| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 2837 Versteckte ObjekteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.03.2013, 13:21
| #16 |
 |  2837 Versteckte ObjekteCode:
ATTFilter 13:17:48.0116 0724 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:17:50.0144 0724 ============================================================
13:17:50.0144 0724 Current date / time: 2013/03/06 13:17:50.0144
13:17:50.0144 0724 SystemInfo:
13:17:50.0144 0724
13:17:50.0144 0724 OS Version: 6.1.7601 ServicePack: 1.0
13:17:50.0144 0724 Product type: Workstation
13:17:50.0144 0724 ComputerName: MOSSI-HP
13:17:50.0144 0724 UserName: mossi
13:17:50.0144 0724 Windows directory: C:\windows
13:17:50.0144 0724 System windows directory: C:\windows
13:17:50.0144 0724 Running under WOW64
13:17:50.0144 0724 Processor architecture: Intel x64
13:17:50.0144 0724 Number of processors: 1
13:17:50.0144 0724 Page size: 0x1000
13:17:50.0144 0724 Boot type: Normal boot
13:17:50.0144 0724 ============================================================
13:17:53.0373 0724 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:17:53.0373 0724 ============================================================
13:17:53.0373 0724 \Device\Harddisk0\DR0:
13:17:53.0373 0724 MBR partitions:
13:17:53.0373 0724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
13:17:53.0373 0724 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x10782000
13:17:53.0373 0724 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x10818800, BlocksNum 0x1E00000
13:17:53.0373 0724 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x12618800, BlocksNum 0x3FD800
13:17:53.0373 0724 ============================================================
13:17:53.0451 0724 C: <-> \Device\Harddisk0\DR0\Partition2
13:17:53.0467 0724 F: <-> \Device\Harddisk0\DR0\Partition4
13:17:53.0467 0724 ============================================================
13:17:53.0467 0724 Initialize success
13:17:53.0467 0724 ============================================================
13:18:40.0953 4980 ============================================================
13:18:40.0953 4980 Scan started
13:18:40.0953 4980 Mode: Manual; SigCheck; TDLFS;
13:18:40.0953 4980 ============================================================
13:18:42.0232 4980 ================ Scan system memory ========================
13:18:42.0232 4980 System memory - ok
13:18:42.0248 4980 ================ Scan services =============================
13:18:42.0498 4980 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
13:18:42.0872 4980 1394ohci - ok
13:18:42.0934 4980 [ C8030D922511A926D0AA06B78C4B87A9 ] acedrv06 C:\windows\system32\drivers\acedrv06.sys
13:18:42.0997 4980 acedrv06 ( UnsignedFile.Multi.Generic ) - warning
13:18:42.0997 4980 acedrv06 - detected UnsignedFile.Multi.Generic (1)
13:18:43.0059 4980 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
13:18:43.0137 4980 ACPI - ok
13:18:43.0184 4980 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
13:18:43.0309 4980 AcpiPmi - ok
13:18:43.0465 4980 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:18:43.0527 4980 AdobeFlashPlayerUpdateSvc - ok
13:18:43.0590 4980 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
13:18:43.0668 4980 adp94xx - ok
13:18:43.0714 4980 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
13:18:43.0761 4980 adpahci - ok
13:18:43.0808 4980 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
13:18:43.0855 4980 adpu320 - ok
13:18:43.0902 4980 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
13:18:44.0229 4980 AeLookupSvc - ok
13:18:44.0354 4980 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
13:18:44.0463 4980 AESTFilters - ok
13:18:44.0526 4980 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
13:18:44.0760 4980 AFD - ok
13:18:44.0807 4980 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
13:18:44.0853 4980 agp440 - ok
13:18:44.0900 4980 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
13:18:45.0009 4980 ALG - ok
13:18:45.0041 4980 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
13:18:45.0087 4980 aliide - ok
13:18:45.0134 4980 [ 5A06AB7AB4D389DFE3C109599DF0BB65 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
13:18:45.0243 4980 AMD External Events Utility - ok
13:18:45.0275 4980 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
13:18:45.0321 4980 amdide - ok
13:18:45.0353 4980 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
13:18:45.0493 4980 AmdK8 - ok
13:18:45.0743 4980 [ 650DDCCD6657E20737433CB774521B81 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
13:18:46.0117 4980 amdkmdag - ok
13:18:46.0148 4980 [ F51B013C55B30DBE3AD59A7FE197C5BA ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
13:18:46.0226 4980 amdkmdap - ok
13:18:46.0273 4980 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
13:18:46.0335 4980 AmdPPM - ok
13:18:46.0382 4980 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
13:18:46.0429 4980 amdsata - ok
13:18:46.0476 4980 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
13:18:46.0523 4980 amdsbs - ok
13:18:46.0554 4980 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
13:18:46.0601 4980 amdxata - ok
13:18:46.0803 4980 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:18:46.0881 4980 AntiVirSchedulerService - ok
13:18:46.0944 4980 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:18:46.0991 4980 AntiVirService - ok
13:18:47.0037 4980 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
13:18:47.0256 4980 AppID - ok
13:18:47.0303 4980 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
13:18:47.0427 4980 AppIDSvc - ok
13:18:47.0490 4980 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
13:18:47.0630 4980 Appinfo - ok
13:18:47.0677 4980 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
13:18:47.0708 4980 arc - ok
13:18:47.0724 4980 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
13:18:47.0755 4980 arcsas - ok
13:18:47.0864 4980 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:18:47.0895 4980 aspnet_state - ok
13:18:47.0927 4980 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
13:18:48.0051 4980 AsyncMac - ok
13:18:48.0098 4980 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
13:18:48.0114 4980 atapi - ok
13:18:48.0223 4980 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\windows\system32\drivers\AtiHdmi.sys
13:18:48.0348 4980 AtiHdmiService - ok
13:18:48.0395 4980 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie64.sys
13:18:48.0441 4980 AtiPcie - ok
13:18:48.0535 4980 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
13:18:48.0769 4980 AudioEndpointBuilder - ok
13:18:48.0863 4980 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
13:18:48.0956 4980 AudioSrv - ok
13:18:49.0019 4980 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
13:18:49.0034 4980 avgntflt - ok
13:18:49.0097 4980 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
13:18:49.0112 4980 avipbb - ok
13:18:49.0143 4980 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
13:18:49.0159 4980 avkmgr - ok
13:18:49.0237 4980 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
13:18:49.0362 4980 AxInstSV - ok
13:18:49.0409 4980 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
13:18:49.0533 4980 b06bdrv - ok
13:18:49.0596 4980 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
13:18:49.0658 4980 b57nd60a - ok
13:18:49.0814 4980 [ 810BE94A9E42309B3F74217AC28BC6AC ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
13:18:50.0017 4980 BCM43XX - ok
13:18:50.0064 4980 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
13:18:50.0157 4980 BDESVC - ok
13:18:50.0173 4980 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
13:18:50.0329 4980 Beep - ok
13:18:50.0423 4980 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
13:18:50.0579 4980 BFE - ok
13:18:50.0625 4980 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
13:18:50.0844 4980 BITS - ok
13:18:50.0891 4980 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
13:18:50.0953 4980 blbdrive - ok
13:18:51.0000 4980 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
13:18:51.0093 4980 bowser - ok
13:18:51.0125 4980 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
13:18:51.0218 4980 BrFiltLo - ok
13:18:51.0249 4980 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
13:18:51.0296 4980 BrFiltUp - ok
13:18:51.0343 4980 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
13:18:51.0468 4980 BridgeMP - ok
13:18:51.0515 4980 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
13:18:51.0608 4980 Browser - ok
13:18:51.0639 4980 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
13:18:51.0749 4980 Brserid - ok
13:18:51.0780 4980 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
13:18:51.0842 4980 BrSerWdm - ok
13:18:51.0858 4980 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
13:18:51.0920 4980 BrUsbMdm - ok
13:18:51.0951 4980 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
13:18:52.0014 4980 BrUsbSer - ok
13:18:52.0092 4980 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
13:18:52.0326 4980 BthEnum - ok
13:18:52.0357 4980 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
13:18:52.0435 4980 BTHMODEM - ok
13:18:52.0466 4980 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
13:18:52.0513 4980 BthPan - ok
13:18:52.0591 4980 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
13:18:52.0700 4980 BTHPORT - ok
13:18:52.0731 4980 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
13:18:52.0856 4980 bthserv - ok
13:18:52.0903 4980 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
13:18:52.0965 4980 BTHUSB - ok
13:18:53.0028 4980 [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl C:\windows\system32\drivers\btwampfl.sys
13:18:53.0075 4980 btwampfl - ok
13:18:53.0121 4980 [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
13:18:53.0153 4980 btwaudio - ok
13:18:53.0215 4980 [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
13:18:53.0262 4980 btwavdt - ok
13:18:53.0355 4980 [ 692F8648D7686D91E34A65AC698019D8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
13:18:53.0433 4980 btwdins - ok
13:18:53.0465 4980 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
13:18:53.0511 4980 btwl2cap - ok
13:18:53.0543 4980 [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
13:18:53.0574 4980 btwrchid - ok
13:18:53.0621 4980 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
13:18:53.0745 4980 cdfs - ok
13:18:53.0823 4980 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
13:18:53.0901 4980 cdrom - ok
13:18:53.0979 4980 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
13:18:54.0104 4980 CertPropSvc - ok
13:18:54.0151 4980 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
13:18:54.0213 4980 circlass - ok
13:18:54.0260 4980 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
13:18:54.0323 4980 CLFS - ok
13:18:54.0385 4980 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:18:54.0432 4980 clr_optimization_v2.0.50727_32 - ok
13:18:54.0479 4980 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:18:54.0525 4980 clr_optimization_v2.0.50727_64 - ok
13:18:54.0603 4980 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:18:54.0650 4980 clr_optimization_v4.0.30319_32 - ok
13:18:54.0681 4980 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:18:54.0728 4980 clr_optimization_v4.0.30319_64 - ok
13:18:54.0775 4980 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
13:18:54.0837 4980 CmBatt - ok
13:18:54.0884 4980 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
13:18:54.0931 4980 cmdide - ok
13:18:54.0993 4980 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
13:18:55.0071 4980 CNG - ok
13:18:55.0103 4980 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
13:18:55.0134 4980 Compbatt - ok
13:18:55.0181 4980 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
13:18:55.0243 4980 CompositeBus - ok
13:18:55.0274 4980 COMSysApp - ok
13:18:55.0305 4980 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
13:18:55.0352 4980 crcdisk - ok
13:18:55.0415 4980 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
13:18:55.0539 4980 CryptSvc - ok
13:18:55.0602 4980 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
13:18:55.0758 4980 DcomLaunch - ok
13:18:55.0820 4980 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
13:18:55.0945 4980 defragsvc - ok
13:18:56.0007 4980 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
13:18:56.0132 4980 DfsC - ok
13:18:56.0210 4980 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
13:18:56.0351 4980 Dhcp - ok
13:18:56.0397 4980 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
13:18:56.0507 4980 discache - ok
13:18:56.0553 4980 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
13:18:56.0585 4980 Disk - ok
13:18:56.0631 4980 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
13:18:56.0756 4980 Dnscache - ok
13:18:56.0819 4980 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
13:18:56.0943 4980 dot3svc - ok
13:18:56.0990 4980 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
13:18:57.0115 4980 DPS - ok
13:18:57.0162 4980 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
13:18:57.0209 4980 drmkaud - ok
13:18:57.0271 4980 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
13:18:57.0349 4980 DXGKrnl - ok
13:18:57.0396 4980 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
13:18:57.0521 4980 EapHost - ok
13:18:57.0661 4980 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
13:18:57.0833 4980 ebdrv - ok
13:18:57.0864 4980 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
13:18:57.0973 4980 EFS - ok
13:18:58.0051 4980 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
13:18:58.0160 4980 ehRecvr - ok
13:18:58.0207 4980 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
13:18:58.0301 4980 ehSched - ok
13:18:58.0363 4980 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
13:18:58.0425 4980 elxstor - ok
13:18:58.0457 4980 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
13:18:58.0519 4980 ErrDev - ok
13:18:58.0597 4980 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
13:18:58.0737 4980 EventSystem - ok
13:18:58.0800 4980 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
13:18:58.0971 4980 exfat - ok
13:18:59.0018 4980 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
13:18:59.0174 4980 fastfat - ok
13:18:59.0268 4980 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
13:18:59.0393 4980 Fax - ok
13:18:59.0424 4980 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
13:18:59.0486 4980 fdc - ok
13:18:59.0517 4980 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
13:18:59.0642 4980 fdPHost - ok
13:18:59.0736 4980 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
13:18:59.0861 4980 FDResPub - ok
13:18:59.0892 4980 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
13:18:59.0939 4980 FileInfo - ok
13:18:59.0954 4980 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
13:19:00.0095 4980 Filetrace - ok
13:19:00.0141 4980 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
13:19:00.0204 4980 flpydisk - ok
13:19:00.0266 4980 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
13:19:00.0313 4980 FltMgr - ok
13:19:00.0391 4980 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
13:19:00.0531 4980 FontCache - ok
13:19:00.0609 4980 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:19:00.0656 4980 FontCache3.0.0.0 - ok
13:19:00.0687 4980 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
13:19:00.0734 4980 FsDepends - ok
13:19:00.0781 4980 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
13:19:01.0031 4980 Fs_Rec - ok
13:19:01.0093 4980 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
13:19:01.0155 4980 fvevol - ok
13:19:01.0202 4980 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
13:19:01.0249 4980 gagp30kx - ok
13:19:01.0343 4980 [ E80C14B9C6E5B57BB7710B356857A964 ] gfiark C:\windows\system32\drivers\gfiark.sys
13:19:01.0374 4980 gfiark - ok
13:19:01.0436 4980 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\windows\system32\drivers\gfibto.sys
13:19:01.0483 4980 gfibto - ok
13:19:01.0545 4980 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
13:19:01.0701 4980 gpsvc - ok
13:19:01.0779 4980 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:19:01.0826 4980 gupdate - ok
13:19:01.0842 4980 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:19:01.0873 4980 gupdatem - ok
13:19:01.0920 4980 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:19:01.0967 4980 gusvc - ok
13:19:01.0998 4980 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
13:19:02.0091 4980 hcw85cir - ok
13:19:02.0154 4980 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:19:02.0232 4980 HdAudAddService - ok
13:19:02.0294 4980 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
13:19:02.0357 4980 HDAudBus - ok
13:19:02.0388 4980 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
13:19:02.0450 4980 HidBatt - ok
13:19:02.0497 4980 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
13:19:02.0559 4980 HidBth - ok
13:19:02.0606 4980 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
13:19:02.0684 4980 HidIr - ok
13:19:02.0731 4980 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
13:19:02.0871 4980 hidserv - ok
13:19:02.0918 4980 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
13:19:02.0949 4980 HidUsb - ok
13:19:02.0996 4980 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
13:19:03.0121 4980 hkmsvc - ok
13:19:03.0168 4980 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:19:03.0277 4980 HomeGroupListener - ok
13:19:03.0324 4980 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:19:03.0402 4980 HomeGroupProvider - ok
13:19:03.0511 4980 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:19:03.0573 4980 HP Support Assistant Service - ok
13:19:03.0636 4980 [ 58CC11D14D88EF70EF7ABBC75B5EEBD8 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
13:19:03.0698 4980 HP Wireless Assistant Service - ok
13:19:03.0776 4980 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
13:19:03.0823 4980 HPDrvMntSvc.exe - ok
13:19:03.0901 4980 [ 120C1CEB5E45DB0A04416242BD6C1E3E ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
13:19:03.0979 4980 hpHotkeyMonitor - ok
13:19:04.0041 4980 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
13:19:04.0088 4980 HpqKbFiltr - ok
13:19:04.0151 4980 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
13:19:04.0197 4980 hpqwmiex - ok
13:19:04.0244 4980 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
13:19:04.0260 4980 HpSAMD - ok
13:19:04.0322 4980 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
13:19:04.0478 4980 HTTP - ok
13:19:04.0525 4980 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
13:19:04.0587 4980 hwpolicy - ok
13:19:04.0634 4980 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
13:19:04.0697 4980 i8042prt - ok
13:19:04.0743 4980 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
13:19:04.0821 4980 iaStorV - ok
13:19:04.0899 4980 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:19:04.0962 4980 idsvc - ok
13:19:04.0993 4980 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
13:19:05.0040 4980 iirsp - ok
13:19:05.0102 4980 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
13:19:05.0258 4980 IKEEXT - ok
13:19:05.0305 4980 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
13:19:05.0352 4980 intelide - ok
13:19:05.0399 4980 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
13:19:05.0445 4980 intelppm - ok
13:19:05.0508 4980 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
13:19:05.0617 4980 IPBusEnum - ok
13:19:05.0679 4980 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
13:19:05.0835 4980 IpFilterDriver - ok
13:19:05.0898 4980 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
13:19:05.0991 4980 iphlpsvc - ok
13:19:06.0038 4980 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
13:19:06.0069 4980 IPMIDRV - ok
13:19:06.0116 4980 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
13:19:06.0257 4980 IPNAT - ok
13:19:06.0303 4980 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
13:19:06.0413 4980 IRENUM - ok
13:19:06.0444 4980 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
13:19:06.0491 4980 isapnp - ok
13:19:06.0537 4980 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
13:19:06.0584 4980 iScsiPrt - ok
13:19:06.0631 4980 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
13:19:06.0678 4980 kbdclass - ok
13:19:06.0740 4980 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
13:19:06.0787 4980 kbdhid - ok
13:19:06.0818 4980 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
13:19:06.0881 4980 KeyIso - ok
13:19:06.0927 4980 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
13:19:06.0959 4980 KSecDD - ok
13:19:07.0021 4980 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
13:19:07.0068 4980 KSecPkg - ok
13:19:07.0099 4980 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
13:19:07.0224 4980 ksthunk - ok
13:19:07.0317 4980 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
13:19:07.0395 4980 KtmRm - ok
13:19:07.0442 4980 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
13:19:07.0505 4980 LanmanServer - ok
13:19:07.0551 4980 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:19:07.0645 4980 LanmanWorkstation - ok
13:19:07.0707 4980 [ 47269F0DE1E5089C6F23BC1EC48CFC31 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:19:07.0739 4980 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:19:07.0739 4980 LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:19:07.0770 4980 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
13:19:07.0848 4980 lltdio - ok
13:19:07.0895 4980 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
13:19:07.0957 4980 lltdsvc - ok
13:19:07.0988 4980 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
13:19:08.0066 4980 lmhosts - ok
13:19:08.0113 4980 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
13:19:08.0129 4980 LSI_FC - ok
13:19:08.0160 4980 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
13:19:08.0175 4980 LSI_SAS - ok
13:19:08.0191 4980 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
13:19:08.0222 4980 LSI_SAS2 - ok
13:19:08.0238 4980 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
13:19:08.0253 4980 LSI_SCSI - ok
13:19:08.0285 4980 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
13:19:08.0347 4980 luafv - ok
13:19:08.0425 4980 [ FCD749A10CF28DF4F508D2BF87491E83 ] McAfee SiteAdvisor Enterprise Service C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
13:19:08.0441 4980 McAfee SiteAdvisor Enterprise Service - ok
13:19:08.0487 4980 [ DD0F83167275CC2C66EA87B479CADC14 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
13:19:08.0519 4980 McShield - ok
13:19:08.0581 4980 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
13:19:08.0643 4980 Mcx2Svc - ok
13:19:08.0690 4980 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
13:19:08.0721 4980 megasas - ok
13:19:08.0768 4980 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
13:19:08.0815 4980 MegaSR - ok
13:19:08.0846 4980 [ 6AE40901ABC3AC5FA3C33314DB59D36E ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
13:19:08.0893 4980 mfeapfk - ok
13:19:08.0955 4980 [ 49DC553557C31704DCB4771245E7D556 ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
13:19:08.0987 4980 mfeavfk - ok
13:19:09.0033 4980 mfeavfk01 - ok
13:19:09.0080 4980 [ B2E1B291676AC3919058798A6707DBC9 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
13:19:09.0143 4980 mfehidk - ok
13:19:09.0174 4980 [ 582BD7C0C1C9913F44B6835651A52BD1 ] mferkdet C:\windows\system32\drivers\mferkdet.sys
13:19:09.0221 4980 mferkdet - ok
13:19:09.0252 4980 [ 5DA98EB70211B64879A9781ECDEEADC6 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
13:19:09.0299 4980 mfevtp - ok
13:19:09.0330 4980 [ A2AD5E7FAD5AD659D3073F826C35E127 ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
13:19:09.0377 4980 mfewfpk - ok
13:19:09.0423 4980 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
13:19:09.0564 4980 MMCSS - ok
13:19:09.0642 4980 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
13:19:09.0767 4980 Modem - ok
13:19:09.0813 4980 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
13:19:09.0891 4980 monitor - ok
13:19:09.0938 4980 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
13:19:09.0985 4980 mouclass - ok
13:19:10.0016 4980 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
13:19:10.0094 4980 mouhid - ok
13:19:10.0141 4980 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
13:19:10.0172 4980 mountmgr - ok
13:19:10.0250 4980 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:19:10.0297 4980 MozillaMaintenance - ok
13:19:10.0344 4980 [ AE2E68527013EB4F761ECCC630F7F1A3 ] MPFP C:\windows\system32\Drivers\Mpfp.sys
13:19:10.0391 4980 MPFP - ok
13:19:10.0453 4980 [ 95AAC73D11DDBA901042953E5F8146F7 ] MpfService C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
13:19:10.0531 4980 MpfService - ok
13:19:10.0578 4980 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
13:19:10.0625 4980 mpio - ok
13:19:10.0656 4980 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
13:19:10.0765 4980 mpsdrv - ok
13:19:10.0827 4980 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
13:19:11.0124 4980 MpsSvc - ok
13:19:11.0155 4980 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
13:19:11.0217 4980 MRxDAV - ok
13:19:11.0249 4980 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
13:19:11.0342 4980 mrxsmb - ok
13:19:11.0389 4980 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
13:19:11.0467 4980 mrxsmb10 - ok
13:19:11.0498 4980 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
13:19:11.0576 4980 mrxsmb20 - ok
13:19:11.0623 4980 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
13:19:11.0701 4980 msahci - ok
13:19:11.0732 4980 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
13:19:11.0795 4980 msdsm - ok
13:19:11.0826 4980 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
13:19:11.0935 4980 MSDTC - ok
13:19:11.0966 4980 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
13:19:12.0122 4980 Msfs - ok
13:19:12.0153 4980 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
13:19:12.0278 4980 mshidkmdf - ok
13:19:12.0309 4980 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
13:19:12.0341 4980 msisadrv - ok
13:19:12.0372 4980 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
13:19:12.0465 4980 MSiSCSI - ok
13:19:12.0465 4980 msiserver - ok
13:19:12.0512 4980 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
13:19:12.0575 4980 MSKSSRV - ok
13:19:12.0590 4980 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
13:19:12.0668 4980 MSPCLOCK - ok
13:19:12.0699 4980 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
13:19:12.0762 4980 MSPQM - ok
13:19:12.0809 4980 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
13:19:12.0933 4980 MsRPC - ok
13:19:12.0949 4980 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
13:19:12.0980 4980 mssmbios - ok
13:19:12.0996 4980 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
13:19:13.0074 4980 MSTEE - ok
13:19:13.0105 4980 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
13:19:13.0121 4980 MTConfig - ok
13:19:13.0136 4980 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
13:19:13.0167 4980 Mup - ok
13:19:13.0214 4980 [ FD6B9817671377CFCCAD2F8A4B682A52 ] myAgtSvc C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
13:19:13.0230 4980 myAgtSvc - ok
13:19:13.0261 4980 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
13:19:13.0417 4980 napagent - ok
13:19:13.0464 4980 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
13:19:13.0542 4980 NativeWifiP - ok
13:19:13.0635 4980 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
13:19:13.0729 4980 NDIS - ok
13:19:13.0760 4980 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
13:19:13.0901 4980 NdisCap - ok
13:19:13.0932 4980 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
13:19:14.0072 4980 NdisTapi - ok
13:19:14.0119 4980 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
13:19:14.0259 4980 Ndisuio - ok
13:19:14.0291 4980 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
13:19:14.0447 4980 NdisWan - ok
13:19:14.0478 4980 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
13:19:14.0821 4980 NDProxy - ok
13:19:14.0837 4980 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
13:19:14.0946 4980 NetBIOS - ok
13:19:14.0993 4980 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
13:19:15.0117 4980 NetBT - ok
13:19:15.0149 4980 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
13:19:15.0195 4980 Netlogon - ok
13:19:15.0242 4980 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
13:19:15.0383 4980 Netman - ok
13:19:15.0429 4980 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:15.0492 4980 NetMsmqActivator - ok
13:19:15.0507 4980 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:15.0539 4980 NetPipeActivator - ok
13:19:15.0570 4980 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
13:19:15.0710 4980 netprofm - ok
13:19:15.0726 4980 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:15.0773 4980 NetTcpActivator - ok
13:19:15.0788 4980 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:15.0835 4980 NetTcpPortSharing - ok
13:19:15.0866 4980 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
13:19:15.0913 4980 nfrd960 - ok
13:19:15.0960 4980 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
13:19:16.0038 4980 NlaSvc - ok
13:19:16.0100 4980 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
13:19:16.0241 4980 Npfs - ok
13:19:16.0241 4980 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
13:19:16.0334 4980 nsi - ok
13:19:16.0350 4980 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
13:19:16.0412 4980 nsiproxy - ok
13:19:16.0475 4980 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
13:19:16.0646 4980 Ntfs - ok
13:19:16.0662 4980 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
13:19:16.0740 4980 Null - ok
13:19:16.0771 4980 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
13:19:16.0802 4980 nvraid - ok
13:19:16.0833 4980 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
13:19:16.0865 4980 nvstor - ok
13:19:16.0880 4980 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
13:19:16.0896 4980 nv_agp - ok
13:19:16.0927 4980 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
13:19:16.0989 4980 ohci1394 - ok
13:19:17.0021 4980 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
13:19:17.0130 4980 p2pimsvc - ok
13:19:17.0161 4980 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
13:19:17.0223 4980 p2psvc - ok
13:19:17.0255 4980 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
13:19:17.0317 4980 Parport - ok
13:19:17.0333 4980 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
13:19:17.0379 4980 partmgr - ok
13:19:17.0395 4980 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
13:19:17.0473 4980 PcaSvc - ok
13:19:17.0504 4980 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
13:19:17.0567 4980 pci - ok
13:19:17.0582 4980 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
13:19:17.0629 4980 pciide - ok
13:19:17.0645 4980 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
13:19:17.0691 4980 pcmcia - ok
13:19:17.0723 4980 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
13:19:17.0754 4980 pcw - ok
13:19:17.0801 4980 pdfcDispatcher - ok
13:19:17.0832 4980 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
13:19:17.0988 4980 PEAUTH - ok
13:19:18.0081 4980 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
13:19:18.0159 4980 PerfHost - ok
13:19:18.0253 4980 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
13:19:18.0409 4980 pla - ok
13:19:18.0487 4980 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
13:19:18.0612 4980 PlugPlay - ok
13:19:18.0627 4980 PnkBstrA - ok
13:19:18.0643 4980 PnkBstrB - ok
13:19:18.0659 4980 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
13:19:18.0737 4980 PNRPAutoReg - ok
13:19:18.0768 4980 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
13:19:18.0830 4980 PNRPsvc - ok
13:19:18.0893 4980 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
13:19:19.0033 4980 PolicyAgent - ok
13:19:19.0080 4980 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
13:19:19.0205 4980 Power - ok
13:19:19.0267 4980 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
13:19:19.0361 4980 PptpMiniport - ok
13:19:19.0392 4980 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
13:19:19.0439 4980 Processor - ok
13:19:19.0501 4980 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
13:19:19.0579 4980 ProfSvc - ok
13:19:19.0610 4980 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
13:19:19.0657 4980 ProtectedStorage - ok
13:19:19.0704 4980 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
13:19:19.0860 4980 Psched - ok
13:19:19.0907 4980 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
13:19:19.0953 4980 PxHlpa64 - ok
13:19:20.0047 4980 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
13:19:20.0187 4980 ql2300 - ok
13:19:20.0234 4980 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
13:19:20.0297 4980 ql40xx - ok
13:19:20.0328 4980 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
13:19:20.0390 4980 QWAVE - ok
13:19:20.0421 4980 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
13:19:20.0499 4980 QWAVEdrv - ok
13:19:20.0531 4980 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
13:19:20.0640 4980 RasAcd - ok
13:19:20.0687 4980 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
13:19:20.0811 4980 RasAgileVpn - ok
13:19:20.0843 4980 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
13:19:20.0967 4980 RasAuto - ok
13:19:20.0999 4980 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
13:19:21.0123 4980 Rasl2tp - ok
13:19:21.0155 4980 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
13:19:21.0326 4980 RasMan - ok
13:19:21.0357 4980 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
13:19:21.0467 4980 RasPppoe - ok
13:19:21.0498 4980 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
13:19:21.0607 4980 RasSstp - ok
13:19:21.0654 4980 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
13:19:21.0810 4980 rdbss - ok
13:19:21.0825 4980 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
13:19:21.0903 4980 rdpbus - ok
13:19:21.0919 4980 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
13:19:22.0044 4980 RDPCDD - ok
13:19:22.0075 4980 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
13:19:22.0215 4980 RDPENCDD - ok
13:19:22.0247 4980 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
13:19:22.0340 4980 RDPREFMP - ok
13:19:22.0387 4980 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
13:19:22.0605 4980 RDPWD - ok
13:19:22.0668 4980 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
13:19:22.0683 4980 rdyboost - ok
13:19:22.0715 4980 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
13:19:22.0777 4980 RemoteAccess - ok
13:19:22.0808 4980 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
13:19:22.0902 4980 RemoteRegistry - ok
13:19:22.0933 4980 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
13:19:22.0980 4980 RFCOMM - ok
13:19:23.0011 4980 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
13:19:23.0089 4980 RpcEptMapper - ok
13:19:23.0120 4980 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
13:19:23.0183 4980 RpcLocator - ok
13:19:23.0229 4980 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
13:19:23.0354 4980 RpcSs - ok
13:19:23.0385 4980 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
13:19:23.0510 4980 rspndr - ok
13:19:23.0573 4980 [ BA3E57C89E6F63808D3F2B11E1A2AD3C ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
13:19:23.0651 4980 RTL8167 - ok
13:19:23.0682 4980 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
13:19:23.0744 4980 SamSs - ok
13:19:23.0791 4980 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
13:19:23.0838 4980 sbp2port - ok
13:19:23.0869 4980 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
13:19:24.0041 4980 SCardSvr - ok
13:19:24.0087 4980 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
13:19:24.0212 4980 scfilter - ok
13:19:24.0259 4980 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
13:19:24.0446 4980 Schedule - ok
13:19:24.0509 4980 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
13:19:24.0587 4980 SCPolicySvc - ok
13:19:24.0618 4980 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys
13:19:24.0680 4980 sdbus - ok
13:19:24.0696 4980 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
13:19:24.0774 4980 SDRSVC - ok
13:19:24.0883 4980 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\mossi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
13:19:24.0899 4980 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
13:19:24.0899 4980 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
13:19:24.0945 4980 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
13:19:25.0117 4980 secdrv - ok
13:19:25.0148 4980 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
13:19:25.0273 4980 seclogon - ok
13:19:25.0320 4980 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
13:19:25.0445 4980 SENS - ok
13:19:25.0491 4980 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
13:19:25.0601 4980 SensrSvc - ok
13:19:25.0632 4980 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
13:19:25.0710 4980 Serenum - ok
13:19:25.0741 4980 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
13:19:25.0803 4980 Serial - ok
13:19:25.0850 4980 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
13:19:25.0944 4980 sermouse - ok
13:19:25.0991 4980 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
13:19:26.0193 4980 SessionEnv - ok
13:19:26.0225 4980 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
13:19:26.0318 4980 sffdisk - ok
13:19:26.0349 4980 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
13:19:26.0412 4980 sffp_mmc - ok
13:19:26.0427 4980 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
13:19:26.0521 4980 sffp_sd - ok
13:19:26.0552 4980 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
13:19:26.0630 4980 sfloppy - ok
13:19:26.0693 4980 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
13:19:26.0817 4980 SharedAccess - ok
13:19:26.0864 4980 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:19:26.0989 4980 ShellHWDetection - ok
13:19:27.0020 4980 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
13:19:27.0083 4980 SiSRaid2 - ok
13:19:27.0098 4980 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
13:19:27.0129 4980 SiSRaid4 - ok
13:19:27.0176 4980 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
13:19:27.0223 4980 Smb - ok
13:19:27.0270 4980 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
13:19:27.0285 4980 SNMPTRAP - ok
13:19:27.0363 4980 [ 2B0BD5D647F382B9E7253C598E24D133 ] SNP2UVC C:\windows\system32\DRIVERS\snp2uvc.sys
13:19:27.0441 4980 SNP2UVC - ok
13:19:27.0457 4980 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
13:19:27.0504 4980 spldr - ok
13:19:27.0551 4980 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
13:19:27.0613 4980 Spooler - ok
13:19:27.0738 4980 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
13:19:28.0050 4980 sppsvc - ok
13:19:28.0097 4980 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
13:19:28.0237 4980 sppuinotify - ok
13:19:28.0284 4980 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
13:19:28.0424 4980 srv - ok
13:19:28.0455 4980 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
13:19:28.0533 4980 srv2 - ok
13:19:28.0565 4980 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
13:19:28.0658 4980 srvnet - ok
13:19:28.0705 4980 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
13:19:28.0845 4980 SSDPSRV - ok
13:19:28.0877 4980 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
13:19:28.0970 4980 SstpSvc - ok
13:19:29.0064 4980 [ F8807AAF697E1D20C9D7716A4941E574 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
13:19:29.0079 4980 STacSV - ok
13:19:29.0126 4980 Steam Client Service - ok
13:19:29.0173 4980 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
13:19:29.0220 4980 stexstor - ok
13:19:29.0313 4980 [ 96DF19A03D37F8568141612D31F0D035 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
13:19:29.0407 4980 STHDA - ok
13:19:29.0516 4980 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
13:19:29.0625 4980 stisvc - ok
13:19:29.0657 4980 [ AD989072596AB313D7FA13BCF69573F7 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:19:29.0703 4980 stllssvr - ok
13:19:29.0719 4980 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
13:19:29.0766 4980 swenum - ok
13:19:29.0828 4980 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
13:19:29.0969 4980 swprv - ok
13:19:30.0047 4980 [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
13:19:30.0140 4980 SynTP - ok
13:19:30.0234 4980 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
13:19:30.0390 4980 SysMain - ok
13:19:30.0452 4980 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
13:19:30.0593 4980 TabletInputService - ok
13:19:30.0671 4980 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
13:19:30.0889 4980 TapiSrv - ok
13:19:30.0920 4980 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
13:19:31.0076 4980 TBS - ok
13:19:31.0232 4980 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
13:19:31.0419 4980 Tcpip - ok
13:19:31.0482 4980 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
13:19:31.0607 4980 TCPIP6 - ok
13:19:31.0669 4980 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
13:19:31.0731 4980 tcpipreg - ok
13:19:31.0778 4980 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
13:19:31.0903 4980 TDPIPE - ok
13:19:31.0919 4980 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
13:19:31.0950 4980 TDTCP - ok
13:19:32.0012 4980 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
13:19:32.0137 4980 tdx - ok
13:19:32.0168 4980 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
13:19:32.0199 4980 TermDD - ok
13:19:32.0246 4980 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
13:19:32.0371 4980 TermService - ok
13:19:32.0402 4980 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
13:19:32.0449 4980 Themes - ok
13:19:32.0480 4980 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
13:19:32.0527 4980 THREADORDER - ok
13:19:32.0543 4980 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys
13:19:32.0574 4980 TPM - ok
13:19:32.0589 4980 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
13:19:32.0652 4980 TrkWks - ok
13:19:32.0714 4980 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:19:32.0823 4980 TrustedInstaller - ok
13:19:32.0886 4980 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
13:19:32.0995 4980 tssecsrv - ok
13:19:33.0026 4980 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
13:19:33.0151 4980 TsUsbFlt - ok
13:19:33.0276 4980 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
13:19:33.0463 4980 tunnel - ok
13:19:33.0525 4980 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
13:19:33.0572 4980 uagp35 - ok
13:19:33.0619 4980 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
13:19:33.0837 4980 udfs - ok
13:19:33.0947 4980 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
13:19:33.0993 4980 UI0Detect - ok
13:19:34.0040 4980 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
13:19:34.0071 4980 uliagpkx - ok
13:19:34.0118 4980 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
13:19:34.0134 4980 umbus - ok
13:19:34.0149 4980 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
13:19:34.0196 4980 UmPass - ok
13:19:34.0227 4980 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
13:19:34.0305 4980 upnphost - ok
13:19:34.0337 4980 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
13:19:34.0399 4980 usbccgp - ok
13:19:34.0430 4980 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
13:19:34.0477 4980 usbcir - ok
13:19:34.0493 4980 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
13:19:34.0555 4980 usbehci - ok
13:19:34.0602 4980 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
13:19:34.0664 4980 usbhub - ok
13:19:34.0680 4980 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
13:19:34.0742 4980 usbohci - ok
13:19:34.0789 4980 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
13:19:34.0883 4980 usbprint - ok
13:19:34.0914 4980 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
13:19:35.0085 4980 USBSTOR - ok
13:19:35.0148 4980 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
13:19:35.0241 4980 usbuhci - ok
13:19:35.0335 4980 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
13:19:35.0397 4980 usbvideo - ok
13:19:35.0429 4980 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
13:19:35.0553 4980 UxSms - ok
13:19:35.0585 4980 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
13:19:35.0631 4980 VaultSvc - ok
13:19:35.0647 4980 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
13:19:35.0725 4980 vdrvroot - ok
13:19:35.0803 4980 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
13:19:35.0928 4980 vds - ok
13:19:35.0959 4980 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
13:19:36.0006 4980 vga - ok
13:19:36.0021 4980 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
13:19:36.0146 4980 VgaSave - ok
13:19:36.0177 4980 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
13:19:36.0224 4980 vhdmp - ok
13:19:36.0271 4980 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
13:19:36.0287 4980 viaide - ok
13:19:36.0318 4980 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
13:19:36.0333 4980 volmgr - ok
13:19:36.0365 4980 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
13:19:36.0396 4980 volmgrx - ok
13:19:36.0427 4980 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
13:19:36.0443 4980 volsnap - ok
13:19:36.0489 4980 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
13:19:36.0536 4980 vsmraid - ok
13:19:36.0599 4980 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
13:19:36.0755 4980 VSS - ok
13:19:36.0786 4980 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
13:19:36.0817 4980 vwifibus - ok
13:19:36.0848 4980 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
13:19:36.0879 4980 vwififlt - ok
13:19:36.0911 4980 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
13:19:36.0973 4980 W32Time - ok
13:19:36.0989 4980 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
13:19:37.0035 4980 WacomPen - ok
13:19:37.0067 4980 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
13:19:37.0129 4980 WANARP - ok
13:19:37.0160 4980 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
13:19:37.0207 4980 Wanarpv6 - ok
13:19:37.0254 4980 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
13:19:37.0347 4980 wbengine - ok
13:19:37.0394 4980 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
13:19:37.0457 4980 WbioSrvc - ok
13:19:37.0503 4980 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
13:19:37.0581 4980 wcncsvc - ok
13:19:37.0613 4980 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:19:37.0706 4980 WcsPlugInService - ok
13:19:37.0737 4980 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
13:19:37.0769 4980 Wd - ok
13:19:37.0815 4980 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
13:19:37.0878 4980 Wdf01000 - ok
13:19:37.0893 4980 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
13:19:37.0971 4980 WdiServiceHost - ok
13:19:37.0971 4980 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
13:19:38.0003 4980 WdiSystemHost - ok
13:19:38.0049 4980 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
13:19:38.0096 4980 WebClient - ok
13:19:38.0127 4980 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
13:19:38.0190 4980 Wecsvc - ok
13:19:38.0221 4980 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
13:19:38.0299 4980 wercplsupport - ok
13:19:38.0330 4980 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
13:19:38.0393 4980 WerSvc - ok
13:19:38.0439 4980 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
13:19:38.0486 4980 WfpLwf - ok
13:19:38.0502 4980 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
13:19:38.0517 4980 WIMMount - ok
13:19:38.0549 4980 WinDefend - ok
13:19:38.0564 4980 WinHttpAutoProxySvc - ok
13:19:38.0595 4980 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
13:19:38.0689 4980 Winmgmt - ok
13:19:38.0783 4980 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
13:19:38.0923 4980 WinRM - ok
13:19:38.0970 4980 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
13:19:39.0001 4980 WinUsb - ok
13:19:39.0032 4980 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
13:19:39.0095 4980 Wlansvc - ok
13:19:39.0157 4980 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:19:39.0188 4980 wlcrasvc - ok
13:19:39.0313 4980 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:19:39.0578 4980 wlidsvc - ok
13:19:39.0625 4980 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
13:19:39.0703 4980 WmiAcpi - ok
13:19:39.0734 4980 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
13:19:39.0781 4980 wmiApSrv - ok
13:19:39.0812 4980 WMPNetworkSvc - ok
13:19:39.0828 4980 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
13:19:39.0890 4980 WPCSvc - ok
13:19:39.0921 4980 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
13:19:40.0015 4980 WPDBusEnum - ok
13:19:40.0046 4980 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
13:19:40.0155 4980 ws2ifsl - ok
13:19:40.0187 4980 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
13:19:40.0280 4980 wscsvc - ok
13:19:40.0296 4980 WSearch - ok
13:19:40.0421 4980 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
13:19:40.0655 4980 wuauserv - ok
13:19:40.0701 4980 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
13:19:40.0811 4980 WudfPf - ok
13:19:40.0842 4980 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
13:19:40.0889 4980 WUDFRd - ok
13:19:40.0920 4980 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
13:19:40.0998 4980 wudfsvc - ok
13:19:41.0045 4980 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
13:19:41.0201 4980 WwanSvc - ok
13:19:41.0247 4980 ================ Scan global ===============================
13:19:41.0294 4980 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
13:19:41.0341 4980 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
13:19:41.0372 4980 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
13:19:41.0513 4980 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
13:19:41.0559 4980 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
13:19:41.0575 4980 [Global] - ok
13:19:41.0575 4980 ================ Scan MBR ==================================
13:19:41.0591 4980 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:19:42.0823 4980 \Device\Harddisk0\DR0 - ok
13:19:42.0823 4980 ================ Scan VBR ==================================
13:19:42.0839 4980 [ 557F5EC52BD17C94673BF37203277CBF ] \Device\Harddisk0\DR0\Partition1
13:19:42.0839 4980 \Device\Harddisk0\DR0\Partition1 - ok
13:19:42.0839 4980 [ E384C685613EB5760B240DA4B6FD4DB3 ] \Device\Harddisk0\DR0\Partition2
13:19:42.0854 4980 \Device\Harddisk0\DR0\Partition2 - ok
13:19:42.0901 4980 [ 7C941D31ECF9E2E64D1CC8D3E48C859A ] \Device\Harddisk0\DR0\Partition3
13:19:42.0917 4980 \Device\Harddisk0\DR0\Partition3 - ok
13:19:42.0917 4980 [ 1EE2E800DD04B5DA20C67EC95270A8E9 ] \Device\Harddisk0\DR0\Partition4
13:19:42.0917 4980 \Device\Harddisk0\DR0\Partition4 - ok
13:19:42.0917 4980 ============================================================
13:19:42.0917 4980 Scan finished
13:19:42.0917 4980 ============================================================
13:19:42.0932 2604 Detected object count: 3
13:19:42.0932 2604 Actual detected object count: 3
|
|
06.03.2013, 14:34
| #17 |
| /// Malware-holic   | 2837 Versteckte Objekte hi,
__________________Scan mit Combofix
__________________ |
|
06.03.2013, 16:07
| #18 |
| | 2837 Versteckte Objekte Es wurde kein Logfile erstellt.
__________________Was nun? |
|
06.03.2013, 17:07
| #19 |
| /// Malware-holic | 2837 Versteckte Objekte es wird immer ein log erstellt, wenn das programm bis zum ende gelaufen ist, entweder unter combofix.txt bzw log.txt auf c: wenn es keins gibt, starte neu, drücke f8 wähle abgesicherter modus, melde dich in deinem konto an, lasse combofix laufen. warten bis fertig, dann normal starten und log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.03.2013, 19:52
| #20 |
| | 2837 Versteckte Objekte Ich kann dann keine Programme starten. Ich kann dann nur bei cmd befehle eingeben, und einen älteren Systemstand aufrufen oder so ähnlich. |
|
08.03.2013, 14:42
| #21 |
| | 2837 Versteckte Objekte Wie soll ich da Combofix starten? Bitte noch mal genauer erklären. |
|
08.03.2013, 18:59
| #22 |
| /// Malware-holic | 2837 Versteckte Objekte 1. es ist nicht nötig nach 1 tag die Frage bereits 2 mal zu stellen, ich hab auch noch anderes zu tun! 2. bist du im abgesicherten Modus mit Eingabeaufforderung gewesen, du sollst aber bitte in den abgesicherten modus gehen. da gibts mehrere auswahlmöglichkeiten, bitte noch mal schaun
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.03.2013, 20:08
| #23 |
| | 2837 Versteckte Objekte Avira hat einen Virus entdeckt. Der heißt: ADWARE/Adware.Gen Ok ich kucke noch mal. Code:
ATTFilter ComboFix 13-03-07.03 - mossi 08.03.2013 20:40:47.2.1 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1789.1310 [GMT 1:00]
ausgeführt von:: c:\users\mossi\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: McAfee® Total Protection™ Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee® Total Protection™ Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: McAfee® Total Protection™ Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-08 bis 2013-03-08 ))))))))))))))))))))))))))))))
.
.
2013-03-08 15:20 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04CBF508-0454-4408-94EB-E7D468B4C3B6}\mpengine.dll
2013-03-08 14:15 . 2013-03-08 14:15 -------- d-----w- c:\users\mossi\AppData\Roaming\OpenCandy
2013-03-08 14:06 . 2013-03-08 15:03 -------- d-----w- c:\users\mossi\AppData\Roaming\vlc
2013-03-08 14:05 . 2013-03-08 14:05 -------- d-----w- c:\program files (x86)\VideoLAN
2013-03-07 18:22 . 2013-03-07 18:22 -------- d-----w- c:\users\mossi\AppData\Roaming\McAfee
2013-03-06 20:17 . 2013-03-06 20:18 -------- d-----w- c:\users\mossi\AppData\Roaming\TrueCrypt
2013-03-06 20:17 . 2013-03-07 18:20 -------- d-----w- c:\program files\TrueCrypt
2013-03-06 20:04 . 2013-03-06 20:04 -------- d-----w- c:\users\mossi\AppData\Roaming\FreemakeVideoDownloader
2013-03-06 19:55 . 2013-03-08 15:03 -------- d-----w- c:\program files\WinPcap
2013-03-06 19:54 . 2013-03-08 14:49 -------- d-----w- c:\programdata\Freemake
2013-03-06 19:54 . 2013-03-08 15:00 -------- d-----w- c:\program files (x86)\Freemake
2013-03-03 17:24 . 2013-03-03 17:24 -------- d-----w- c:\users\mossi\AppData\Roaming\Auslogics
2013-03-03 17:09 . 2013-03-05 14:09 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2013-02-27 21:43 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-02-27 21:43 . 2013-01-04 06:11 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-02-27 21:43 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-02-27 21:43 . 2013-01-13 19:24 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-02-27 21:43 . 2013-01-13 19:02 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-02-27 21:43 . 2013-01-13 18:32 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-02-24 18:44 . 2013-02-24 18:45 -------- d-----w- c:\program files (x86)\7-Zip
2013-02-24 10:06 . 2013-02-24 10:06 -------- d-----w- c:\programdata\SoftSafe
2013-02-24 10:05 . 2013-03-05 13:55 -------- d-----w- c:\program files (x86)\BrowseToSave
2013-02-24 10:04 . 2013-03-03 17:38 -------- d-----w- c:\program files (x86)\EasyLife
2013-02-24 10:02 . 2013-02-24 10:06 -------- d-----w- c:\programdata\InstallMate
2013-02-13 19:14 . 2013-02-13 19:14 -------- d-----w- c:\users\mossi\AppData\Roaming\Avira
2013-02-13 19:05 . 2013-02-13 19:03 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-02-13 19:05 . 2013-02-13 19:03 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-02-13 19:05 . 2013-02-13 19:03 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-13 19:05 . 2013-02-13 19:08 -------- d-----w- c:\programdata\Avira
2013-02-13 19:05 . 2013-02-13 19:05 -------- d-----w- c:\program files (x86)\Avira
2013-02-13 17:45 . 2013-02-13 17:45 215336 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-02-13 17:45 . 2013-02-13 17:45 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2013-02-13 17:45 . 2013-02-13 17:45 1379376 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-02-13 17:45 . 2013-02-13 17:45 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2013-02-13 17:45 . 2013-02-13 17:45 270632 ----a-w- c:\windows\system32\SynCtrl.dll
2013-02-13 17:45 . 2013-02-13 17:45 214312 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2013-02-13 17:45 . 2013-02-13 17:45 400168 ----a-w- c:\windows\system32\SynCOM.dll
2013-02-13 17:45 . 2013-02-13 17:45 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
2013-02-13 16:38 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 16:38 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 16:36 . 2013-01-09 01:12 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-02-13 16:10 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 16:10 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 16:10 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 16:09 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 16:09 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 16:09 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 16:09 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 16:09 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 16:09 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 16:09 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 16:08 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 16:08 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 20:50 . 2012-05-16 18:03 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 20:50 . 2011-09-02 10:47 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 16:45 . 2011-09-01 10:47 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2013-01-12 18:53 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 16:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-17 05:43 . 2012-12-21 19:00 38096 ----a-w- c:\windows\system32\drivers\gfiark.sys
2012-12-16 17:11 . 2012-12-21 14:24 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 14:24 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 14:24 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 14:24 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-09 20:19 . 2012-12-09 20:19 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\mossi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-06 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-10-01 256056]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-13 385248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 acedrv06;acedrv06;c:\windows\system32\drivers\acedrv06.sys [2012-04-05 147456]
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-02-13 27800]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-02-08 89600]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 203264]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-13 86752]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-10-01 280120]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-08-07 222528]
R2 myAgtSvc;McAfee Viren- und Spyware-Schutzdienst;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [2010-07-07 282824]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-12-17 38096]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-06-04 94736]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-11 1128952]
R4 SearchAnonymizer;SearchAnonymizer;c:\users\mossi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2012-11-06 40960]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-09 14456]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-06-04 283232]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-04 149032]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - PXHLPA64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-25 18:43 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 20:50]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 14:50]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-04 14:50]
.
2013-02-13 c:\windows\Tasks\HPCeeScheduleFormossi.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-02-08 489472]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.easylifeapp.com/?pid=713&src=ie1&r=2013/02/24&hid=2584535279&lg=EN&cc=DE
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.easylifeapp.com/?pid=713&src=ie1&r=2013/02/24&hid=2584535279&lg=EN&cc=DE
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: siteadvisor.com\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\mossi\AppData\Roaming\Mozilla\Firefox\Profiles\vpihpbsd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?pid=713&src=ff2&r=2013/02/24&hid=2584535279&lg=EN&cc=DE&l=1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.avaaz.org/de/index.php
FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?pid=713&src=ff2&r=2013/02/24&hid=2584535279&lg=EN&cc=DE&l=1&q=
FF - prefs.js: network.proxy.ftp - 147.31.182.137
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 147.31.182.137
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 147.31.182.137
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 147.31.182.137
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-MVS - c:\progra~2\McAfee\MANAGE~1\Agent\myinx
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\mcafee\ManagedServices]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\mcafee\VSCORE]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-08 20:49:37
ComboFix-quarantined-files.txt 2013-03-08 19:49
.
Vor Suchlauf: 20 Verzeichnis(se), 56.500.449.280 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 56.299.819.008 Bytes frei
.
- - End Of File - - 9E3879DD62BEB2972BEC725FF9590D17
|
|
11.03.2013, 18:40
| #24 |
| /// Malware-holic | 2837 Versteckte Objekte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.03.2013, 15:56
| #25 |
| | 2837 Versteckte Objekte Ich weiß es nicht. Da kam unten rechts ein kleines Fenster mit der Anzeige. Ich habe ihn in die Quarantäne gemacht. |
|
12.03.2013, 19:22
| #26 |
| /// Malware-holic | 2837 Versteckte Objekte dann lies doch bitte mal alles was man dier postet, wo du das findest steht in dem link
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.03.2013, 01:03
| #27 |
| | 2837 Versteckte Objekte Da steht: Quelle: C:\Users\mossi\Download.exe |
|
13.03.2013, 18:41
| #28 |
| /// Malware-holic | 2837 Versteckte Objekte lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.03.2013, 16:34
| #29 |
| | 2837 Versteckte ObjekteCode:
ATTFilter 7-Zip 9.20 24.02.2013 gebraucht
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.03.2013 6,00MB 11.6.602.180 gebraucht
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.03.2013 6,00MB 11.6.602.180 gebraucht
ASIO4ALL Michael Tippach 01.01.2013 2.10 unbekannt
ATI Catalyst Install Manager ATI Technologies, Inc. 05.11.2010 22,3MB 3.0.778.0 unbekannt
Avira Free Antivirus Avira 13.02.2013 136MB 13.0.0.3185 gebraucht
Blue Byte Game Channel UbiSoft 01.01.2013 gebraucht
Broadcom 2070 Bluetooth 3.0 Broadcom Corporation 05.11.2010 183MB 6.3.0.6300 unbekannt
Broadcom 802.11 Wireless LAN Adapter Broadcom Corporation 5.60.350.6 unbekannt
CCleaner Piriform 24.09.2012 3.23 gebraucht
ColdZero 01.01.2013 gebraucht
Das Geheimnis des silbernen Ohrrings 01.01.2013 0.0 gebraucht
Die Römer 01.01.2013 gebraucht
EAWMapEditor Petroglyph 26.01.2012 23,3MB 1.0.0 gebraucht
Energy Star Digital Logo Hewlett-Packard 05.11.2010 300KB 1.0.1 unbekannt
FL Studio 10 Image-Line 01.01.2013 gebraucht
GameSpy Arcade 12.03.2013 unbekannt
Google Chrome Google Inc. 09.04.2011 25.0.1364.97 gebraucht
Google Earth Google 20.11.2011 92,7MB 6.1.0.5001 gebraucht
Google Toolbar for Internet Explorer Google Inc. 01.01.2013 7.4.3607.2246 ungebraucht
HP Advisor Hewlett-Packard 08.09.2010 53,9MB 3.4.10262.3295 gebraucht
HP Documentation Hewlett-Packard 08.09.2010 883MB 1.5.1.0 gebraucht
HP ESU for Microsoft Windows 7 Hewlett-Packard Company 14.12.2011 15,0MB 1.1.8.1 gebraucht
HP HotKey Support Hewlett-Packard Company 12.05.2011 11,6MB 4.0.3.1 gebraucht
HP Setup Hewlett-Packard Company 08.09.2010 8.2.4130.3367 gebraucht
HP SoftPaq Download Manager Hewlett-Packard Company 08.09.2010 14,3MB 3.0.5.0 gebraucht
HP Software Framework Hewlett-Packard Company 28.07.2012 4,74MB 4.1.13.1 gebraucht
HP Software Setup Hewlett-Packard Company 08.09.2010 11,7MB 7.0.1.6 gebraucht
HP Support Assistant Hewlett-Packard Company 30.08.2012 75,6MB 6.1.12.1 gebraucht
HP Webcam Roxio 01.01.2013 9,76MB 1.0.25.0 gebraucht
HP Webcam Driver Sonix 05.11.2010 5.8.50014.0 gebraucht
HP Wireless Assistant Hewlett-Packard 08.09.2010 5,59MB 4.0.6.0 gebraucht
IDT Audio IDT 05.11.2010 1.0.6275.0 unbekannt
IL Download Manager Image-Line 01.01.2013 unbekannt
Java SE Development Kit 7 Update 4 Oracle 02.05.2012 139MB 1.7.0.40 gebraucht
Java(TM) 6 Update 25 Oracle 16.05.2011 94,7MB 6.0.250 gebraucht
Java(TM) 7 Update 4 Oracle 02.05.2012 101MB 7.0.40 gebraucht
Java(TM) SE Development Kit 6 Update 20 Sun Microsystems, Inc. 07.04.2012 140MB 1.6.0.200 gebraucht
LightScribe System Software LightScribe 08.09.2010 23,3MB 1.18.12.1 unbekannt
LMMS 0.4.10 LMMS Developers 01.01.2013 0.4.10 unbekannt
McAfee Browser Protection Service McAfee, Inc. 01.01.2013 5.1.0.340 ungebraucht
McAfee Firewall Protection Service McAfee, Inc. 01.01.2013 5.1.0.340 ungebraucht
McAfee Virus and Spyware Protection Service McAfee, Inc. 01.01.2013 5.1.0.340 ungebraucht
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 19.01.2011 38,8MB 4.0.30319 gebraucht
Microsoft .NET Framework 4 Extended Microsoft Corporation 12.10.2012 51,9MB 4.0.30319 gebraucht
Microsoft Age of Empires 13.03.2013 gebraucht
Microsoft Office 2010 Microsoft Corporation 08.09.2010 6,31MB 14.0.4763.1000 ungebraucht
Microsoft Silverlight Microsoft Corporation 04.05.2012 40,3MB 4.0.60310.0 gebraucht
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 01.10.2012 2,69MB 8.0.56336 gebraucht
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 08.09.2010 708KB 8.0.56336 gebraucht
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 08.09.2010 788KB 9.0.30729 gebraucht
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 05.11.2010 788KB 9.0.30729.4148 gebraucht
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 04.12.2012 788KB 9.0.30729.6161 gebraucht
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 01.10.2012 1,42MB 9.0.21022 gebraucht
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12.10.2012 238KB 9.0.30729 gebraucht
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 17.01.2011 596KB 9.0.30729.4148 gebraucht
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 04.12.2012 600KB 9.0.30729.6161 gebraucht
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 13.02.2013 11,1MB 10.0.40219 gebraucht
Mozilla Firefox 19.0.2 (x86 de) Mozilla 08.03.2013 43,6MB 19.0.2 gebraucht
Mozilla Maintenance Service Mozilla 08.03.2013 330KB 19.0.2 unbekannt
Mozilla Thunderbird 15.0 (x86 de) Mozilla 01.01.2013 39,6MB 15.0 ungebraucht
Norton Online Backup Symantec 17.01.2011 3,30MB 2.0.0.34 unbekannt
NVIDIA PhysX NVIDIA Corporation 12.10.2012 78,9MB 9.10.0513 unbekannt
OpenOffice.org 3.4.1 Apache Software Foundation 04.12.2012 331MB 3.41.9593 gebraucht
PDF Complete Special Edition PDF Complete, Inc 13.02.2013 4.0.64 gebraucht
PunkBuster Services Even Balance, Inc. 01.01.2013 0.992 unbekannt
Realtek Ethernet Controller All-In-One Windows Driver Realtek 08.09.2010 gebraucht 1.12.0011
Rome - Total War - Gold Edition The Creative Assembly 12.03.2013 1.6 gebraucht
Roxio Creator Business Roxio 01.01.2013 324MB 10.3.56.21 unbekannt
Spotify Spotify AB 06.11.2012 0.8.5.1333.g822e0de8 gebraucht
Star Wars Empire at War LucasArts 23.01.2011 1.0 gebraucht
Star Wars Empire at War Forces of Corruption LucasArts 31.03.2011 1.0
Starcraft 11.03.2013 gebraucht
Steam Valve 01.10.2012 42,1MB 1.0.0.0 gebraucht
Synaptics Pointing Device Driver Synaptics Incorporated 13.02.2013 46,4MB 15.0.24.0 unbekannt
Total War: SHOGUN 2 The Creative Assembly 01.01.2013 gebraucht
Unity Web Player Unity Technologies ApS 17.12.2012 12,0MB 2.6.1f3_31223 unbekannt
Windows 7 Default Setting Hewlett-Packard Company 08.09.2010 32,0KB 1.0.1.7 unbekannt
WinRAR 4.01 (32-Bit) win.rar GmbH 01.01.2013 4.01.0 gebraucht
WinZip 14.5 WinZip Computing, S.L. 17.01.2011 19,9MB 14.5.9095 gebraucht
|
|
14.03.2013, 21:56
| #30 |
| /// Malware-holic | 2837 Versteckte Objekte deinstalire: Google Toolbar IL Java: alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: McAfee : alle Mozilla Thunderbird Unity Öffne CCleaner, analysieren, starten, pc neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu 2837 Versteckte Objekte |
| avira, gefunde, objekt, objekte, scan, troja, versteckte, versteckte objekte |
WARNUNG an die MITLESER: 
Linear-Darstellung
