| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Angeblicher Keylogger auf dem RechnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
13.05.2013, 11:57
| #1 |
 |  Angeblicher Keylogger auf dem Rechner Hallo liebe Community, vor kurzem wurde mir mein Battlenet Account gehackt. Der Support gab mir dann den Tipp es könnte durch einen Keylogger verursacht sein. Nun habe ich einen Avast FullScan ausgeführt, mit keinem Fund. Spybot Search and Destroy Fand einige ungewöhnliche Regestry Einträge darunter eine IE Toolbar, obwohl ich IE gar nicht nutze. Diese wurden auch gefixt. Nun sitzen hier ja die Experten vom Werk. Was kann ich noch machen um Sicher zu gehen das die Kiste von jeglichem Müll befreit ist? Formatieren ist momentan keine Lösung, obwohl von mir meist präferiert. Zusätzlich wie schützt man sich heutzutage gegen Plagegeister aller Art? Habe eigentlich einiges hier im Forum durchgearbeitet mit den Win-Account ohne Adminrechte, Windows-Firewall etc. aber wie man sieht kann man trotzdem auf die Nase fallen. Brain 2.0 ist mir übrigens Bewusst, arbeite selber in der IT-Branche, aber in Nachhinein ist das immer leicht zu sagen, aber was der letzendliche Ursacher war weiß man leider nie. VG Proudgod |
|
13.05.2013, 12:06
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Angeblicher Keylogger auf dem Rechner Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
13.05.2013, 12:15
| #3 |
| | Angeblicher Keylogger auf dem Rechner Hallo cosinus,
__________________vielen Dank für den schnellen Support. Logs vom Spybot Scan habe ich im Beitrag hinzugefügt. VG Proudgod |
|
13.05.2013, 13:22
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Angeblicher Keylogger auf dem Rechner Och nö, wieso hast du die Logs in den Anhang gesteckt?!  Der Hinweis mit den CODE-Tags war doch deutlich genug 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.05.2013, 14:17
| #5 |
| | Angeblicher Keylogger auf dem Rechner Hallo, entschuldige ich dachte mit der Funktion kannst du ein gleichbleibendes Ergebnis erzielen.. Wenn du mir sagst welche Datei besonders wichtig für deine Analyse ist, kann ich sie auch noch gerne als Code Einpflegen. |
|
13.05.2013, 15:49
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Angeblicher Keylogger auf dem Rechner Es sollen grundsätzlich ALLE LOGS in code-tags gepostet werden. Nur wenn sie zu groß sind, packst du sie gezippt in den Anahng. Das steht doch alles in den Hinweisen, warum liest du das denn nicht? Alle folgenden Logs jetzt in code-tags posten und bitte nicht mehr in den Anhang. Danke. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ --> Angeblicher Keylogger auf dem Rechner |
|
13.05.2013, 16:15
| #7 |
| | Angeblicher Keylogger auf dem Rechner Spybot LOGS: Firewall Code:
ATTFilter SDFSSvc.exe [2013-05-13 12:29:20] 0.0.0.0 Successfully started listening on port 21322.
IST IM ANHANG ZU FINDEN -> LOG ZU LANG Scanner Code:
ATTFilter SDFSSvc.exe [2013-05-13 12:29:20] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2013-05-13 12:29:57] Loaded databases.
OTL.Txt IM ANHANG WEIL ZU GROSS Extras.Txt Code:
ATTFilter OTL Extras logfile created on: 13.05.2013 17:07:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dominik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 56,93% Memory free
7,99 Gb Paging File | 5,81 Gb Available in Paging File | 72,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 22,85 Gb Free Space | 40,95% Space Free | Partition Type: NTFS
Drive D: | 465,66 Gb Total Space | 317,43 Gb Free Space | 68,17% Space Free | Partition Type: NTFS
Drive E: | 298,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: DOMINIK | User Name: Drunkenmaster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-438401567-730785118-3515160458-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-438401567-730785118-3515160458-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{30D6A260-B3C4-46A9-91D4-4597BDD8FCDF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52BFE3E5-0623-4396-BCD5-0AC6B4C326EE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6C20AC24-83CA-4311-BF63-D0161223A3AA}" = rport=445 | protocol=6 | dir=out | app=system |
"{7D1764C7-1D24-4A0F-ABFF-DB6300680416}" = rport=138 | protocol=17 | dir=out | app=system |
"{A1A89200-CDEF-443B-A97A-5293AF283A2A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C15F4900-5AC3-40AB-805E-B2B2C192E20A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC517A63-87D7-4EB8-8CF4-A235C3DD2617}" = rport=139 | protocol=6 | dir=out | app=system |
"{EEDFF032-6189-428E-98B9-1BC4F5055B53}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7B7F5C0-0954-491D-B55F-F9FC0BB1B25F}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BCB58E-7395-47C6-9510-8FC1C518AC79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3842737E-2D33-47D4-AA2B-4077827DB93E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3946F38A-26FA-4AC3-9CEF-7D315A8D0694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4B299972-1785-4FFB-916D-F3CC0D1E3176}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E2DDECB-B529-48A9-81AC-AD183AFDE6BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{744C42C8-18D0-4BA6-A5D7-4C3AA97B5453}" = protocol=6 | dir=out | app=system |
"{94A7BC4E-6BD9-4C73-A463-90D005E76517}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A25680CF-5936-4A97-80F3-FB1AF86BF593}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A773C736-B1EE-43B3-8982-2D4ABC3A74C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5484470-C70D-4CAB-864C-B138A5DA0A44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E7EE5138-2569-4ACF-BD44-7C9EEDE9575D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA5C61B5-D04C-476D-A850-4B65CB4D2030}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{042B10AA-8233-A9E0-4DEB-B7253C686DBB}" = AMD Fuel
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"D3A1A6FCCCB0A9522D676C627C62D37496EAF759" = Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{86095E92-1959-8364-920E-82E81F64F8FB}" = AMD VISION Engine Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D9C4202E-6D51-4B06-A8F1-22316E654BCA}" = Universal Adb Driver
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FE1EFF18-814A-42CE-8470-EC97EDDAF8FF}" = Foxit Reader
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Free Antivirus
"Cisco Packet Tracer 5.3.3_is1" = Cisco Packet Tracer 5.3.3
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Sauerbraten" = Sauerbraten
"STANDARD" = Microsoft Office Standard 2007
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 730" = Counter-Strike: Global Offensive
"VLC media player" = VLC media player 2.0.4
"Winamp" = Winamp
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-438401567-730785118-3515160458-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.4.0.1083
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.02.2013 16:21:12 | Computer Name = Dominik | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 13.02.2013 16:21:12 | Computer Name = Dominik | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 13.02.2013 16:23:07 | Computer Name = Dominik | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_ShellHWDetection, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version:
0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000077cb000a
ID
des fehlerhaften Prozesses: 0x3d0 Startzeit der fehlerhaften Anwendung: 0x01ce0a27cf0c4141
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 2d39ee23-761b-11e2-a9ed-00241d213ba3
Error - 13.02.2013 16:24:54 | Computer Name = Dominik | Source = ESENT | ID = 215
Description = WinMail (3040) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 13.02.2013 16:24:57 | Computer Name = Dominik | Source = ESENT | ID = 215
Description = WinMail (2616) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 13.02.2013 16:26:37 | Computer Name = Dominik | Source = .NET Runtime Optimization Service | ID = 1107
Description =
Error - 13.02.2013 16:26:37 | Computer Name = Dominik | Source = .NET Runtime Optimization Service | ID = 1107
Description =
Error - 13.02.2013 16:26:37 | Computer Name = Dominik | Source = .NET Runtime Optimization Service | ID = 1107
Description =
Error - 13.02.2013 16:26:37 | Computer Name = Dominik | Source = .NET Runtime Optimization Service | ID = 1107
Description =
Error - 13.02.2013 16:26:37 | Computer Name = Dominik | Source = .NET Runtime Optimization Service | ID = 1107
Description =
[ Spybot - Search and Destroy Events ]
Error - 13.05.2013 06:48:50 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.05.2013 06:49:07 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.05.2013 06:49:18 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.05.2013 06:49:21 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.05.2013 06:49:24 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.05.2013 06:49:25 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.05.2013 06:49:27 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 27.04.2013 13:32:41 | Computer Name = Dominik | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?04.?2013 um 17:33:50 unerwartet heruntergefahren.
Error - 30.04.2013 13:37:38 | Computer Name = Dominik | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 30.04.2013 13:37:38 | Computer Name = Dominik | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 05.05.2013 07:56:22 | Computer Name = Dominik | Source = DCOM | ID = 10010
Description =
Error - 08.05.2013 10:31:59 | Computer Name = Dominik | Source = DCOM | ID = 10010
Description =
Error - 10.05.2013 03:57:01 | Computer Name = Dominik | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 10.05.2013 03:57:01 | Computer Name = Dominik | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 10.05.2013 03:57:02 | Computer Name = Dominik | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 10.05.2013 03:57:02 | Computer Name = Dominik | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 10.05.2013 03:57:03 | Computer Name = Dominik | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
< End of report >
|
|
13.05.2013, 16:16
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Angeblicher Keylogger auf dem Rechner Das andere Log von OTL fehlt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2013, 16:19
| #9 |
| | Angeblicher Keylogger auf dem Rechner Ja so schnell bin ich dann doch nicht, ist jetzt drin.. |
|
14.05.2013, 08:13
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Angeblicher Keylogger auf dem Rechner Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.05.2013, 10:41
| #11 |
| | Angeblicher Keylogger auf dem Rechner Hallo cosinus, vielen Dank für deine Hilfe hier die versprochenden Logfiles: Gmer Zu groß ist im Anhang zu finden! MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.14.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Drunkenmaster :: DOMINIK [limited]
14.05.2013 11:39:10
mbar-log-2013-05-14 (11-39-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28743
Time elapsed: 3 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Proudgod |
|
14.05.2013, 10:42
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Angeblicher Keylogger auf dem Rechner aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.05.2013, 10:55
| #13 |
| | Angeblicher Keylogger auf dem Rechner aswMBR Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-14 11:50:41
-----------------------------
11:50:41.202 OS Version: Windows x64 6.1.7601 Service Pack 1
11:50:41.202 Number of processors: 4 586 0x403
11:50:41.202 ComputerName: DOMINIK UserName:
11:50:43.279 Initialize success
11:50:43.621 AVAST engine defs: 13051400
11:51:26.335 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:51:26.337 Disk 0 Vendor: KINGSTON_SVP200S360G 503ABBF0 Size: 57241MB BusType: 11
11:51:26.338 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
11:51:26.339 Disk 1 Vendor: WDC_WD5000AAKS-00A7B0 01.03B01 Size: 476938MB BusType: 11
11:51:26.376 Disk 0 MBR read successfully
11:51:26.377 Disk 0 MBR scan
11:51:26.380 Disk 0 Windows 7 default MBR code
11:51:26.382 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:51:26.388 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 57139 MB offset 206848
11:51:26.423 Disk 0 scanning C:\Windows\system32\drivers
11:51:30.369 Service scanning
11:51:33.588 Modules scanning
11:51:33.593 Disk 0 trace - called modules:
11:51:33.601 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:51:33.604 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049b4790]
11:51:33.607 3 CLASSPNP.SYS[fffff880019a443f] -> nt!IofCallDriver -> [0xfffffa800450e9b0]
11:51:33.610 5 ACPI.sys[fffff88000f2a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004998680]
11:51:33.742 AVAST engine scan C:\Windows
11:51:34.895 AVAST engine scan C:\Windows\system32
11:52:45.948 AVAST engine scan C:\Windows\system32\drivers
11:52:47.806 AVAST engine scan C:\Users\Drunkenmaster
11:52:53.387 AVAST engine scan C:\ProgramData
11:53:01.342 Scan finished successfully
11:53:27.501 Disk 0 MBR has been saved successfully to "C:\Users\Dominik\Desktop\MBR.dat"
11:53:27.504 The log file has been saved successfully to "C:\Users\Dominik\Desktop\aswMBR.txt"
TDSSKiller Code:
ATTFilter 11:53:43.0571 5764 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:53:43.0771 5764 ============================================================
11:53:43.0772 5764 Current date / time: 2013/05/14 11:53:43.0771
11:53:43.0772 5764 SystemInfo:
11:53:43.0772 5764
11:53:43.0772 5764 OS Version: 6.1.7601 ServicePack: 1.0
11:53:43.0772 5764 Product type: Workstation
11:53:43.0772 5764 ComputerName: DOMINIK
11:53:43.0772 5764 UserName: Drunkenmaster
11:53:43.0772 5764 Windows directory: C:\Windows
11:53:43.0772 5764 System windows directory: C:\Windows
11:53:43.0772 5764 Running under WOW64
11:53:43.0772 5764 Processor architecture: Intel x64
11:53:43.0772 5764 Number of processors: 4
11:53:43.0772 5764 Page size: 0x1000
11:53:43.0772 5764 Boot type: Normal boot
11:53:43.0772 5764 ============================================================
11:53:43.0940 5764 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C64D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
11:53:43.0948 5764 Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xEC93A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
11:53:43.0951 5764 ============================================================
11:53:43.0951 5764 \Device\Harddisk0\DR0:
11:53:43.0951 5764 MBR partitions:
11:53:43.0951 5764 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:53:43.0951 5764 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
11:53:43.0951 5764 \Device\Harddisk1\DR1:
11:53:43.0951 5764 MBR partitions:
11:53:43.0951 5764 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:53:43.0951 5764 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A351800
11:53:43.0951 5764 ============================================================
11:53:43.0952 5764 C: <-> \Device\Harddisk0\DR0\Partition2
11:53:43.0976 5764 D: <-> \Device\Harddisk1\DR1\Partition2
11:53:43.0976 5764 ============================================================
11:53:43.0976 5764 Initialize success
11:53:43.0976 5764 ============================================================
11:53:56.0245 5908 ============================================================
11:53:56.0245 5908 Scan started
11:53:56.0245 5908 Mode: Manual; SigCheck; TDLFS;
11:53:56.0245 5908 ============================================================
11:53:56.0424 5908 ================ Scan system memory ========================
11:53:56.0424 5908 System memory - ok
11:53:56.0424 5908 ================ Scan services =============================
11:53:56.0467 5908 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:53:56.0524 5908 1394ohci - ok
11:53:56.0530 5908 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:53:56.0545 5908 ACPI - ok
11:53:56.0548 5908 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:53:56.0568 5908 AcpiPmi - ok
11:53:56.0594 5908 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:53:56.0606 5908 AdobeFlashPlayerUpdateSvc - ok
11:53:56.0614 5908 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:53:56.0630 5908 adp94xx - ok
11:53:56.0636 5908 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:53:56.0650 5908 adpahci - ok
11:53:56.0654 5908 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:53:56.0666 5908 adpu320 - ok
11:53:56.0671 5908 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:53:56.0725 5908 AeLookupSvc - ok
11:53:56.0732 5908 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:53:56.0750 5908 AFD - ok
11:53:56.0754 5908 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:53:56.0764 5908 agp440 - ok
11:53:56.0768 5908 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:53:56.0781 5908 ALG - ok
11:53:56.0784 5908 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:53:56.0793 5908 aliide - ok
11:53:56.0798 5908 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:53:56.0819 5908 AMD External Events Utility - ok
11:53:56.0823 5908 AMD FUEL Service - ok
11:53:56.0826 5908 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:53:56.0836 5908 amdide - ok
11:53:56.0839 5908 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:53:56.0851 5908 AmdK8 - ok
11:53:56.0958 5908 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:53:57.0097 5908 amdkmdag - ok
11:53:57.0108 5908 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:53:57.0125 5908 amdkmdap - ok
11:53:57.0129 5908 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:53:57.0141 5908 AmdPPM - ok
11:53:57.0145 5908 [ 12A5062C06E03FF70DB47800F91C7A13 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
11:53:57.0159 5908 amdsata - ok
11:53:57.0164 5908 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:53:57.0176 5908 amdsbs - ok
11:53:57.0179 5908 [ 8A7F289B45CEACAC761E14D5FAC59EB9 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
11:53:57.0187 5908 amdxata - ok
11:53:57.0190 5908 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:53:57.0199 5908 AODDriver4.2 - ok
11:53:57.0203 5908 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:53:57.0258 5908 AppID - ok
11:53:57.0261 5908 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:53:57.0288 5908 AppIDSvc - ok
11:53:57.0292 5908 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:53:57.0317 5908 Appinfo - ok
11:53:57.0321 5908 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:53:57.0331 5908 arc - ok
11:53:57.0335 5908 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:53:57.0345 5908 arcsas - ok
11:53:57.0349 5908 [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
11:53:57.0359 5908 aswFsBlk - ok
11:53:57.0362 5908 [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
11:53:57.0372 5908 aswMonFlt - ok
11:53:57.0376 5908 [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
11:53:57.0386 5908 aswRdr - ok
11:53:57.0389 5908 [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
11:53:57.0399 5908 aswRvrt - ok
11:53:57.0411 5908 [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
11:53:57.0435 5908 aswSnx - ok
11:53:57.0442 5908 [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP C:\Windows\system32\drivers\aswSP.sys
11:53:57.0456 5908 aswSP - ok
11:53:57.0460 5908 [ D62C10D1829C65115111C160EA956260 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
11:53:57.0470 5908 aswTdi - ok
11:53:57.0474 5908 [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
11:53:57.0485 5908 aswVmm - ok
11:53:57.0488 5908 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:53:57.0515 5908 AsyncMac - ok
11:53:57.0518 5908 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:53:57.0527 5908 atapi - ok
11:53:57.0532 5908 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:53:57.0541 5908 AtiHDAudioService - ok
11:53:57.0544 5908 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
11:53:57.0552 5908 AtiPcie - ok
11:53:57.0561 5908 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:53:57.0594 5908 AudioEndpointBuilder - ok
11:53:57.0602 5908 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:53:57.0630 5908 AudioSrv - ok
11:53:57.0636 5908 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:53:57.0645 5908 avast! Antivirus - ok
11:53:57.0649 5908 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:53:57.0671 5908 AxInstSV - ok
11:53:57.0678 5908 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:53:57.0694 5908 b06bdrv - ok
11:53:57.0699 5908 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:53:57.0713 5908 b57nd60a - ok
11:53:57.0718 5908 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:53:57.0730 5908 BDESVC - ok
11:53:57.0733 5908 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:53:57.0759 5908 Beep - ok
11:53:57.0769 5908 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:53:57.0800 5908 BFE - ok
11:53:57.0811 5908 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:53:57.0847 5908 BITS - ok
11:53:57.0850 5908 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:53:57.0861 5908 blbdrive - ok
11:53:57.0864 5908 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:53:57.0876 5908 bowser - ok
11:53:57.0879 5908 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:53:57.0898 5908 BrFiltLo - ok
11:53:57.0900 5908 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:53:57.0912 5908 BrFiltUp - ok
11:53:57.0915 5908 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:53:57.0928 5908 Browser - ok
11:53:57.0934 5908 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:53:57.0949 5908 Brserid - ok
11:53:57.0952 5908 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:53:57.0965 5908 BrSerWdm - ok
11:53:57.0968 5908 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:53:57.0980 5908 BrUsbMdm - ok
11:53:57.0983 5908 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:53:57.0995 5908 BrUsbSer - ok
11:53:57.0999 5908 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:53:58.0011 5908 BTHMODEM - ok
11:53:58.0016 5908 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:53:58.0043 5908 bthserv - ok
11:53:58.0047 5908 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:53:58.0073 5908 cdfs - ok
11:53:58.0077 5908 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:53:58.0089 5908 cdrom - ok
11:53:58.0093 5908 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:53:58.0118 5908 CertPropSvc - ok
11:53:58.0122 5908 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:53:58.0135 5908 circlass - ok
11:53:58.0141 5908 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:53:58.0155 5908 CLFS - ok
11:53:58.0162 5908 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:53:58.0171 5908 clr_optimization_v2.0.50727_32 - ok
11:53:58.0177 5908 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:53:58.0188 5908 clr_optimization_v2.0.50727_64 - ok
11:53:58.0195 5908 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:53:58.0204 5908 clr_optimization_v4.0.30319_32 - ok
11:53:58.0211 5908 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:53:58.0222 5908 clr_optimization_v4.0.30319_64 - ok
11:53:58.0225 5908 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:53:58.0236 5908 CmBatt - ok
11:53:58.0239 5908 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:53:58.0249 5908 cmdide - ok
11:53:58.0256 5908 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:53:58.0277 5908 CNG - ok
11:53:58.0280 5908 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:53:58.0290 5908 Compbatt - ok
11:53:58.0292 5908 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:53:58.0305 5908 CompositeBus - ok
11:53:58.0308 5908 COMSysApp - ok
11:53:58.0311 5908 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:53:58.0321 5908 crcdisk - ok
11:53:58.0326 5908 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
11:53:58.0331 5908 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
11:53:58.0331 5908 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
11:53:58.0338 5908 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:53:58.0351 5908 CryptSvc - ok
11:53:58.0357 5908 [ 69CDBA2B9C397E349A04FA70DD9170A2 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
11:53:58.0364 5908 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
11:53:58.0364 5908 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
11:53:58.0373 5908 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:53:58.0406 5908 DcomLaunch - ok
11:53:58.0412 5908 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:53:58.0440 5908 defragsvc - ok
11:53:58.0444 5908 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:53:58.0471 5908 DfsC - ok
11:53:58.0477 5908 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:53:58.0492 5908 Dhcp - ok
11:53:58.0497 5908 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:53:58.0523 5908 discache - ok
11:53:58.0527 5908 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:53:58.0537 5908 Disk - ok
11:53:58.0541 5908 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:53:58.0554 5908 Dnscache - ok
11:53:58.0560 5908 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:53:58.0587 5908 dot3svc - ok
11:53:58.0592 5908 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:53:58.0619 5908 DPS - ok
11:53:58.0623 5908 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:53:58.0636 5908 drmkaud - ok
11:53:58.0641 5908 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:53:58.0653 5908 dtsoftbus01 - ok
11:53:58.0666 5908 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:53:58.0688 5908 DXGKrnl - ok
11:53:58.0693 5908 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:53:58.0721 5908 EapHost - ok
11:53:58.0753 5908 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:53:58.0800 5908 ebdrv - ok
11:53:58.0805 5908 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:53:58.0818 5908 EFS - ok
11:53:58.0826 5908 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:53:58.0843 5908 elxstor - ok
11:53:58.0846 5908 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:53:58.0857 5908 ErrDev - ok
11:53:58.0866 5908 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:53:58.0897 5908 EventSystem - ok
11:53:58.0902 5908 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:53:58.0930 5908 exfat - ok
11:53:58.0935 5908 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:53:58.0963 5908 fastfat - ok
11:53:58.0966 5908 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:53:58.0977 5908 fdc - ok
11:53:58.0980 5908 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:53:59.0007 5908 fdPHost - ok
11:53:59.0010 5908 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:53:59.0036 5908 FDResPub - ok
11:53:59.0040 5908 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:53:59.0050 5908 FileInfo - ok
11:53:59.0053 5908 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:53:59.0079 5908 Filetrace - ok
11:53:59.0082 5908 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:53:59.0092 5908 flpydisk - ok
11:53:59.0098 5908 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:53:59.0111 5908 FltMgr - ok
11:53:59.0124 5908 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:53:59.0149 5908 FontCache - ok
11:53:59.0153 5908 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:53:59.0162 5908 FontCache3.0.0.0 - ok
11:53:59.0165 5908 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:53:59.0175 5908 FsDepends - ok
11:53:59.0178 5908 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:53:59.0188 5908 Fs_Rec - ok
11:53:59.0192 5908 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:53:59.0207 5908 fvevol - ok
11:53:59.0210 5908 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:53:59.0221 5908 gagp30kx - ok
11:53:59.0230 5908 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:53:59.0264 5908 gpsvc - ok
11:53:59.0268 5908 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:53:59.0277 5908 gupdate - ok
11:53:59.0280 5908 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:53:59.0289 5908 gupdatem - ok
11:53:59.0292 5908 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:53:59.0303 5908 hcw85cir - ok
11:53:59.0309 5908 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:53:59.0325 5908 HdAudAddService - ok
11:53:59.0329 5908 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:53:59.0343 5908 HDAudBus - ok
11:53:59.0346 5908 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:53:59.0357 5908 HidBatt - ok
11:53:59.0361 5908 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:53:59.0374 5908 HidBth - ok
11:53:59.0377 5908 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:53:59.0389 5908 HidIr - ok
11:53:59.0392 5908 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:53:59.0419 5908 hidserv - ok
11:53:59.0422 5908 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:53:59.0433 5908 HidUsb - ok
11:53:59.0436 5908 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:53:59.0462 5908 hkmsvc - ok
11:53:59.0468 5908 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:53:59.0482 5908 HomeGroupListener - ok
11:53:59.0487 5908 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:53:59.0500 5908 HomeGroupProvider - ok
11:53:59.0503 5908 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:53:59.0513 5908 HpSAMD - ok
11:53:59.0522 5908 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:53:59.0556 5908 HTTP - ok
11:53:59.0559 5908 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:53:59.0569 5908 hwpolicy - ok
11:53:59.0572 5908 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:53:59.0584 5908 i8042prt - ok
11:53:59.0591 5908 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:53:59.0605 5908 iaStorV - ok
11:53:59.0616 5908 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:53:59.0636 5908 idsvc - ok
11:53:59.0640 5908 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:53:59.0650 5908 iirsp - ok
11:53:59.0660 5908 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:53:59.0695 5908 IKEEXT - ok
11:53:59.0700 5908 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:53:59.0709 5908 intelide - ok
11:53:59.0713 5908 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:53:59.0724 5908 intelppm - ok
11:53:59.0727 5908 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:53:59.0754 5908 IPBusEnum - ok
11:53:59.0758 5908 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:53:59.0784 5908 IpFilterDriver - ok
11:53:59.0792 5908 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:53:59.0809 5908 iphlpsvc - ok
11:53:59.0813 5908 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:53:59.0825 5908 IPMIDRV - ok
11:53:59.0829 5908 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:53:59.0855 5908 IPNAT - ok
11:53:59.0858 5908 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:53:59.0877 5908 IRENUM - ok
11:53:59.0880 5908 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:53:59.0890 5908 isapnp - ok
11:53:59.0895 5908 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:53:59.0908 5908 iScsiPrt - ok
11:53:59.0912 5908 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:53:59.0921 5908 kbdclass - ok
11:53:59.0924 5908 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:53:59.0935 5908 kbdhid - ok
11:53:59.0938 5908 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:53:59.0949 5908 KeyIso - ok
11:53:59.0953 5908 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:53:59.0963 5908 KSecDD - ok
11:53:59.0967 5908 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:53:59.0979 5908 KSecPkg - ok
11:53:59.0982 5908 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:54:00.0008 5908 ksthunk - ok
11:54:00.0014 5908 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:54:00.0045 5908 KtmRm - ok
11:54:00.0050 5908 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:54:00.0078 5908 LanmanServer - ok
11:54:00.0082 5908 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:54:00.0110 5908 LanmanWorkstation - ok
11:54:00.0115 5908 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:54:00.0140 5908 lltdio - ok
11:54:00.0146 5908 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:54:00.0176 5908 lltdsvc - ok
11:54:00.0179 5908 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:54:00.0205 5908 lmhosts - ok
11:54:00.0210 5908 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:54:00.0221 5908 LSI_FC - ok
11:54:00.0225 5908 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:54:00.0235 5908 LSI_SAS - ok
11:54:00.0238 5908 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:54:00.0248 5908 LSI_SAS2 - ok
11:54:00.0252 5908 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:54:00.0263 5908 LSI_SCSI - ok
11:54:00.0266 5908 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:54:00.0294 5908 luafv - ok
11:54:00.0297 5908 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:54:00.0307 5908 megasas - ok
11:54:00.0312 5908 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:54:00.0326 5908 MegaSR - ok
11:54:00.0329 5908 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:54:00.0356 5908 MMCSS - ok
11:54:00.0360 5908 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:54:00.0385 5908 Modem - ok
11:54:00.0388 5908 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:54:00.0400 5908 monitor - ok
11:54:00.0403 5908 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:54:00.0413 5908 mouclass - ok
11:54:00.0416 5908 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:54:00.0426 5908 mouhid - ok
11:54:00.0430 5908 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:54:00.0441 5908 mountmgr - ok
11:54:00.0444 5908 [ 8121C6DD654970FEDDBC195596D9706E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:54:00.0454 5908 MozillaMaintenance - ok
11:54:00.0459 5908 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:54:00.0470 5908 mpio - ok
11:54:00.0473 5908 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:54:00.0500 5908 mpsdrv - ok
11:54:00.0511 5908 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:54:00.0547 5908 MpsSvc - ok
11:54:00.0552 5908 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:54:00.0568 5908 MRxDAV - ok
11:54:00.0572 5908 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:54:00.0585 5908 mrxsmb - ok
11:54:00.0591 5908 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:54:00.0604 5908 mrxsmb10 - ok
11:54:00.0609 5908 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:54:00.0619 5908 mrxsmb20 - ok
11:54:00.0623 5908 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:54:00.0632 5908 msahci - ok
11:54:00.0636 5908 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:54:00.0647 5908 msdsm - ok
11:54:00.0651 5908 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:54:00.0664 5908 MSDTC - ok
11:54:00.0670 5908 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:54:00.0695 5908 Msfs - ok
11:54:00.0698 5908 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:54:00.0723 5908 mshidkmdf - ok
11:54:00.0727 5908 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:54:00.0736 5908 msisadrv - ok
11:54:00.0740 5908 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:54:00.0768 5908 MSiSCSI - ok
11:54:00.0770 5908 msiserver - ok
11:54:00.0774 5908 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:54:00.0800 5908 MSKSSRV - ok
11:54:00.0803 5908 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:54:00.0828 5908 MSPCLOCK - ok
11:54:00.0831 5908 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:54:00.0856 5908 MSPQM - ok
11:54:00.0862 5908 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:54:00.0877 5908 MsRPC - ok
11:54:00.0882 5908 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:54:00.0891 5908 mssmbios - ok
11:54:00.0894 5908 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:54:00.0920 5908 MSTEE - ok
11:54:00.0923 5908 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:54:00.0933 5908 MTConfig - ok
11:54:00.0937 5908 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:54:00.0947 5908 Mup - ok
11:54:00.0954 5908 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:54:00.0986 5908 napagent - ok
11:54:00.0992 5908 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:54:01.0009 5908 NativeWifiP - ok
11:54:01.0021 5908 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:54:01.0043 5908 NDIS - ok
11:54:01.0047 5908 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:54:01.0073 5908 NdisCap - ok
11:54:01.0076 5908 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:54:01.0101 5908 NdisTapi - ok
11:54:01.0105 5908 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:54:01.0130 5908 Ndisuio - ok
11:54:01.0134 5908 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:54:01.0161 5908 NdisWan - ok
11:54:01.0164 5908 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:54:01.0190 5908 NDProxy - ok
11:54:01.0193 5908 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:54:01.0219 5908 NetBIOS - ok
11:54:01.0224 5908 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:54:01.0252 5908 NetBT - ok
11:54:01.0256 5908 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:54:01.0267 5908 Netlogon - ok
11:54:01.0273 5908 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:54:01.0304 5908 Netman - ok
11:54:01.0311 5908 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:54:01.0343 5908 netprofm - ok
11:54:01.0347 5908 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:54:01.0357 5908 NetTcpPortSharing - ok
11:54:01.0360 5908 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:54:01.0370 5908 nfrd960 - ok
11:54:01.0376 5908 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:54:01.0390 5908 NlaSvc - ok
11:54:01.0396 5908 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:54:01.0422 5908 Npfs - ok
11:54:01.0426 5908 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:54:01.0453 5908 nsi - ok
11:54:01.0456 5908 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:54:01.0482 5908 nsiproxy - ok
11:54:01.0503 5908 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:54:01.0536 5908 Ntfs - ok
11:54:01.0540 5908 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:54:01.0566 5908 Null - ok
11:54:01.0570 5908 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:54:01.0581 5908 nvraid - ok
11:54:01.0586 5908 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:54:01.0597 5908 nvstor - ok
11:54:01.0601 5908 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:54:01.0612 5908 nv_agp - ok
11:54:01.0620 5908 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:54:01.0634 5908 odserv - ok
11:54:01.0638 5908 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:54:01.0649 5908 ohci1394 - ok
11:54:01.0653 5908 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:54:01.0664 5908 ose - ok
11:54:01.0678 5908 [ EDD1DCD36F6115ACC6935C3F88FF54D7 ] P17 C:\Windows\system32\drivers\P17.sys
11:54:01.0704 5908 P17 - ok
11:54:01.0711 5908 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:54:01.0727 5908 p2pimsvc - ok
11:54:01.0734 5908 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:54:01.0750 5908 p2psvc - ok
11:54:01.0754 5908 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:54:01.0765 5908 Parport - ok
11:54:01.0769 5908 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:54:01.0779 5908 partmgr - ok
11:54:01.0784 5908 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:54:01.0800 5908 PcaSvc - ok
11:54:01.0805 5908 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:54:01.0817 5908 pci - ok
11:54:01.0820 5908 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:54:01.0829 5908 pciide - ok
11:54:01.0834 5908 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:54:01.0847 5908 pcmcia - ok
11:54:01.0851 5908 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:54:01.0861 5908 pcw - ok
11:54:01.0869 5908 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:54:01.0904 5908 PEAUTH - ok
11:54:01.0927 5908 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:54:01.0939 5908 PerfHost - ok
11:54:01.0959 5908 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:54:02.0001 5908 pla - ok
11:54:02.0009 5908 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:54:02.0025 5908 PlugPlay - ok
11:54:02.0029 5908 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:54:02.0042 5908 PNRPAutoReg - ok
11:54:02.0048 5908 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:54:02.0061 5908 PNRPsvc - ok
11:54:02.0069 5908 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:54:02.0100 5908 PolicyAgent - ok
11:54:02.0106 5908 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:54:02.0135 5908 Power - ok
11:54:02.0139 5908 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:54:02.0165 5908 PptpMiniport - ok
11:54:02.0168 5908 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:54:02.0179 5908 Processor - ok
11:54:02.0184 5908 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:54:02.0198 5908 ProfSvc - ok
11:54:02.0201 5908 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:54:02.0212 5908 ProtectedStorage - ok
11:54:02.0216 5908 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:54:02.0241 5908 Psched - ok
11:54:02.0259 5908 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:54:02.0289 5908 ql2300 - ok
11:54:02.0294 5908 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:54:02.0305 5908 ql40xx - ok
11:54:02.0310 5908 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:54:02.0327 5908 QWAVE - ok
11:54:02.0330 5908 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:54:02.0344 5908 QWAVEdrv - ok
11:54:02.0347 5908 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:54:02.0373 5908 RasAcd - ok
11:54:02.0377 5908 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:54:02.0402 5908 RasAgileVpn - ok
11:54:02.0406 5908 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:54:02.0434 5908 RasAuto - ok
11:54:02.0438 5908 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:54:02.0465 5908 Rasl2tp - ok
11:54:02.0470 5908 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:54:02.0500 5908 RasMan - ok
11:54:02.0504 5908 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:54:02.0531 5908 RasPppoe - ok
11:54:02.0535 5908 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:54:02.0562 5908 RasSstp - ok
11:54:02.0568 5908 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:54:02.0595 5908 rdbss - ok
11:54:02.0599 5908 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:54:02.0611 5908 rdpbus - ok
11:54:02.0614 5908 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:54:02.0640 5908 RDPCDD - ok
11:54:02.0644 5908 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:54:02.0670 5908 RDPENCDD - ok
11:54:02.0674 5908 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:54:02.0699 5908 RDPREFMP - ok
11:54:02.0704 5908 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:54:02.0716 5908 RDPWD - ok
11:54:02.0721 5908 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:54:02.0733 5908 rdyboost - ok
11:54:02.0737 5908 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:54:02.0764 5908 RemoteAccess - ok
11:54:02.0769 5908 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:54:02.0797 5908 RemoteRegistry - ok
11:54:02.0800 5908 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:54:02.0827 5908 RpcEptMapper - ok
11:54:02.0830 5908 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:54:02.0842 5908 RpcLocator - ok
11:54:02.0849 5908 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:54:02.0878 5908 RpcSs - ok
11:54:02.0882 5908 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:54:02.0908 5908 rspndr - ok
11:54:02.0916 5908 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:54:02.0934 5908 RTL8167 - ok
11:54:02.0937 5908 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:54:02.0948 5908 SamSs - ok
11:54:02.0951 5908 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:54:02.0962 5908 sbp2port - ok
11:54:02.0967 5908 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:54:02.0996 5908 SCardSvr - ok
11:54:02.0999 5908 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:54:03.0024 5908 scfilter - ok
11:54:03.0037 5908 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:54:03.0076 5908 Schedule - ok
11:54:03.0080 5908 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:54:03.0104 5908 SCPolicySvc - ok
11:54:03.0109 5908 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:54:03.0123 5908 SDRSVC - ok
11:54:03.0137 5908 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
11:54:03.0160 5908 SDScannerService - ok
11:54:03.0176 5908 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
11:54:03.0202 5908 SDUpdateService - ok
11:54:03.0207 5908 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
11:54:03.0218 5908 SDWSCService - ok
11:54:03.0221 5908 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:54:03.0247 5908 secdrv - ok
11:54:03.0250 5908 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:54:03.0277 5908 seclogon - ok
11:54:03.0280 5908 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:54:03.0308 5908 SENS - ok
11:54:03.0311 5908 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:54:03.0324 5908 SensrSvc - ok
11:54:03.0326 5908 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:54:03.0338 5908 Serenum - ok
11:54:03.0341 5908 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:54:03.0353 5908 Serial - ok
11:54:03.0356 5908 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:54:03.0367 5908 sermouse - ok
11:54:03.0375 5908 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:54:03.0402 5908 SessionEnv - ok
11:54:03.0405 5908 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:54:03.0418 5908 sffdisk - ok
11:54:03.0420 5908 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:54:03.0433 5908 sffp_mmc - ok
11:54:03.0436 5908 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:54:03.0448 5908 sffp_sd - ok
11:54:03.0451 5908 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:54:03.0461 5908 sfloppy - ok
11:54:03.0467 5908 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:54:03.0497 5908 SharedAccess - ok
11:54:03.0503 5908 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:54:03.0534 5908 ShellHWDetection - ok
11:54:03.0537 5908 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:54:03.0547 5908 SiSRaid2 - ok
11:54:03.0550 5908 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:54:03.0561 5908 SiSRaid4 - ok
11:54:03.0565 5908 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:54:03.0575 5908 SkypeUpdate - ok
11:54:03.0579 5908 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:54:03.0606 5908 Smb - ok
11:54:03.0612 5908 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:54:03.0625 5908 SNMPTRAP - ok
11:54:03.0628 5908 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:54:03.0637 5908 spldr - ok
11:54:03.0645 5908 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:54:03.0664 5908 Spooler - ok
11:54:03.0702 5908 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:54:03.0769 5908 sppsvc - ok
11:54:03.0774 5908 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:54:03.0802 5908 sppuinotify - ok
11:54:03.0810 5908 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:54:03.0826 5908 srv - ok
11:54:03.0833 5908 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:54:03.0848 5908 srv2 - ok
11:54:03.0853 5908 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:54:03.0865 5908 srvnet - ok
11:54:03.0870 5908 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:54:03.0899 5908 SSDPSRV - ok
11:54:03.0902 5908 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:54:03.0930 5908 SstpSvc - ok
11:54:03.0933 5908 Steam Client Service - ok
11:54:03.0937 5908 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:54:03.0947 5908 stexstor - ok
11:54:03.0955 5908 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:54:03.0978 5908 stisvc - ok
11:54:03.0981 5908 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:54:03.0991 5908 swenum - ok
11:54:03.0998 5908 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:54:04.0031 5908 swprv - ok
11:54:04.0052 5908 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:54:04.0087 5908 SysMain - ok
11:54:04.0091 5908 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:54:04.0108 5908 TabletInputService - ok
11:54:04.0113 5908 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:54:04.0152 5908 TapiSrv - ok
11:54:04.0155 5908 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:54:04.0183 5908 TBS - ok
11:54:04.0204 5908 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:54:04.0240 5908 Tcpip - ok
11:54:04.0261 5908 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:54:04.0289 5908 TCPIP6 - ok
11:54:04.0295 5908 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:54:04.0306 5908 tcpipreg - ok
11:54:04.0311 5908 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:54:04.0323 5908 TDPIPE - ok
11:54:04.0326 5908 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:54:04.0337 5908 TDTCP - ok
11:54:04.0341 5908 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:54:04.0367 5908 tdx - ok
11:54:04.0370 5908 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:54:04.0380 5908 TermDD - ok
11:54:04.0390 5908 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:54:04.0422 5908 TermService - ok
11:54:04.0426 5908 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:54:04.0441 5908 Themes - ok
11:54:04.0445 5908 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:54:04.0471 5908 THREADORDER - ok
11:54:04.0475 5908 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:54:04.0504 5908 TrkWks - ok
11:54:04.0509 5908 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:54:04.0536 5908 TrustedInstaller - ok
11:54:04.0541 5908 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:54:04.0566 5908 tssecsrv - ok
11:54:04.0570 5908 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:54:04.0582 5908 TsUsbFlt - ok
11:54:04.0586 5908 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:54:04.0612 5908 tunnel - ok
11:54:04.0616 5908 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:54:04.0626 5908 uagp35 - ok
11:54:04.0632 5908 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:54:04.0661 5908 udfs - ok
11:54:04.0667 5908 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:54:04.0681 5908 UI0Detect - ok
11:54:04.0684 5908 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:54:04.0694 5908 uliagpkx - ok
11:54:04.0697 5908 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
11:54:04.0708 5908 umbus - ok
11:54:04.0711 5908 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:54:04.0722 5908 UmPass - ok
11:54:04.0728 5908 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:54:04.0759 5908 upnphost - ok
11:54:04.0763 5908 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:54:04.0775 5908 usbccgp - ok
11:54:04.0779 5908 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:54:04.0792 5908 usbcir - ok
11:54:04.0795 5908 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:54:04.0806 5908 usbehci - ok
11:54:04.0809 5908 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
11:54:04.0818 5908 usbfilter - ok
11:54:04.0823 5908 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:54:04.0838 5908 usbhub - ok
11:54:04.0841 5908 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:54:04.0852 5908 usbohci - ok
11:54:04.0855 5908 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:54:04.0868 5908 usbprint - ok
11:54:04.0871 5908 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:54:04.0884 5908 USBSTOR - ok
11:54:04.0887 5908 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:54:04.0898 5908 usbuhci - ok
11:54:04.0901 5908 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:54:04.0930 5908 UxSms - ok
11:54:04.0933 5908 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:54:04.0943 5908 VaultSvc - ok
11:54:04.0946 5908 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:54:04.0956 5908 vdrvroot - ok
11:54:04.0964 5908 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:54:04.0997 5908 vds - ok
11:54:05.0000 5908 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:54:05.0012 5908 vga - ok
11:54:05.0015 5908 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:54:05.0041 5908 VgaSave - ok
11:54:05.0046 5908 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:54:05.0058 5908 vhdmp - ok
11:54:05.0061 5908 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:54:05.0071 5908 viaide - ok
11:54:05.0074 5908 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:54:05.0084 5908 volmgr - ok
11:54:05.0091 5908 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:54:05.0105 5908 volmgrx - ok
11:54:05.0110 5908 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:54:05.0124 5908 volsnap - ok
11:54:05.0128 5908 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:54:05.0140 5908 vsmraid - ok
11:54:05.0158 5908 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:54:05.0203 5908 VSS - ok
11:54:05.0206 5908 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:54:05.0220 5908 vwifibus - ok
11:54:05.0226 5908 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:54:05.0257 5908 W32Time - ok
11:54:05.0262 5908 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:54:05.0273 5908 WacomPen - ok
11:54:05.0276 5908 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:54:05.0302 5908 WANARP - ok
11:54:05.0305 5908 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:54:05.0330 5908 Wanarpv6 - ok
11:54:05.0347 5908 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:54:05.0377 5908 wbengine - ok
11:54:05.0382 5908 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:54:05.0398 5908 WbioSrvc - ok
11:54:05.0405 5908 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:54:05.0423 5908 wcncsvc - ok
11:54:05.0427 5908 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:54:05.0439 5908 WcsPlugInService - ok
11:54:05.0442 5908 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:54:05.0452 5908 Wd - ok
11:54:05.0462 5908 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:54:05.0484 5908 Wdf01000 - ok
11:54:05.0488 5908 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:54:05.0514 5908 WdiServiceHost - ok
11:54:05.0517 5908 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:54:05.0532 5908 WdiSystemHost - ok
11:54:05.0537 5908 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:54:05.0555 5908 WebClient - ok
11:54:05.0560 5908 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:54:05.0590 5908 Wecsvc - ok
11:54:05.0593 5908 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:54:05.0621 5908 wercplsupport - ok
11:54:05.0625 5908 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:54:05.0653 5908 WerSvc - ok
11:54:05.0655 5908 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:54:05.0681 5908 WfpLwf - ok
11:54:05.0683 5908 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:54:05.0693 5908 WIMMount - ok
11:54:05.0695 5908 WinDefend - ok
11:54:05.0699 5908 WinHttpAutoProxySvc - ok
11:54:05.0708 5908 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:54:05.0737 5908 Winmgmt - ok
11:54:05.0759 5908 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:54:05.0809 5908 WinRM - ok
11:54:05.0817 5908 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:54:05.0830 5908 WinUsb - ok
11:54:05.0841 5908 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:54:05.0866 5908 Wlansvc - ok
11:54:05.0869 5908 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:54:05.0880 5908 WmiAcpi - ok
11:54:05.0886 5908 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:54:05.0900 5908 wmiApSrv - ok
11:54:05.0903 5908 WMPNetworkSvc - ok
11:54:05.0906 5908 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:54:05.0920 5908 WPCSvc - ok
11:54:05.0924 5908 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:54:05.0944 5908 WPDBusEnum - ok
11:54:05.0948 5908 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:54:05.0975 5908 ws2ifsl - ok
11:54:05.0979 5908 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:54:05.0995 5908 wscsvc - ok
11:54:05.0998 5908 WSearch - ok
11:54:06.0026 5908 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:54:06.0071 5908 wuauserv - ok
11:54:06.0076 5908 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:54:06.0088 5908 WudfPf - ok
11:54:06.0092 5908 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:54:06.0104 5908 WUDFRd - ok
11:54:06.0108 5908 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:54:06.0121 5908 wudfsvc - ok
11:54:06.0126 5908 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:54:06.0144 5908 WwanSvc - ok
11:54:06.0147 5908 ================ Scan global ===============================
11:54:06.0151 5908 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:54:06.0155 5908 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:54:06.0162 5908 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:54:06.0168 5908 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:54:06.0174 5908 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:54:06.0179 5908 [Global] - ok
11:54:06.0179 5908 ================ Scan MBR ==================================
11:54:06.0181 5908 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:54:06.0283 5908 \Device\Harddisk0\DR0 - ok
11:54:06.0298 5908 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
11:54:06.0502 5908 \Device\Harddisk1\DR1 - ok
11:54:06.0502 5908 ================ Scan VBR ==================================
11:54:06.0505 5908 [ E35A83F590C0864B41B05288F773EF5E ] \Device\Harddisk0\DR0\Partition1
11:54:06.0506 5908 \Device\Harddisk0\DR0\Partition1 - ok
11:54:06.0509 5908 [ C3D9B9FC623B9240EF85478B1F7FD7FA ] \Device\Harddisk0\DR0\Partition2
11:54:06.0509 5908 \Device\Harddisk0\DR0\Partition2 - ok
11:54:06.0511 5908 [ FE0108DE6184179E1BA692A13CAC734C ] \Device\Harddisk1\DR1\Partition1
11:54:06.0512 5908 \Device\Harddisk1\DR1\Partition1 - ok
11:54:06.0532 5908 [ 04288ADF0E9798A21004FC36E2DCB5EB ] \Device\Harddisk1\DR1\Partition2
11:54:06.0533 5908 \Device\Harddisk1\DR1\Partition2 - ok
11:54:06.0533 5908 ============================================================
11:54:06.0533 5908 Scan finished
11:54:06.0533 5908 ============================================================
11:54:06.0541 0204 Detected object count: 2
11:54:06.0541 0204 Actual detected object count: 2
11:54:26.0577 0204 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:54:26.0577 0204 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:54:26.0578 0204 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
11:54:26.0578 0204 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:54:32.0323 5844 Deinitialize success
|
|
14.05.2013, 13:01
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Angeblicher Keylogger auf dem Rechner Unauffällig JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.05.2013, 14:35
| #15 |
| | Angeblicher Keylogger auf dem Rechner JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Drunkenmaster on 14.05.2013 at 14:54:24,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasmancs
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Drunkenmaster\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Drunkenmaster\appdata\locallow\sweetim"
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Drunkenmaster\appdata\local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.05.2013 at 14:56:58,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
adwCleaner Code:
ATTFilter # AdwCleaner v2.300 - Datei am 14/05/2013 um 14:59:58 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Drunkenmaster - DOMINIK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dominik\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Dominik\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Drunkenmaster\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [3449 octets] - [14/05/2013 14:59:58]
########## EOF - \AdwCleaner[S1].txt - [3509 octets] ##########
OTL Editor Code:
ATTFilter OTL Extras logfile created on: 14.05.2013 15:04:44 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dominik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,33% Memory free
7,99 Gb Paging File | 6,18 Gb Available in Paging File | 77,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 22,89 Gb Free Space | 41,02% Space Free | Partition Type: NTFS
Drive D: | 465,66 Gb Total Space | 317,36 Gb Free Space | 68,15% Space Free | Partition Type: NTFS
Drive E: | 298,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: DOMINIK | User Name: Drunkenmaster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-438401567-730785118-3515160458-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-438401567-730785118-3515160458-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{30D6A260-B3C4-46A9-91D4-4597BDD8FCDF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52BFE3E5-0623-4396-BCD5-0AC6B4C326EE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6C20AC24-83CA-4311-BF63-D0161223A3AA}" = rport=445 | protocol=6 | dir=out | app=system |
"{7D1764C7-1D24-4A0F-ABFF-DB6300680416}" = rport=138 | protocol=17 | dir=out | app=system |
"{A1A89200-CDEF-443B-A97A-5293AF283A2A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C15F4900-5AC3-40AB-805E-B2B2C192E20A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC517A63-87D7-4EB8-8CF4-A235C3DD2617}" = rport=139 | protocol=6 | dir=out | app=system |
"{EEDFF032-6189-428E-98B9-1BC4F5055B53}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7B7F5C0-0954-491D-B55F-F9FC0BB1B25F}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BCB58E-7395-47C6-9510-8FC1C518AC79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3842737E-2D33-47D4-AA2B-4077827DB93E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3946F38A-26FA-4AC3-9CEF-7D315A8D0694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4B299972-1785-4FFB-916D-F3CC0D1E3176}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E2DDECB-B529-48A9-81AC-AD183AFDE6BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{744C42C8-18D0-4BA6-A5D7-4C3AA97B5453}" = protocol=6 | dir=out | app=system |
"{94A7BC4E-6BD9-4C73-A463-90D005E76517}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A25680CF-5936-4A97-80F3-FB1AF86BF593}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A773C736-B1EE-43B3-8982-2D4ABC3A74C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5484470-C70D-4CAB-864C-B138A5DA0A44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E7EE5138-2569-4ACF-BD44-7C9EEDE9575D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA5C61B5-D04C-476D-A850-4B65CB4D2030}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{042B10AA-8233-A9E0-4DEB-B7253C686DBB}" = AMD Fuel
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"D3A1A6FCCCB0A9522D676C627C62D37496EAF759" = Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{86095E92-1959-8364-920E-82E81F64F8FB}" = AMD VISION Engine Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D9C4202E-6D51-4B06-A8F1-22316E654BCA}" = Universal Adb Driver
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FE1EFF18-814A-42CE-8470-EC97EDDAF8FF}" = Foxit Reader
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Free Antivirus
"Cisco Packet Tracer 5.3.3_is1" = Cisco Packet Tracer 5.3.3
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Sauerbraten" = Sauerbraten
"STANDARD" = Microsoft Office Standard 2007
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 730" = Counter-Strike: Global Offensive
"VLC media player" = VLC media player 2.0.4
"Winamp" = Winamp
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-438401567-730785118-3515160458-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.4.0.1083
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Spybot - Search and Destroy Events ]
Error - 13.05.2013 06:48:50 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.05.2013 06:49:07 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.05.2013 06:49:18 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.05.2013 06:49:21 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.05.2013 06:49:24 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.05.2013 06:49:25 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.05.2013 06:49:27 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 14.05.2013 08:57:58 | Computer Name = Dominik | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
| Themen zu Angeblicher Keylogger auf dem Rechner |
| account, avast, bat, bewusst, community, destroy, einträge, experten, formatieren, forum, fullscan, keylogger, kis, lösung, plagegeister, rechner, rechte, schützt, search, spybot, spybot search and destroy, support, tan, toolbar, verursacht, windows-firewall |
Hybrid-Darstellung
