| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Virus löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.12.2012, 14:03
| #1 |
| |  GVU Virus löschen Hallo Habe mir den GVU Virus eingefangen. habe nun mit Malwarebytes Anti-Malware gescannt. 1 Infizierung wurde gefunden die ich entfernt habe. Hier die Log-Daten aus Malwarebytes Anti-Malware; Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.19.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Bäre :: BÄRE-PC [Administrator] Schutz: Aktiviert 19.12.2012 13:46:05 mbam-log-2012-12-19 (13-46-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 221802 Laufzeit: 5 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\$Recycle.Bin\S-1-5-21-3327968002-431253664-1938381833-1000\$R95WS1V.dll (Trojan.Agent.BEWVGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ****** Ist der PC jetzt sauber oder was muss ich noch tun? Vielen Dank schonmal für Eure Hilfe |
|
19.12.2012, 14:29
| #2 | |
| /// TB-Ausbilder  | GVU Virus löschen Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: Scan mit aswMBR Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Schritt 4: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________ |
|
19.12.2012, 15:43
| #3 |
| | GVU Virus löschen Hallo und schon mal vielen Dank.
__________________anbei die Infos zu defogger_disable. ********** defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:37 on 19/12/2012 (Bäre) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- |
|
19.12.2012, 15:53
| #4 |
| /// TB-Ausbilder | GVU Virus löschen Gelesen und verstanden?
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
19.12.2012, 16:31
| #5 |
| | GVU Virus löschen Sorry, ja ich hab es nun verstanden. Zum Schritt 1: Inhalt der defogger_disable.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:37 on 19/12/2012 (Bäre)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-19 16:00:38
-----------------------------
16:00:38.736 OS Version: Windows 6.1.7601 Service Pack 1
16:00:38.736 Number of processors: 4 586 0x1E05
16:00:38.736 ComputerName: BÄRE-PC UserName: Bäre
16:00:40.623 Initialize success
16:00:48.002 AVAST engine defs: 12121900
16:02:10.433 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:02:10.448 Disk 0 Vendor: ST3750330NS SN06 Size: 715404MB BusType: 3
16:02:10.464 Disk 0 MBR read successfully
16:02:10.464 Disk 0 MBR scan
16:02:10.480 Disk 0 Windows 7 default MBR code
16:02:10.526 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 307200 MB offset 2048
16:02:10.542 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 408202 MB offset 629147648
16:02:10.573 Disk 0 scanning sectors +1465145344
16:02:10.667 Disk 0 scanning C:\Windows\system32\drivers
16:02:27.109 Service scanning
16:02:50.651 Modules scanning
16:02:57.047 Disk 0 trace - called modules:
16:02:57.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
16:02:57.577 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b3ea40]
16:02:57.577 3 CLASSPNP.SYS[8bc0459e] -> nt!IofCallDriver -> [0x86894898]
16:02:57.593 5 ACPI.sys[8b6a53d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85bd8908]
16:02:57.593 Scan finished successfully
16:05:51.954 Disk 0 MBR has been saved successfully to "C:\Users\Bäre\Desktop\MBR.dat"
16:05:51.954 The log file has been saved successfully to "C:\Users\Bäre\Desktop\aswMBR.txt"
Code:
ATTFilter 16:06:58.0071 3512 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:06:58.0242 3512 ============================================================
16:06:58.0242 3512 Current date / time: 2012/12/19 16:06:58.0242
16:06:58.0242 3512 SystemInfo:
16:06:58.0242 3512
16:06:58.0242 3512 OS Version: 6.1.7601 ServicePack: 1.0
16:06:58.0242 3512 Product type: Workstation
16:06:58.0242 3512 ComputerName: BÄRE-PC
16:06:58.0242 3512 UserName: Bäre
16:06:58.0242 3512 Windows directory: C:\Windows
16:06:58.0242 3512 System windows directory: C:\Windows
16:06:58.0242 3512 Processor architecture: Intel x86
16:06:58.0242 3512 Number of processors: 4
16:06:58.0242 3512 Page size: 0x1000
16:06:58.0242 3512 Boot type: Normal boot
16:06:58.0242 3512 ============================================================
16:06:59.0178 3512 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:06:59.0178 3512 ============================================================
16:06:59.0178 3512 \Device\Harddisk0\DR0:
16:06:59.0178 3512 MBR partitions:
16:06:59.0178 3512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x25800000
16:06:59.0178 3512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25800800, BlocksNum 0x31D45000
16:06:59.0178 3512 ============================================================
16:06:59.0210 3512 C: <-> \Device\Harddisk0\DR0\Partition1
16:06:59.0225 3512 D: <-> \Device\Harddisk0\DR0\Partition2
16:06:59.0225 3512 ============================================================
16:06:59.0225 3512 Initialize success
16:06:59.0225 3512 ============================================================
16:07:15.0714 4448 ============================================================
16:07:15.0714 4448 Scan started
16:07:15.0714 4448 Mode: Manual; TDLFS;
16:07:15.0714 4448 ============================================================
16:07:16.0401 4448 ================ Scan system memory ========================
16:07:16.0401 4448 System memory - ok
16:07:16.0401 4448 ================ Scan services =============================
16:07:16.0494 4448 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:07:16.0494 4448 1394ohci - ok
16:07:16.0541 4448 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:07:16.0557 4448 ACPI - ok
16:07:16.0572 4448 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:07:16.0572 4448 AcpiPmi - ok
16:07:16.0604 4448 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:07:16.0604 4448 adp94xx - ok
16:07:16.0619 4448 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:07:16.0635 4448 adpahci - ok
16:07:16.0650 4448 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:07:16.0650 4448 adpu320 - ok
16:07:16.0666 4448 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:07:16.0666 4448 AeLookupSvc - ok
16:07:16.0697 4448 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:07:16.0713 4448 AFD - ok
16:07:16.0713 4448 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:07:16.0728 4448 agp440 - ok
16:07:16.0728 4448 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:07:16.0728 4448 aic78xx - ok
16:07:16.0744 4448 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:07:16.0744 4448 ALG - ok
16:07:16.0760 4448 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:07:16.0760 4448 aliide - ok
16:07:16.0775 4448 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:07:16.0775 4448 amdagp - ok
16:07:16.0806 4448 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:07:16.0806 4448 amdide - ok
16:07:16.0822 4448 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:07:16.0822 4448 AmdK8 - ok
16:07:16.0838 4448 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:07:16.0838 4448 AmdPPM - ok
16:07:16.0853 4448 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:07:16.0853 4448 amdsata - ok
16:07:16.0869 4448 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:07:16.0869 4448 amdsbs - ok
16:07:16.0884 4448 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:07:16.0884 4448 amdxata - ok
16:07:16.0962 4448 [ F52603B708438E39FF38475807A01CBC ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
16:07:16.0978 4448 Amsp - ok
16:07:17.0009 4448 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:07:17.0009 4448 AppID - ok
16:07:17.0025 4448 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:07:17.0025 4448 AppIDSvc - ok
16:07:17.0056 4448 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
16:07:17.0056 4448 Appinfo - ok
16:07:17.0072 4448 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
16:07:17.0072 4448 AppMgmt - ok
16:07:17.0087 4448 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:07:17.0087 4448 arc - ok
16:07:17.0103 4448 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:07:17.0103 4448 arcsas - ok
16:07:17.0118 4448 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:07:17.0118 4448 AsyncMac - ok
16:07:17.0118 4448 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:07:17.0118 4448 atapi - ok
16:07:17.0165 4448 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:07:17.0181 4448 AudioEndpointBuilder - ok
16:07:17.0181 4448 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:07:17.0196 4448 Audiosrv - ok
16:07:17.0196 4448 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:07:17.0212 4448 AxInstSV - ok
16:07:17.0228 4448 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:07:17.0228 4448 b06bdrv - ok
16:07:17.0243 4448 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:07:17.0243 4448 b57nd60x - ok
16:07:17.0259 4448 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:07:17.0274 4448 BDESVC - ok
16:07:17.0274 4448 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:07:17.0274 4448 Beep - ok
16:07:17.0306 4448 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:07:17.0306 4448 BFE - ok
16:07:17.0337 4448 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
16:07:17.0352 4448 BITS - ok
16:07:17.0368 4448 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:07:17.0368 4448 blbdrive - ok
16:07:17.0384 4448 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:07:17.0384 4448 bowser - ok
16:07:17.0399 4448 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:07:17.0399 4448 BrFiltLo - ok
16:07:17.0415 4448 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:07:17.0415 4448 BrFiltUp - ok
16:07:17.0446 4448 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:07:17.0446 4448 Browser - ok
16:07:17.0462 4448 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:07:17.0462 4448 Brserid - ok
16:07:17.0477 4448 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:07:17.0477 4448 BrSerWdm - ok
16:07:17.0493 4448 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:07:17.0493 4448 BrUsbMdm - ok
16:07:17.0508 4448 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:07:17.0508 4448 BrUsbSer - ok
16:07:17.0524 4448 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:07:17.0524 4448 BTHMODEM - ok
16:07:17.0540 4448 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:07:17.0540 4448 bthserv - ok
16:07:17.0555 4448 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:07:17.0555 4448 cdfs - ok
16:07:17.0586 4448 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:07:17.0586 4448 cdrom - ok
16:07:17.0602 4448 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:07:17.0602 4448 CertPropSvc - ok
16:07:17.0618 4448 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:07:17.0618 4448 circlass - ok
16:07:17.0633 4448 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:07:17.0649 4448 CLFS - ok
16:07:17.0696 4448 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:07:17.0727 4448 clr_optimization_v2.0.50727_32 - ok
16:07:17.0805 4448 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:07:17.0820 4448 clr_optimization_v4.0.30319_32 - ok
16:07:17.0836 4448 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:07:17.0836 4448 CmBatt - ok
16:07:17.0852 4448 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:07:17.0852 4448 cmdide - ok
16:07:17.0883 4448 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
16:07:17.0883 4448 CNG - ok
16:07:17.0898 4448 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:07:17.0898 4448 Compbatt - ok
16:07:17.0914 4448 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:07:17.0914 4448 CompositeBus - ok
16:07:17.0914 4448 COMSysApp - ok
16:07:17.0930 4448 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:07:17.0945 4448 crcdisk - ok
16:07:17.0976 4448 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:07:17.0976 4448 CryptSvc - ok
16:07:18.0008 4448 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
16:07:18.0008 4448 CSC - ok
16:07:18.0039 4448 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
16:07:18.0054 4448 CscService - ok
16:07:18.0101 4448 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:07:18.0117 4448 DcomLaunch - ok
16:07:18.0148 4448 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:07:18.0148 4448 defragsvc - ok
16:07:18.0179 4448 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:07:18.0179 4448 DfsC - ok
16:07:18.0210 4448 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:07:18.0210 4448 Dhcp - ok
16:07:18.0226 4448 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:07:18.0226 4448 discache - ok
16:07:18.0226 4448 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:07:18.0226 4448 Disk - ok
16:07:18.0257 4448 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:07:18.0257 4448 Dnscache - ok
16:07:18.0288 4448 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:07:18.0288 4448 dot3svc - ok
16:07:18.0320 4448 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
16:07:18.0320 4448 Dot4 - ok
16:07:18.0335 4448 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
16:07:18.0335 4448 Dot4Print - ok
16:07:18.0351 4448 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
16:07:18.0351 4448 dot4usb - ok
16:07:18.0366 4448 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:07:18.0366 4448 DPS - ok
16:07:18.0382 4448 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:07:18.0382 4448 drmkaud - ok
16:07:18.0413 4448 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:07:18.0429 4448 DXGKrnl - ok
16:07:18.0460 4448 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:07:18.0460 4448 EapHost - ok
16:07:18.0522 4448 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:07:18.0569 4448 ebdrv - ok
16:07:18.0585 4448 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:07:18.0585 4448 EFS - ok
16:07:18.0616 4448 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:07:18.0663 4448 ehRecvr - ok
16:07:18.0678 4448 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:07:18.0694 4448 ehSched - ok
16:07:18.0710 4448 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:07:18.0725 4448 elxstor - ok
16:07:18.0741 4448 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:07:18.0741 4448 ErrDev - ok
16:07:18.0772 4448 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:07:18.0788 4448 EventSystem - ok
16:07:18.0803 4448 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:07:18.0803 4448 exfat - ok
16:07:18.0819 4448 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:07:18.0819 4448 fastfat - ok
16:07:18.0850 4448 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:07:18.0850 4448 Fax - ok
16:07:18.0866 4448 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:07:18.0866 4448 fdc - ok
16:07:18.0881 4448 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:07:18.0881 4448 fdPHost - ok
16:07:18.0897 4448 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:07:18.0897 4448 FDResPub - ok
16:07:18.0897 4448 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:07:18.0912 4448 FileInfo - ok
16:07:18.0912 4448 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:07:18.0912 4448 Filetrace - ok
16:07:18.0944 4448 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:07:18.0975 4448 FLEXnet Licensing Service - ok
16:07:18.0990 4448 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:07:18.0990 4448 flpydisk - ok
16:07:19.0006 4448 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:07:19.0006 4448 FltMgr - ok
16:07:19.0037 4448 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
16:07:19.0037 4448 FontCache - ok
16:07:19.0084 4448 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:07:19.0100 4448 FontCache3.0.0.0 - ok
16:07:19.0115 4448 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:07:19.0115 4448 FsDepends - ok
16:07:19.0131 4448 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:07:19.0131 4448 Fs_Rec - ok
16:07:19.0146 4448 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:07:19.0146 4448 fvevol - ok
16:07:19.0162 4448 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:07:19.0162 4448 gagp30kx - ok
16:07:19.0178 4448 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:07:19.0178 4448 GEARAspiWDM - ok
16:07:19.0193 4448 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:07:19.0209 4448 gpsvc - ok
16:07:19.0240 4448 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:07:19.0256 4448 hcw85cir - ok
16:07:19.0302 4448 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:07:19.0302 4448 HdAudAddService - ok
16:07:19.0334 4448 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:07:19.0334 4448 HDAudBus - ok
16:07:19.0334 4448 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:07:19.0349 4448 HidBatt - ok
16:07:19.0349 4448 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:07:19.0365 4448 HidBth - ok
16:07:19.0365 4448 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:07:19.0365 4448 HidIr - ok
16:07:19.0380 4448 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
16:07:19.0396 4448 hidserv - ok
16:07:19.0412 4448 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:07:19.0412 4448 HidUsb - ok
16:07:19.0443 4448 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:07:19.0443 4448 hkmsvc - ok
16:07:19.0474 4448 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:07:19.0474 4448 HomeGroupListener - ok
16:07:19.0490 4448 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:07:19.0490 4448 HomeGroupProvider - ok
16:07:19.0552 4448 [ D1E9CB573A9EDF7BE12E9C57F32E97F7 ] HP LaserJet Service C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
16:07:19.0583 4448 HP LaserJet Service - ok
16:07:19.0599 4448 [ 6F98A555ACF3C1B68FCC1F50E0FD2091 ] HPFXBULKLEDM C:\Windows\system32\drivers\hppcbulkio.sys
16:07:19.0614 4448 HPFXBULKLEDM - ok
16:07:19.0630 4448 [ 7F854BD9C113B4569CE6579EA3847A2A ] HPFXFAX C:\Windows\system32\drivers\hppcfaxio.sys
16:07:19.0630 4448 HPFXFAX - ok
16:07:19.0646 4448 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:07:19.0646 4448 HpSAMD - ok
16:07:19.0677 4448 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:07:19.0692 4448 HTTP - ok
16:07:19.0708 4448 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:07:19.0708 4448 hwpolicy - ok
16:07:19.0739 4448 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:07:19.0739 4448 i8042prt - ok
16:07:19.0755 4448 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:07:19.0755 4448 iaStorV - ok
16:07:19.0802 4448 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:07:19.0848 4448 idsvc - ok
16:07:19.0848 4448 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:07:19.0864 4448 iirsp - ok
16:07:19.0895 4448 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:07:19.0895 4448 IKEEXT - ok
16:07:19.0895 4448 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:07:19.0911 4448 intelide - ok
16:07:19.0911 4448 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:07:19.0911 4448 intelppm - ok
16:07:19.0926 4448 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:07:19.0942 4448 IPBusEnum - ok
16:07:19.0942 4448 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:07:19.0942 4448 IpFilterDriver - ok
16:07:19.0973 4448 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:07:19.0973 4448 iphlpsvc - ok
16:07:19.0989 4448 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:07:19.0989 4448 IPMIDRV - ok
16:07:20.0004 4448 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:07:20.0004 4448 IPNAT - ok
16:07:20.0004 4448 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:07:20.0004 4448 IRENUM - ok
16:07:20.0020 4448 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:07:20.0020 4448 isapnp - ok
16:07:20.0036 4448 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:07:20.0051 4448 iScsiPrt - ok
16:07:20.0114 4448 [ 3D6B76B5875A3BC12FB6051C2D5ADE59 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
16:07:20.0114 4448 JRAID - ok
16:07:20.0129 4448 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:07:20.0129 4448 kbdclass - ok
16:07:20.0145 4448 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:07:20.0145 4448 kbdhid - ok
16:07:20.0160 4448 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:07:20.0160 4448 KeyIso - ok
16:07:20.0192 4448 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:07:20.0192 4448 KSecDD - ok
16:07:20.0223 4448 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:07:20.0223 4448 KSecPkg - ok
16:07:20.0238 4448 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:07:20.0238 4448 KtmRm - ok
16:07:20.0270 4448 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
16:07:20.0270 4448 LanmanServer - ok
16:07:20.0301 4448 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:07:20.0301 4448 LanmanWorkstation - ok
16:07:20.0316 4448 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:07:20.0316 4448 lltdio - ok
16:07:20.0332 4448 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:07:20.0332 4448 lltdsvc - ok
16:07:20.0332 4448 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:07:20.0348 4448 lmhosts - ok
16:07:20.0363 4448 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:07:20.0363 4448 LSI_FC - ok
16:07:20.0379 4448 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:07:20.0379 4448 LSI_SAS - ok
16:07:20.0394 4448 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:07:20.0394 4448 LSI_SAS2 - ok
16:07:20.0394 4448 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:07:20.0410 4448 LSI_SCSI - ok
16:07:20.0410 4448 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:07:20.0426 4448 luafv - ok
16:07:20.0441 4448 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:07:20.0457 4448 MBAMProtector - ok
16:07:20.0488 4448 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:07:20.0550 4448 MBAMScheduler - ok
16:07:20.0597 4448 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:07:20.0613 4448 MBAMService - ok
16:07:20.0644 4448 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:07:20.0644 4448 Mcx2Svc - ok
16:07:20.0660 4448 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:07:20.0660 4448 megasas - ok
16:07:20.0675 4448 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:07:20.0675 4448 MegaSR - ok
16:07:20.0691 4448 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:07:20.0691 4448 MMCSS - ok
16:07:20.0706 4448 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:07:20.0706 4448 Modem - ok
16:07:20.0722 4448 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:07:20.0722 4448 monitor - ok
16:07:20.0722 4448 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
16:07:20.0722 4448 mouclass - ok
16:07:20.0738 4448 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:07:20.0738 4448 mouhid - ok
16:07:20.0753 4448 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:07:20.0769 4448 mountmgr - ok
16:07:20.0800 4448 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:07:20.0831 4448 MozillaMaintenance - ok
16:07:20.0847 4448 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:07:20.0847 4448 mpio - ok
16:07:20.0862 4448 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:07:20.0862 4448 mpsdrv - ok
16:07:20.0894 4448 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:07:20.0894 4448 MpsSvc - ok
16:07:20.0925 4448 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:07:20.0925 4448 MRxDAV - ok
16:07:20.0956 4448 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:07:20.0956 4448 mrxsmb - ok
16:07:20.0972 4448 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:07:20.0987 4448 mrxsmb10 - ok
16:07:20.0987 4448 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:07:20.0987 4448 mrxsmb20 - ok
16:07:21.0018 4448 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:07:21.0018 4448 msahci - ok
16:07:21.0034 4448 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:07:21.0034 4448 msdsm - ok
16:07:21.0050 4448 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:07:21.0050 4448 MSDTC - ok
16:07:21.0065 4448 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:07:21.0065 4448 Msfs - ok
16:07:21.0081 4448 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:07:21.0081 4448 mshidkmdf - ok
16:07:21.0096 4448 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:07:21.0096 4448 msisadrv - ok
16:07:21.0096 4448 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:07:21.0112 4448 MSiSCSI - ok
16:07:21.0112 4448 msiserver - ok
16:07:21.0112 4448 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:07:21.0112 4448 MSKSSRV - ok
16:07:21.0128 4448 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:07:21.0128 4448 MSPCLOCK - ok
16:07:21.0143 4448 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:07:21.0143 4448 MSPQM - ok
16:07:21.0159 4448 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:07:21.0159 4448 MsRPC - ok
16:07:21.0174 4448 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:07:21.0174 4448 mssmbios - ok
16:07:21.0190 4448 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:07:21.0190 4448 MSTEE - ok
16:07:21.0206 4448 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:07:21.0206 4448 MTConfig - ok
16:07:21.0221 4448 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
16:07:21.0221 4448 MTsensor - ok
16:07:21.0237 4448 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:07:21.0237 4448 Mup - ok
16:07:21.0252 4448 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:07:21.0252 4448 napagent - ok
16:07:21.0252 4448 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:07:21.0268 4448 NativeWifiP - ok
16:07:21.0299 4448 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:07:21.0299 4448 NDIS - ok
16:07:21.0330 4448 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:07:21.0330 4448 NdisCap - ok
16:07:21.0346 4448 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:07:21.0346 4448 NdisTapi - ok
16:07:21.0362 4448 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:07:21.0377 4448 Ndisuio - ok
16:07:21.0393 4448 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:07:21.0393 4448 NdisWan - ok
16:07:21.0408 4448 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:07:21.0408 4448 NDProxy - ok
16:07:21.0424 4448 [ 80B7A96F908DA13617E7E6832C5C6A64 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:07:21.0440 4448 Net Driver HPZ12 - ok
16:07:21.0440 4448 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:07:21.0455 4448 NetBIOS - ok
16:07:21.0471 4448 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:07:21.0471 4448 NetBT - ok
16:07:21.0486 4448 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:07:21.0486 4448 Netlogon - ok
16:07:21.0502 4448 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:07:21.0518 4448 Netman - ok
16:07:21.0533 4448 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:07:21.0533 4448 netprofm - ok
16:07:21.0549 4448 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:07:21.0564 4448 NetTcpPortSharing - ok
16:07:21.0580 4448 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:07:21.0580 4448 nfrd960 - ok
16:07:21.0596 4448 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:07:21.0596 4448 NlaSvc - ok
16:07:21.0611 4448 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:07:21.0611 4448 Npfs - ok
16:07:21.0627 4448 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:07:21.0627 4448 nsi - ok
16:07:21.0642 4448 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:07:21.0642 4448 nsiproxy - ok
16:07:21.0674 4448 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:07:21.0705 4448 Ntfs - ok
16:07:21.0705 4448 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:07:21.0705 4448 Null - ok
16:07:21.0908 4448 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:07:22.0126 4448 nvlddmkm - ok
16:07:22.0157 4448 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:07:22.0157 4448 nvraid - ok
16:07:22.0173 4448 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:07:22.0173 4448 nvstor - ok
16:07:22.0204 4448 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:07:22.0220 4448 nvsvc - ok
16:07:22.0282 4448 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:07:22.0298 4448 nvUpdatusService - ok
16:07:22.0313 4448 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:07:22.0313 4448 nv_agp - ok
16:07:22.0376 4448 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:07:22.0407 4448 odserv - ok
16:07:22.0438 4448 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:07:22.0438 4448 ohci1394 - ok
16:07:22.0469 4448 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:07:22.0485 4448 ose - ok
16:07:22.0610 4448 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:07:22.0625 4448 osppsvc - ok
16:07:22.0656 4448 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:07:22.0656 4448 p2pimsvc - ok
16:07:22.0672 4448 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:07:22.0688 4448 p2psvc - ok
16:07:22.0703 4448 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:07:22.0703 4448 Parport - ok
16:07:22.0734 4448 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:07:22.0734 4448 partmgr - ok
16:07:22.0750 4448 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:07:22.0750 4448 Parvdm - ok
16:07:22.0750 4448 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:07:22.0766 4448 PcaSvc - ok
16:07:22.0781 4448 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:07:22.0781 4448 pci - ok
16:07:22.0797 4448 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:07:22.0797 4448 pciide - ok
16:07:22.0812 4448 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:07:22.0828 4448 pcmcia - ok
16:07:22.0844 4448 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:07:22.0844 4448 pcw - ok
16:07:22.0859 4448 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:07:22.0859 4448 PEAUTH - ok
16:07:22.0922 4448 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:07:22.0937 4448 PeerDistSvc - ok
16:07:23.0000 4448 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:07:23.0015 4448 pla - ok
16:07:23.0046 4448 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:07:23.0046 4448 PlugPlay - ok
16:07:23.0062 4448 [ 0C155C5D8942B3CBCF9506A9D376B9AD ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:07:23.0062 4448 Pml Driver HPZ12 - ok
16:07:23.0062 4448 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:07:23.0078 4448 PNRPAutoReg - ok
16:07:23.0078 4448 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:07:23.0078 4448 PNRPsvc - ok
16:07:23.0093 4448 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:07:23.0093 4448 PolicyAgent - ok
16:07:23.0124 4448 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:07:23.0124 4448 Power - ok
16:07:23.0140 4448 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:07:23.0140 4448 PptpMiniport - ok
16:07:23.0156 4448 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:07:23.0156 4448 Processor - ok
16:07:23.0171 4448 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:07:23.0171 4448 ProfSvc - ok
16:07:23.0187 4448 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:07:23.0187 4448 ProtectedStorage - ok
16:07:23.0202 4448 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:07:23.0202 4448 Psched - ok
16:07:23.0234 4448 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:07:23.0265 4448 ql2300 - ok
16:07:23.0280 4448 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:07:23.0280 4448 ql40xx - ok
16:07:23.0296 4448 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:07:23.0296 4448 QWAVE - ok
16:07:23.0312 4448 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:07:23.0312 4448 QWAVEdrv - ok
16:07:23.0327 4448 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:07:23.0327 4448 RasAcd - ok
16:07:23.0343 4448 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:07:23.0343 4448 RasAgileVpn - ok
16:07:23.0358 4448 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:07:23.0358 4448 RasAuto - ok
16:07:23.0358 4448 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:07:23.0358 4448 Rasl2tp - ok
16:07:23.0374 4448 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:07:23.0374 4448 RasMan - ok
16:07:23.0390 4448 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:07:23.0390 4448 RasPppoe - ok
16:07:23.0405 4448 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:07:23.0405 4448 RasSstp - ok
16:07:23.0421 4448 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:07:23.0421 4448 rdbss - ok
16:07:23.0436 4448 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:07:23.0436 4448 rdpbus - ok
16:07:23.0468 4448 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:07:23.0468 4448 RDPCDD - ok
16:07:23.0499 4448 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:07:23.0499 4448 RDPDR - ok
16:07:23.0499 4448 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:07:23.0499 4448 RDPENCDD - ok
16:07:23.0514 4448 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:07:23.0530 4448 RDPREFMP - ok
16:07:23.0577 4448 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:07:23.0577 4448 RdpVideoMiniport - ok
16:07:23.0608 4448 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:07:23.0608 4448 RDPWD - ok
16:07:23.0608 4448 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:07:23.0608 4448 rdyboost - ok
16:07:23.0639 4448 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:07:23.0639 4448 RemoteAccess - ok
16:07:23.0655 4448 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:07:23.0655 4448 RemoteRegistry - ok
16:07:23.0670 4448 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:07:23.0670 4448 RpcEptMapper - ok
16:07:23.0686 4448 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:07:23.0686 4448 RpcLocator - ok
16:07:23.0702 4448 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:07:23.0702 4448 RpcSs - ok
16:07:23.0717 4448 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:07:23.0717 4448 rspndr - ok
16:07:23.0733 4448 [ 52A5332B280A2E80A92ABCD2140A62E8 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
16:07:23.0733 4448 RTL8167 - ok
16:07:23.0764 4448 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:07:23.0764 4448 s3cap - ok
16:07:23.0764 4448 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:07:23.0764 4448 SamSs - ok
16:07:23.0826 4448 [ A43A0F5EB232DEF3932F4AC2241BAD91 ] SBAMSvc C:\Program Files\QUAD Utilities\QUAD AntiSpyware\SBAMSvc.exe
16:07:23.0842 4448 SBAMSvc - ok
16:07:23.0873 4448 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:07:23.0873 4448 sbp2port - ok
16:07:23.0904 4448 [ C201DB8A39293E51FD292BE663AD6176 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
16:07:23.0904 4448 SBRE - ok
16:07:23.0904 4448 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:07:23.0920 4448 SCardSvr - ok
16:07:23.0920 4448 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:07:23.0936 4448 scfilter - ok
16:07:23.0967 4448 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:07:23.0967 4448 Schedule - ok
16:07:23.0982 4448 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:07:23.0982 4448 SCPolicySvc - ok
16:07:24.0014 4448 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:07:24.0014 4448 SDRSVC - ok
16:07:24.0029 4448 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:07:24.0029 4448 secdrv - ok
16:07:24.0045 4448 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:07:24.0060 4448 seclogon - ok
16:07:24.0076 4448 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
16:07:24.0076 4448 SENS - ok
16:07:24.0107 4448 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:07:24.0107 4448 SensrSvc - ok
16:07:24.0123 4448 [ 95A26D5D8CEDA33377AF627DAFC2796F ] Sentinel C:\Windows\System32\Drivers\SENTINEL.SYS
16:07:24.0123 4448 Sentinel - ok
16:07:24.0170 4448 [ 731D9B3DE4BC0A3E0830B9BF9DBCE2A5 ] SentinelKeysServer C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
16:07:24.0232 4448 SentinelKeysServer - ok
16:07:24.0248 4448 [ 925E88D7C5A51E25769D9CEB4F7F2E85 ] SentinelProtectionServer C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
16:07:24.0294 4448 SentinelProtectionServer - ok
16:07:24.0310 4448 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:07:24.0310 4448 Serenum - ok
16:07:24.0326 4448 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:07:24.0326 4448 Serial - ok
16:07:24.0341 4448 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:07:24.0341 4448 sermouse - ok
16:07:24.0357 4448 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:07:24.0357 4448 SessionEnv - ok
16:07:24.0419 4448 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:07:24.0419 4448 sffdisk - ok
16:07:24.0435 4448 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:07:24.0435 4448 sffp_mmc - ok
16:07:24.0450 4448 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:07:24.0450 4448 sffp_sd - ok
16:07:24.0450 4448 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:07:24.0466 4448 sfloppy - ok
16:07:24.0497 4448 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:07:24.0497 4448 SharedAccess - ok
16:07:24.0513 4448 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:07:24.0528 4448 ShellHWDetection - ok
16:07:24.0528 4448 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:07:24.0528 4448 sisagp - ok
16:07:24.0544 4448 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:07:24.0544 4448 SiSRaid2 - ok
16:07:24.0560 4448 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:07:24.0560 4448 SiSRaid4 - ok
16:07:24.0560 4448 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:07:24.0560 4448 Smb - ok
16:07:24.0591 4448 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:07:24.0591 4448 SNMPTRAP - ok
16:07:24.0606 4448 [ 8D4A96868AE13C3CF8425B383B59D802 ] SNTNLUSB C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
16:07:24.0606 4448 SNTNLUSB - ok
16:07:24.0606 4448 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:07:24.0622 4448 spldr - ok
16:07:24.0638 4448 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
16:07:24.0638 4448 Spooler - ok
16:07:24.0716 4448 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:07:24.0778 4448 sppsvc - ok
16:07:24.0794 4448 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:07:24.0794 4448 sppuinotify - ok
16:07:24.0809 4448 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:07:24.0825 4448 srv - ok
16:07:24.0840 4448 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:07:24.0840 4448 srv2 - ok
16:07:24.0856 4448 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:07:24.0856 4448 srvnet - ok
16:07:24.0872 4448 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:07:24.0872 4448 SSDPSRV - ok
16:07:24.0887 4448 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:07:24.0887 4448 SstpSvc - ok
16:07:24.0934 4448 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:07:24.0981 4448 Stereo Service - ok
16:07:24.0996 4448 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:07:24.0996 4448 stexstor - ok
16:07:25.0028 4448 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:07:25.0043 4448 StiSvc - ok
16:07:25.0043 4448 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:07:25.0059 4448 storflt - ok
16:07:25.0074 4448 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:07:25.0074 4448 storvsc - ok
16:07:25.0090 4448 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
16:07:25.0090 4448 swenum - ok
16:07:25.0121 4448 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:07:25.0121 4448 swprv - ok
16:07:25.0137 4448 Synth3dVsc - ok
16:07:25.0184 4448 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:07:25.0199 4448 SysMain - ok
16:07:25.0215 4448 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:07:25.0215 4448 TabletInputService - ok
16:07:25.0246 4448 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:07:25.0246 4448 TapiSrv - ok
16:07:25.0262 4448 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:07:25.0262 4448 TBS - ok
16:07:25.0308 4448 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:07:25.0355 4448 Tcpip - ok
16:07:25.0386 4448 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:07:25.0386 4448 TCPIP6 - ok
16:07:25.0402 4448 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:07:25.0402 4448 tcpipreg - ok
16:07:25.0433 4448 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:07:25.0433 4448 TDPIPE - ok
16:07:25.0449 4448 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:07:25.0449 4448 TDTCP - ok
16:07:25.0464 4448 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:07:25.0464 4448 tdx - ok
16:07:25.0480 4448 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:07:25.0480 4448 TermDD - ok
16:07:25.0496 4448 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:07:25.0496 4448 TermService - ok
16:07:25.0511 4448 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:07:25.0511 4448 Themes - ok
16:07:25.0527 4448 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:07:25.0542 4448 THREADORDER - ok
16:07:25.0574 4448 [ D0B08F941C0B06846533C6A38DD09B22 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
16:07:25.0574 4448 tmactmon - ok
16:07:25.0589 4448 [ 0C9ACEF23B537D6E8B1373C98D066B1C ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
16:07:25.0589 4448 tmcomm - ok
16:07:25.0605 4448 [ 21992E703051934DCFA6D1477B12FC41 ] TMEBC C:\Windows\system32\DRIVERS\TMEBC32.sys
16:07:25.0605 4448 TMEBC - ok
16:07:25.0620 4448 [ 63828FBD740F178DE2E2D42C3136FDEE ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
16:07:25.0620 4448 tmevtmgr - ok
16:07:25.0652 4448 [ 43C1B7C778B296D492AF6D2ABB2ECF7F ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
16:07:25.0652 4448 tmtdi - ok
16:07:25.0667 4448 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:07:25.0667 4448 TrkWks - ok
16:07:25.0698 4448 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:07:25.0698 4448 TrustedInstaller - ok
16:07:25.0714 4448 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:07:25.0714 4448 tssecsrv - ok
16:07:25.0745 4448 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:07:25.0745 4448 TsUsbFlt - ok
16:07:25.0745 4448 tsusbhub - ok
16:07:25.0776 4448 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:07:25.0776 4448 tunnel - ok
16:07:25.0792 4448 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:07:25.0792 4448 uagp35 - ok
16:07:25.0808 4448 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:07:25.0808 4448 udfs - ok
16:07:25.0839 4448 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:07:25.0839 4448 UI0Detect - ok
16:07:25.0854 4448 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:07:25.0854 4448 uliagpkx - ok
16:07:25.0870 4448 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
16:07:25.0870 4448 umbus - ok
16:07:25.0886 4448 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:07:25.0886 4448 UmPass - ok
16:07:25.0917 4448 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
16:07:25.0917 4448 UmRdpService - ok
16:07:25.0932 4448 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:07:25.0932 4448 upnphost - ok
16:07:25.0964 4448 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:07:25.0964 4448 USBAAPL - ok
16:07:25.0979 4448 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:07:25.0979 4448 usbccgp - ok
16:07:26.0010 4448 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:07:26.0010 4448 usbcir - ok
16:07:26.0026 4448 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:07:26.0026 4448 usbehci - ok
16:07:26.0042 4448 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:07:26.0073 4448 usbhub - ok
16:07:26.0088 4448 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:07:26.0088 4448 usbohci - ok
16:07:26.0088 4448 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:07:26.0104 4448 usbprint - ok
16:07:26.0120 4448 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:07:26.0120 4448 usbscan - ok
16:07:26.0135 4448 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
16:07:26.0135 4448 USBSTOR - ok
16:07:26.0151 4448 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:07:26.0151 4448 usbuhci - ok
16:07:26.0182 4448 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:07:26.0182 4448 UxSms - ok
16:07:26.0198 4448 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:07:26.0213 4448 VaultSvc - ok
16:07:26.0213 4448 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:07:26.0213 4448 vdrvroot - ok
16:07:26.0244 4448 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:07:26.0260 4448 vds - ok
16:07:26.0260 4448 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:07:26.0260 4448 vga - ok
16:07:26.0276 4448 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:07:26.0276 4448 VgaSave - ok
16:07:26.0276 4448 VGPU - ok
16:07:26.0291 4448 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:07:26.0291 4448 vhdmp - ok
16:07:26.0307 4448 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:07:26.0307 4448 viaagp - ok
16:07:26.0322 4448 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:07:26.0322 4448 ViaC7 - ok
16:07:26.0369 4448 [ 4906E025DD6B322C4BBD6B9E35C9993A ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
16:07:26.0385 4448 VIAHdAudAddService - ok
16:07:26.0400 4448 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:07:26.0400 4448 viaide - ok
16:07:26.0416 4448 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:07:26.0416 4448 vmbus - ok
16:07:26.0432 4448 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:07:26.0432 4448 VMBusHID - ok
16:07:26.0447 4448 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:07:26.0447 4448 volmgr - ok
16:07:26.0463 4448 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:07:26.0478 4448 volmgrx - ok
16:07:26.0494 4448 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:07:26.0494 4448 volsnap - ok
16:07:26.0510 4448 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:07:26.0510 4448 vsmraid - ok
16:07:26.0541 4448 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:07:26.0541 4448 VSS - ok
16:07:26.0556 4448 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:07:26.0556 4448 vwifibus - ok
16:07:26.0572 4448 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:07:26.0572 4448 W32Time - ok
16:07:26.0588 4448 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:07:26.0588 4448 WacomPen - ok
16:07:26.0603 4448 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:07:26.0619 4448 WANARP - ok
16:07:26.0619 4448 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:07:26.0619 4448 Wanarpv6 - ok
16:07:26.0650 4448 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:07:26.0666 4448 wbengine - ok
16:07:26.0666 4448 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:07:26.0666 4448 WbioSrvc - ok
16:07:26.0697 4448 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:07:26.0697 4448 wcncsvc - ok
16:07:26.0712 4448 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:07:26.0712 4448 WcsPlugInService - ok
16:07:26.0728 4448 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:07:26.0728 4448 Wd - ok
16:07:26.0744 4448 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:07:26.0759 4448 Wdf01000 - ok
16:07:26.0775 4448 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:07:26.0775 4448 WdiServiceHost - ok
16:07:26.0775 4448 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:07:26.0775 4448 WdiSystemHost - ok
16:07:26.0790 4448 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:07:26.0790 4448 WebClient - ok
16:07:26.0806 4448 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:07:26.0806 4448 Wecsvc - ok
16:07:26.0822 4448 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:07:26.0822 4448 wercplsupport - ok
16:07:26.0837 4448 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:07:26.0837 4448 WerSvc - ok
16:07:26.0837 4448 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:07:26.0837 4448 WfpLwf - ok
16:07:26.0853 4448 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:07:26.0853 4448 WIMMount - ok
16:07:26.0915 4448 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:07:26.0946 4448 WinDefend - ok
16:07:26.0962 4448 WinHttpAutoProxySvc - ok
16:07:26.0993 4448 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:07:27.0024 4448 Winmgmt - ok
16:07:27.0056 4448 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:07:27.0056 4448 WinRM - ok
16:07:27.0087 4448 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:07:27.0087 4448 WinUsb - ok
16:07:27.0118 4448 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:07:27.0118 4448 Wlansvc - ok
16:07:27.0134 4448 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:07:27.0134 4448 WmiAcpi - ok
16:07:27.0149 4448 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:07:27.0180 4448 wmiApSrv - ok
16:07:27.0196 4448 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:07:27.0258 4448 WMPNetworkSvc - ok
16:07:27.0258 4448 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:07:27.0274 4448 WPCSvc - ok
16:07:27.0290 4448 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:07:27.0290 4448 WPDBusEnum - ok
16:07:27.0305 4448 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:07:27.0305 4448 ws2ifsl - ok
16:07:27.0305 4448 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
16:07:27.0305 4448 wscsvc - ok
16:07:27.0305 4448 WSearch - ok
16:07:27.0368 4448 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:07:27.0399 4448 wuauserv - ok
16:07:27.0430 4448 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:07:27.0430 4448 WudfPf - ok
16:07:27.0446 4448 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:07:27.0461 4448 WUDFRd - ok
16:07:27.0477 4448 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:07:27.0492 4448 wudfsvc - ok
16:07:27.0508 4448 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:07:27.0508 4448 WwanSvc - ok
16:07:27.0508 4448 ================ Scan global ===============================
16:07:27.0539 4448 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:07:27.0570 4448 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
16:07:27.0570 4448 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
16:07:27.0586 4448 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:07:27.0602 4448 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:07:27.0602 4448 [Global] - ok
16:07:27.0602 4448 ================ Scan MBR ==================================
16:07:27.0602 4448 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:07:28.0226 4448 \Device\Harddisk0\DR0 - ok
16:07:28.0226 4448 ================ Scan VBR ==================================
16:07:28.0257 4448 [ C72358E3408A19AB95357959CDB300F8 ] \Device\Harddisk0\DR0\Partition1
16:07:28.0257 4448 \Device\Harddisk0\DR0\Partition1 - ok
16:07:28.0272 4448 [ 6783DD239E962CFAC8D788A667E89100 ] \Device\Harddisk0\DR0\Partition2
16:07:28.0272 4448 \Device\Harddisk0\DR0\Partition2 - ok
16:07:28.0272 4448 ============================================================
16:07:28.0272 4448 Scan finished
16:07:28.0272 4448 ============================================================
16:07:28.0288 1604 Detected object count: 0
16:07:28.0288 1604 Actual detected object count: 0
DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Bäre at 16:18:02 on 2012-12-19
#Option MBR scan is disabled.
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3063.2142 [GMT 1:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\Program Files\YourFileDownloader\YourFileUpdater.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\QUAD Utilities\QUAD AntiSpyware\SBAMSvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\amsp\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:\program files\babylontoolbar\babylontoolbar\1.6.4.6\bh\BabylonToolbar.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - c:\program files\trend micro\amsp\module\20002\7.5.1125\7.5.1125\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - c:\program files\babylontoolbar\babylontoolbar\1.6.4.6\BabylonToolbarTlbr.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [HP LaserJet Professional M1530 MFP Series Fax] c:\program files\hp\digital imaging\fax\fax driver 0.6 base\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wisome~1.lnk - c:\program files\wiso\steuersoftware 2013\mshaktuell.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{7F1367D1-EFBF-4FED-A3EF-6D1423DA74A4} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.5.1125\7.5.1125\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bäre\appdata\roaming\mozilla\firefox\profiles\xcxax4bo.default\
.
============= SERVICES / DRIVERS ===============
.
R0 TMEBC;TMEBC;c:\windows\system32\drivers\TMEBC32.sys [2012-12-5 38328]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-12-5 75624]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2012-12-5 221264]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-19 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-19 676936]
R2 SBAMSvc;AntiMalware;c:\program files\quad utilities\quad antispyware\SBAMSvc.exe [2009-3-17 894248]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-19 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-28 279656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-10-3 20504]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2012-7-20 21528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-7-6 15872]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-23 92464]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-9 52224]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-2-11 1077760]
.
=============== Created Last 30 ================
.
2012-12-19 15:18:03 -------- d-----w- c:\users\bõre\appdata\local\Microsoft
2012-12-19 12:45:00 -------- d-----w- c:\users\bäre\appdata\roaming\Malwarebytes
2012-12-19 12:44:55 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-19 12:44:55 -------- d-----w- c:\programdata\Malwarebytes
2012-12-19 12:44:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-11 21:33:10 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-11 21:32:54 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-11 21:32:53 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-11 21:32:53 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-11 21:32:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-05 19:31:26 -------- d--h--w- C:\TMRescueDisk
2012-12-05 19:26:39 92304 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-12-05 19:26:35 94200 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-12-05 19:26:35 75624 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-12-05 19:26:35 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-12-05 19:26:34 38328 ----a-w- c:\windows\system32\drivers\TMEBC32.sys
2012-12-05 19:26:06 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-12-05 19:23:40 -------- d-----w- c:\program files\Trend Micro
2012-11-29 15:00:27 -------- d-----w- c:\users\bäre\.thumbnails
2012-11-29 14:52:14 -------- d-----w- c:\users\bäre\.gimp-2.8
2012-11-29 14:46:10 -------- d-----w- c:\program files\GIMP 2
2012-11-22 20:01:11 -------- d-----w- C:\Golf_1.1_s
.
==================== Find3M ====================
.
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 20:15:04 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:15:00 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:14:50 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-10 20:14:50 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-10 20:14:46 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:14:44 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-10 20:14:42 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:14:28 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:14:22 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-10 20:14:22 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-10 20:14:16 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:14:16 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 16:42:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 16:42:26 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-03 16:58:30 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42:26 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42:26 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42:24 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 19:29:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29:41 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29:41 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:29:41 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29:22 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28:53 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 12:15:52 430952 ----a-w- c:\windows\system32\nvStreaming.exe
2012-09-25 22:47:43 78336 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 22:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 16:18:33,07 ===============
--- --- --- [/CODE] und nun noch die attach.txt Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 29.10.2009 21:22:26
System Uptime: 19.12.2012 15:48:37 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P7P55D LE
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | LGA1156 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 300 GiB total, 248,33 GiB free.
D: is FIXED (NTFS) - 399 GiB total, 395,588 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
|
|
19.12.2012, 17:43
| #6 | ||
| /// TB-Ausbilder | GVU Virus löschen Alles klar, dann machen wir weiter!  Schritt 1: AdwCleaner: Werbeprogramme suchen und löschen Schritt 2: Temporäre Dateien löschen mit TFC
Schritt 3: Scan mit Combofix
__________________ --> GVU Virus löschen |
|
19.12.2012, 20:42
| #7 |
| | GVU Virus löschen Super Anleitung!! Schritt 1 habe ich ausgeführt. hier nun die Logdatei adwCleaner[S1].txt Code:
ATTFilter # AdwCleaner v2.101 - Datei am 19/12/2012 um 19:52:27 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : Bäre - BÄRE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Bäre\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\Program Files\yourfiledownloader
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Users\Bäre\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Bäre\AppData\Roaming\BabylonToolbar
Ordner Gelöscht : C:\Users\Bäre\AppData\Roaming\yourfiledownloader
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\BrowserMngr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\BrowserMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112555&tt=120812_bandext_3312_5&babsrc=NT_ss&mntrId=7ebf043f000000000000002618ee4f15 --> hxxp://www.google.com
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default
Datei : C:\Users\Bäre\AppData\Roaming\Mozilla\Firefox\Profiles\xcxax4bo.default\prefs.js
C:\Users\Bäre\AppData\Roaming\Mozilla\Firefox\Profiles\xcxax4bo.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112555&tt=120812_bandext_3312_5&ba[...]
Gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "7ebf043f000000000000002618ee4f15");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15565");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=120812_bandext_3312_5");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=12081[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.612:25:33");
Gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112555&tt=120812_bandext_3312_5&babsrc=KW[...]
*************************
AdwCleaner[S1].txt - [8999 octets] - [19/12/2012 19:52:27]
########## EOF - C:\AdwCleaner[S1].txt - [9059 octets] ##########
Schritt 3 auch. Hier nun der Inhalt der Datei Combofix.txt Code:
ATTFilter Combofix Logfile: |
|
19.12.2012, 20:48
| #8 | |
| /// TB-Ausbilder | GVU Virus löschen Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen. Da diese sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.12.2012, 20:35
| #9 |
| | GVU Virus löschen Hallo, Ich habe nun Schrit 1 durchgeführt abei nun der Bericht aus der LogDatei Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.19.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Bäre :: BÄRE-PC [Administrator] Schutz: Aktiviert 19.12.2012 21:20:15 mbam-log-2012-12-19 (21-20-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 227191 Laufzeit: 5 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Die Anzeige brachte: NoThrads found Scanned Files 174376 Intected Files 0 Cleaned Files 9 Total scan time 19:54:06 Scanstatus Finished hab die log.Datei gesucht und der Inhalt lautet wie folgt: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=1bac9642f3b68e41895c5cfa7ebece78
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-19 08:37:41
# local_time=2012-12-19 09:37:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 14094320 107580652 0 0
# scanned=1563
# found=0
# cleaned=0
# scan_time=25
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=1bac9642f3b68e41895c5cfa7ebece78
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-20 04:45:15
# local_time=2012-12-20 05:45:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 14166774 107653106 0 0
# scanned=174376
# found=0
# cleaned=0
# scan_time=71646
Hier gab es wohl ein Problem. Nach der Meldung Vorbereitung im DOS Fenster kam eine Fehlermeldung die wie folgt lautete: Code:
ATTFilter Autolt Error
Line-1
Error: Recursion level has been exeeded - Autolt will quit to prevent stack overflow
|
|
20.12.2012, 21:10
| #10 | ||||
| /// TB-Ausbilder | GVU Virus löschen Die Fehlermeldung hab ich ja noch nie gesehen. Na gut, dann ... Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren
Schritt 2: ESET deinstallieren (Optional)
Abschließend noch Tipps zu folgenden Themen:
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.12.2012, 22:19
| #11 |
| | GVU Virus löschen Vielen vielen herzlichen Dank für Deine Hilfe. Uff jetzt atme ich wieder auf. Vielen Dank auch für die Hinweise für das sicher surfen. Ich werde sie jetzt genau berücksichtigen. Ihr seid ein tolles Team und ... ich werde es unterstützen. Ich wünsche Dir bzw. Euch ein schönes Weihnachtsfest. ESET lass ich mal drauf und scanne jede Woche. Es war wirklich eine tolle Hilfe. Viele Grüße Joggy |
|
20.12.2012, 22:22
| #12 |
| /// TB-Ausbilder | GVU Virus löschen Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu GVU Virus löschen |
| administrator, anti-malware, autostart, bösartige, dateien, entfernt, erfolgreich, explorer, gelöscht, gvu enfernen, infizierung, löschen, malwarebytes, minute, quarantäne, recycle.bin, registrierung, sauber, schonmal, service, speicher, test, troja, version, verzeichnisse, virus |
Button.
und dann 
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
