| |
| |||||||
Log-Analyse und Auswertung: Ausreichende Bereinigung nach GVU-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.03.2013, 19:04
| #1 |
| |  Ausreichende Bereinigung nach GVU-Trojaner Hallo, ich hatte mir am 5.6. den GVU-Trojaner eingefangen und versucht mit Avast Antivirus die Maschine wieder flott zu kriegen. Allerdings konnte Avast eine Anwendung nicht löschen. Habe auch nochBilder dazu gemacht. Nun habe ich eine Systembereinigung nach Eurer Anleitung durchgeführt (Punkt 2). Dabei wurde auch noch "Savings Sidekick" gefunden! Ist das System jetzt wieder voll gebrauchsfähig? Gruß, Uwa |
|
12.03.2013, 11:57
| #2 |
| /// Helfer-Team  | Ausreichende Bereinigung nach GVU-Trojaner poste alle gemachten Logs und Funde. Wir analysieren und machen keine Horoskope. dann: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
12.03.2013, 14:15
| #3 |
| | Ausreichende Bereinigung nach GVU-Trojaner hallo t'john,
__________________ich habe alle Scans und alle soweit interssanten Bilder geladen. Das GVU-Trojaner Bild kennt Ihr ja, und habe es nicht nochmal gepackt. Das "Seving Sidekick" muss aber schon länger drauf gewesen sein? Das war sogar als Programm installiert! Ich hoffe Ihr könnt mit den Hyroglyphen etwas anfangen? Gruß, uwa Geändert von uwa (12.03.2013 um 14:22 Uhr) |
|
12.03.2013, 14:33
| #4 |
| /// Helfer-Team | Ausreichende Bereinigung nach GVU-Trojaner Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
[2013.02.25 09:24:34 | 000,009,808 | ---- | M] () -- C:\Users\Uwe\AppData\Roaming\BabMaint.exe
[2013.03.06 10:10:48 | 095,023,320 | ---- | M] () -- C:\ProgramData\1820278.pad
[2013.03.05 15:15:06 | 000,000,153 | ---- | M] () -- C:\ProgramData\1820278.reg
[2013.03.05 15:15:06 | 000,000,058 | ---- | M] () -- C:\ProgramData\1820278.bat
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Uwe\*.tmp
C:\Users\Uwe\AppData\*.dll
C:\Users\Uwe\AppData\*.exe
C:\Users\Uwe\AppData\Local\Temp\*.exe
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
13.03.2013, 10:50
| #5 |
| | Ausreichende Bereinigung nach GVU-Trojaner ok ich hoffe, dass ich das OTL Logfile so richtig einkopiert habe ( über den # Buttom)? Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Uwe\AppData\Roaming\BabMaint.exe moved successfully.
C:\ProgramData\1820278.pad moved successfully.
C:\ProgramData\1820278.reg moved successfully.
C:\ProgramData\1820278.bat moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Uwe\*.tmp not found.
File\Folder C:\Users\Uwe\AppData\*.dll not found.
File\Folder C:\Users\Uwe\AppData\*.exe not found.
C:\Users\Uwe\AppData\Local\Temp\ose00000.exe moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Uwe\Downloads\Software\OTL MWB Root Kit AdwCleaner\cmd.bat deleted successfully.
C:\Users\Uwe\Downloads\Software\OTL MWB Root Kit AdwCleaner\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 19281161 bytes
->Temporary Internet Files folder emptied: 521962 bytes
->Java cache emptied: 0 bytes
User: Public
User: Saturn
->Temp folder emptied: 39613793 bytes
->Temporary Internet Files folder emptied: 3704141 bytes
->Java cache emptied: 7797526 bytes
->Flash cache emptied: 405 bytes
User: Uwe
->Temp folder emptied: 31238794 bytes
->Temporary Internet Files folder emptied: 825210850 bytes
->FireFox cache emptied: 5228997 bytes
->Google Chrome cache emptied: 7703644 bytes
->Flash cache emptied: 506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 500387019 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36299590 bytes
RecycleBin emptied: 10078762679 bytes
Total Files Cleaned = 11.020,00 mb
Error: Unable to interpret <---------> in the current context!
OTL by OldTimer - Version 3.2.69.0 log created on 03132013_102021
Files\Folders moved on Reboot...
C:\Users\Uwe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Uwe\AppData\Local\Temp\~DF049CF316B71542F7.TMP not found!
File\Folder C:\Users\Uwe\AppData\Local\Temp\~DF19C62BD88AF08488.TMP not found!
File\Folder C:\Users\Uwe\AppData\Local\Temp\~DF3422270A86788485.TMP not found!
File\Folder C:\Users\Uwe\AppData\Local\Temp\~DF3E983C481C65FCBE.TMP not found!
File\Folder C:\Users\Uwe\AppData\Local\Temp\~DF445657E412FCC2A7.TMP not found!
File\Folder C:\Users\Uwe\AppData\Local\Temp\~DF869E1EC15BBBD105.TMP not found!
File\Folder C:\Users\Uwe\AppData\Local\Temp\~DF8EFBB38311D34613.TMP not found!
File\Folder C:\Users\Uwe\AppData\Local\Temp\~DF949BE98455871771.TMP not found!
File\Folder C:\Users\Uwe\AppData\Local\Temp\~DF97BCE525EBE19508.TMP not found!
File\Folder C:\Users\Uwe\AppData\Local\Temp\~DFA56A8F19C354041F.TMP not found!
File\Folder C:\Users\Uwe\AppData\Local\Temp\~DFAEDF703728EB2CAC.TMP not found!
File\Folder C:\Users\Uwe\AppData\Local\Temp\~DFC289128F100F4D67.TMP not found!
File\Folder C:\Users\Uwe\AppData\Local\Temp\~DFF270BD67BF1F4553.TMP not found!
File\Folder C:\Users\Uwe\AppData\Local\Temp\~DFF782D1432DE2CF7B.TMP not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Ich hoffe auf ein ok? Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.13.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Uwe :: PC [administrator]
13.03.2013 11:33:58
mbar-log-2013-03-13 (11-33-58).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30423
Time elapsed: 12 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
[CODAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.114 - Datei am 13/03/2013 um 11:39:12 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Uwe - PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Uwe\Downloads\Software\OTL MWB Root Kit AdwCleaner\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : Browser Manager
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Uwe\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\ynqegyic.default\bprotector_extensions.sqlite
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Uwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gelöscht : C:\Users\Uwe\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Uwe\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Uwe\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Uwe\AppData\Roaming\BabylonToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Savings Sidekick
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\5d558b8bb668ee43
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5d558b8bb668ee43
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\ynqegyic.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v25.0.1364.152
Datei : C:\Users\Uwe\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [10098 octets] - [13/03/2013 11:39:12]
########## EOF - C:\AdwCleaner[S1].txt - [10159 octets] ##########
E][/CODE] Mir ist gerade etwas aufgefallen, was vielleicht einer Erwähnung bedarf? Habe heute ein paar Bilder gemacht die in der Canon nicht angezeigt werden! Hatte gestern die Speicherkarte im Laptop zum herunterladen der Fotos. Ist es vielleicht möglich, dass die Speicherkarte infiziert wurde? Habe auch nach dem Trojanerbefall einige private Dateien auf eine externe Festplatte gesichert. (?) |
|
13.03.2013, 14:28
| #6 | |
| /// Helfer-Team | Ausreichende Bereinigung nach GVU-TrojanerZitat:
Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
__________________ --> Ausreichende Bereinigung nach GVU-Trojaner |
|
13.03.2013, 15:18
| #7 |
| | Ausreichende Bereinigung nach GVU-Trojaner aswMBR.exe stoppt beim scannen (2x versucht) und bringt Fehlermeldung. Optionen: online nach einer Lösung suchen Programm schließen Habe die Meldung einkopiert Code:
ATTFilter Problemsignatur:
Problemereignisname: APPCRASH
Anwendungsname: aswMBR.exe
Anwendungsversion: 0.9.9.1707
Anwendungszeitstempel: 509be8bf
Fehlermodulname: ntdll.dll
Fehlermodulversion: 6.1.7601.17725
Fehlermodulzeitstempel: 4ec49b8f
Ausnahmecode: c0000005
Ausnahmeoffset: 0002e3be
Betriebsystemversion: 6.1.7601.2.1.0.768.3
Gebietsschema-ID: 1031
Zusatzinformation 1: 0a9e
Zusatzinformation 2: 0a9e372d3b4ad19135b953a78882e789
Zusatzinformation 3: 0a9e
Zusatzinformation 4: 0a9e372d3b4ad19135b953a78882e789
Lesen Sie unsere Datenschutzbestimmungen online:
hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0407
Wenn die Onlinedatenschutzbestimmungen nicht verfügbar sind, lesen Sie unsere Datenschutzbestimmungen offline:
C:\Windows\system32\de-DE\erofflps.txt
Geändert von uwa (13.03.2013 um 15:33 Uhr) |
|
13.03.2013, 15:34
| #8 |
| /// Helfer-Team | Ausreichende Bereinigung nach GVU-Trojaner Gut dann: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
danach mit ESET weitermachen. |
|
14.03.2013, 09:04
| #9 |
| | Ausreichende Bereinigung nach GVU-Trojaner hallo t'john, ich hatte gestern wohl doch ein Häkchen übersehen? Das ESET lief 6 Stunden! Anschließend nun die Protopkolle: TDSSKiller Code:
ATTFilter 16:04:47.0251 2560 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:04:47.0439 2560 ============================================================
16:04:47.0439 2560 Current date / time: 2013/03/13 16:04:47.0439
16:04:47.0439 2560 SystemInfo:
16:04:47.0439 2560
16:04:47.0439 2560 OS Version: 6.1.7601 ServicePack: 1.0
16:04:47.0439 2560 Product type: Workstation
16:04:47.0439 2560 ComputerName: PC
16:04:47.0439 2560 UserName: Uwe
16:04:47.0439 2560 Windows directory: C:\Windows
16:04:47.0439 2560 System windows directory: C:\Windows
16:04:47.0439 2560 Running under WOW64
16:04:47.0439 2560 Processor architecture: Intel x64
16:04:47.0439 2560 Number of processors: 8
16:04:47.0439 2560 Page size: 0x1000
16:04:47.0439 2560 Boot type: Normal boot
16:04:47.0439 2560 ============================================================
16:04:48.0328 2560 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:04:48.0343 2560 Drive \Device\Harddisk2\DR2 - Size: 0xE4200000 (3.56 Gb), SectorSize: 0x200, Cylinders: 0x1D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:04:48.0406 2560 ============================================================
16:04:48.0406 2560 \Device\Harddisk0\DR0:
16:04:48.0406 2560 MBR partitions:
16:04:48.0406 2560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1403800, BlocksNum 0x32000
16:04:48.0406 2560 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1435800, BlocksNum 0x38F50030
16:04:48.0406 2560 \Device\Harddisk2\DR2:
16:04:48.0406 2560 MBR partitions:
16:04:48.0406 2560 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x721000
16:04:48.0406 2560 ============================================================
16:04:48.0437 2560 C: <-> \Device\Harddisk0\DR0\Partition2
16:04:48.0437 2560 ============================================================
16:04:48.0437 2560 Initialize success
16:04:48.0437 2560 ============================================================
16:05:06.0471 4552 ============================================================
16:05:06.0471 4552 Scan started
16:05:06.0471 4552 Mode: Manual;
16:05:06.0471 4552 ============================================================
16:05:06.0923 4552 ================ Scan system memory ========================
16:05:06.0923 4552 System memory - ok
16:05:06.0923 4552 ================ Scan services =============================
16:05:07.0095 4552 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:05:07.0095 4552 1394ohci - ok
16:05:07.0204 4552 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\AAVUpdateManager\aavus.exe
16:05:07.0204 4552 AAV UpdateService - ok
16:05:07.0282 4552 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:05:07.0282 4552 ACDaemon - ok
16:05:07.0313 4552 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:05:07.0329 4552 ACPI - ok
16:05:07.0360 4552 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:05:07.0360 4552 AcpiPmi - ok
16:05:07.0422 4552 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:05:07.0422 4552 AdobeARMservice - ok
16:05:07.0594 4552 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:05:07.0609 4552 AdobeFlashPlayerUpdateSvc - ok
16:05:07.0672 4552 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:05:07.0672 4552 adp94xx - ok
16:05:07.0719 4552 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:05:07.0734 4552 adpahci - ok
16:05:07.0765 4552 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:05:07.0765 4552 adpu320 - ok
16:05:07.0812 4552 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:05:07.0812 4552 AeLookupSvc - ok
16:05:07.0859 4552 [ 65F8D71074FCE72B6C491F63535FEDC6 ] AF9035BDA C:\Windows\system32\DRIVERS\AF15BDA.sys
16:05:07.0875 4552 AF9035BDA - ok
16:05:07.0921 4552 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:05:07.0937 4552 AFD - ok
16:05:07.0968 4552 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:05:07.0968 4552 agp440 - ok
16:05:07.0999 4552 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:05:08.0015 4552 ALG - ok
16:05:08.0046 4552 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:05:08.0046 4552 aliide - ok
16:05:08.0062 4552 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:05:08.0062 4552 amdide - ok
16:05:08.0093 4552 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:05:08.0093 4552 AmdK8 - ok
16:05:08.0124 4552 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:05:08.0124 4552 AmdPPM - ok
16:05:08.0155 4552 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:05:08.0171 4552 amdsata - ok
16:05:08.0202 4552 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:05:08.0202 4552 amdsbs - ok
16:05:08.0218 4552 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:05:08.0218 4552 amdxata - ok
16:05:08.0280 4552 [ 1661F9C9E4B0049FA0A5E30264375A87 ] ApfiltrService C:\Windows\system32\drivers\Apfiltr.sys
16:05:08.0280 4552 ApfiltrService - ok
16:05:08.0343 4552 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:05:08.0343 4552 AppID - ok
16:05:08.0374 4552 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:05:08.0374 4552 AppIDSvc - ok
16:05:08.0405 4552 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:05:08.0405 4552 Appinfo - ok
16:05:08.0436 4552 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:05:08.0436 4552 arc - ok
16:05:08.0452 4552 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:05:08.0467 4552 arcsas - ok
16:05:08.0483 4552 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
16:05:08.0483 4552 ArcSoftKsUFilter - ok
16:05:08.0514 4552 [ 4CA8E3A70263C3029935551204586701 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
16:05:08.0514 4552 aswFsBlk - ok
16:05:08.0561 4552 [ CF6A24076F978BF9C1FE61EE8595DB66 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:05:08.0561 4552 aswMonFlt - ok
16:05:08.0608 4552 [ 24EB5B96B8D215BAC4FC280D39B73049 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
16:05:08.0608 4552 aswRdr - ok
16:05:08.0670 4552 [ 76A2BD420185B468B6DE89AED1EEAE40 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
16:05:08.0670 4552 aswRvrt - ok
16:05:08.0733 4552 [ 5EB2FC36BD4639097A2F9BB68C825604 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
16:05:08.0748 4552 aswSnx - ok
16:05:08.0779 4552 [ AB1403AF5CC781D5148096216DA3A2A3 ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:05:08.0779 4552 aswSP - ok
16:05:08.0857 4552 [ 6A2D4BB9DDAA7D74839936403BB31F06 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
16:05:08.0857 4552 aswTdi - ok
16:05:08.0935 4552 [ 0A83FFF1AEF6113EF8DCBB32D5014AB1 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
16:05:08.0935 4552 aswVmm - ok
16:05:08.0982 4552 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:05:08.0982 4552 AsyncMac - ok
16:05:09.0029 4552 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:05:09.0045 4552 atapi - ok
16:05:09.0107 4552 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:05:09.0154 4552 athr - ok
16:05:09.0216 4552 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:05:09.0247 4552 AudioEndpointBuilder - ok
16:05:09.0279 4552 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:05:09.0279 4552 AudioSrv - ok
16:05:09.0372 4552 [ AEF6E1DE647339C4990586D1DE427BBB ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
16:05:09.0372 4552 avast! Antivirus - ok
16:05:09.0403 4552 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:05:09.0403 4552 AxInstSV - ok
16:05:09.0450 4552 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:05:09.0466 4552 b06bdrv - ok
16:05:09.0513 4552 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:05:09.0528 4552 b57nd60a - ok
16:05:09.0559 4552 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:05:09.0559 4552 BDESVC - ok
16:05:09.0591 4552 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:05:09.0591 4552 Beep - ok
16:05:09.0637 4552 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:05:09.0669 4552 BFE - ok
16:05:09.0715 4552 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:05:09.0747 4552 BITS - ok
16:05:09.0778 4552 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:05:09.0778 4552 blbdrive - ok
16:05:09.0809 4552 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:05:09.0825 4552 bowser - ok
16:05:09.0856 4552 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:05:09.0856 4552 BrFiltLo - ok
16:05:09.0887 4552 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:05:09.0887 4552 BrFiltUp - ok
16:05:09.0903 4552 [ C711ED965009BDCFF9AA62CEB6FF1AAD ] Brother XP spl Service C:\Windows\SysWOW64\brsvc01a.exe
16:05:09.0918 4552 Brother XP spl Service - ok
16:05:09.0949 4552 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:05:09.0965 4552 Browser - ok
16:05:09.0996 4552 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:05:09.0996 4552 Brserid - ok
16:05:10.0027 4552 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:05:10.0027 4552 BrSerWdm - ok
16:05:10.0059 4552 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:05:10.0059 4552 BrUsbMdm - ok
16:05:10.0090 4552 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:05:10.0090 4552 BrUsbSer - ok
16:05:10.0137 4552 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:05:10.0152 4552 BthEnum - ok
16:05:10.0183 4552 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:05:10.0183 4552 BTHMODEM - ok
16:05:10.0199 4552 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:05:10.0215 4552 BthPan - ok
16:05:10.0246 4552 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:05:10.0261 4552 BTHPORT - ok
16:05:10.0308 4552 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:05:10.0308 4552 bthserv - ok
16:05:10.0324 4552 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:05:10.0324 4552 BTHUSB - ok
16:05:10.0339 4552 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
16:05:10.0339 4552 btusbflt - ok
16:05:10.0386 4552 [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
16:05:10.0386 4552 btwaudio - ok
16:05:10.0449 4552 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
16:05:10.0449 4552 btwavdt - ok
16:05:10.0558 4552 [ 31DA517946FFE416442E864592548F8A ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:05:10.0558 4552 btwdins - ok
16:05:10.0589 4552 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
16:05:10.0589 4552 btwl2cap - ok
16:05:10.0620 4552 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
16:05:10.0620 4552 btwrchid - ok
16:05:10.0651 4552 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:05:10.0651 4552 cdfs - ok
16:05:10.0698 4552 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:05:10.0698 4552 cdrom - ok
16:05:10.0745 4552 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:05:10.0745 4552 CertPropSvc - ok
16:05:10.0776 4552 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:05:10.0776 4552 circlass - ok
16:05:10.0823 4552 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:05:10.0839 4552 CLFS - ok
16:05:10.0932 4552 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:10.0932 4552 clr_optimization_v2.0.50727_32 - ok
16:05:10.0979 4552 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:05:10.0995 4552 clr_optimization_v2.0.50727_64 - ok
16:05:11.0057 4552 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:05:11.0057 4552 clr_optimization_v4.0.30319_32 - ok
16:05:11.0104 4552 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:05:11.0104 4552 clr_optimization_v4.0.30319_64 - ok
16:05:11.0119 4552 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:05:11.0119 4552 CmBatt - ok
16:05:11.0151 4552 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:05:11.0166 4552 cmdide - ok
16:05:11.0197 4552 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:05:11.0213 4552 CNG - ok
16:05:11.0244 4552 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:05:11.0244 4552 Compbatt - ok
16:05:11.0291 4552 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:05:11.0291 4552 CompositeBus - ok
16:05:11.0307 4552 COMSysApp - ok
16:05:11.0353 4552 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:05:11.0353 4552 crcdisk - ok
16:05:11.0385 4552 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:05:11.0400 4552 CryptSvc - ok
16:05:11.0431 4552 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:05:11.0478 4552 DcomLaunch - ok
16:05:11.0509 4552 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:05:11.0509 4552 defragsvc - ok
16:05:11.0541 4552 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:05:11.0541 4552 DfsC - ok
16:05:11.0572 4552 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:05:11.0587 4552 Dhcp - ok
16:05:11.0603 4552 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:05:11.0603 4552 discache - ok
16:05:11.0665 4552 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:05:11.0665 4552 Disk - ok
16:05:11.0697 4552 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:05:11.0712 4552 Dnscache - ok
16:05:11.0728 4552 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:05:11.0743 4552 dot3svc - ok
16:05:11.0775 4552 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:05:11.0775 4552 DPS - ok
16:05:11.0806 4552 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:05:11.0806 4552 drmkaud - ok
16:05:11.0853 4552 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:05:11.0868 4552 DXGKrnl - ok
16:05:11.0899 4552 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:05:11.0899 4552 EapHost - ok
16:05:11.0993 4552 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:05:12.0227 4552 ebdrv - ok
16:05:12.0274 4552 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:05:12.0274 4552 EFS - ok
16:05:12.0352 4552 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:05:12.0367 4552 ehRecvr - ok
16:05:12.0399 4552 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:05:12.0414 4552 ehSched - ok
16:05:12.0461 4552 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:05:12.0492 4552 elxstor - ok
16:05:12.0492 4552 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:05:12.0492 4552 ErrDev - ok
16:05:12.0555 4552 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:05:12.0570 4552 EventSystem - ok
16:05:12.0711 4552 [ 51643EE2712D9212E1E53CA7E8D8EB4A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:05:12.0726 4552 EvtEng - ok
16:05:12.0773 4552 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:05:12.0773 4552 exfat - ok
16:05:12.0789 4552 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:05:12.0804 4552 fastfat - ok
16:05:12.0867 4552 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:05:12.0882 4552 Fax - ok
16:05:12.0913 4552 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:05:12.0929 4552 fdc - ok
16:05:12.0945 4552 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:05:12.0945 4552 fdPHost - ok
16:05:12.0960 4552 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:05:12.0960 4552 FDResPub - ok
16:05:12.0991 4552 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:05:12.0991 4552 FileInfo - ok
16:05:13.0007 4552 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:05:13.0007 4552 Filetrace - ok
16:05:13.0023 4552 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:05:13.0023 4552 flpydisk - ok
16:05:13.0054 4552 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:05:13.0054 4552 FltMgr - ok
16:05:13.0116 4552 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
16:05:13.0163 4552 FontCache - ok
16:05:13.0241 4552 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:05:13.0241 4552 FontCache3.0.0.0 - ok
16:05:13.0272 4552 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:05:13.0272 4552 FsDepends - ok
16:05:13.0319 4552 [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
16:05:13.0319 4552 fssfltr - ok
16:05:13.0413 4552 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:05:13.0444 4552 fsssvc - ok
16:05:13.0491 4552 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:05:13.0491 4552 Fs_Rec - ok
16:05:13.0537 4552 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:05:13.0537 4552 fvevol - ok
16:05:13.0569 4552 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:05:13.0569 4552 gagp30kx - ok
16:05:13.0631 4552 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:05:13.0662 4552 gpsvc - ok
16:05:13.0725 4552 [ 2ED7FF3E1ADA4092632393781518B3A7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
16:05:13.0725 4552 grmnusb - ok
16:05:13.0787 4552 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:05:13.0787 4552 gupdate - ok
16:05:13.0834 4552 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:05:13.0834 4552 gupdatem - ok
16:05:13.0896 4552 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:05:13.0896 4552 gusvc - ok
16:05:13.0927 4552 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:05:13.0943 4552 hcw85cir - ok
16:05:13.0990 4552 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:05:13.0990 4552 HdAudAddService - ok
16:05:14.0037 4552 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:05:14.0052 4552 HDAudBus - ok
16:05:14.0068 4552 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:05:14.0068 4552 HidBatt - ok
16:05:14.0099 4552 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:05:14.0099 4552 HidBth - ok
16:05:14.0130 4552 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:05:14.0130 4552 HidIr - ok
16:05:14.0177 4552 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:05:14.0177 4552 hidserv - ok
16:05:14.0224 4552 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:05:14.0224 4552 HidUsb - ok
16:05:14.0255 4552 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:05:14.0255 4552 hkmsvc - ok
16:05:14.0302 4552 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:05:14.0302 4552 HomeGroupListener - ok
16:05:14.0333 4552 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:05:14.0333 4552 HomeGroupProvider - ok
16:05:14.0364 4552 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:05:14.0364 4552 HpSAMD - ok
16:05:14.0411 4552 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:05:14.0442 4552 HTTP - ok
16:05:14.0473 4552 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:05:14.0473 4552 hwpolicy - ok
16:05:14.0520 4552 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:05:14.0536 4552 i8042prt - ok
16:05:14.0583 4552 [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:05:14.0598 4552 IAANTMON - ok
16:05:14.0629 4552 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\drivers\iaStor.sys
16:05:14.0645 4552 iaStor - ok
16:05:14.0676 4552 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:05:14.0676 4552 iaStorV - ok
16:05:14.0770 4552 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:05:14.0770 4552 IDriverT - ok
16:05:14.0848 4552 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:05:14.0879 4552 idsvc - ok
16:05:14.0910 4552 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:05:14.0910 4552 iirsp - ok
16:05:14.0957 4552 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:05:14.0988 4552 IKEEXT - ok
16:05:15.0035 4552 [ 4FF8A2082D78255D2EB169F986BCC981 ] Impcd C:\Windows\system32\drivers\Impcd.sys
16:05:15.0035 4552 Impcd - ok
16:05:15.0129 4552 [ 2E3B99E8C23BE2BF32EBE1DB5261F275 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:05:15.0144 4552 IntcAzAudAddService - ok
16:05:15.0191 4552 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:05:15.0191 4552 intelide - ok
16:05:15.0207 4552 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
16:05:15.0222 4552 intelppm - ok
16:05:15.0238 4552 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:05:15.0238 4552 IPBusEnum - ok
16:05:15.0285 4552 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:05:15.0285 4552 IpFilterDriver - ok
16:05:15.0331 4552 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:05:15.0347 4552 iphlpsvc - ok
16:05:15.0378 4552 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:05:15.0378 4552 IPMIDRV - ok
16:05:15.0394 4552 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:05:15.0409 4552 IPNAT - ok
16:05:15.0425 4552 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:05:15.0425 4552 IRENUM - ok
16:05:15.0456 4552 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:05:15.0456 4552 isapnp - ok
16:05:15.0472 4552 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:05:15.0487 4552 iScsiPrt - ok
16:05:15.0534 4552 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
16:05:15.0534 4552 IviRegMgr - ok
16:05:15.0550 4552 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:05:15.0565 4552 kbdclass - ok
16:05:15.0597 4552 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:05:15.0612 4552 kbdhid - ok
16:05:15.0628 4552 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:05:15.0628 4552 KeyIso - ok
16:05:15.0659 4552 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:05:15.0659 4552 KSecDD - ok
16:05:15.0675 4552 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:05:15.0675 4552 KSecPkg - ok
16:05:15.0706 4552 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:05:15.0706 4552 ksthunk - ok
16:05:15.0737 4552 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:05:15.0753 4552 KtmRm - ok
16:05:15.0799 4552 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:05:15.0815 4552 LanmanServer - ok
16:05:15.0862 4552 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:05:15.0877 4552 LanmanWorkstation - ok
16:05:15.0924 4552 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:05:15.0924 4552 lltdio - ok
16:05:15.0971 4552 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:05:15.0971 4552 lltdsvc - ok
16:05:16.0002 4552 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:05:16.0002 4552 lmhosts - ok
16:05:16.0049 4552 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:05:16.0049 4552 LSI_FC - ok
16:05:16.0080 4552 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:05:16.0080 4552 LSI_SAS - ok
16:05:16.0111 4552 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:05:16.0111 4552 LSI_SAS2 - ok
16:05:16.0143 4552 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:05:16.0143 4552 LSI_SCSI - ok
16:05:16.0158 4552 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:05:16.0158 4552 luafv - ok
16:05:16.0221 4552 [ F0DCD0FD9D79668E34A660F49C8C00BC ] MADFULEGACYKEYBOARD C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys
16:05:16.0221 4552 MADFULEGACYKEYBOARD - ok
16:05:16.0252 4552 [ FAEDBEE189A877E302B023BD24FAEBF8 ] MAUSBLEGACYKEYBOARD C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys
16:05:16.0252 4552 MAUSBLEGACYKEYBOARD - ok
16:05:16.0299 4552 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:05:16.0299 4552 MBAMProtector - ok
16:05:16.0361 4552 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:05:16.0361 4552 MBAMScheduler - ok
16:05:16.0408 4552 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:05:16.0408 4552 MBAMService - ok
16:05:16.0455 4552 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:05:16.0455 4552 Mcx2Svc - ok
16:05:16.0486 4552 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:05:16.0486 4552 megasas - ok
16:05:16.0533 4552 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:05:16.0533 4552 MegaSR - ok
16:05:16.0579 4552 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:05:16.0579 4552 MMCSS - ok
16:05:16.0595 4552 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:05:16.0595 4552 Modem - ok
16:05:16.0626 4552 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:05:16.0642 4552 monitor - ok
16:05:16.0689 4552 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
16:05:16.0689 4552 mouclass - ok
16:05:16.0704 4552 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:05:16.0720 4552 mouhid - ok
16:05:16.0751 4552 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:05:16.0751 4552 mountmgr - ok
16:05:16.0813 4552 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:05:16.0829 4552 MozillaMaintenance - ok
16:05:16.0845 4552 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:05:16.0845 4552 mpio - ok
16:05:16.0876 4552 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:05:16.0876 4552 mpsdrv - ok
16:05:16.0923 4552 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:05:16.0969 4552 MpsSvc - ok
16:05:17.0001 4552 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:05:17.0001 4552 MRxDAV - ok
16:05:17.0032 4552 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:05:17.0032 4552 mrxsmb - ok
16:05:17.0079 4552 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:05:17.0079 4552 mrxsmb10 - ok
16:05:17.0094 4552 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:05:17.0094 4552 mrxsmb20 - ok
16:05:17.0125 4552 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:05:17.0125 4552 msahci - ok
16:05:17.0157 4552 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:05:17.0172 4552 msdsm - ok
16:05:17.0188 4552 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:05:17.0188 4552 MSDTC - ok
16:05:17.0235 4552 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:05:17.0235 4552 Msfs - ok
16:05:17.0250 4552 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:05:17.0250 4552 mshidkmdf - ok
16:05:17.0281 4552 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:05:17.0281 4552 msisadrv - ok
16:05:17.0297 4552 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:05:17.0313 4552 MSiSCSI - ok
16:05:17.0313 4552 msiserver - ok
16:05:17.0328 4552 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:05:17.0344 4552 MSKSSRV - ok
16:05:17.0359 4552 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:05:17.0359 4552 MSPCLOCK - ok
16:05:17.0375 4552 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:05:17.0391 4552 MSPQM - ok
16:05:17.0422 4552 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:05:17.0437 4552 MsRPC - ok
16:05:17.0469 4552 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:05:17.0469 4552 mssmbios - ok
16:05:17.0484 4552 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:05:17.0484 4552 MSTEE - ok
16:05:17.0515 4552 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:05:17.0531 4552 MTConfig - ok
16:05:17.0547 4552 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:05:17.0547 4552 Mup - ok
16:05:17.0578 4552 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:05:17.0609 4552 napagent - ok
16:05:17.0671 4552 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:05:17.0671 4552 NativeWifiP - ok
16:05:17.0734 4552 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:05:17.0765 4552 NDIS - ok
16:05:17.0796 4552 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:05:17.0796 4552 NdisCap - ok
16:05:17.0827 4552 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:05:17.0827 4552 NdisTapi - ok
16:05:17.0843 4552 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:05:17.0859 4552 Ndisuio - ok
16:05:17.0890 4552 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:05:17.0890 4552 NdisWan - ok
16:05:17.0921 4552 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:05:17.0921 4552 NDProxy - ok
16:05:17.0968 4552 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:05:17.0968 4552 NetBIOS - ok
16:05:17.0999 4552 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:05:18.0015 4552 NetBT - ok
16:05:18.0046 4552 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:05:18.0046 4552 Netlogon - ok
16:05:18.0077 4552 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:05:18.0108 4552 Netman - ok
16:05:18.0124 4552 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:05:18.0155 4552 netprofm - ok
16:05:18.0186 4552 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:05:18.0186 4552 NetTcpPortSharing - ok
16:05:18.0389 4552 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
16:05:18.0576 4552 NETw5s64 - ok
16:05:18.0623 4552 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:05:18.0623 4552 nfrd960 - ok
16:05:18.0654 4552 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:05:18.0670 4552 NlaSvc - ok
16:05:18.0701 4552 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:05:18.0701 4552 Npfs - ok
16:05:18.0732 4552 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:05:18.0732 4552 nsi - ok
16:05:18.0748 4552 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:05:18.0748 4552 nsiproxy - ok
16:05:18.0810 4552 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:05:18.0888 4552 Ntfs - ok
16:05:18.0919 4552 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:05:18.0919 4552 Null - ok
16:05:18.0951 4552 [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
16:05:18.0966 4552 NVHDA - ok
16:05:19.0231 4552 [ CA8447574E9DAE22250C723819D3EF96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:05:19.0325 4552 nvlddmkm - ok
16:05:19.0372 4552 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:05:19.0387 4552 nvraid - ok
16:05:19.0419 4552 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:05:19.0419 4552 nvstor - ok
16:05:19.0465 4552 [ AD1E49BCEB5D446A271C43BFA8FD71D2 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:05:19.0465 4552 nvsvc - ok
16:05:19.0512 4552 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:05:19.0512 4552 nv_agp - ok
16:05:19.0543 4552 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:05:19.0543 4552 ohci1394 - ok
16:05:19.0606 4552 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:05:19.0621 4552 ose - ok
16:05:19.0777 4552 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:05:19.0918 4552 osppsvc - ok
16:05:19.0949 4552 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:05:19.0965 4552 p2pimsvc - ok
16:05:19.0996 4552 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:05:20.0027 4552 p2psvc - ok
16:05:20.0058 4552 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:05:20.0058 4552 Parport - ok
16:05:20.0074 4552 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:05:20.0074 4552 partmgr - ok
16:05:20.0089 4552 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:05:20.0105 4552 PcaSvc - ok
16:05:20.0121 4552 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:05:20.0121 4552 pci - ok
16:05:20.0152 4552 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:05:20.0152 4552 pciide - ok
16:05:20.0183 4552 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:05:20.0199 4552 pcmcia - ok
16:05:20.0214 4552 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:05:20.0214 4552 pcw - ok
16:05:20.0245 4552 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:05:20.0261 4552 PEAUTH - ok
16:05:20.0370 4552 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:05:20.0370 4552 PerfHost - ok
16:05:20.0433 4552 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:05:20.0479 4552 pla - ok
16:05:20.0526 4552 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:05:20.0557 4552 PlugPlay - ok
16:05:20.0635 4552 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
16:05:20.0635 4552 PMBDeviceInfoProvider - ok
16:05:20.0667 4552 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:05:20.0667 4552 PNRPAutoReg - ok
16:05:20.0682 4552 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:05:20.0698 4552 PNRPsvc - ok
16:05:20.0745 4552 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:05:20.0760 4552 PolicyAgent - ok
16:05:20.0791 4552 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:05:20.0807 4552 Power - ok
16:05:20.0838 4552 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:05:20.0838 4552 PptpMiniport - ok
16:05:20.0869 4552 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:05:20.0869 4552 Processor - ok
16:05:20.0901 4552 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
16:05:20.0901 4552 ProfSvc - ok
16:05:20.0916 4552 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:05:20.0932 4552 ProtectedStorage - ok
16:05:20.0963 4552 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:05:20.0963 4552 Psched - ok
16:05:20.0994 4552 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
16:05:21.0010 4552 PSI_SVC_2 - ok
16:05:21.0025 4552 [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:05:21.0025 4552 PxHlpa64 - ok
16:05:21.0088 4552 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:05:21.0166 4552 ql2300 - ok
16:05:21.0181 4552 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:05:21.0181 4552 ql40xx - ok
16:05:21.0213 4552 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:05:21.0228 4552 QWAVE - ok
16:05:21.0244 4552 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:05:21.0244 4552 QWAVEdrv - ok
16:05:21.0259 4552 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:05:21.0259 4552 RasAcd - ok
16:05:21.0291 4552 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:05:21.0291 4552 RasAgileVpn - ok
16:05:21.0322 4552 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:05:21.0322 4552 RasAuto - ok
16:05:21.0353 4552 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:05:21.0353 4552 Rasl2tp - ok
16:05:21.0384 4552 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:05:21.0400 4552 RasMan - ok
16:05:21.0431 4552 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:05:21.0431 4552 RasPppoe - ok
16:05:21.0447 4552 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:05:21.0447 4552 RasSstp - ok
16:05:21.0462 4552 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:05:21.0478 4552 rdbss - ok
16:05:21.0493 4552 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:05:21.0509 4552 rdpbus - ok
16:05:21.0525 4552 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:05:21.0525 4552 RDPCDD - ok
16:05:21.0540 4552 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:05:21.0540 4552 RDPENCDD - ok
16:05:21.0556 4552 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:05:21.0556 4552 RDPREFMP - ok
16:05:21.0587 4552 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:05:21.0603 4552 RDPWD - ok
16:05:21.0649 4552 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:05:21.0649 4552 rdyboost - ok
16:05:21.0696 4552 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\Windows\system32\drivers\regi.sys
16:05:21.0696 4552 regi - ok
16:05:21.0774 4552 [ 3B71B5B91E7DCA93585D5A86C897ADC4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:05:21.0790 4552 RegSrvc - ok
16:05:21.0821 4552 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:05:21.0821 4552 RemoteAccess - ok
16:05:21.0852 4552 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:05:21.0852 4552 RemoteRegistry - ok
16:05:21.0899 4552 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:05:21.0915 4552 RFCOMM - ok
16:05:21.0946 4552 [ 5CA4ABD888B602551B59BAA26941C167 ] rimspci C:\Windows\system32\drivers\rimssne64.sys
16:05:21.0946 4552 rimspci - ok
16:05:21.0977 4552 [ BB6E138AEB351728959DA5E2731D8140 ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
16:05:21.0993 4552 risdsnpe - ok
16:05:22.0055 4552 [ D151224BC11078895A60FA970728FF59 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
16:05:22.0071 4552 Roxio UPnP Renderer 10 - ok
16:05:22.0086 4552 [ 5022A927944878BD750960BD21E751AF ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
16:05:22.0102 4552 Roxio Upnp Server 10 - ok
16:05:22.0133 4552 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:05:22.0133 4552 RpcEptMapper - ok
16:05:22.0164 4552 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:05:22.0164 4552 RpcLocator - ok
16:05:22.0211 4552 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:05:22.0227 4552 RpcSs - ok
16:05:22.0258 4552 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:05:22.0258 4552 rspndr - ok
16:05:22.0305 4552 [ 6E4582B575CA1EBA50B4DB3D4A06ED12 ] Saffire C:\Windows\system32\Drivers\Saffire.sys
16:05:22.0305 4552 Saffire - ok
16:05:22.0336 4552 [ 11240427B51EA922600F980852C24407 ] SaffireAudio C:\Windows\system32\drivers\SaffireAudio.sys
16:05:22.0336 4552 SaffireAudio - ok
16:05:22.0367 4552 [ 89F4C358306A9A0B62639465C9450B3D ] SaffireMidi C:\Windows\system32\drivers\SaffireMidi.sys
16:05:22.0383 4552 SaffireMidi - ok
16:05:22.0414 4552 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:05:22.0429 4552 SamSs - ok
16:05:22.0445 4552 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:05:22.0461 4552 sbp2port - ok
16:05:22.0476 4552 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:05:22.0492 4552 SCardSvr - ok
16:05:22.0523 4552 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:05:22.0523 4552 scfilter - ok
16:05:22.0570 4552 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:05:22.0617 4552 Schedule - ok
16:05:22.0648 4552 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:05:22.0648 4552 SCPolicySvc - ok
16:05:22.0679 4552 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
16:05:22.0679 4552 sdbus - ok
16:05:22.0710 4552 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:05:22.0726 4552 SDRSVC - ok
16:05:22.0757 4552 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:05:22.0757 4552 secdrv - ok
16:05:22.0773 4552 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:05:22.0788 4552 seclogon - ok
16:05:22.0819 4552 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:05:22.0835 4552 SENS - ok
16:05:22.0851 4552 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:05:22.0851 4552 SensrSvc - ok
16:05:22.0897 4552 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:05:22.0897 4552 Serenum - ok
16:05:22.0929 4552 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:05:22.0944 4552 Serial - ok
16:05:22.0975 4552 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:05:22.0975 4552 sermouse - ok
16:05:23.0007 4552 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:05:23.0022 4552 SessionEnv - ok
16:05:23.0069 4552 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\drivers\SFEP.sys
16:05:23.0069 4552 SFEP - ok
16:05:23.0100 4552 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:05:23.0100 4552 sffdisk - ok
16:05:23.0116 4552 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:05:23.0116 4552 sffp_mmc - ok
16:05:23.0131 4552 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:05:23.0131 4552 sffp_sd - ok
16:05:23.0163 4552 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:05:23.0178 4552 sfloppy - ok
16:05:23.0209 4552 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:05:23.0225 4552 SharedAccess - ok
16:05:23.0256 4552 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:05:23.0287 4552 ShellHWDetection - ok
16:05:23.0319 4552 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:05:23.0319 4552 SiSRaid2 - ok
16:05:23.0350 4552 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:05:23.0350 4552 SiSRaid4 - ok
16:05:23.0381 4552 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:05:23.0381 4552 Smb - ok
16:05:23.0428 4552 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:05:23.0428 4552 SNMPTRAP - ok
16:05:23.0506 4552 [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
16:05:23.0506 4552 SOHCImp - ok
16:05:23.0537 4552 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
16:05:23.0537 4552 SOHDBSvr - ok
16:05:23.0568 4552 [ 556681BE668D71DC162391A45422B52C ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
16:05:23.0568 4552 SOHDms - ok
16:05:23.0584 4552 [ 72B46103E4111439109ACF5882627C24 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
16:05:23.0584 4552 SOHDs - ok
16:05:23.0599 4552 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
16:05:23.0615 4552 SOHPlMgr - ok
16:05:23.0631 4552 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:05:23.0631 4552 spldr - ok
16:05:23.0677 4552 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
16:05:23.0709 4552 Spooler - ok
16:05:23.0818 4552 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:05:23.0927 4552 sppsvc - ok
16:05:23.0958 4552 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:05:23.0958 4552 sppuinotify - ok
16:05:24.0005 4552 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:05:24.0021 4552 srv - ok
16:05:24.0036 4552 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:05:24.0052 4552 srv2 - ok
16:05:24.0067 4552 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:05:24.0067 4552 srvnet - ok
16:05:24.0099 4552 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:05:24.0114 4552 SSDPSRV - ok
16:05:24.0114 4552 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:05:24.0130 4552 SstpSvc - ok
16:05:24.0145 4552 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:05:24.0145 4552 stexstor - ok
16:05:24.0177 4552 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:05:24.0208 4552 stisvc - ok
16:05:24.0239 4552 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:05:24.0239 4552 swenum - ok
16:05:24.0255 4552 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:05:24.0286 4552 swprv - ok
16:05:24.0348 4552 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:05:24.0411 4552 SysMain - ok
16:05:24.0426 4552 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:05:24.0442 4552 TabletInputService - ok
16:05:24.0473 4552 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:05:24.0489 4552 TapiSrv - ok
16:05:24.0520 4552 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:05:24.0520 4552 TBS - ok
16:05:24.0598 4552 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:05:24.0660 4552 Tcpip - ok
16:05:24.0738 4552 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:05:24.0754 4552 TCPIP6 - ok
16:05:24.0785 4552 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:05:24.0785 4552 tcpipreg - ok
16:05:24.0816 4552 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:05:24.0816 4552 TDPIPE - ok
16:05:24.0832 4552 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:05:24.0832 4552 TDTCP - ok
16:05:24.0879 4552 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:05:24.0894 4552 tdx - ok
16:05:24.0910 4552 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:05:24.0925 4552 TermDD - ok
16:05:24.0957 4552 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:05:24.0988 4552 TermService - ok
16:05:25.0019 4552 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:05:25.0035 4552 Themes - ok
16:05:25.0066 4552 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:05:25.0066 4552 THREADORDER - ok
16:05:25.0081 4552 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:05:25.0081 4552 TrkWks - ok
16:05:25.0128 4552 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:05:25.0144 4552 TrustedInstaller - ok
16:05:25.0175 4552 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:05:25.0175 4552 tssecsrv - ok
16:05:25.0222 4552 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:05:25.0222 4552 TsUsbFlt - ok
16:05:25.0269 4552 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:05:25.0269 4552 tunnel - ok
16:05:25.0331 4552 [ 1A006963644C7FDE5BE60036F3A43E68 ] TVICHW64 C:\Windows\system32\DRIVERS\TVICHW64.SYS
16:05:25.0331 4552 TVICHW64 - ok
16:05:25.0362 4552 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:05:25.0362 4552 uagp35 - ok
16:05:25.0409 4552 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
16:05:25.0409 4552 uCamMonitor - ok
16:05:25.0456 4552 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:05:25.0456 4552 udfs - ok
16:05:25.0487 4552 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:05:25.0503 4552 UI0Detect - ok
16:05:25.0534 4552 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:05:25.0534 4552 uliagpkx - ok
16:05:25.0565 4552 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:05:25.0581 4552 umbus - ok
16:05:25.0612 4552 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:05:25.0612 4552 UmPass - ok
16:05:25.0643 4552 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:05:25.0674 4552 upnphost - ok
16:05:25.0721 4552 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:05:25.0721 4552 usbaudio - ok
16:05:25.0768 4552 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:05:25.0768 4552 usbccgp - ok
16:05:25.0815 4552 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:05:25.0815 4552 usbcir - ok
16:05:25.0830 4552 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:05:25.0846 4552 usbehci - ok
16:05:25.0877 4552 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
16:05:25.0877 4552 usbhub - ok
16:05:25.0908 4552 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:05:25.0908 4552 usbohci - ok
16:05:25.0955 4552 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:05:25.0955 4552 usbprint - ok
16:05:25.0971 4552 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:05:25.0971 4552 usbscan - ok
16:05:26.0002 4552 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:05:26.0002 4552 USBSTOR - ok
16:05:26.0033 4552 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:05:26.0033 4552 usbuhci - ok
16:05:26.0080 4552 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:05:26.0095 4552 usbvideo - ok
16:05:26.0111 4552 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:05:26.0127 4552 UxSms - ok
16:05:26.0173 4552 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
16:05:26.0173 4552 VAIO Entertainment TV Device Arbitration Service - ok
16:05:26.0236 4552 [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
16:05:26.0236 4552 VAIO Event Service - ok
16:05:26.0298 4552 [ B8C9A7010AFD5CBBE194CB9EF7C4FD14 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
16:05:26.0314 4552 VAIO Power Management - ok
16:05:26.0329 4552 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:05:26.0329 4552 VaultSvc - ok
16:05:26.0392 4552 [ 6A740F5FF3246C3BE3DD317299EFC88E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
16:05:26.0392 4552 VCFw - ok
16:05:26.0470 4552 [ 10E212BFB7EAB152A64C1AAEC2F7F4E0 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
16:05:26.0470 4552 VcmIAlzMgr - ok
16:05:26.0517 4552 [ 9D9B34B430B4DC683112F59C80D20AB8 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
16:05:26.0532 4552 VcmINSMgr - ok
16:05:26.0595 4552 [ 8EFAACCC7BFA1E9031EFDFB01A1B0D69 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
16:05:26.0595 4552 VcmXmlIfHelper - ok
16:05:26.0626 4552 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:05:26.0626 4552 vdrvroot - ok
16:05:26.0657 4552 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:05:26.0673 4552 vds - ok
16:05:26.0704 4552 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:05:26.0719 4552 vga - ok
16:05:26.0735 4552 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:05:26.0751 4552 VgaSave - ok
16:05:26.0782 4552 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:05:26.0782 4552 vhdmp - ok
16:05:26.0813 4552 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:05:26.0813 4552 viaide - ok
16:05:26.0844 4552 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:05:26.0844 4552 volmgr - ok
16:05:26.0891 4552 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:05:26.0891 4552 volmgrx - ok
16:05:26.0922 4552 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:05:26.0922 4552 volsnap - ok
16:05:26.0953 4552 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:05:26.0953 4552 vsmraid - ok
16:05:27.0000 4552 [ 33655F6B36AA8702960AB1568ED82A01 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
16:05:27.0016 4552 VSNService - ok
16:05:27.0078 4552 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:05:27.0156 4552 VSS - ok
16:05:27.0265 4552 [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
16:05:27.0281 4552 VUAgent - ok
16:05:27.0297 4552 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:05:27.0312 4552 vwifibus - ok
16:05:27.0328 4552 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:05:27.0328 4552 vwififlt - ok
16:05:27.0359 4552 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:05:27.0359 4552 vwifimp - ok
16:05:27.0375 4552 [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
16:05:27.0390 4552 VzCdbSvc - ok
16:05:27.0437 4552 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:05:27.0453 4552 W32Time - ok
16:05:27.0484 4552 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:05:27.0484 4552 WacomPen - ok
16:05:27.0531 4552 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:05:27.0546 4552 WANARP - ok
16:05:27.0546 4552 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:05:27.0546 4552 Wanarpv6 - ok
16:05:27.0593 4552 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:05:27.0671 4552 wbengine - ok
16:05:27.0702 4552 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:05:27.0702 4552 WbioSrvc - ok
16:05:27.0733 4552 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:05:27.0749 4552 wcncsvc - ok
16:05:27.0765 4552 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:05:27.0780 4552 WcsPlugInService - ok
16:05:27.0796 4552 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:05:27.0811 4552 Wd - ok
16:05:27.0843 4552 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:05:27.0858 4552 Wdf01000 - ok
16:05:27.0889 4552 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:05:27.0905 4552 WdiServiceHost - ok
16:05:27.0921 4552 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:05:27.0921 4552 WdiSystemHost - ok
16:05:27.0967 4552 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] W
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bce860154e856f44b15835f49a280c26
# engine=13373
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-13 09:08:49
# local_time=2013-03-13 10:08:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 130772 114838779 0 0
# scanned=229334
# found=0
# cleaned=0
# scan_time=21220
und SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Adobe Flash Player 11.6.602.180 Adobe Reader XI Mozilla Firefox (19.0.2) Mozilla Thunderbird (17.0.4) Google Chrome 25.0.1364.152 Google Chrome 25.0.1364.97 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
14.03.2013, 10:23
| #10 |
| /// Helfer-Team | Ausreichende Bereinigung nach GVU-Trojaner Das TDSSKiller Log ist unvollstaendig bitte zippen und an den nachsten Beitrag ahaengen. |
|
14.03.2013, 10:46
| #11 |
| | Ausreichende Bereinigung nach GVU-Trojaner ok, habe die Zip-Datei hochgeladen. |
|
14.03.2013, 12:26
| #12 |
| /// Helfer-Team | Ausreichende Bereinigung nach GVU-Trojaner Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
14.03.2013, 18:23
| #13 |
| | Ausreichende Bereinigung nach GVU-Trojaner Hallo t'john, ich habe alles lt. Anweisung durchgeführt und ich glaube die Maschine läuft fabelhaft. Ich bedanke mich für Deine professionelle Hilfe ganz ganz herzlich  und hoffe künftig vor diesen fiesen Knechten verschont zu bleiben. Werde demnächst einen ausgeben  .Viele Grüße und nochmals Dank, Uwa Code:
ATTFilter
PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Browser nicht erkannt
Flash (11,6,602,180) ist aktuell.
Java ist nicht Installiert oder nicht aktiviert.
Adobe Reader 11,0,0,0 ist aktuell.
Zurück
Tools:
StartSeite
PluginCheck
Secunia Online Scan
Weiterführendes:
Java Updaten und Einstellen
Secunia Personal Software Inspector (PSI)
Family:
TR/Agent
|
|
14.03.2013, 19:21
| #14 |
| /// Helfer-Team | Ausreichende Bereinigung nach GVU-Trojaner wuensche eine virenfreie Zeit  |
|
| Themen zu Ausreichende Bereinigung nach GVU-Trojaner |
| anleitung, antivirus, anwendung, ausreichende, avast, avast antivirus, bereinigung, durchgeführt, eingefangen, eurer, gefangen, gefunde, gen, gvu-trojaner, konnte, kriege, leitung, maschine, punkt, savings, savings sidekick, systembereinigung, trojaner -system repair, versuch, versucht, voll |
Linear-Darstellung
