0827 4068 MSiSCSI - ok
14:48:26.0846 4068 msiserver - ok
14:48:26.0888 4068 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:48:27.0096 4068 MSKSSRV - ok
14:48:27.0145 4068 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:48:27.0325 4068 MSPCLOCK - ok
14:48:27.0363 4068 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:48:27.0557 4068 MSPQM - ok
14:48:27.0591 4068 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:48:27.0691 4068 MsRPC - ok
14:48:27.0727 4068 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:48:27.0800 4068 mssmbios - ok
14:48:27.0840 4068 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:48:28.0067 4068 MSTEE - ok
14:48:28.0125 4068 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:48:28.0216 4068 MTConfig - ok
14:48:28.0251 4068 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
14:48:28.0333 4068 Mup - ok
14:48:28.0380 4068 [ 1D99AC4CE3ABBD96A8C0D77FF104096D ] NAL C:\Windows\system32\Drivers\iqvw32.sys
14:48:28.0501 4068 NAL ( UnsignedFile.Multi.Generic ) - warning
14:48:28.0502 4068 NAL - detected UnsignedFile.Multi.Generic (1)
14:48:28.0547 4068 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
14:48:28.0724 4068 napagent - ok
14:48:28.0770 4068 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:48:28.0892 4068 NativeWifiP - ok
14:48:28.0948 4068 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:48:29.0083 4068 NDIS - ok
14:48:29.0115 4068 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:48:29.0281 4068 NdisCap - ok
14:48:29.0334 4068 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:48:29.0484 4068 NdisTapi - ok
14:48:29.0536 4068 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:48:29.0692 4068 Ndisuio - ok
14:48:29.0721 4068 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:48:29.0872 4068 NdisWan - ok
14:48:29.0917 4068 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:48:30.0090 4068 NDProxy - ok
14:48:30.0153 4068 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:48:30.0418 4068 NetBIOS - ok
14:48:30.0498 4068 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:48:30.0653 4068 NetBT - ok
14:48:30.0680 4068 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
14:48:30.0771 4068 Netlogon - ok
14:48:30.0842 4068 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
14:48:31.0054 4068 Netman - ok
14:48:31.0123 4068 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
14:48:31.0395 4068 netprofm - ok
14:48:31.0454 4068 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:48:31.0565 4068 NetTcpPortSharing - ok
14:48:31.0944 4068 [ EF51B405AD8ACAAE6F0231290D20F516 ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
14:48:32.0496 4068 NETw5s32 - ok
14:48:32.0765 4068 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
14:48:33.0367 4068 netw5v32 - ok
14:48:33.0431 4068 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:48:33.0525 4068 nfrd960 - ok
14:48:33.0584 4068 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
14:48:33.0882 4068 NlaSvc - ok
14:48:33.0968 4068 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:48:34.0265 4068 Npfs - ok
14:48:34.0302 4068 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
14:48:34.0493 4068 nsi - ok
14:48:34.0534 4068 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:48:34.0867 4068 nsiproxy - ok
14:48:35.0004 4068 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:48:35.0223 4068 Ntfs - ok
14:48:35.0295 4068 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
14:48:35.0555 4068 Null - ok
14:48:36.0541 4068 [ 377140A534D013BD661C69F1741DE43C ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:48:37.0529 4068 nvlddmkm - ok
14:48:37.0584 4068 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:48:37.0664 4068 nvraid - ok
14:48:37.0700 4068 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:48:37.0781 4068 nvstor - ok
14:48:37.0814 4068 [ 4ED813EFD77A9B7E57E341CDC1C5CBC4 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:48:37.0904 4068 nvsvc - ok
14:48:37.0942 4068 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
14:48:38.0024 4068 nv_agp - ok
14:48:38.0076 4068 [ A015DD2BA6009C8BDD00A6C431302D06 ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
14:48:38.0213 4068 OA001Ufd - ok
14:48:38.0276 4068 [ 438FFCB55B8CE39B0BC71AFC0A059835 ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
14:48:38.0382 4068 OA001Vid - ok
14:48:38.0462 4068 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:48:38.0569 4068 odserv - ok
14:48:38.0614 4068 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:48:38.0692 4068 ohci1394 - ok
14:48:38.0742 4068 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:48:38.0836 4068 ose - ok
14:48:38.0926 4068 [ 4CDADEC3DC1300EE1D313EA5494E6472 ] ovt519 C:\Windows\system32\Drivers\ov519vid.sys
14:48:38.0972 4068 ovt519 ( UnsignedFile.Multi.Generic ) - warning
14:48:38.0972 4068 ovt519 - detected UnsignedFile.Multi.Generic (1)
14:48:39.0030 4068 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:48:39.0185 4068 p2pimsvc - ok
14:48:39.0230 4068 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
14:48:39.0535 4068 p2psvc - ok
14:48:39.0576 4068 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:48:39.0673 4068 Parport - ok
14:48:39.0779 4068 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:48:39.0863 4068 partmgr - ok
14:48:39.0917 4068 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
14:48:40.0157 4068 Parvdm - ok
14:48:40.0204 4068 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:48:40.0392 4068 PcaSvc - ok
14:48:40.0453 4068 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\drivers\pci.sys
14:48:40.0542 4068 pci - ok
14:48:40.0586 4068 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
14:48:40.0683 4068 pciide - ok
14:48:40.0721 4068 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:48:40.0847 4068 pcmcia - ok
14:48:40.0872 4068 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
14:48:40.0941 4068 pcw - ok
14:48:40.0997 4068 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:48:41.0307 4068 PEAUTH - ok
14:48:41.0419 4068 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:48:41.0664 4068 PeerDistSvc - ok
14:48:41.0847 4068 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
14:48:42.0187 4068 pla - ok
14:48:42.0262 4068 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:48:42.0374 4068 PlugPlay - ok
14:48:42.0421 4068 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:48:42.0524 4068 PNRPAutoReg - ok
14:48:42.0564 4068 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:48:42.0722 4068 PNRPsvc - ok
14:48:42.0787 4068 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:48:43.0031 4068 PolicyAgent - ok
14:48:43.0263 4068 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
14:48:43.0425 4068 Power - ok
14:48:43.0474 4068 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:48:43.0636 4068 PptpMiniport - ok
14:48:43.0714 4068 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:48:43.0881 4068 Processor - ok
14:48:43.0943 4068 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
14:48:44.0112 4068 ProfSvc - ok
14:48:44.0137 4068 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:48:44.0251 4068 ProtectedStorage - ok
14:48:44.0280 4068 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:48:44.0417 4068 Psched - ok
14:48:44.0477 4068 [ D970470F8F39470BDAE94D313A1CCDCE ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
14:48:44.0575 4068 PxHelp20 - ok
14:48:44.0778 4068 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:48:44.0964 4068 ql2300 - ok
14:48:45.0014 4068 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:48:45.0147 4068 ql40xx - ok
14:48:45.0225 4068 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
14:48:45.0417 4068 QWAVE - ok
14:48:45.0493 4068 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:48:45.0625 4068 QWAVEdrv - ok
14:48:45.0670 4068 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:48:45.0844 4068 RasAcd - ok
14:48:45.0883 4068 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:48:46.0271 4068 RasAgileVpn - ok
14:48:46.0337 4068 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
14:48:46.0536 4068 RasAuto - ok
14:48:46.0581 4068 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:48:46.0805 4068 Rasl2tp - ok
14:48:46.0857 4068 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
14:48:47.0054 4068 RasMan - ok
14:48:47.0087 4068 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:48:47.0262 4068 RasPppoe - ok
14:48:47.0306 4068 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:48:47.0674 4068 RasSstp - ok
14:48:47.0777 4068 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:48:48.0014 4068 rdbss - ok
14:48:48.0054 4068 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:48:48.0214 4068 rdpbus - ok
14:48:48.0246 4068 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:48:48.0430 4068 RDPCDD - ok
14:48:48.0509 4068 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:48:48.0616 4068 RDPDR - ok
14:48:48.0639 4068 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:48:48.0795 4068 RDPENCDD - ok
14:48:48.0841 4068 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:48:48.0974 4068 RDPREFMP - ok
14:48:49.0036 4068 [ 0399C725A9C95A6F1862B93F008DDF4A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:48:49.0192 4068 RDPWD - ok
14:48:49.0233 4068 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:48:49.0314 4068 rdyboost - ok
14:48:49.0399 4068 [ A171029D6B6C2D93C22861A347F43C2A ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:48:49.0501 4068 RegSrvc - ok
14:48:49.0553 4068 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
14:48:49.0715 4068 RemoteAccess - ok
14:48:49.0759 4068 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:48:50.0017 4068 RemoteRegistry - ok
14:48:50.0069 4068 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:48:50.0158 4068 RFCOMM - ok
14:48:50.0208 4068 [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
14:48:50.0314 4068 rimmptsk - ok
14:48:50.0362 4068 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
14:48:50.0462 4068 RimUsb - ok
14:48:50.0537 4068 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
14:48:50.0654 4068 RimVSerPort - ok
14:48:50.0707 4068 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
14:48:51.0005 4068 ROOTMODEM - ok
14:48:51.0077 4068 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:48:51.0576 4068 RpcEptMapper - ok
14:48:51.0641 4068 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
14:48:51.0792 4068 RpcLocator - ok
14:48:51.0836 4068 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
14:48:52.0063 4068 RpcSs - ok
14:48:52.0101 4068 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:48:52.0312 4068 rspndr - ok
14:48:52.0352 4068 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
14:48:52.0550 4068 s3cap - ok
14:48:52.0595 4068 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
14:48:52.0683 4068 SamSs - ok
14:48:52.0745 4068 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
14:48:52.0843 4068 sbp2port - ok
14:48:52.0893 4068 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:48:53.0055 4068 SCardSvr - ok
14:48:53.0087 4068 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:48:53.0317 4068 scfilter - ok
14:48:53.0435 4068 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
14:48:53.0581 4068 Schedule - ok
14:48:53.0631 4068 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:48:53.0802 4068 SCPolicySvc - ok
14:48:53.0860 4068 [ AA826E35F6D28A8E5D1EFEB337F24BA2 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
14:48:53.0943 4068 sdbus - ok
14:48:53.0968 4068 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:48:54.0067 4068 SDRSVC - ok
14:48:54.0131 4068 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:48:54.0289 4068 secdrv - ok
14:48:54.0321 4068 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
14:48:54.0490 4068 seclogon - ok
14:48:54.0533 4068 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
14:48:54.0745 4068 SENS - ok
14:48:54.0807 4068 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:48:54.0918 4068 SensrSvc - ok
14:48:54.0950 4068 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:48:55.0056 4068 Serenum - ok
14:48:55.0116 4068 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:48:55.0213 4068 Serial - ok
14:48:55.0250 4068 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:48:55.0322 4068 sermouse - ok
14:48:55.0396 4068 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
14:48:55.0572 4068 SessionEnv - ok
14:48:55.0621 4068 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
14:48:55.0694 4068 sffdisk - ok
14:48:55.0746 4068 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:48:55.0815 4068 sffp_mmc - ok
14:48:55.0846 4068 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
14:48:55.0963 4068 sffp_sd - ok
14:48:56.0011 4068 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:48:56.0086 4068 sfloppy - ok
14:48:56.0142 4068 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:48:56.0324 4068 SharedAccess - ok
14:48:56.0375 4068 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:48:56.0522 4068 ShellHWDetection - ok
14:48:56.0562 4068 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
14:48:56.0645 4068 sisagp - ok
14:48:56.0715 4068 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:48:56.0806 4068 SiSRaid2 - ok
14:48:56.0832 4068 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:48:56.0928 4068 SiSRaid4 - ok
14:48:57.0024 4068 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:48:57.0132 4068 SkypeUpdate - ok
14:48:57.0207 4068 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:48:57.0373 4068 Smb - ok
14:48:57.0489 4068 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:48:57.0599 4068 SNMPTRAP - ok
14:48:57.0642 4068 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
14:48:57.0713 4068 spldr - ok
14:48:57.0763 4068 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
14:48:57.0891 4068 Spooler - ok
14:48:58.0048 4068 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
14:48:58.0364 4068 sppsvc - ok
14:48:58.0404 4068 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:48:58.0575 4068 sppuinotify - ok
14:48:58.0664 4068 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
14:48:58.0666 4068 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
14:48:58.0673 4068 sptd ( LockedFile.Multi.Generic ) - warning
14:48:58.0673 4068 sptd - detected LockedFile.Multi.Generic (1)
14:48:58.0744 4068 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:48:58.0871 4068 srv - ok
14:48:58.0907 4068 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:48:59.0056 4068 srv2 - ok
14:48:59.0126 4068 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:48:59.0213 4068 srvnet - ok
14:48:59.0294 4068 [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
14:48:59.0364 4068 sscdbus - ok
14:48:59.0392 4068 [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
14:48:59.0451 4068 sscdmdfl - ok
14:48:59.0500 4068 [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
14:48:59.0562 4068 sscdmdm - ok
14:48:59.0625 4068 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:48:59.0823 4068 SSDPSRV - ok
14:48:59.0871 4068 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:49:00.0008 4068 SstpSvc - ok
14:49:00.0145 4068 [ 0A8FA56553913E87AA24A6CE218B88DE ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
14:49:00.0240 4068 STacSV - ok
14:49:00.0282 4068 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:49:00.0354 4068 stexstor - ok
14:49:00.0421 4068 [ 2B50CFED920D4CD973ADBAAAD3FE704F ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
14:49:00.0522 4068 STHDA - ok
14:49:00.0583 4068 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
14:49:00.0746 4068 StiSvc - ok
14:49:00.0812 4068 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:49:00.0855 4068 stllssvr ( UnsignedFile.Multi.Generic ) - warning
14:49:00.0855 4068 stllssvr - detected UnsignedFile.Multi.Generic (1)
14:49:00.0904 4068 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
14:49:00.0981 4068 storflt - ok
14:49:01.0015 4068 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
14:49:01.0112 4068 StorSvc - ok
14:49:01.0149 4068 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
14:49:01.0229 4068 storvsc - ok
14:49:01.0262 4068 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:49:01.0333 4068 swenum - ok
14:49:01.0393 4068 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
14:49:01.0553 4068 swprv - ok
14:49:01.0635 4068 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
14:49:01.0827 4068 SysMain - ok
14:49:01.0875 4068 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:49:02.0027 4068 TabletInputService - ok
14:49:02.0066 4068 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
14:49:02.0235 4068 TapiSrv - ok
14:49:02.0279 4068 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
14:49:02.0454 4068 TBS - ok
14:49:02.0559 4068 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:49:02.0741 4068 Tcpip - ok
14:49:02.0827 4068 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:49:03.0032 4068 TCPIP6 - ok
14:49:03.0082 4068 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:49:03.0257 4068 tcpipreg - ok
14:49:03.0323 4068 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:49:03.0434 4068 TDPIPE - ok
14:49:03.0504 4068 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:49:03.0631 4068 TDTCP - ok
14:49:03.0697 4068 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:49:03.0924 4068 tdx - ok
14:49:03.0951 4068 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:49:04.0029 4068 TermDD - ok
14:49:04.0233 4068 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
14:49:04.0598 4068 TermService - ok
14:49:04.0629 4068 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
14:49:04.0888 4068 Themes - ok
14:49:04.0948 4068 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
14:49:05.0361 4068 THREADORDER - ok
14:49:05.0403 4068 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
14:49:05.0634 4068 TrkWks - ok
14:49:05.0688 4068 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:49:05.0776 4068 TrustedInstaller - ok
14:49:05.0877 4068 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:49:06.0050 4068 tssecsrv - ok
14:49:06.0094 4068 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:49:06.0268 4068 tunnel - ok
14:49:06.0297 4068 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:49:06.0379 4068 uagp35 - ok
14:49:06.0508 4068 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:49:06.0736 4068 udfs - ok
14:49:06.0824 4068 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:49:07.0020 4068 UI0Detect - ok
14:49:07.0084 4068 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
14:49:07.0191 4068 uliagpkx - ok
14:49:07.0247 4068 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:49:07.0437 4068 umbus - ok
14:49:07.0471 4068 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:49:07.0605 4068 UmPass - ok
14:49:07.0732 4068 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
14:49:07.0913 4068 UmRdpService - ok
14:49:07.0960 4068 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
14:49:08.0144 4068 upnphost - ok
14:49:08.0211 4068 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
14:49:08.0302 4068 USBAAPL - ok
14:49:08.0371 4068 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:49:08.0457 4068 usbaudio - ok
14:49:08.0503 4068 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:49:08.0695 4068 usbccgp - ok
14:49:08.0840 4068 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
14:49:09.0002 4068 usbcir - ok
14:49:09.0045 4068 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:49:09.0192 4068 usbehci - ok
14:49:09.0269 4068 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:49:09.0384 4068 usbhub - ok
14:49:09.0411 4068 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:49:09.0519 4068 usbohci - ok
14:49:09.0566 4068 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:49:09.0683 4068 usbprint - ok
14:49:09.0760 4068 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:49:09.0903 4068 usbscan - ok
14:49:10.0091 4068 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:49:10.0227 4068 USBSTOR - ok
14:49:10.0262 4068 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:49:10.0382 4068 usbuhci - ok
14:49:10.0421 4068 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:49:10.0514 4068 usbvideo - ok
14:49:10.0552 4068 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
14:49:10.0716 4068 UxSms - ok
14:49:10.0756 4068 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
14:49:10.0830 4068 VaultSvc - ok
14:49:10.0886 4068 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
14:49:10.0966 4068 vdrvroot - ok
14:49:11.0024 4068 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
14:49:11.0237 4068 vds - ok
14:49:11.0276 4068 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:49:11.0603 4068 vga - ok
14:49:11.0645 4068 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:49:11.0977 4068 VgaSave - ok
14:49:12.0106 4068 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
14:49:12.0195 4068 vhdmp - ok
14:49:12.0260 4068 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
14:49:12.0339 4068 viaagp - ok
14:49:12.0368 4068 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
14:49:12.0478 4068 ViaC7 - ok
14:49:12.0508 4068 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
14:49:12.0582 4068 viaide - ok
14:49:12.0627 4068 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
14:49:12.0710 4068 vmbus - ok
14:49:12.0748 4068 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
14:49:12.0821 4068 VMBusHID - ok
14:49:12.0857 4068 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
14:49:12.0927 4068 volmgr - ok
14:49:12.0979 4068 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:49:13.0082 4068 volmgrx - ok
14:49:13.0109 4068 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
14:49:13.0196 4068 volsnap - ok
14:49:13.0249 4068 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:49:13.0328 4068 vsmraid - ok
14:49:13.0414 4068 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
14:49:13.0553 4068 VSS - ok
14:49:13.0599 4068 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:49:13.0692 4068 vwifibus - ok
14:49:13.0714 4068 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:49:13.0806 4068 vwififlt - ok
14:49:13.0851 4068 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
14:49:14.0039 4068 W32Time - ok
14:49:14.0104 4068 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:49:14.0186 4068 WacomPen - ok
14:49:14.0239 4068 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:49:14.0382 4068 WANARP - ok
14:49:14.0397 4068 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:49:14.0543 4068 Wanarpv6 - ok
14:49:14.0628 4068 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
14:49:14.0874 4068 wbengine - ok
14:49:14.0920 4068 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:49:15.0024 4068 WbioSrvc - ok
14:49:15.0076 4068 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:49:15.0184 4068 wcncsvc - ok
14:49:15.0222 4068 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:49:15.0365 4068 WcsPlugInService - ok
14:49:15.0405 4068 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:49:15.0491 4068 Wd - ok
14:49:15.0540 4068 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:49:15.0654 4068 Wdf01000 - ok
14:49:15.0706 4068 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:49:15.0820 4068 WdiServiceHost - ok
14:49:15.0852 4068 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:49:15.0945 4068 WdiSystemHost - ok
14:49:16.0001 4068 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
14:49:16.0134 4068 WebClient - ok
14:49:16.0168 4068 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:49:16.0343 4068 Wecsvc - ok
14:49:16.0382 4068 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:49:16.0522 4068 wercplsupport - ok
14:49:16.0571 4068 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
14:49:16.0722 4068 WerSvc - ok
14:49:16.0768 4068 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:49:16.0902 4068 WfpLwf - ok
14:49:16.0939 4068 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:49:17.0006 4068 WIMMount - ok
14:49:17.0090 4068 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:49:17.0254 4068 WinDefend - ok
14:49:17.0285 4068 WinHttpAutoProxySvc - ok
14:49:17.0360 4068 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:49:17.0531 4068 Winmgmt - ok
14:49:17.0616 4068 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
14:49:17.0856 4068 WinRM - ok
14:49:17.0938 4068 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
14:49:18.0025 4068 WinUsb - ok
14:49:18.0084 4068 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:49:18.0264 4068 Wlansvc - ok
14:49:18.0411 4068 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:49:18.0625 4068 wlidsvc - ok
14:49:18.0668 4068 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:49:18.0747 4068 WmiAcpi - ok
14:49:18.0801 4068 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:49:18.0903 4068 wmiApSrv - ok
14:49:19.0007 4068 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:49:19.0164 4068 WMPNetworkSvc - ok
14:49:19.0236 4068 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:49:19.0337 4068 WPCSvc - ok
14:49:19.0378 4068 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:49:19.0482 4068 WPDBusEnum - ok
14:49:19.0510 4068 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:49:19.0670 4068 ws2ifsl - ok
14:49:19.0730 4068 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll
14:49:19.0836 4068 wscsvc - ok
14:49:19.0853 4068 WSearch - ok
14:49:19.0963 4068 [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv C:\Windows\system32\wuaueng.dll
14:49:20.0263 4068 wuauserv - ok
14:49:20.0311 4068 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:49:20.0462 4068 WudfPf - ok
14:49:20.0505 4068 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:49:20.0702 4068 WUDFRd - ok
14:49:20.0752 4068 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:49:20.0931 4068 wudfsvc - ok
14:49:20.0975 4068 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:49:21.0115 4068 WwanSvc - ok
14:49:21.0226 4068 ================ Scan global ===============================
14:49:21.0257 4068 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
14:49:21.0314 4068 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
14:49:21.0355 4068 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
14:49:21.0405 4068 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:49:21.0444 4068 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:49:21.0467 4068 [Global] - ok
14:49:21.0470 4068 ================ Scan MBR ==================================
14:49:21.0500 4068 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:49:22.0027 4068 \Device\Harddisk0\DR0 - ok
14:49:22.0037 4068 ================ Scan VBR ==================================
14:49:22.0051 4068 [ 4B53CF97B6871DAA2EE3FDC8AC41AD11 ] \Device\Harddisk0\DR0\Partition1
14:49:22.0056 4068 \Device\Harddisk0\DR0\Partition1 - ok
14:49:22.0088 4068 [ 39AE6C96E4DC75B99EAA5D272666764F ] \Device\Harddisk0\DR0\Partition2
14:49:22.0094 4068 \Device\Harddisk0\DR0\Partition2 - ok
14:49:22.0096 4068 ============================================================
14:49:22.0096 4068 Scan finished
14:49:22.0096 4068 ============================================================
14:49:22.0156 5272 Detected object count: 7
14:49:22.0156 5272 Actual detected object count: 7
14:49:40.0915 5272 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:49:40.0915 5272 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:49:40.0923 5272 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
14:49:40.0924 5272 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:49:40.0932 5272 mi-raysat_3dsmax2011_32 ( UnsignedFile.Multi.Generic ) - skipped by user
14:49:40.0932 5272 mi-raysat_3dsmax2011_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:49:40.0942 5272 NAL ( UnsignedFile.Multi.Generic ) - skipped by user
14:49:40.0943 5272 NAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:49:40.0953 5272 ovt519 ( UnsignedFile.Multi.Generic ) - skipped by user
14:49:40.0953 5272 ovt519 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:49:40.0961 5272 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:49:40.0961 5272 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:49:40.0967 5272 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
14:49:40.0967 5272 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:50:46.0892 5740 Deinitialize success
aswMBR Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-30 14:27:07
-----------------------------
14:27:07.377 OS Version: Windows 6.1.7600
14:27:07.377 Number of processors: 2 586 0x170A
14:27:07.386 ComputerName: MASTER-PC UserName: Student
14:27:10.759 Initialize success
14:28:56.597 AVAST engine defs: 12113000
14:29:36.202 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:29:36.212 Disk 0 Vendor: ST9160412ASG 0003SDM1 Size: 152627MB BusType: 11
14:29:36.248 Disk 0 MBR read successfully
14:29:36.258 Disk 0 MBR scan
14:29:36.275 Disk 0 Windows 7 default MBR code
14:29:36.289 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 109 MB offset 63
14:29:36.317 Disk 0 Partition 2 00 DE Dell Utility NTFS 1608 MB offset 224910
14:29:36.351 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 56980 MB offset 3518235
14:29:36.394 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 55772 MB offset 120214395
14:29:36.423 Disk 0 scanning sectors +234436545
14:29:36.516 Disk 0 scanning C:\Windows\system32\drivers
14:30:01.925 Service scanning
14:30:59.056 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:31:14.577 Modules scanning
14:31:31.944 Disk 0 trace - called modules:
14:31:31.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x862b61f8]<<
14:31:32.017 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871c1460]
14:31:32.049 3 CLASSPNP.SYS[8d5a259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8708e908]
14:31:32.088 \Driver\atapi[0x8701a478] -> IRP_MJ_CREATE -> 0x862b61f8
14:31:35.514 AVAST engine scan C:\Windows
14:31:38.754 AVAST engine scan C:\Windows\system32
14:37:55.978 AVAST engine scan C:\Windows\system32\drivers
14:38:23.935 AVAST engine scan C:\Users\Student
14:44:48.856 Disk 0 MBR has been saved successfully to "C:\Users\Student\Desktop\MBR.dat"
14:44:49.547 The log file has been saved successfully to "C:\Users\Student\Desktop\aswMBR.txt"
Danke für jegliche Hilfestellung! Falk Geändert von falkuall (30.11.2012 um 15:31 Uhr) |
|
30.11.2012, 16:17
| #2 | |||
| /// TB-Ausbilder  |  CPU Auslastung verdächtig hoch, kein Grund erkennbar Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Schritt 3: Scan mit Combofix
__________________ |
|
01.12.2012, 02:43
| #3 |
| | CPU Auslastung verdächtig hoch, kein Grund erkennbar Super, danke erstmal für die schnelle Antwort!
__________________defogger_disable.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:40 on 01/12/2012 (Student)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
AdwCleaner Status: Erfolgreich ausgeführt Combofix.txt [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-11-30.02 - Student 01.12.2012 1:58.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3539.2539 [GMT 1:00]
ausgeführt von:: c:\users\Student\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Student\AppData\Roaming\Fyylri
c:\users\Student\AppData\Roaming\Fyylri\zovuit.exe
c:\users\Student\AppData\Roaming\Pifuky
c:\users\Student\AppData\Roaming\Pifuky\isguac.ero
c:\users\Student\AppData\Roaming\Pifuky\isguac.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\zip32.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-01 bis 2012-12-01 ))))))))))))))))))))))))))))))
.
.
2012-12-01 01:27 . 2012-12-01 01:28 -------- d-----w- c:\users\Student\AppData\Local\temp
2012-12-01 01:27 . 2012-12-01 01:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-01 01:27 . 2012-12-01 01:27 -------- d-----w- c:\users\Master\AppData\Local\temp
2012-12-01 01:02 . 2012-12-01 01:02 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47C907FC-90FB-4BB3-86B7-50DB90162EB1}\offreg.dll
2012-11-23 11:33 . 2010-02-16 14:22 155984 ----a-w- c:\windows\system32\comdlg32.ocx
2012-11-23 11:33 . 2004-03-08 23:00 224016 ----a-w- c:\windows\system32\tabctl32.ocx
2012-11-23 11:33 . 2012-11-23 11:33 -------- d-----w- c:\program files\MagicBerry for Blackberry
2012-11-22 04:27 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47C907FC-90FB-4BB3-86B7-50DB90162EB1}\mpengine.dll
2012-11-10 17:01 . 2012-09-24 22:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 22:21 . 2012-04-02 08:51 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 22:21 . 2012-04-02 08:51 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-01 07:43 . 2012-05-10 09:32 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-01 07:43 . 2010-11-30 09:11 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-25 17:32 . 2003-10-17 11:44 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-25 17:32 . 2003-10-17 11:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-04 18:07 . 2012-09-04 18:07 57344 ----a-r- c:\users\Student\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2009-05-14 19:02 . 2009-05-14 19:02 3392872 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-05-14 19:02 . 2009-05-14 19:02 3298152 ----a-w- c:\program files\Common Files\adlmint.dll
2009-05-01 21:02 . 2012-10-29 16:50 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2012-10-29 16:50 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-11-20 06:17 . 2012-10-29 16:50 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Student\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-26 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-17 278528]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-07-09 261736]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-09 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
.
c:\users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-07-30 13:02 640480 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-07-31 02:19 41944 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 10:00 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-09-15 13:44 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-07-07 23:45 116648 ----atw- c:\users\Student\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-08-07 03:29 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 19:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]
2011-10-30 13:44 571392 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-07 21:54 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-11-02 00:00 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-10-26 17:54 1199576 ----a-w- c:\users\Student\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-25 17:32 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
R4 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [x]
S2 alssvc;Ambient Light Sensor;c:\program files\Dell\Ambient Light Sensor\AlsSvc.exe [x]
S3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [x]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-19 16:33]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-19 16:33]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3946062036-707197434-3212569293-1003Core.job
- c:\users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07 23:45]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3946062036-707197434-3212569293-1003UA.job
- c:\users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07 23:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyServer = 172.16.254.200:3128
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{C648493D-DCD1-4850-8AD9-8205C6590ABA}: NameServer = 192.168.50.1
FF - ProfilePath - c:\users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\qkqh5sld.default\
FF - prefs.js: network.proxy.ftp - 172.16.254.200
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 172.16.254.200
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 172.16.254.200
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 172.16.254.200
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 172.16.254.200
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
SafeBoot-Wdf01000.sys
MSConfigStartUp-{77CDE80D-E172-E237-CC90-689B6B9A39E6} - c:\users\Student\AppData\Roaming\Fyylri\zovuit.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-01 02:33:23
ComboFix-quarantined-files.txt 2012-12-01 01:33
.
Vor Suchlauf: 3.270.213.632 Bytes frei
Nach Suchlauf: 3.928.485.888 Bytes frei
.
- - End Of File - - 6719F200171D24735AF34374469A2B1F
Habe keine Fehlermeldung nach Neustart nach Combofix Durchlauf bekommen. Vielen Dank für die Mühe! Falk |
|
01.12.2012, 09:41
| #4 |
| /// TB-Ausbilder | CPU Auslastung verdächtig hoch, kein Grund erkennbar Dann weiter: Schritt 1: Windows-Defender abschalten Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:
Schritt 2: Scan mit MBAR Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
01.12.2012, 15:34
| #5 |
| | CPU Auslastung verdächtig hoch, kein Grund erkennbar Okay so: Windows Defender: Ausgeschaltet Status MBAR: Kein Cleanup Notwendig da keine Malware gefunden wurde, hier ist die Log File: Code:
ATTFilter Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
Database version: v2012.12.01.06
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Student :: MASTER-PC [administrator]
01.12.2012 15:16:54
mbar-log-2012-12-01 (15-16-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 36328
Time elapsed: 1 hour(s), 42 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
01.12.2012, 16:28
| #6 | |
| /// TB-Ausbilder | CPU Auslastung verdächtig hoch, kein Grund erkennbar Gut!  Wir müssen jetzt noch ein paar Kontrollen machen. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Java Update (Windows XP, Vista, 7) Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
__________________ --> CPU Auslastung verdächtig hoch, kein Grund erkennbar |
|
03.12.2012, 11:26
| #7 |
| | CPU Auslastung verdächtig hoch, kein Grund erkennbar Mercii MalwareBytes Log Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.01.07 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Student :: MASTER-PC [Administrator] 01.12.2012 18:19:15 mbam-log-2012-12-01 (18-19-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 294021 Laufzeit: 14 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\Qoobox\Quarantine\C\Users\Student\AppData\Roaming\Fyylri\zovuit.exe.vir Win32/Kryptik.AAYC trojan
Java: Aktuell und alte Versionen sind weg! InternetDateien sind gelöscht! Sehe du bist heut im Ruhetag, dann bis Morgen! |
|
04.12.2012, 15:24
| #8 |
| /// TB-Ausbilder | CPU Auslastung verdächtig hoch, kein Grund erkennbar Du machst da bitte nix! Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
04.12.2012, 15:31
| #9 |
| | CPU Auslastung verdächtig hoch, kein Grund erkennbar Okey Dokey Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Anti-Virus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 CCleaner JavaFX 2.1.1 Java 7 Update 9 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.5.502.110 Mozilla Firefox (17.0) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
04.12.2012, 15:39
| #10 |
| /// TB-Ausbilder | CPU Auslastung verdächtig hoch, kein Grund erkennbar Fein Schritt 1: Entferne CCleaner und den alten Flashplayer Schritt 2: Windows 7 Service Pack 1 installieren
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
04.12.2012, 18:08
| #11 |
| | CPU Auslastung verdächtig hoch, kein Grund erkennbar Oooookay, Done, CPU Auslastung ist auf jeeeden Fall bessergeworden! Wars das jetzt? was ist mit dem Trojaner von vorher? ist der Weg? Vielen vielen Dank!  |
|
05.12.2012, 14:31
| #12 | ||||
| /// TB-Ausbilder | CPU Auslastung verdächtig hoch, kein Grund erkennbar Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren
Schritt 2: ESET deinstallieren (Optional) Abschließend noch Tipps zu folgenden Themen:
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
05.12.2012, 16:52
| #13 |
| | CPU Auslastung verdächtig hoch, kein Grund erkennbar Herzlichen Dank Ryder  |
|
05.12.2012, 17:08
| #14 |
| /// TB-Ausbilder | CPU Auslastung verdächtig hoch, kein Grund erkennbar Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu CPU Auslastung verdächtig hoch, kein Grund erkennbar |
| 100%, 100% cpu-auslastung, adobe, aswmbr, auslastung, avast, avp, bonjour, browser, classpnp.sys, computer, cpu, defender, desktop, dxgkrnl, fontcache, google, kaspersky, lanmanworkstation, lockedfile.multi.generic, log, log file, monitor, object, policyagent, problem, rootkit, scan, server, sigcheck, software, trustedinstaller, tunnel, unsignedfile.multi.generic, windows, wiso, wlansvc, wmp, wsearch |
Button.
und dann 
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
