| |
| |||||||
Log-Analyse und Auswertung: Rootkit gefunden.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.05.2013, 15:46
| #1 |
 |  Rootkit gefunden. Hallo liebe Forumgemeinde. Habe mich zum erstenmal hier angemeldet weil ich mit einem potenziellen rootkit zu tun habe. Also zu meinem System, ich habe einen Desktop PC mit Windows 7 64bit OS. Internetverbindung erfolgt mit DSL über LAN. Unglücklicherweise war ich vor knapp 2 Wochen etwas unvorsichtig und bin einem dieser elenden Spammer auf den Leim gegangen in dem ich auf einen Link in einem Forum geklickt habe. Es war eine augenscheinlich hergerichtete fake seite um den Leuten irgendwelche Schadsoftware unterzujubeln. Ich habe dann gleich danach Avira drüberlaufen lassen und es wurden 2 Schädlinge angezeigt und behoben. Habe vor dem Löschen noch die Logs angeschaut und habe es noch im Kopf. Eins der Biester konnte andere programme verändern oder verschleiern. Den genauen Namen weiß ich leider nicht mehr. In der Zwischenzeit habe ich mich dann gefragt ob dieses Biest vielleicht einem anderen das Tor geöffnet hat? Aber der PC lief normal weiter. Nun bin ich jedoch stutzig geworden und habe GMER drüberlaufen lassen. Dieses zeigt im Log unter Rootkit folgendes. Type: Thread Name: C:\\Windows\System32\svchost.exe[2084:4852] Value: 000007fef4aa9688 Ist das eines dieser Biester dass sich mit einer variablen tarnt? Was sol ich nun tun? Behebt GMER das Problem? Wäre für alle Antworten dankbar. |
|
19.05.2013, 17:25
| #2 |
| /// TB-Ausbilder  | Rootkit gefunden. Schauen wir eben mal:
__________________!! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:  Bitte lesen:Regeln für die Bereinigung
Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop. Schritt 2: Scan mit aswMBR Downloade dir bitte Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ |
|
19.05.2013, 19:05
| #3 |
| | Rootkit gefunden. Hallo und vielen Dank für die Antwort.
__________________Hier ist der Log den ich zuvor mit GMER gemacht hatte. GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-19 19:32:28
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-001CA0 rev.15.01H15 465,76GB
Running: llikksn3.exe; Driver: C:\Users\MURATC~1\AppData\Local\Temp\awdiiaob.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [2084:4852] 000007fef4aa9688
---- EOF - GMER 2.1 ----
Ich habe dann deine Schritte Punkt für Punkt befolgt. Den Defogger habe ich wie beschrieben ausgeführt. Aber er hat keinen Logeintrag produziert. Er hat nur mit "Finish" bestätigt. Dann habe ich das aswMBR Log erstellt. Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-19 19:16:24
-----------------------------
19:16:24.111 OS Version: Windows x64 6.1.7601 Service Pack 1
19:16:24.111 Number of processors: 6 586 0x102
19:16:24.116 ComputerName: MURATCELIK-PC UserName: Murat Celik
19:16:28.340 Initialize success
19:22:30.503 AVAST engine defs: 13051900
19:23:55.958 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:23:55.963 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 11
19:23:56.089 Disk 0 MBR read successfully
19:23:56.093 Disk 0 MBR scan
19:23:56.103 Disk 0 Windows 7 default MBR code
19:23:56.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:23:56.125 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
19:23:56.158 Disk 0 scanning C:\Windows\system32\drivers
19:24:12.519 Service scanning
19:24:42.516 Modules scanning
19:24:42.518 Disk 0 trace - called modules:
19:24:42.528 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:24:42.530 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079d7790]
19:24:42.534 3 CLASSPNP.SYS[fffff88001bcb43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079e9680]
19:24:44.812 AVAST engine scan C:\Windows
19:24:48.055 AVAST engine scan C:\Windows\system32
19:29:12.541 AVAST engine scan C:\Windows\system32\drivers
19:29:38.673 AVAST engine scan C:\Users\Murat Celik
19:30:24.244 Disk 0 MBR has been saved successfully to "C:\Users\Murat Celik\Desktop\MBR.dat"
19:30:24.301 The log file has been saved successfully to "C:\Users\Murat Celik\Desktop\aswMBR.txt"
TDSSKiller Code:
ATTFilter 19:31:33.0080 2652 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:31:33.0398 2652 ============================================================
19:31:33.0398 2652 Current date / time: 2013/05/19 19:31:33.0398
19:31:33.0398 2652 SystemInfo:
19:31:33.0398 2652
19:31:33.0398 2652 OS Version: 6.1.7601 ServicePack: 1.0
19:31:33.0398 2652 Product type: Workstation
19:31:33.0399 2652 ComputerName: MURATCELIK-PC
19:31:33.0400 2652 UserName: Murat Celik
19:31:33.0400 2652 Windows directory: C:\Windows
19:31:33.0400 2652 System windows directory: C:\Windows
19:31:33.0400 2652 Running under WOW64
19:31:33.0400 2652 Processor architecture: Intel x64
19:31:33.0400 2652 Number of processors: 6
19:31:33.0400 2652 Page size: 0x1000
19:31:33.0400 2652 Boot type: Normal boot
19:31:33.0400 2652 ============================================================
19:31:34.0973 2652 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:31:34.0988 2652 ============================================================
19:31:34.0988 2652 \Device\Harddisk0\DR0:
19:31:34.0989 2652 MBR partitions:
19:31:34.0989 2652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:31:34.0989 2652 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
19:31:35.0003 2652 ============================================================
19:31:35.0062 2652 C: <-> \Device\Harddisk0\DR0\Partition2
19:31:35.0062 2652 ============================================================
19:31:35.0063 2652 Initialize success
19:31:35.0063 2652 ============================================================
19:31:58.0359 3260 ============================================================
19:31:58.0359 3260 Scan started
19:31:58.0359 3260 Mode: Manual; SigCheck; TDLFS;
19:31:58.0359 3260 ============================================================
19:32:01.0219 3260 ================ Scan system memory ========================
19:32:01.0220 3260 System memory - ok
19:32:01.0221 3260 ================ Scan services =============================
19:32:01.0922 3260 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:32:02.0498 3260 1394ohci - ok
19:32:02.0548 3260 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:32:02.0611 3260 ACPI - ok
19:32:02.0671 3260 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:32:02.0836 3260 AcpiPmi - ok
19:32:03.0031 3260 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:32:03.0096 3260 adp94xx - ok
19:32:03.0228 3260 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:32:03.0287 3260 adpahci - ok
19:32:03.0372 3260 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:32:03.0444 3260 adpu320 - ok
19:32:03.0497 3260 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:32:04.0278 3260 AeLookupSvc - ok
19:32:04.0359 3260 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:32:04.0455 3260 AFD - ok
19:32:04.0510 3260 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:32:04.0572 3260 agp440 - ok
19:32:04.0631 3260 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:32:04.0792 3260 ALG - ok
19:32:04.0827 3260 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:32:04.0900 3260 aliide - ok
19:32:04.0918 3260 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:32:04.0966 3260 amdide - ok
19:32:05.0028 3260 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:32:05.0120 3260 AmdK8 - ok
19:32:05.0184 3260 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:32:05.0281 3260 AmdPPM - ok
19:32:05.0394 3260 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:32:05.0447 3260 amdsata - ok
19:32:05.0545 3260 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:32:05.0621 3260 amdsbs - ok
19:32:05.0651 3260 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:32:05.0698 3260 amdxata - ok
19:32:05.0940 3260 [ 2B8D1C23D204C0E70EFF48A3FFA1C67B ] AMD_RAIDXpert C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
19:32:05.0998 3260 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - warning
19:32:05.0999 3260 AMD_RAIDXpert - detected UnsignedFile.Multi.Generic (1)
19:32:06.0077 3260 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:32:07.0268 3260 AppID - ok
19:32:07.0304 3260 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:32:07.0442 3260 AppIDSvc - ok
19:32:07.0521 3260 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:32:07.0617 3260 Appinfo - ok
19:32:07.0666 3260 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:32:07.0715 3260 arc - ok
19:32:07.0744 3260 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:32:07.0793 3260 arcsas - ok
19:32:08.0365 3260 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
19:32:08.0446 3260 AsIO - ok
19:32:08.0484 3260 [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
19:32:08.0566 3260 asmthub3 - ok
19:32:08.0683 3260 [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
19:32:08.0773 3260 asmtxhci - ok
19:32:08.0893 3260 [ 798A87B2D7AD73B16B7CD968C5D1F18F ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
19:32:08.0960 3260 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
19:32:08.0960 3260 AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
19:32:08.0992 3260 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
19:32:09.0037 3260 AsUpIO - ok
19:32:09.0085 3260 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:32:09.0197 3260 AsyncMac - ok
19:32:09.0215 3260 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:32:09.0262 3260 atapi - ok
19:32:09.0316 3260 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
19:32:09.0361 3260 AtiPcie - ok
19:32:09.0535 3260 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:32:09.0696 3260 AudioEndpointBuilder - ok
19:32:09.0713 3260 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:32:09.0834 3260 AudioSrv - ok
19:32:10.0225 3260 [ C6CDA4E093DD3B2977F87DA498827FCB ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
19:32:10.0287 3260 AVP - ok
19:32:10.0339 3260 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:32:10.0472 3260 AxInstSV - ok
19:32:10.0580 3260 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:32:10.0675 3260 b06bdrv - ok
19:32:10.0719 3260 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:32:10.0821 3260 b57nd60a - ok
19:32:10.0890 3260 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:32:10.0959 3260 BDESVC - ok
19:32:10.0999 3260 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:32:11.0116 3260 Beep - ok
19:32:11.0344 3260 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:32:11.0481 3260 BFE - ok
19:32:11.0561 3260 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:32:11.0722 3260 BITS - ok
19:32:11.0778 3260 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:32:11.0848 3260 blbdrive - ok
19:32:11.0894 3260 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:32:11.0970 3260 bowser - ok
19:32:11.0988 3260 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:32:12.0079 3260 BrFiltLo - ok
19:32:12.0113 3260 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:32:12.0197 3260 BrFiltUp - ok
19:32:12.0256 3260 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:32:12.0317 3260 Browser - ok
19:32:12.0354 3260 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:32:12.0452 3260 Brserid - ok
19:32:12.0478 3260 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:32:12.0560 3260 BrSerWdm - ok
19:32:12.0612 3260 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:32:12.0714 3260 BrUsbMdm - ok
19:32:12.0737 3260 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:32:12.0805 3260 BrUsbSer - ok
19:32:12.0883 3260 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:32:12.0959 3260 BTHMODEM - ok
19:32:13.0030 3260 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:32:13.0136 3260 bthserv - ok
19:32:13.0179 3260 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:32:13.0560 3260 cdfs - ok
19:32:13.0673 3260 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:32:13.0751 3260 cdrom - ok
19:32:13.0838 3260 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:32:13.0968 3260 CertPropSvc - ok
19:32:14.0032 3260 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:32:14.0107 3260 circlass - ok
19:32:14.0182 3260 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:32:14.0243 3260 CLFS - ok
19:32:14.0418 3260 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:32:14.0465 3260 clr_optimization_v2.0.50727_32 - ok
19:32:14.0646 3260 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:32:14.0698 3260 clr_optimization_v2.0.50727_64 - ok
19:32:15.0087 3260 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:32:15.0142 3260 clr_optimization_v4.0.30319_32 - ok
19:32:15.0359 3260 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:32:15.0407 3260 clr_optimization_v4.0.30319_64 - ok
19:32:15.0458 3260 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:32:15.0531 3260 CmBatt - ok
19:32:15.0542 3260 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:32:15.0591 3260 cmdide - ok
19:32:15.0668 3260 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:32:15.0749 3260 CNG - ok
19:32:15.0794 3260 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:32:15.0841 3260 Compbatt - ok
19:32:15.0883 3260 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:32:15.0960 3260 CompositeBus - ok
19:32:15.0980 3260 COMSysApp - ok
19:32:16.0000 3260 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:32:16.0048 3260 crcdisk - ok
19:32:16.0135 3260 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:32:16.0229 3260 CryptSvc - ok
19:32:16.0354 3260 [ 04199CA5C4A6F6E935906A74EAFCA8E7 ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys
19:32:16.0401 3260 CSCrySec - ok
19:32:16.0678 3260 [ 0F9FE82E229C039F0AC1996E44059653 ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
19:32:16.0766 3260 CSObjectsSrv - ok
19:32:16.0942 3260 [ 7D7F90460F1309B5205BF8CDFAD63E42 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
19:32:16.0989 3260 CSVirtualDiskDrv - ok
19:32:17.0075 3260 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:32:17.0232 3260 DcomLaunch - ok
19:32:17.0337 3260 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:32:17.0469 3260 defragsvc - ok
19:32:17.0523 3260 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:32:17.0645 3260 DfsC - ok
19:32:17.0750 3260 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:32:17.0900 3260 Dhcp - ok
19:32:17.0921 3260 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:32:18.0101 3260 discache - ok
19:32:18.0192 3260 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:32:18.0241 3260 Disk - ok
19:32:18.0314 3260 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:32:18.0397 3260 Dnscache - ok
19:32:18.0456 3260 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:32:18.0575 3260 dot3svc - ok
19:32:18.0654 3260 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:32:18.0905 3260 DPS - ok
19:32:18.0965 3260 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:32:19.0049 3260 drmkaud - ok
19:32:19.0351 3260 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:32:19.0437 3260 DXGKrnl - ok
19:32:19.0473 3260 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:32:19.0588 3260 EapHost - ok
19:32:19.0917 3260 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:32:20.0086 3260 ebdrv - ok
19:32:20.0153 3260 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:32:20.0249 3260 EFS - ok
19:32:20.0422 3260 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:32:20.0543 3260 ehRecvr - ok
19:32:20.0567 3260 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:32:20.0665 3260 ehSched - ok
19:32:20.0744 3260 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:32:20.0821 3260 elxstor - ok
19:32:20.0838 3260 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:32:20.0909 3260 ErrDev - ok
19:32:21.0028 3260 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:32:21.0155 3260 EventSystem - ok
19:32:21.0220 3260 ewusbnet - ok
19:32:21.0227 3260 ew_hwusbdev - ok
19:32:21.0305 3260 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:32:21.0415 3260 exfat - ok
19:32:21.0539 3260 Fabs - ok
19:32:21.0590 3260 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:32:21.0707 3260 fastfat - ok
19:32:21.0782 3260 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:32:21.0911 3260 Fax - ok
19:32:21.0933 3260 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:32:22.0009 3260 fdc - ok
19:32:22.0089 3260 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:32:22.0209 3260 fdPHost - ok
19:32:22.0245 3260 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:32:22.0368 3260 FDResPub - ok
19:32:22.0414 3260 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:32:22.0467 3260 FileInfo - ok
19:32:22.0491 3260 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:32:22.0634 3260 Filetrace - ok
19:32:22.0852 3260 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:32:22.0970 3260 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:32:22.0971 3260 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:32:22.0992 3260 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:32:23.0051 3260 flpydisk - ok
19:32:23.0083 3260 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:32:23.0139 3260 FltMgr - ok
19:32:23.0196 3260 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
19:32:23.0366 3260 FontCache - ok
19:32:23.0425 3260 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:32:23.0473 3260 FontCache3.0.0.0 - ok
19:32:23.0494 3260 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:32:23.0546 3260 FsDepends - ok
19:32:23.0589 3260 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:32:23.0636 3260 Fs_Rec - ok
19:32:23.0698 3260 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:32:23.0761 3260 fvevol - ok
19:32:23.0801 3260 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:32:23.0854 3260 gagp30kx - ok
19:32:24.0002 3260 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:32:24.0169 3260 gpsvc - ok
19:32:24.0191 3260 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:32:24.0259 3260 hcw85cir - ok
19:32:24.0320 3260 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:32:24.0407 3260 HdAudAddService - ok
19:32:24.0448 3260 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:32:24.0523 3260 HDAudBus - ok
19:32:24.0551 3260 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:32:24.0624 3260 HidBatt - ok
19:32:24.0639 3260 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:32:24.0715 3260 HidBth - ok
19:32:24.0771 3260 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:32:24.0837 3260 HidIr - ok
19:32:24.0886 3260 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:32:25.0026 3260 hidserv - ok
19:32:25.0113 3260 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:32:25.0179 3260 HidUsb - ok
19:32:25.0227 3260 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:32:25.0379 3260 hkmsvc - ok
19:32:25.0479 3260 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:32:25.0558 3260 HomeGroupListener - ok
19:32:25.0626 3260 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:32:25.0707 3260 HomeGroupProvider - ok
19:32:25.0771 3260 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:32:25.0822 3260 HpSAMD - ok
19:32:25.0909 3260 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:32:26.0085 3260 HTTP - ok
19:32:26.0127 3260 huawei_enumerator - ok
19:32:26.0197 3260 hwdatacard - ok
19:32:26.0213 3260 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:32:26.0260 3260 hwpolicy - ok
19:32:26.0365 3260 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:32:26.0424 3260 i8042prt - ok
19:32:26.0533 3260 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:32:26.0596 3260 iaStorV - ok
19:32:26.0718 3260 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:32:26.0792 3260 idsvc - ok
19:32:26.0855 3260 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:32:26.0905 3260 iirsp - ok
19:32:27.0037 3260 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:32:27.0204 3260 IKEEXT - ok
19:32:27.0427 3260 [ EB5FA493A4B6EA290200AE39EBA2FBC6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:32:27.0587 3260 IntcAzAudAddService - ok
19:32:27.0605 3260 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:32:27.0653 3260 intelide - ok
19:32:27.0696 3260 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
19:32:27.0793 3260 intelppm - ok
19:32:27.0832 3260 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:32:27.0949 3260 IPBusEnum - ok
19:32:27.0964 3260 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:32:28.0069 3260 IpFilterDriver - ok
19:32:28.0178 3260 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:32:28.0270 3260 iphlpsvc - ok
19:32:28.0332 3260 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:32:28.0410 3260 IPMIDRV - ok
19:32:28.0434 3260 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:32:28.0563 3260 IPNAT - ok
19:32:28.0635 3260 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:32:28.0709 3260 IRENUM - ok
19:32:28.0749 3260 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:32:28.0797 3260 isapnp - ok
19:32:28.0859 3260 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:32:28.0920 3260 iScsiPrt - ok
19:32:28.0970 3260 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:32:29.0019 3260 kbdclass - ok
19:32:29.0054 3260 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:32:29.0130 3260 kbdhid - ok
19:32:29.0153 3260 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:32:29.0288 3260 KeyIso - ok
19:32:29.0497 3260 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
19:32:29.0561 3260 kl1 - ok
19:32:29.0816 3260 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF C:\Windows\system32\DRIVERS\klif.sys
19:32:29.0885 3260 KLIF - ok
19:32:29.0920 3260 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
19:32:29.0972 3260 KLIM6 - ok
19:32:30.0001 3260 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
19:32:30.0051 3260 klkbdflt - ok
19:32:30.0083 3260 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
19:32:30.0139 3260 klmouflt - ok
19:32:30.0172 3260 [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
19:32:30.0226 3260 kltdi - ok
19:32:30.0272 3260 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
19:32:30.0326 3260 kneps - ok
19:32:30.0401 3260 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:32:30.0451 3260 KSecDD - ok
19:32:30.0494 3260 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:32:30.0545 3260 KSecPkg - ok
19:32:30.0604 3260 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:32:30.0718 3260 ksthunk - ok
19:32:30.0772 3260 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:32:30.0904 3260 KtmRm - ok
19:32:30.0965 3260 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:32:31.0094 3260 LanmanServer - ok
19:32:31.0133 3260 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:32:31.0258 3260 LanmanWorkstation - ok
19:32:31.0311 3260 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:32:31.0434 3260 lltdio - ok
19:32:31.0501 3260 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:32:31.0636 3260 lltdsvc - ok
19:32:31.0662 3260 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:32:31.0789 3260 lmhosts - ok
19:32:31.0834 3260 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:32:31.0884 3260 LSI_FC - ok
19:32:31.0904 3260 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:32:31.0957 3260 LSI_SAS - ok
19:32:31.0993 3260 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:32:32.0041 3260 LSI_SAS2 - ok
19:32:32.0078 3260 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:32:32.0129 3260 LSI_SCSI - ok
19:32:32.0148 3260 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:32:32.0272 3260 luafv - ok
19:32:32.0279 3260 massfilter - ok
19:32:32.0286 3260 massfilter_hs - ok
19:32:32.0319 3260 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:32:32.0401 3260 Mcx2Svc - ok
19:32:32.0416 3260 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:32:32.0464 3260 megasas - ok
19:32:32.0571 3260 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:32:32.0629 3260 MegaSR - ok
19:32:32.0671 3260 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:32:32.0795 3260 MMCSS - ok
19:32:32.0818 3260 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:32:32.0931 3260 Modem - ok
19:32:32.0962 3260 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:32:33.0039 3260 monitor - ok
19:32:33.0081 3260 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:32:33.0130 3260 mouclass - ok
19:32:33.0211 3260 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:32:33.0274 3260 mouhid - ok
19:32:33.0319 3260 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:32:33.0369 3260 mountmgr - ok
19:32:33.0402 3260 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:32:33.0455 3260 mpio - ok
19:32:33.0478 3260 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:32:33.0585 3260 mpsdrv - ok
19:32:33.0723 3260 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:32:33.0855 3260 MpsSvc - ok
19:32:33.0902 3260 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:32:33.0987 3260 MRxDAV - ok
19:32:34.0020 3260 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:32:34.0093 3260 mrxsmb - ok
19:32:34.0120 3260 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:32:34.0183 3260 mrxsmb10 - ok
19:32:34.0200 3260 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:32:34.0264 3260 mrxsmb20 - ok
19:32:34.0301 3260 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:32:34.0348 3260 msahci - ok
19:32:34.0374 3260 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:32:34.0571 3260 msdsm - ok
19:32:34.0592 3260 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:32:34.0665 3260 MSDTC - ok
19:32:34.0686 3260 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:32:34.0806 3260 Msfs - ok
19:32:34.0861 3260 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:32:34.0979 3260 mshidkmdf - ok
19:32:35.0001 3260 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:32:35.0051 3260 msisadrv - ok
19:32:35.0092 3260 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:32:35.0223 3260 MSiSCSI - ok
19:32:35.0231 3260 msiserver - ok
19:32:35.0275 3260 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:32:35.0393 3260 MSKSSRV - ok
19:32:35.0435 3260 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:32:35.0550 3260 MSPCLOCK - ok
19:32:35.0557 3260 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:32:35.0694 3260 MSPQM - ok
19:32:35.0741 3260 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:32:35.0807 3260 MsRPC - ok
19:32:35.0829 3260 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:32:35.0877 3260 mssmbios - ok
19:32:35.0923 3260 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:32:36.0038 3260 MSTEE - ok
19:32:36.0045 3260 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:32:36.0112 3260 MTConfig - ok
19:32:36.0148 3260 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:32:36.0194 3260 MTsensor - ok
19:32:36.0240 3260 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:32:36.0290 3260 Mup - ok
19:32:36.0336 3260 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:32:36.0467 3260 napagent - ok
19:32:36.0543 3260 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:32:36.0630 3260 NativeWifiP - ok
19:32:36.0698 3260 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:32:36.0783 3260 NDIS - ok
19:32:36.0813 3260 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:32:36.0936 3260 NdisCap - ok
19:32:36.0977 3260 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:32:37.0098 3260 NdisTapi - ok
19:32:37.0143 3260 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:32:37.0263 3260 Ndisuio - ok
19:32:37.0327 3260 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:32:37.0486 3260 NdisWan - ok
19:32:37.0509 3260 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:32:37.0616 3260 NDProxy - ok
19:32:37.0664 3260 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:32:37.0780 3260 NetBIOS - ok
19:32:37.0803 3260 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:32:37.0912 3260 NetBT - ok
19:32:37.0944 3260 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:32:38.0003 3260 Netlogon - ok
19:32:38.0080 3260 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:32:38.0212 3260 Netman - ok
19:32:38.0286 3260 [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:32:38.0335 3260 NetMsmqActivator - ok
19:32:38.0351 3260 [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:32:38.0398 3260 NetPipeActivator - ok
19:32:38.0508 3260 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:32:38.0642 3260 netprofm - ok
19:32:38.0678 3260 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:32:38.0727 3260 NetTcpActivator - ok
19:32:38.0734 3260 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:32:38.0778 3260 NetTcpPortSharing - ok
19:32:38.0817 3260 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:32:38.0867 3260 nfrd960 - ok
19:32:38.0949 3260 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:32:39.0029 3260 NlaSvc - ok
19:32:39.0058 3260 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:32:39.0166 3260 Npfs - ok
19:32:39.0203 3260 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:32:39.0319 3260 nsi - ok
19:32:39.0336 3260 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:32:39.0446 3260 nsiproxy - ok
19:32:39.0571 3260 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:32:39.0777 3260 Ntfs - ok
19:32:39.0844 3260 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:32:39.0965 3260 Null - ok
19:32:40.0050 3260 [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:32:40.0117 3260 NVHDA - ok
19:32:40.0888 3260 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:32:41.0413 3260 nvlddmkm - ok
19:32:41.0454 3260 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:32:41.0514 3260 nvraid - ok
19:32:41.0548 3260 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:32:41.0624 3260 nvstor - ok
19:32:41.0742 3260 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:32:41.0827 3260 nvsvc - ok
19:32:41.0965 3260 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:32:42.0073 3260 nvUpdatusService - ok
19:32:42.0115 3260 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:32:42.0165 3260 nv_agp - ok
19:32:42.0182 3260 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:32:42.0250 3260 ohci1394 - ok
19:32:42.0316 3260 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:32:42.0397 3260 p2pimsvc - ok
19:32:42.0505 3260 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:32:42.0575 3260 p2psvc - ok
19:32:42.0625 3260 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:32:42.0690 3260 Parport - ok
19:32:42.0756 3260 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:32:42.0810 3260 partmgr - ok
19:32:42.0859 3260 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:32:42.0949 3260 PcaSvc - ok
19:32:42.0990 3260 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:32:43.0043 3260 pci - ok
19:32:43.0067 3260 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:32:43.0121 3260 pciide - ok
19:32:43.0147 3260 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:32:43.0203 3260 pcmcia - ok
19:32:43.0233 3260 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:32:43.0283 3260 pcw - ok
19:32:43.0405 3260 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:32:43.0550 3260 PEAUTH - ok
19:32:43.0675 3260 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:32:43.0750 3260 PerfHost - ok
19:32:43.0845 3260 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:32:44.0050 3260 pla - ok
19:32:44.0161 3260 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:32:44.0268 3260 PlugPlay - ok
19:32:44.0311 3260 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:32:44.0389 3260 PNRPAutoReg - ok
19:32:44.0474 3260 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:32:44.0541 3260 PNRPsvc - ok
19:32:44.0629 3260 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:32:44.0759 3260 PolicyAgent - ok
19:32:44.0813 3260 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:32:44.0980 3260 Power - ok
19:32:45.0025 3260 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:32:45.0150 3260 PptpMiniport - ok
19:32:45.0172 3260 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:32:45.0243 3260 Processor - ok
19:32:45.0306 3260 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:32:45.0377 3260 ProfSvc - ok
19:32:45.0394 3260 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:32:45.0454 3260 ProtectedStorage - ok
19:32:45.0515 3260 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:32:45.0653 3260 Psched - ok
19:32:45.0728 3260 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:32:45.0839 3260 ql2300 - ok
19:32:45.0858 3260 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:32:45.0910 3260 ql40xx - ok
19:32:45.0947 3260 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:32:46.0025 3260 QWAVE - ok
19:32:46.0056 3260 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:32:46.0154 3260 QWAVEdrv - ok
19:32:46.0230 3260 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:32:46.0367 3260 RasAcd - ok
19:32:46.0396 3260 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:32:46.0513 3260 RasAgileVpn - ok
19:32:46.0540 3260 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:32:46.0658 3260 RasAuto - ok
19:32:46.0699 3260 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:32:46.0820 3260 Rasl2tp - ok
19:32:46.0958 3260 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:32:47.0087 3260 RasMan - ok
19:32:47.0125 3260 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:32:47.0250 3260 RasPppoe - ok
19:32:47.0293 3260 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:32:47.0411 3260 RasSstp - ok
19:32:47.0460 3260 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:32:47.0592 3260 rdbss - ok
19:32:47.0615 3260 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:32:47.0686 3260 rdpbus - ok
19:32:47.0718 3260 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:32:47.0828 3260 RDPCDD - ok
19:32:47.0853 3260 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:32:47.0969 3260 RDPENCDD - ok
19:32:47.0999 3260 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:32:48.0107 3260 RDPREFMP - ok
19:32:48.0164 3260 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:32:48.0248 3260 RDPWD - ok
19:32:48.0327 3260 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:32:48.0383 3260 rdyboost - ok
19:32:48.0438 3260 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:32:48.0564 3260 RemoteAccess - ok
19:32:48.0620 3260 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:32:48.0747 3260 RemoteRegistry - ok
19:32:48.0846 3260 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:32:49.0010 3260 RpcEptMapper - ok
19:32:49.0053 3260 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:32:49.0185 3260 RpcLocator - ok
19:32:49.0249 3260 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:32:49.0389 3260 RpcSs - ok
19:32:49.0468 3260 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:32:49.0576 3260 rspndr - ok
19:32:49.0627 3260 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:32:49.0693 3260 RTL8167 - ok
19:32:49.0734 3260 [ E16B7C030A05EF649B18FAB0A93D871F ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
19:32:49.0778 3260 RtNdPt60 - ok
19:32:49.0823 3260 [ 1DE78F5008120CD79B34C12394DCD493 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
19:32:49.0896 3260 RTTEAMPT - ok
19:32:49.0940 3260 [ B1018AA1B5735F5FA89FD4DADF4BEA7A ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys
19:32:50.0006 3260 RTVLANPT - ok
19:32:50.0968 3260 [ CB0C9EDD1BDC8CAE88EAF342D32E183A ] safensec C:\Program Files (x86)\SnS Soft\Safe'n'Sec Client\safensec.exe
19:32:51.0140 3260 safensec - ok
19:32:51.0169 3260 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:32:51.0234 3260 SamSs - ok
19:32:51.0303 3260 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:32:51.0354 3260 sbp2port - ok
19:32:51.0395 3260 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:32:51.0518 3260 SCardSvr - ok
19:32:51.0547 3260 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:32:51.0660 3260 scfilter - ok
19:32:51.0771 3260 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:32:51.0922 3260 Schedule - ok
19:32:51.0945 3260 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:32:52.0050 3260 SCPolicySvc - ok
19:32:52.0115 3260 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:32:52.0180 3260 SDRSVC - ok
19:32:52.0227 3260 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:32:52.0352 3260 secdrv - ok
19:32:52.0385 3260 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:32:52.0501 3260 seclogon - ok
19:32:52.0552 3260 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:32:52.0685 3260 SENS - ok
19:32:52.0729 3260 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:32:52.0806 3260 SensrSvc - ok
19:32:52.0873 3260 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:32:52.0960 3260 Serenum - ok
19:32:52.0992 3260 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:32:53.0065 3260 Serial - ok
19:32:53.0086 3260 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:32:53.0180 3260 sermouse - ok
19:32:53.0250 3260 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:32:53.0411 3260 SessionEnv - ok
19:32:53.0436 3260 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:32:53.0537 3260 sffdisk - ok
19:32:53.0620 3260 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:32:53.0742 3260 sffp_mmc - ok
19:32:53.0770 3260 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:32:53.0875 3260 sffp_sd - ok
19:32:53.0912 3260 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:32:53.0984 3260 sfloppy - ok
19:32:54.0065 3260 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:32:54.0191 3260 SharedAccess - ok
19:32:54.0286 3260 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:32:54.0433 3260 ShellHWDetection - ok
19:32:54.0461 3260 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:32:54.0514 3260 SiSRaid2 - ok
19:32:54.0566 3260 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:32:54.0618 3260 SiSRaid4 - ok
19:32:54.0656 3260 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:32:54.0777 3260 Smb - ok
19:32:54.0831 3260 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:32:54.0912 3260 SNMPTRAP - ok
19:32:54.0951 3260 [ 432F957BE643FEAD227FC4E5528E1119 ] SnsComlpt C:\Windows\system32\DRIVERS\snscomlpt.sys
19:32:55.0005 3260 SnsComlpt - ok
19:32:55.0123 3260 [ D8F025C050DA71850C2496B69FABC895 ] SnsCore C:\Windows\system32\DRIVERS\snscore.sys
19:32:55.0212 3260 SnsCore - ok
19:32:55.0251 3260 [ 235114E2FB8635C38D2CED0A3B9FDD5D ] SnsWfp C:\Windows\system32\DRIVERS\snswfp.sys
19:32:55.0310 3260 SnsWfp - ok
19:32:55.0358 3260 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:32:55.0424 3260 spldr - ok
19:32:55.0503 3260 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:32:55.0578 3260 Spooler - ok
19:32:55.0856 3260 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:32:56.0079 3260 sppsvc - ok
19:32:56.0109 3260 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:32:56.0219 3260 sppuinotify - ok
19:32:56.0282 3260 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:32:56.0362 3260 srv - ok
19:32:56.0387 3260 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:32:56.0503 3260 srv2 - ok
19:32:56.0552 3260 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:32:56.0612 3260 srvnet - ok
19:32:56.0666 3260 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:32:56.0779 3260 SSDPSRV - ok
19:32:56.0797 3260 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:32:56.0906 3260 SstpSvc - ok
19:32:56.0993 3260 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:32:57.0057 3260 Stereo Service - ok
19:32:57.0086 3260 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:32:57.0138 3260 stexstor - ok
19:32:57.0216 3260 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:32:57.0316 3260 stisvc - ok
19:32:57.0355 3260 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:32:57.0402 3260 swenum - ok
19:32:57.0436 3260 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:32:57.0570 3260 swprv - ok
19:32:57.0709 3260 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:32:57.0847 3260 SysMain - ok
19:32:57.0873 3260 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:32:57.0957 3260 TabletInputService - ok
19:32:58.0498 3260 [ 0314B23F5F6661483084B9CE0822D0BF ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
19:32:58.0840 3260 TabletServicePen - ok
19:32:58.0900 3260 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:32:59.0027 3260 TapiSrv - ok
19:32:59.0052 3260 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:32:59.0176 3260 TBS - ok
19:32:59.0267 3260 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:32:59.0421 3260 Tcpip - ok
19:32:59.0479 3260 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:32:59.0590 3260 TCPIP6 - ok
19:32:59.0623 3260 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:32:59.0681 3260 tcpipreg - ok
19:32:59.0712 3260 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:32:59.0783 3260 TDPIPE - ok
19:32:59.0833 3260 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:32:59.0906 3260 TDTCP - ok
19:32:59.0934 3260 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:33:00.0038 3260 tdx - ok
19:33:00.0082 3260 [ 1DE78F5008120CD79B34C12394DCD493 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
19:33:00.0124 3260 TEAM - ok
19:33:00.0150 3260 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:33:00.0229 3260 TermDD - ok
19:33:00.0320 3260 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:33:00.0470 3260 TermService - ok
19:33:00.0512 3260 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:33:00.0585 3260 Themes - ok
19:33:00.0613 3260 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:33:00.0725 3260 THREADORDER - ok
19:33:00.0893 3260 [ BE897CAE477DD8A149B3DB77472AF87D ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
19:33:00.0981 3260 TouchServicePen - ok
19:33:01.0010 3260 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:33:01.0129 3260 TrkWks - ok
19:33:01.0230 3260 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:33:01.0339 3260 TrustedInstaller - ok
19:33:01.0365 3260 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:33:01.0487 3260 tssecsrv - ok
19:33:01.0533 3260 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:33:01.0605 3260 TsUsbFlt - ok
19:33:01.0624 3260 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:33:01.0698 3260 TsUsbGD - ok
19:33:01.0738 3260 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:33:01.0860 3260 tunnel - ok
19:33:01.0885 3260 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:33:01.0942 3260 uagp35 - ok
19:33:01.0984 3260 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:33:02.0118 3260 udfs - ok
19:33:02.0180 3260 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:33:02.0253 3260 UI0Detect - ok
19:33:02.0291 3260 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:33:02.0343 3260 uliagpkx - ok
19:33:02.0406 3260 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:33:02.0481 3260 umbus - ok
19:33:02.0489 3260 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:33:02.0562 3260 UmPass - ok
19:33:02.0611 3260 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:33:02.0740 3260 upnphost - ok
19:33:02.0801 3260 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:33:02.0862 3260 usbccgp - ok
19:33:02.0920 3260 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:33:02.0991 3260 usbcir - ok
19:33:03.0046 3260 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:33:03.0120 3260 usbehci - ok
19:33:03.0191 3260 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:33:03.0282 3260 usbhub - ok
19:33:03.0328 3260 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:33:03.0405 3260 usbohci - ok
19:33:03.0469 3260 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:33:03.0568 3260 usbprint - ok
19:33:03.0652 3260 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:33:03.0718 3260 usbscan - ok
19:33:03.0758 3260 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:33:03.0847 3260 USBSTOR - ok
19:33:03.0884 3260 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:33:03.0979 3260 usbuhci - ok
19:33:04.0025 3260 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:33:04.0166 3260 UxSms - ok
19:33:04.0202 3260 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:33:04.0287 3260 VaultSvc - ok
19:33:04.0392 3260 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:33:04.0444 3260 vdrvroot - ok
19:33:04.0564 3260 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:33:04.0753 3260 vds - ok
19:33:04.0795 3260 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:33:04.0886 3260 vga - ok
19:33:04.0915 3260 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:33:05.0062 3260 VgaSave - ok
19:33:05.0106 3260 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:33:05.0174 3260 vhdmp - ok
19:33:05.0223 3260 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:33:05.0289 3260 viaide - ok
19:33:05.0542 3260 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:33:05.0593 3260 volmgr - ok
19:33:05.0641 3260 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:33:05.0703 3260 volmgrx - ok
19:33:05.0737 3260 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:33:05.0800 3260 volsnap - ok
19:33:05.0872 3260 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:33:05.0926 3260 vsmraid - ok
19:33:06.0079 3260 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:33:06.0262 3260 VSS - ok
19:33:06.0295 3260 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:33:06.0385 3260 vwifibus - ok
19:33:06.0540 3260 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:33:06.0664 3260 W32Time - ok
19:33:06.0770 3260 [ 8D7D3A085B7B73D178D4C15106F16F3B ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
19:33:06.0813 3260 wacmoumonitor - ok
19:33:06.0850 3260 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
19:33:06.0895 3260 wacommousefilter - ok
19:33:06.0948 3260 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:33:07.0063 3260 WacomPen - ok
19:33:07.0146 3260 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
19:33:07.0193 3260 wacomvhid - ok
19:33:07.0293 3260 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:33:07.0438 3260 WANARP - ok
19:33:07.0470 3260 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:33:07.0587 3260 Wanarpv6 - ok
19:33:07.0682 3260 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:33:07.0815 3260 wbengine - ok
19:33:07.0847 3260 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:33:07.0961 3260 WbioSrvc - ok
19:33:08.0022 3260 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:33:08.0142 3260 wcncsvc - ok
19:33:08.0181 3260 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:33:08.0300 3260 WcsPlugInService - ok
19:33:08.0428 3260 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:33:08.0486 3260 Wd - ok
19:33:08.0609 3260 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:33:08.0692 3260 Wdf01000 - ok
19:33:08.0756 3260 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:33:09.0490 3260 WdiServiceHost - ok
19:33:09.0514 3260 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:33:09.0585 3260 WdiSystemHost - ok
19:33:09.0631 3260 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:33:09.0728 3260 WebClient - ok
19:33:09.0779 3260 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:33:09.0942 3260 Wecsvc - ok
19:33:09.0975 3260 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:33:10.0086 3260 wercplsupport - ok
19:33:10.0129 3260 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:33:10.0252 3260 WerSvc - ok
19:33:10.0361 3260 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:33:10.0472 3260 WfpLwf - ok
19:33:10.0505 3260 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:33:10.0887 3260 WIMMount - ok
19:33:10.0923 3260 WinDefend - ok
19:33:10.0937 3260 WinHttpAutoProxySvc - ok
19:33:11.0067 3260 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:33:11.0202 3260 Winmgmt - ok
19:33:11.0335 3260 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:33:11.0515 3260 WinRM - ok
19:33:11.0603 3260 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:33:11.0686 3260 WinUsb - ok
19:33:11.0741 3260 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:33:11.0857 3260 Wlansvc - ok
19:33:12.0149 3260 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:33:12.0287 3260 wlidsvc - ok
19:33:12.0314 3260 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:33:12.0391 3260 WmiAcpi - ok
19:33:12.0453 3260 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:33:12.0542 3260 wmiApSrv - ok
19:33:12.0605 3260 WMPNetworkSvc - ok
19:33:12.0653 3260 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:33:12.0713 3260 WPCSvc - ok
19:33:12.0743 3260 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:33:13.0027 3260 WPDBusEnum - ok
19:33:13.0056 3260 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:33:13.0163 3260 ws2ifsl - ok
19:33:13.0206 3260 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:33:13.0299 3260 wscsvc - ok
19:33:13.0308 3260 WSearch - ok
19:33:13.0464 3260 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:33:13.0634 3260 wuauserv - ok
19:33:13.0697 3260 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:33:13.0755 3260 WudfPf - ok
19:33:13.0888 3260 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:33:13.0957 3260 WUDFRd - ok
19:33:13.0979 3260 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:33:14.0057 3260 wudfsvc - ok
19:33:14.0180 3260 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:33:14.0261 3260 WwanSvc - ok
19:33:14.0295 3260 ZTEusbmdm6k - ok
19:33:14.0328 3260 ZTEusbnmea - ok
19:33:14.0357 3260 ZTEusbser6k - ok
19:33:14.0364 3260 ================ Scan global ===============================
19:33:14.0428 3260 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:33:14.0479 3260 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:33:14.0500 3260 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:33:14.0548 3260 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:33:14.0612 3260 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:33:14.0623 3260 [Global] - ok
19:33:14.0624 3260 ================ Scan MBR ==================================
19:33:14.0642 3260 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:33:16.0579 3260 \Device\Harddisk0\DR0 - ok
19:33:16.0580 3260 ================ Scan VBR ==================================
19:33:16.0624 3260 [ 9E4E7A367223D184ADD95D5D666CEB50 ] \Device\Harddisk0\DR0\Partition1
19:33:16.0627 3260 \Device\Harddisk0\DR0\Partition1 - ok
19:33:16.0654 3260 [ A82A29538C7D41D2EE58053E452EB639 ] \Device\Harddisk0\DR0\Partition2
19:33:16.0657 3260 \Device\Harddisk0\DR0\Partition2 - ok
19:33:16.0658 3260 ============================================================
19:33:16.0658 3260 Scan finished
19:33:16.0658 3260 ============================================================
19:33:16.0679 2848 Detected object count: 3
19:33:16.0679 2848 Actual detected object count: 3
19:33:56.0560 2848 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:56.0560 2848 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:56.0561 2848 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:56.0561 2848 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:56.0563 2848 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:56.0563 2848 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
Leider wird hier vom TDSS der Fund von GMER nicht bestätigt. Ich vermute jedoch dass GMER weiter oben voll ins Schwarze getroffen hat? Und zum Schluss die restlichen Logs DDS+ DDS Logfile: DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483
Run by Murat Celik at 19:41:53 on 2013-05-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8174.6153 [GMT 2:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: SafenSoft® SysWatch *Enabled/Updated* {53A80E06-2C47-3016-0271-94528C3FD541}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIIVE.EXE
C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Windows\splwow64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\SnS Soft\Safe'n'Sec Client\safensec.exe
C:\Program Files (x86)\SnS Soft\Safe'n'Sec Client\snsmcon.exe
C:\Program Files (x86)\SnS Soft\Safe'n'Sec Client\Plugins\AV\snsods.exe
C:\ProgramData\NVIDIA\Updatus\Packages\00000000\drsupdate.10165912_RUNASUSER.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Microsoft-Konto-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIIVE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2530 Series"
uRun: [Scan Buttons] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE
mRun: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe /S
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
mRun: [Safe'n'Sec Client] "C:\Program Files (x86)\SnS Soft\Safe'n'Sec Client\snsmcon.exe" autostart
StartupFolder: C:\Users\MURATC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{39BA30D6-C8AD-4F1B-B0DB-86EA116F034E} : DHCPNameServer = 192.168.178.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
x64-Run: [Safe'n'Sec Client] "C:\Program Files (x86)\SnS Soft\Safe'n'Sec Client\snsmcon.exe" autostart
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: SnsShell - {E8DDF189-0B6D-4E3A-BA9A-E0670C7014A7} - C:\Program Files (x86)\SnS Soft\Safe'n'Sec Client\snsshex.dll
x64-SEH: SFShellExt Class - {E8DDF189-0B6D-4E3A-BA9A-E0670C7014A7} - C:\Program Files (x86)\SnS Soft\Safe'n'Sec Client\SnSShEx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2013-5-19 84536]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013-5-19 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54104]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]
R1 SnsComlpt;SnsComlpt;C:\Windows\System32\drivers\snscomlpt.sys [2013-5-19 13376]
R1 SnsCore;SnsCore;C:\Windows\System32\drivers\snscore.sys [2013-5-19 178976]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-9-19 122880]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2012-7-26 90112]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356968]
R2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-1-23 1858048]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2012-7-26 32544]
R2 safensec;safensec;C:\Program Files (x86)\SnS Soft\Safe'n'Sec Client\safensec.exe [2011-12-28 3057968]
R2 SnsWfp;SnsWfp;C:\Windows\System32\drivers\snswfp.sys [2013-5-19 26912]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-11-26 7329648]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-11-26 719216]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-26 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2012-7-26 48416]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2012-7-26 29472]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2012-7-26 48416]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2012-11-26 18288]
.
=============== Created Last 30 ================
.
2013-05-19 17:02:09 -------- d-----w- C:\Users\Murat Celik\AppData\Roaming\sns
2013-05-19 17:02:09 -------- d-----w- C:\Users\Murat Celik\AppData\Roaming\FPAV
2013-05-19 14:20:51 -------- d-----w- C:\Program Files (x86)\ESET
2013-05-19 14:16:41 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-19 14:01:18 26912 ----a-w- C:\Windows\System32\drivers\snswfp.sys
2013-05-19 14:01:16 178976 ----a-w- C:\Windows\System32\drivers\snscore.sys
2013-05-19 14:01:13 13376 ----a-w- C:\Windows\System32\drivers\snscomlpt.sys
2013-05-19 14:01:08 -------- d-----w- C:\ProgramData\S.N.Safe&Software
2013-05-19 14:01:08 -------- d-----w- C:\Program Files (x86)\SnS Soft
2013-05-19 13:56:56 -------- d-----w- C:\Users\Murat Celik\AppData\Local\Downloaded Installations
2013-05-19 09:37:23 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C1CD049E-8BE6-4BBE-A7DD-2018D85E816C}\mpengine.dll
2013-05-19 08:58:09 64856 ----a-w- C:\Windows\System32\klfphc.dll
2013-05-19 08:57:36 66616 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
2013-05-19 08:57:30 84536 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys
2013-05-19 08:57:06 -------- d-----w- C:\Windows\ELAMBKUP
2013-05-19 08:57:03 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch
2013-05-19 08:57:00 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-05-19 08:57:00 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-05-19 08:56:11 89944 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-05-19 08:39:10 -------- d-----w- C:\Users\Murat Celik\AppData\Local\Programs
2013-05-19 08:30:01 -------- d-----w- C:\Users\Murat Celik\AppData\Local\ElevatedDiagnostics
2013-05-19 08:29:43 -------- d-----w- C:\Users\Murat Celik\AppData\Local\Diagnostics
2013-05-18 23:32:03 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-18 23:32:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-18 23:29:04 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-18 23:29:04 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-18 23:29:04 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-18 23:29:03 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-18 23:28:57 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-18 23:28:18 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-18 23:28:18 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-18 23:28:16 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-18 23:28:16 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-18 23:28:16 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-13 10:16:57 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-05-13 10:16:57 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-13 10:16:53 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-05-13 10:16:41 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-05-13 10:16:40 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-05-13 10:16:40 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-05-13 10:16:40 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-05-13 10:16:40 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-05-13 10:16:40 112640 ----a-w- C:\Windows\System32\smss.exe
2013-05-02 19:55:15 -------- d-----w- C:\Users\Murat Celik\.gimp-2.6
2013-05-02 19:55:00 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
.
==================== Find3M ====================
.
2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-07 08:52:46 120200 ----a-w- C:\Windows\SysWow64\DLLDEV32i.dll
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 19:43:32,32 ===============
--- --- --- --- --- --- Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 26.07.2012 20:47:24
System Uptime: 19.05.2013 16:28:17 (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M5A78L/USB3
Processor: AMD FX(tm)-6100 Six-Core Processor | AM3R2 | 3300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 385,678 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP61: 13.05.2013 12:18:09 - Windows Update
RP62: 19.05.2013 01:29:16 - Windows Update
RP63: 19.05.2013 01:53:33 - Removed Adobe Reader X (10.1.7) MUI.
RP64: 19.05.2013 16:00:29 - Installed SafenSoft SysWatch.
.
==== Installed Programs ======================
.
Adobe AIR
Anleitung für Epson Connect
ArtRage Studio
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS WebStorage
ASUSUpdate
ATI Catalyst Install Manager
Bamboo
Bamboo Dock
Bamboo Dock 3.3
Blender
CPUID CPU-Z 1.61.2
CrystalDiskInfo 5.3.0
D3DX10
Epson Benutzerhandbuch WF-2530 Series
Epson Event Manager
Epson FAX Utility
Epson Netzwerkhandbuch WF-2530 Series
Epson PC-FAX Driver
EPSON Scan
EPSON WF-2530 Series Printer Uninstall
EpsonNet Print
EPU-4 Engine
ESET Online Scanner v3
Firebird SQL Server - MAGIX Edition
Fotogalerie
GIMP 2.6.11
GIMP 2.8.2
HitFilm 2 Ultimate
Kaspersky PURE 3.0
MAGIX Content und Soundpools
MAGIX Foto & Grafik Designer 7
MAGIX Foto Manager MX Deluxe
MAGIX Music Maker 2013 Premium
MAGIX Music Maker 2013 Premium Soundpools
MAGIX Music Maker 2013 Soundpools
MAGIX Music Studio
MAGIX Screenshare
MAGIX Slideshow Maker 2
MAGIX Speed burnR (MSI)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
NVIDIA 3D Vision Controller-Treiber 275.33
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Treiber 311.06
NVIDIA Grafiktreiber 311.06
NVIDIA HD-Audiotreiber 1.2.23.3
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 311.06
NVIDIA Update 1.11.3
NVIDIA Update Components
OpenOffice.org 3.2
PC Probe II
Photo Common
Photo Gallery
Presto! PageManager 9.03 SE
RAIDXpert
Realtek Ethernet Controller Driver
Realtek Ethernet Diagnostic Utility
Realtek High Definition Audio Driver
SafenSoft SysWatch
Samplitude Pro X Silver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Text-To-Speech-Runtime
Turbo Key
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Vita 2
Vita 2 Zusatzcontent
Vita Bass Machine
Vita Rock Drums
Vita String Ensemble
Vita World Percussion
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== End Of File ===========================
|
|
19.05.2013, 19:43
| #4 |
| /// TB-Ausbilder | Rootkit gefunden. Du hast mehrere VIrenscanner laufen: Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Entferne einen der Virenscanner. Safensoft kenne ich nicht, ich persönlich würde daher das entfernen. Aber deine Entscheidung. Schritt 2: Windows-Defender abschalten Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:
Mehr zu den Hintergründen und einer tieferen Deaktivierung: LINK Schritt 3: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
19.05.2013, 23:21
| #5 |
| | Rootkit gefunden. Habe alles wie beschrieben ausgeführt. Sämtliche Antivirussoftware samt Defender deaktiviert und dann ComboFix laufen lassen. Habe anschliessend die Antivirensoftware wieder aktiviert. Nur Kaspersky. Ich hab das Lan Kabel wieder angesteckt und das Betriebssystem war gerade dabei den Fehler mit der Lanverbindung zu beheben/die Verbindung wieder herzustellen. Da kam der blaue Fehlerbildschirm und es stand -crash dumb-. Windows Absturz. Bin mir aber nicht sicher ob das etwas mit dem Virus zu tun hat oder es ein Windows-eigener Fehler war? Habe dann aus dem gesicherten Modus wieder gestartet und dann erneut hochgefahren. Die Lan Verbindung ließ sich jetzt herstellen. PC läuft jetzt wieder. Hier das ComboFix Log vor dem Absturz. Combofix Logfile: Code:
ATTFilter ComboFix 13-05-18.04 - Murat Celik 19.05.2013 22:28:22.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8174.6178 [GMT 2:00]
ausgeführt von:: c:\users\Murat Celik\Downloads\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: SafenSoft® SysWatch *Disabled/Updated* {53A80E06-2C47-3016-0271-94528C3FD541}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Murat Celik\AppData\Local\Microsoft\Windows\Temporary Internet Files\extservices_crp.php
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-19 bis 2013-05-19 ))))))))))))))))))))))))))))))
.
.
2013-05-19 20:39 . 2013-05-19 20:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-19 20:39 . 2013-05-19 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-19 17:02 . 2013-05-19 17:02 -------- d-----w- c:\users\Murat Celik\AppData\Roaming\sns
2013-05-19 17:02 . 2013-05-19 17:02 -------- d-----w- c:\users\Murat Celik\AppData\Roaming\FPAV
2013-05-19 14:20 . 2013-05-19 14:20 -------- d-----w- c:\program files (x86)\ESET
2013-05-19 14:16 . 2013-05-19 14:16 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-19 14:01 . 2011-10-18 12:49 26912 ----a-w- c:\windows\system32\drivers\snswfp.sys
2013-05-19 14:01 . 2011-12-28 12:18 178976 ----a-w- c:\windows\system32\drivers\snscore.sys
2013-05-19 14:01 . 2011-09-19 09:38 13376 ----a-w- c:\windows\system32\drivers\snscomlpt.sys
2013-05-19 14:01 . 2013-05-19 14:01 -------- d-----w- c:\programdata\S.N.Safe&Software
2013-05-19 14:01 . 2013-05-19 14:01 -------- d-----w- c:\program files (x86)\SnS Soft
2013-05-19 13:56 . 2013-05-19 13:56 -------- d-----w- c:\users\Murat Celik\AppData\Local\Downloaded Installations
2013-05-19 09:37 . 2013-05-13 23:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1CD049E-8BE6-4BBE-A7DD-2018D85E816C}\mpengine.dll
2013-05-19 08:58 . 2012-07-11 15:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2013-05-19 08:57 . 2011-06-02 12:39 66616 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2013-05-19 08:57 . 2011-06-02 12:39 84536 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2013-05-19 08:57 . 2013-05-19 08:57 -------- dc----w- c:\windows\system32\DRVSTORE
2013-05-19 08:57 . 2013-05-19 08:57 -------- d-----w- c:\windows\ELAMBKUP
2013-05-19 08:57 . 2013-05-19 08:57 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
2013-05-19 08:57 . 2013-05-19 19:53 -------- d-----w- c:\programdata\Kaspersky Lab
2013-05-19 08:57 . 2013-05-19 08:57 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-05-19 08:56 . 2012-11-02 13:48 89944 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-05-19 08:56 . 2012-11-02 13:48 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2013-05-19 08:39 . 2013-05-19 08:39 -------- d-----w- c:\users\Murat Celik\AppData\Local\Programs
2013-05-19 08:30 . 2013-05-19 08:30 -------- d-----w- c:\users\Murat Celik\AppData\Local\ElevatedDiagnostics
2013-05-19 08:29 . 2013-05-19 19:51 -------- d-----w- c:\users\Murat Celik\AppData\Local\Diagnostics
2013-05-18 23:32 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-18 23:32 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-18 23:32 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-18 23:29 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-18 23:29 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-18 23:29 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-18 23:29 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-18 23:29 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-18 23:29 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-18 23:28 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-18 23:28 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-18 23:28 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-18 23:28 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-18 23:28 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-18 23:28 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-13 10:16 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-13 10:16 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-05-13 10:16 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-05-13 10:16 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-13 10:16 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-13 10:16 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-05-13 10:16 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-05-13 10:16 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-05-13 10:16 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-05-09 16:21 . 2013-05-18 12:50 -------- d-----w- c:\users\Murat Celik\AppData\Roaming\gtk-2.0
2013-05-02 19:55 . 2013-05-18 12:50 -------- d-----w- c:\users\Murat Celik\.gimp-2.6
2013-05-02 19:55 . 2013-05-19 08:26 -------- d-----r- c:\users\Public
2013-05-02 19:55 . 2013-05-02 19:55 -------- d-----w- c:\program files (x86)\GIMP-2.0
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 23:38 . 2012-10-07 19:52 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-13 14:24 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-18 23:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-18 23:28 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-18 23:28 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-18 23:28 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-18 23:28 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-18 23:28 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-07 08:52 . 2007-04-27 09:43 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2012-10-10 20:22 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 245872 ----a-w- c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-06-29 16:59 . 2012-08-06 19:58 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 16:20 459784 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE" [2012-02-27 283232]
"Scan Buttons"="c:\program files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE" [2011-01-21 214360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Turbo Key"="c:\program files\ASUS\Turbo Key\TurboKey.exe" [2009-11-24 1874432]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe" [2011-04-11 734544]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-11-28 646232]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-04-03 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-04-03 863360]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
"PMSpeed"="c:\program files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE" [2010-07-29 116632]
"Safe'n'Sec Client"="c:\program files (x86)\SnS Soft\Safe'n'Sec Client\snsmcon.exe" [2011-12-28 892528]
.
c:\users\Murat Celik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-14 29472]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-05-19 18288]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2011-06-02 84536]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2011-06-02 66616]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-10-18 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S1 SnsComlpt;SnsComlpt;c:\windows\system32\DRIVERS\snscomlpt.sys [2011-09-19 13376]
S1 SnsCore;SnsCore;c:\windows\system32\DRIVERS\snscore.sys [2011-12-28 178976]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-09-19 122880]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-14 32544]
S2 safensec;safensec;c:\program files (x86)\SnS Soft\Safe'n'Sec Client\safensec.exe [2011-12-28 3057968]
S2 SnsWfp;SnsWfp;c:\windows\system32\DRIVERS\snswfp.sys [2011-10-18 26912]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-07-13 7329648]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 719216]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-03 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-03 29528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 66156940
*NewlyCreated* - 66985253
*NewlyCreated* - 96528269
*NewlyCreated* - ASWMBR
*NewlyCreated* - AWDIIAOB
*NewlyCreated* - SNSCORE
*NewlyCreated* - SNSWFP
*Deregistered* - 66156940
*Deregistered* - 66985253
*Deregistered* - 96528269
*Deregistered* - aswMBR
*Deregistered* - awdiiaob
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-04-11 03:35 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-04-11 03:35 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 16:22 492040 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]
"Safe'n'Sec Client"="c:\program files (x86)\SnS Soft\Safe'n'Sec Client\snsmcon.exe" [2011-12-28 892528]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E8DDF189-0B6D-4E3A-BA9A-E0670C7014A7}"= "c:\program files (x86)\SnS Soft\Safe'n'Sec Client\snsshex.dll" [2011-12-28 437360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SSODL-SnsShell REG_SZ {E8DDF189-0B6D-4E3A-BA9A-E0670C7014A7}- - (no file)
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager.9.alb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.eps"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.gif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.iff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.pcd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.png"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tga"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tiff"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-19 22:44:50
ComboFix-quarantined-files.txt 2013-05-19 20:44
.
Vor Suchlauf: 11 Verzeichnis(se), 413.794.316.288 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 414.311.002.112 Bytes frei
.
- - End Of File - - 3080BA5FA93BBABF95819C2C1041BEDB
|
|
20.05.2013, 11:03
| #6 |
| /// TB-Ausbilder | Rootkit gefunden. Du hast immer noch 2 Virenscanner. Wir machen erst weiter, wenn du einen davon deinstalliert hast.
__________________ --> Rootkit gefunden. |
|
20.05.2013, 14:33
| #7 |
| | Rootkit gefunden. Er war deaktiviert, aber habe ihn am Besten komplett deinstalliert. Nach dem Crash habe ich alle Schritte nochmal ausgeführt. Hier die Logs Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:46 on 20/05/2013 (Murat Celik)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-20 14:47:41
-----------------------------
14:47:41.921 OS Version: Windows x64 6.1.7601 Service Pack 1
14:47:41.921 Number of processors: 6 586 0x102
14:47:41.921 ComputerName: MURATCELIK-PC UserName: Murat Celik
14:47:43.028 Initialize success
14:47:51.224 AVAST engine download error: 0
14:47:53.034 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:47:53.034 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 11
14:47:53.159 Disk 0 MBR read successfully
14:47:53.159 Disk 0 MBR scan
14:47:53.159 Disk 0 Windows 7 default MBR code
14:47:53.174 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:47:53.174 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
14:47:53.206 Disk 0 scanning C:\Windows\system32\drivers
14:47:57.808 Service scanning
14:48:02.550 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
14:48:02.659 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
14:48:02.722 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
14:48:02.784 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
14:48:02.846 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
14:48:02.878 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
14:48:09.008 Modules scanning
14:48:09.008 Disk 0 trace - called modules:
14:48:09.040 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:48:09.055 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a11790]
14:48:09.055 3 CLASSPNP.SYS[fffff880019a943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079e9680]
14:48:09.071 Scan finished successfully
14:49:00.114 Disk 0 MBR has been saved successfully to "C:\Users\Murat Celik\Desktop\MBR.dat"
14:49:00.130 The log file has been saved successfully to "C:\Users\Murat Celik\Desktop\aswMBR2.txt"
Code:
ATTFilter 14:52:06.0694 4784 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:52:06.0725 4784 ============================================================
14:52:06.0725 4784 Current date / time: 2013/05/20 14:52:06.0725
14:52:06.0725 4784 SystemInfo:
14:52:06.0725 4784
14:52:06.0725 4784 OS Version: 6.1.7601 ServicePack: 1.0
14:52:06.0725 4784 Product type: Workstation
14:52:06.0725 4784 ComputerName: MURATCELIK-PC
14:52:06.0725 4784 UserName: Murat Celik
14:52:06.0725 4784 Windows directory: C:\Windows
14:52:06.0725 4784 System windows directory: C:\Windows
14:52:06.0725 4784 Running under WOW64
14:52:06.0725 4784 Processor architecture: Intel x64
14:52:06.0725 4784 Number of processors: 6
14:52:06.0725 4784 Page size: 0x1000
14:52:06.0725 4784 Boot type: Normal boot
14:52:06.0725 4784 ============================================================
14:52:07.0802 4784 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:52:07.0817 4784 ============================================================
14:52:07.0817 4784 \Device\Harddisk0\DR0:
14:52:07.0817 4784 MBR partitions:
14:52:07.0817 4784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:52:07.0817 4784 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
14:52:07.0817 4784 ============================================================
14:52:07.0833 4784 C: <-> \Device\Harddisk0\DR0\Partition2
14:52:07.0833 4784 ============================================================
14:52:07.0833 4784 Initialize success
14:52:07.0833 4784 ============================================================
14:52:15.0711 5328 ============================================================
14:52:15.0711 5328 Scan started
14:52:15.0711 5328 Mode: Manual; SigCheck; TDLFS;
14:52:15.0711 5328 ============================================================
14:52:16.0335 5328 ================ Scan system memory ========================
14:52:16.0335 5328 System memory - ok
14:52:16.0335 5328 ================ Scan services =============================
14:52:16.0475 5328 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:52:16.0616 5328 1394ohci - ok
14:52:16.0631 5328 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:52:16.0678 5328 ACPI - ok
14:52:16.0694 5328 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:52:16.0740 5328 AcpiPmi - ok
14:52:16.0772 5328 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:52:16.0803 5328 adp94xx - ok
14:52:16.0834 5328 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:52:16.0865 5328 adpahci - ok
14:52:16.0881 5328 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:52:16.0912 5328 adpu320 - ok
14:52:16.0943 5328 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:52:17.0021 5328 AeLookupSvc - ok
14:52:17.0068 5328 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:52:17.0130 5328 AFD - ok
14:52:17.0162 5328 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:52:17.0193 5328 agp440 - ok
14:52:17.0224 5328 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:52:17.0271 5328 ALG - ok
14:52:17.0302 5328 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:52:17.0333 5328 aliide - ok
14:52:17.0349 5328 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:52:17.0364 5328 amdide - ok
14:52:17.0380 5328 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:52:17.0427 5328 AmdK8 - ok
14:52:17.0442 5328 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:52:17.0489 5328 AmdPPM - ok
14:52:17.0520 5328 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:52:17.0552 5328 amdsata - ok
14:52:17.0583 5328 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:52:17.0614 5328 amdsbs - ok
14:52:17.0630 5328 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:52:17.0661 5328 amdxata - ok
14:52:17.0723 5328 [ 2B8D1C23D204C0E70EFF48A3FFA1C67B ] AMD_RAIDXpert C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
14:52:17.0754 5328 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - warning
14:52:17.0754 5328 AMD_RAIDXpert - detected UnsignedFile.Multi.Generic (1)
14:52:17.0786 5328 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:52:17.0942 5328 AppID - ok
14:52:17.0973 5328 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:52:18.0051 5328 AppIDSvc - ok
14:52:18.0066 5328 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
14:52:18.0129 5328 Appinfo - ok
14:52:18.0207 5328 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:52:18.0222 5328 arc - ok
14:52:18.0238 5328 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:52:18.0269 5328 arcsas - ok
14:52:18.0347 5328 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
14:52:18.0394 5328 AsIO - ok
14:52:18.0410 5328 [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
14:52:18.0456 5328 asmthub3 - ok
14:52:18.0488 5328 [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
14:52:18.0550 5328 asmtxhci - ok
14:52:18.0581 5328 [ 798A87B2D7AD73B16B7CD968C5D1F18F ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
14:52:18.0612 5328 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
14:52:18.0612 5328 AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
14:52:18.0628 5328 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
14:52:18.0659 5328 AsUpIO - ok
14:52:18.0690 5328 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:52:18.0784 5328 AsyncMac - ok
14:52:18.0784 5328 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:52:18.0815 5328 atapi - ok
14:52:18.0831 5328 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
14:52:18.0862 5328 AtiPcie - ok
14:52:18.0924 5328 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:52:19.0034 5328 AudioEndpointBuilder - ok
14:52:19.0065 5328 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:52:19.0143 5328 AudioSrv - ok
14:52:19.0283 5328 [ C6CDA4E093DD3B2977F87DA498827FCB ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
14:52:19.0330 5328 AVP - ok
14:52:19.0377 5328 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:52:19.0439 5328 AxInstSV - ok
14:52:19.0470 5328 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:52:19.0517 5328 b06bdrv - ok
14:52:19.0548 5328 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:52:19.0595 5328 b57nd60a - ok
14:52:19.0642 5328 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:52:19.0689 5328 BDESVC - ok
14:52:19.0704 5328 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:52:19.0782 5328 Beep - ok
14:52:19.0829 5328 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:52:19.0938 5328 BFE - ok
14:52:19.0985 5328 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
14:52:20.0110 5328 BITS - ok
14:52:20.0141 5328 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:52:20.0188 5328 blbdrive - ok
14:52:20.0219 5328 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:52:20.0266 5328 bowser - ok
14:52:20.0282 5328 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:52:20.0328 5328 BrFiltLo - ok
14:52:20.0344 5328 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:52:20.0375 5328 BrFiltUp - ok
14:52:20.0391 5328 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:52:20.0484 5328 BridgeMP - ok
14:52:20.0500 5328 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:52:20.0531 5328 Browser - ok
14:52:20.0547 5328 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:52:20.0594 5328 Brserid - ok
14:52:20.0594 5328 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:52:20.0640 5328 BrSerWdm - ok
14:52:20.0656 5328 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:52:20.0703 5328 BrUsbMdm - ok
14:52:20.0703 5328 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:52:20.0734 5328 BrUsbSer - ok
14:52:20.0765 5328 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:52:20.0812 5328 BTHMODEM - ok
14:52:20.0843 5328 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:52:20.0921 5328 bthserv - ok
14:52:20.0952 5328 catchme - ok
14:52:20.0984 5328 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:52:21.0062 5328 cdfs - ok
14:52:21.0077 5328 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:52:21.0108 5328 cdrom - ok
14:52:21.0124 5328 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:52:21.0218 5328 CertPropSvc - ok
14:52:21.0218 5328 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
14:52:21.0264 5328 circlass - ok
14:52:21.0280 5328 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:52:21.0327 5328 CLFS - ok
14:52:21.0389 5328 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:52:21.0420 5328 clr_optimization_v2.0.50727_32 - ok
14:52:21.0467 5328 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:52:21.0483 5328 clr_optimization_v2.0.50727_64 - ok
14:52:21.0592 5328 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:52:21.0608 5328 clr_optimization_v4.0.30319_32 - ok
14:52:21.0654 5328 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:52:21.0686 5328 clr_optimization_v4.0.30319_64 - ok
14:52:21.0732 5328 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:52:21.0764 5328 CmBatt - ok
14:52:21.0779 5328 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:52:21.0795 5328 cmdide - ok
14:52:21.0842 5328 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:52:21.0888 5328 CNG - ok
14:52:21.0904 5328 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:52:21.0935 5328 Compbatt - ok
14:52:21.0966 5328 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:52:22.0013 5328 CompositeBus - ok
14:52:22.0029 5328 COMSysApp - ok
14:52:22.0044 5328 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:52:22.0060 5328 crcdisk - ok
14:52:22.0091 5328 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:52:22.0138 5328 CryptSvc - ok
14:52:22.0200 5328 [ 04199CA5C4A6F6E935906A74EAFCA8E7 ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys
14:52:22.0232 5328 CSCrySec - ok
14:52:22.0294 5328 [ 0F9FE82E229C039F0AC1996E44059653 ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
14:52:22.0372 5328 CSObjectsSrv - ok
14:52:22.0419 5328 [ 7D7F90460F1309B5205BF8CDFAD63E42 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
14:52:22.0450 5328 CSVirtualDiskDrv - ok
14:52:22.0512 5328 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:52:22.0606 5328 DcomLaunch - ok
14:52:22.0637 5328 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:52:22.0731 5328 defragsvc - ok
14:52:22.0762 5328 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:52:22.0840 5328 DfsC - ok
14:52:22.0871 5328 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:52:22.0934 5328 Dhcp - ok
14:52:22.0949 5328 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:52:23.0043 5328 discache - ok
14:52:23.0074 5328 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:52:23.0090 5328 Disk - ok
14:52:23.0121 5328 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:52:23.0183 5328 Dnscache - ok
14:52:23.0214 5328 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:52:23.0308 5328 dot3svc - ok
14:52:23.0324 5328 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:52:23.0402 5328 DPS - ok
14:52:23.0433 5328 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:52:23.0464 5328 drmkaud - ok
14:52:23.0511 5328 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:52:23.0573 5328 DXGKrnl - ok
14:52:23.0604 5328 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:52:23.0682 5328 EapHost - ok
14:52:23.0776 5328 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:52:23.0916 5328 ebdrv - ok
14:52:23.0948 5328 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:52:23.0994 5328 EFS - ok
14:52:24.0041 5328 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:52:24.0104 5328 ehRecvr - ok
14:52:24.0135 5328 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:52:24.0182 5328 ehSched - ok
14:52:24.0213 5328 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:52:24.0260 5328 elxstor - ok
14:52:24.0275 5328 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:52:24.0322 5328 ErrDev - ok
14:52:24.0369 5328 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:52:24.0462 5328 EventSystem - ok
14:52:24.0494 5328 ewusbnet - ok
14:52:24.0509 5328 ew_hwusbdev - ok
14:52:24.0525 5328 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:52:24.0603 5328 exfat - ok
14:52:24.0650 5328 Fabs - ok
14:52:24.0681 5328 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:52:24.0774 5328 fastfat - ok
14:52:24.0821 5328 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:52:24.0884 5328 Fax - ok
14:52:24.0899 5328 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:52:24.0930 5328 fdc - ok
14:52:24.0946 5328 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:52:25.0024 5328 fdPHost - ok
14:52:25.0040 5328 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:52:25.0118 5328 FDResPub - ok
14:52:25.0149 5328 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:52:25.0180 5328 FileInfo - ok
14:52:25.0196 5328 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:52:25.0289 5328 Filetrace - ok
14:52:25.0383 5328 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
14:52:25.0492 5328 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
14:52:25.0492 5328 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
14:52:25.0508 5328 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:52:25.0523 5328 flpydisk - ok
14:52:25.0570 5328 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:52:25.0601 5328 FltMgr - ok
14:52:25.0648 5328 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
14:52:25.0773 5328 FontCache - ok
14:52:25.0820 5328 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:52:25.0835 5328 FontCache3.0.0.0 - ok
14:52:25.0866 5328 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:52:25.0882 5328 FsDepends - ok
14:52:25.0913 5328 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:52:25.0944 5328 Fs_Rec - ok
14:52:25.0976 5328 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:52:26.0022 5328 fvevol - ok
14:52:26.0054 5328 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:52:26.0085 5328 gagp30kx - ok
14:52:26.0116 5328 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:52:26.0225 5328 gpsvc - ok
14:52:26.0241 5328 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:52:26.0272 5328 hcw85cir - ok
14:52:26.0303 5328 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:52:26.0350 5328 HdAudAddService - ok
14:52:26.0381 5328 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:52:26.0412 5328 HDAudBus - ok
14:52:26.0428 5328 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:52:26.0459 5328 HidBatt - ok
14:52:26.0475 5328 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:52:26.0522 5328 HidBth - ok
14:52:26.0537 5328 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:52:26.0568 5328 HidIr - ok
14:52:26.0584 5328 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:52:26.0662 5328 hidserv - ok
14:52:26.0693 5328 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:52:26.0724 5328 HidUsb - ok
14:52:26.0740 5328 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:52:26.0818 5328 hkmsvc - ok
14:52:26.0849 5328 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:52:26.0880 5328 HomeGroupListener - ok
14:52:26.0912 5328 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:52:26.0958 5328 HomeGroupProvider - ok
14:52:26.0990 5328 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:52:27.0021 5328 HpSAMD - ok
14:52:27.0052 5328 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:52:27.0161 5328 HTTP - ok
14:52:27.0177 5328 huawei_enumerator - ok
14:52:27.0192 5328 hwdatacard - ok
14:52:27.0208 5328 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:52:27.0239 5328 hwpolicy - ok
14:52:27.0270 5328 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:52:27.0302 5328 i8042prt - ok
14:52:27.0333 5328 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:52:27.0380 5328 iaStorV - ok
14:52:27.0427 5328 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:52:27.0489 5328 idsvc - ok
14:52:27.0520 5328 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:52:27.0536 5328 iirsp - ok
14:52:27.0583 5328 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:52:27.0707 5328 IKEEXT - ok
14:52:27.0785 5328 [ EB5FA493A4B6EA290200AE39EBA2FBC6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:52:27.0910 5328 IntcAzAudAddService - ok
14:52:27.0926 5328 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:52:27.0957 5328 intelide - ok
14:52:27.0988 5328 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
14:52:28.0019 5328 intelppm - ok
14:52:28.0051 5328 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:52:28.0144 5328 IPBusEnum - ok
14:52:28.0160 5328 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:52:28.0238 5328 IpFilterDriver - ok
14:52:28.0285 5328 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:52:28.0347 5328 iphlpsvc - ok
14:52:28.0378 5328 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:52:28.0409 5328 IPMIDRV - ok
14:52:28.0425 5328 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:52:28.0519 5328 IPNAT - ok
14:52:28.0534 5328 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:52:28.0581 5328 IRENUM - ok
14:52:28.0612 5328 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:52:28.0628 5328 isapnp - ok
14:52:28.0659 5328 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:52:28.0690 5328 iScsiPrt - ok
14:52:28.0706 5328 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:52:28.0737 5328 kbdclass - ok
14:52:28.0753 5328 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:52:28.0799 5328 kbdhid - ok
14:52:28.0815 5328 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:52:28.0846 5328 KeyIso - ok
14:52:28.0893 5328 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
14:52:28.0955 5328 kl1 - ok
14:52:29.0018 5328 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF C:\Windows\system32\DRIVERS\klif.sys
14:52:29.0065 5328 KLIF - ok
14:52:29.0111 5328 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
14:52:29.0143 5328 KLIM6 - ok
14:52:29.0158 5328 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
14:52:29.0189 5328 klkbdflt - ok
14:52:29.0205 5328 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
14:52:29.0236 5328 klmouflt - ok
14:52:29.0267 5328 [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
14:52:29.0299 5328 kltdi - ok
14:52:29.0345 5328 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
14:52:29.0392 5328 kneps - ok
14:52:29.0423 5328 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:52:29.0455 5328 KSecDD - ok
14:52:29.0455 5328 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:52:29.0486 5328 KSecPkg - ok
14:52:29.0533 5328 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:52:29.0611 5328 ksthunk - ok
14:52:29.0642 5328 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:52:29.0735 5328 KtmRm - ok
14:52:29.0782 5328 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:52:29.0876 5328 LanmanServer - ok
14:52:29.0907 5328 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:52:29.0985 5328 LanmanWorkstation - ok
14:52:30.0016 5328 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:52:30.0110 5328 lltdio - ok
14:52:30.0141 5328 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:52:30.0235 5328 lltdsvc - ok
14:52:30.0250 5328 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:52:30.0328 5328 lmhosts - ok
14:52:30.0375 5328 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:52:30.0406 5328 LSI_FC - ok
14:52:30.0422 5328 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:52:30.0453 5328 LSI_SAS - ok
14:52:30.0469 5328 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:52:30.0484 5328 LSI_SAS2 - ok
14:52:30.0500 5328 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:52:30.0531 5328 LSI_SCSI - ok
14:52:30.0562 5328 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:52:30.0640 5328 luafv - ok
14:52:30.0656 5328 massfilter - ok
14:52:30.0656 5328 massfilter_hs - ok
14:52:30.0687 5328 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:52:30.0734 5328 Mcx2Svc - ok
14:52:30.0749 5328 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:52:30.0765 5328 megasas - ok
14:52:30.0796 5328 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:52:30.0827 5328 MegaSR - ok
14:52:30.0859 5328 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:52:30.0937 5328 MMCSS - ok
14:52:30.0937 5328 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:52:31.0030 5328 Modem - ok
14:52:31.0061 5328 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:52:31.0093 5328 monitor - ok
14:52:31.0124 5328 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:52:31.0155 5328 mouclass - ok
14:52:31.0171 5328 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:52:31.0217 5328 mouhid - ok
14:52:31.0233 5328 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:52:31.0264 5328 mountmgr - ok
14:52:31.0280 5328 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:52:31.0311 5328 mpio - ok
14:52:31.0327 5328 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:52:31.0405 5328 mpsdrv - ok
14:52:31.0451 5328 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:52:31.0561 5328 MpsSvc - ok
14:52:31.0576 5328 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:52:31.0623 5328 MRxDAV - ok
14:52:31.0654 5328 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:52:31.0701 5328 mrxsmb - ok
14:52:31.0732 5328 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:52:31.0763 5328 mrxsmb10 - ok
14:52:31.0779 5328 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:52:31.0810 5328 mrxsmb20 - ok
14:52:31.0826 5328 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:52:31.0841 5328 msahci - ok
14:52:31.0873 5328 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:52:31.0904 5328 msdsm - ok
14:52:31.0919 5328 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:52:31.0966 5328 MSDTC - ok
14:52:31.0982 5328 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:52:32.0075 5328 Msfs - ok
14:52:32.0107 5328 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:52:32.0185 5328 mshidkmdf - ok
14:52:32.0200 5328 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:52:32.0231 5328 msisadrv - ok
14:52:32.0247 5328 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:52:32.0341 5328 MSiSCSI - ok
14:52:32.0356 5328 msiserver - ok
14:52:32.0372 5328 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:52:32.0465 5328 MSKSSRV - ok
14:52:32.0481 5328 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:52:32.0559 5328 MSPCLOCK - ok
14:52:32.0575 5328 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:52:32.0653 5328 MSPQM - ok
14:52:32.0668 5328 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:52:32.0715 5328 MsRPC - ok
14:52:32.0731 5328 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:52:32.0762 5328 mssmbios - ok
14:52:32.0762 5328 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:52:32.0840 5328 MSTEE - ok
14:52:32.0855 5328 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:52:32.0887 5328 MTConfig - ok
14:52:32.0918 5328 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
14:52:32.0949 5328 MTsensor - ok
14:52:32.0965 5328 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:52:32.0980 5328 Mup - ok
14:52:33.0011 5328 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:52:33.0105 5328 napagent - ok
14:52:33.0152 5328 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:52:33.0199 5328 NativeWifiP - ok
14:52:33.0245 5328 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:52:33.0323 5328 NDIS - ok
14:52:33.0339 5328 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:52:33.0417 5328 NdisCap - ok
14:52:33.0433 5328 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:52:33.0511 5328 NdisTapi - ok
14:52:33.0526 5328 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:52:33.0604 5328 Ndisuio - ok
14:52:33.0620 5328 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:52:33.0713 5328 NdisWan - ok
14:52:33.0729 5328 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:52:33.0807 5328 NDProxy - ok
14:52:33.0823 5328 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:52:33.0916 5328 NetBIOS - ok
14:52:33.0932 5328 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:52:34.0010 5328 NetBT - ok
14:52:34.0025 5328 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:52:34.0057 5328 Netlogon - ok
14:52:34.0088 5328 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:52:34.0181 5328 Netman - ok
14:52:34.0213 5328 [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:52:34.0244 5328 NetMsmqActivator - ok
14:52:34.0244 5328 [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:52:34.0275 5328 NetPipeActivator - ok
14:52:34.0291 5328 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:52:34.0384 5328 netprofm - ok
14:52:34.0400 5328 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:52:34.0431 5328 NetTcpActivator - ok
14:52:34.0431 5328 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:52:34.0462 5328 NetTcpPortSharing - ok
14:52:34.0478 5328 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:52:34.0509 5328 nfrd960 - ok
14:52:34.0556 5328 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:52:34.0603 5328 NlaSvc - ok
14:52:34.0618 5328 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:52:34.0696 5328 Npfs - ok
14:52:34.0727 5328 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:52:34.0805 5328 nsi - ok
14:52:34.0837 5328 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:52:34.0915 5328 nsiproxy - ok
14:52:34.0977 5328 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:52:35.0071 5328 Ntfs - ok
14:52:35.0086 5328 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:52:35.0164 5328 Null - ok
14:52:35.0195 5328 [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
14:52:35.0242 5328 NVHDA - ok
14:52:35.0492 5328 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:52:35.0882 5328 nvlddmkm - ok
14:52:35.0929 5328 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:52:35.0960 5328 nvraid - ok
14:52:35.0991 5328 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:52:36.0022 5328 nvstor - ok
14:52:36.0069 5328 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:52:36.0147 5328 nvsvc - ok
14:52:36.0225 5328 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:52:36.0303 5328 nvUpdatusService - ok
14:52:36.0319 5328 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:52:36.0350 5328 nv_agp - ok
14:52:36.0365 5328 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:52:36.0397 5328 ohci1394 - ok
14:52:36.0428 5328 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:52:36.0475 5328 p2pimsvc - ok
14:52:36.0490 5328 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:52:36.0537 5328 p2psvc - ok
14:52:36.0568 5328 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:52:36.0615 5328 Parport - ok
14:52:36.0646 5328 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:52:36.0677 5328 partmgr - ok
14:52:36.0693 5328 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:52:36.0755 5328 PcaSvc - ok
14:52:36.0771 5328 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:52:36.0802 5328 pci - ok
14:52:36.0802 5328 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:52:36.0833 5328 pciide - ok
14:52:36.0849 5328 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:52:36.0896 5328 pcmcia - ok
14:52:36.0911 5328 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:52:36.0943 5328 pcw - ok
14:52:36.0958 5328 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:52:37.0067 5328 PEAUTH - ok
14:52:37.0130 5328 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:52:37.0177 5328 PerfHost - ok
14:52:37.0223 5328 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:52:37.0364 5328 pla - ok
14:52:37.0411 5328 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:52:37.0457 5328 PlugPlay - ok
14:52:37.0473 5328 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:52:37.0504 5328 PNRPAutoReg - ok
14:52:37.0535 5328 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:52:37.0567 5328 PNRPsvc - ok
14:52:37.0598 5328 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:52:37.0691 5328 PolicyAgent - ok
14:52:37.0707 5328 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:52:37.0816 5328 Power - ok
14:52:37.0847 5328 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:52:37.0925 5328 PptpMiniport - ok
14:52:37.0941 5328 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:52:37.0972 5328 Processor - ok
14:52:38.0019 5328 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:52:38.0066 5328 ProfSvc - ok
14:52:38.0081 5328 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:52:38.0113 5328 ProtectedStorage - ok
14:52:38.0128 5328 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:52:38.0222 5328 Psched - ok
14:52:38.0269 5328 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:52:38.0362 5328 ql2300 - ok
14:52:38.0378 5328 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:52:38.0409 5328 ql40xx - ok
14:52:38.0425 5328 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:52:38.0471 5328 QWAVE - ok
14:52:38.0487 5328 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:52:38.0534 5328 QWAVEdrv - ok
14:52:38.0549 5328 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:52:38.0627 5328 RasAcd - ok
14:52:38.0659 5328 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:52:38.0737 5328 RasAgileVpn - ok
14:52:38.0752 5328 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:52:38.0846 5328 RasAuto - ok
14:52:38.0861 5328 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:38.0955 5328 Rasl2tp - ok
14:52:38.0971 5328 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:52:39.0064 5328 RasMan - ok
14:52:39.0080 5328 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:39.0158 5328 RasPppoe - ok
14:52:39.0189 5328 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:52:39.0267 5328 RasSstp - ok
14:52:39.0298 5328 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:52:39.0376 5328 rdbss - ok
14:52:39.0392 5328 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:52:39.0423 5328 rdpbus - ok
14:52:39.0439 5328 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:39.0517 5328 RDPCDD - ok
14:52:39.0548 5328 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:52:39.0626 5328 RDPENCDD - ok
14:52:39.0657 5328 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:52:39.0719 5328 RDPREFMP - ok
14:52:39.0751 5328 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:52:39.0813 5328 RDPWD - ok
14:52:39.0844 5328 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:52:39.0875 5328 rdyboost - ok
14:52:39.0891 5328 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:52:39.0985 5328 RemoteAccess - ok
14:52:40.0000 5328 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:52:40.0078 5328 RemoteRegistry - ok
14:52:40.0109 5328 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:52:40.0203 5328 RpcEptMapper - ok
14:52:40.0219 5328 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:52:40.0265 5328 RpcLocator - ok
14:52:40.0281 5328 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:52:40.0375 5328 RpcSs - ok
14:52:40.0406 5328 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:52:40.0484 5328 rspndr - ok
14:52:40.0515 5328 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:52:40.0562 5328 RTL8167 - ok
14:52:40.0609 5328 [ E16B7C030A05EF649B18FAB0A93D871F ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
14:52:40.0640 5328 RtNdPt60 - ok
14:52:40.0655 5328 [ 1DE78F5008120CD79B34C12394DCD493 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
14:52:40.0687 5328 RTTEAMPT - ok
14:52:40.0687 5328 [ B1018AA1B5735F5FA89FD4DADF4BEA7A ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys
14:52:40.0718 5328 RTVLANPT - ok
14:52:40.0733 5328 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:52:40.0765 5328 SamSs - ok
14:52:40.0765 5328 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:52:40.0796 5328 sbp2port - ok
14:52:40.0827 5328 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:52:40.0921 5328 SCardSvr - ok
14:52:40.0936 5328 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:52:41.0014 5328 scfilter - ok
14:52:41.0045 5328 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:52:41.0155 5328 Schedule - ok
14:52:41.0186 5328 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:52:41.0248 5328 SCPolicySvc - ok
14:52:41.0264 5328 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:52:41.0295 5328 SDRSVC - ok
14:52:41.0342 5328 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:52:41.0435 5328 secdrv - ok
14:52:41.0451 5328 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:52:41.0513 5328 seclogon - ok
14:52:41.0545 5328 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
14:52:41.0623 5328 SENS - ok
14:52:41.0654 5328 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:52:41.0701 5328 SensrSvc - ok
14:52:41.0732 5328 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:52:41.0763 5328 Serenum - ok
14:52:41.0794 5328 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:52:41.0825 5328 Serial - ok
14:52:41.0857 5328 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:52:41.0903 5328 sermouse - ok
14:52:41.0950 5328 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:52:42.0028 5328 SessionEnv - ok
14:52:42.0044 5328 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:52:42.0075 5328 sffdisk - ok
14:52:42.0075 5328 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:52:42.0122 5328 sffp_mmc - ok
14:52:42.0122 5328 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:52:42.0169 5328 sffp_sd - ok
14:52:42.0169 5328 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:52:42.0200 5328 sfloppy - ok
14:52:42.0247 5328 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:52:42.0340 5328 SharedAccess - ok
14:52:42.0387 5328 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:52:42.0465 5328 ShellHWDetection - ok
14:52:42.0496 5328 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:52:42.0527 5328 SiSRaid2 - ok
14:52:42.0543 5328 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:52:42.0574 5328 SiSRaid4 - ok
14:52:42.0605 5328 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:52:42.0683 5328 Smb - ok
14:52:42.0715 5328 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:52:42.0746 5328 SNMPTRAP - ok
14:52:42.0761 5328 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:52:42.0793 5328 spldr - ok
14:52:42.0824 5328 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:52:42.0871 5328 Spooler - ok
14:52:42.0964 5328 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:52:43.0136 5328 sppsvc - ok
14:52:43.0151 5328 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:52:43.0229 5328 sppuinotify - ok
14:52:43.0261 5328 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:52:43.0323 5328 srv - ok
14:52:43.0354 5328 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:52:43.0385 5328 srv2 - ok
14:52:43.0417 5328 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:52:43.0448 5328 srvnet - ok
14:52:43.0479 5328 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:52:43.0557 5328 SSDPSRV - ok
14:52:43.0573 5328 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:52:43.0651 5328 SstpSvc - ok
14:52:43.0697 5328 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:52:43.0744 5328 Stereo Service - ok
14:52:43.0775 5328 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:52:43.0807 5328 stexstor - ok
14:52:43.0838 5328 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:52:43.0916 5328 stisvc - ok
14:52:43.0931 5328 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:52:43.0947 5328 swenum - ok
14:52:43.0978 5328 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:52:44.0072 5328 swprv - ok
14:52:44.0119 5328 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:52:44.0228 5328 SysMain - ok
14:52:44.0243 5328 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:52:44.0290 5328 TabletInputService - ok
14:52:44.0509 5328 [ 0314B23F5F6661483084B9CE0822D0BF ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
14:52:44.0821 5328 TabletServicePen - ok
14:52:44.0852 5328 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:52:44.0945 5328 TapiSrv - ok
14:52:44.0961 5328 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:52:45.0039 5328 TBS - ok
14:52:45.0117 5328 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:52:45.0226 5328 Tcpip - ok
14:52:45.0289 5328 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:52:45.0367 5328 TCPIP6 - ok
14:52:45.0413 5328 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:52:45.0429 5328 tcpipreg - ok
14:52:45.0460 5328 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:52:45.0507 5328 TDPIPE - ok
14:52:45.0538 5328 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:52:45.0569 5328 TDTCP - ok
14:52:45.0585 5328 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:52:45.0663 5328 tdx - ok
14:52:45.0694 5328 [ 1DE78F5008120CD79B34C12394DCD493 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
14:52:45.0710 5328 TEAM - ok
14:52:45.0725 5328 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:52:45.0757 5328 TermDD - ok
14:52:45.0803 5328 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:52:45.0913 5328 TermService - ok
14:52:45.0928 5328 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:52:45.0975 5328 Themes - ok
14:52:45.0991 5328 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:52:46.0069 5328 THREADORDER - ok
14:52:46.0131 5328 [ BE897CAE477DD8A149B3DB77472AF87D ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
14:52:46.0178 5328 TouchServicePen - ok
14:52:46.0193 5328 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:52:46.0287 5328 TrkWks - ok
14:52:46.0334 5328 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:52:46.0412 5328 TrustedInstaller - ok
14:52:46.0427 5328 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:52:46.0505 5328 tssecsrv - ok
14:52:46.0537 5328 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:52:46.0568 5328 TsUsbFlt - ok
14:52:46.0583 5328 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:52:46.0615 5328 TsUsbGD - ok
14:52:46.0646 5328 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:52:46.0724 5328 tunnel - ok
14:52:46.0739 5328 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:52:46.0755 5328 uagp35 - ok
14:52:46.0771 5328 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:52:46.0864 5328 udfs - ok
14:52:46.0895 5328 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:52:46.0927 5328 UI0Detect - ok
14:52:46.0942 5328 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:52:46.0973 5328 uliagpkx - ok
14:52:46.0989 5328 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:52:47.0036 5328 umbus - ok
14:52:47.0036 5328 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:52:47.0083 5328 UmPass - ok
14:52:47.0098 5328 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:52:47.0207 5328 upnphost - ok
14:52:47.0239 5328 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:52:47.0270 5328 usbccgp - ok
14:52:47.0317 5328 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:52:47.0348 5328 usbcir - ok
14:52:47.0379 5328 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:52:47.0410 5328 usbehci - ok
14:52:47.0441 5328 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:52:47.0488 5328 usbhub - ok
14:52:47.0504 5328 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:52:47.0535 5328 usbohci - ok
14:52:47.0566 5328 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:52:47.0613 5328 usbprint - ok
14:52:47.0660 5328 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:52:47.0691 5328 usbscan - ok
14:52:47.0707 5328 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:52:47.0753 5328 USBSTOR - ok
14:52:47.0785 5328 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:52:47.0831 5328 usbuhci - ok
14:52:47.0863 5328 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:52:47.0941 5328 UxSms - ok
14:52:47.0956 5328 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:52:47.0987 5328 VaultSvc - ok
14:52:48.0034 5328 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:52:48.0050 5328 vdrvroot - ok
14:52:48.0081 5328 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:52:48.0190 5328 vds - ok
14:52:48.0206 5328 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:52:48.0237 5328 vga - ok
14:52:48.0253 5328 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:52:48.0346 5328 VgaSave - ok
14:52:48.0362 5328 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:52:48.0393 5328 vhdmp - ok
14:52:48.0409 5328 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:52:48.0440 5328 viaide - ok
14:52:48.0455 5328 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:52:48.0487 5328 volmgr - ok
14:52:48.0502 5328 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:52:48.0549 5328 volmgrx - ok
14:52:48.0565 5328 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:52:48.0596 5328 volsnap - ok
14:52:48.0627 5328 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:52:48.0658 5328 vsmraid - ok
14:52:48.0705 5328 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:52:48.0845 5328 VSS - ok
14:52:48.0861 5328 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:52:48.0892 5328 vwifibus - ok
14:52:48.0939 5328 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:52:49.0017 5328 W32Time - ok
14:52:49.0064 5328 [ 8D7D3A085B7B73D178D4C15106F16F3B ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
14:52:49.0079 5328 wacmoumonitor - ok
14:52:49.0111 5328 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
14:52:49.0126 5328 wacommousefilter - ok
14:52:49.0173 5328 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:52:49.0220 5328 WacomPen - ok
14:52:49.0235 5328 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
14:52:49.0251 5328 wacomvhid - ok
14:52:49.0282 5328 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:52:49.0360 5328 WANARP - ok
14:52:49.0360 5328 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:52:49.0438 5328 Wanarpv6 - ok
14:52:49.0485 5328 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:52:49.0579 5328 wbengine - ok
14:52:49.0594 5328 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:52:49.0641 5328 WbioSrvc - ok
14:52:49.0672 5328 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:52:49.0719 5328 wcncsvc - ok
14:52:49.0735 5328 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:52:49.0781 5328 WcsPlugInService - ok
14:52:49.0813 5328 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:52:49.0828 5328 Wd - ok
14:52:49.0875 5328 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:52:49.0937 5328 Wdf01000 - ok
14:52:49.0953 5328 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:52:50.0031 5328 WdiServiceHost - ok
14:52:50.0031 5328 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:52:50.0078 5328 WdiSystemHost - ok
14:52:50.0093 5328 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:52:50.0171 5328 WebClient - ok
14:52:50.0203 5328 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:52:50.0296 5328 Wecsvc - ok
14:52:50.0312 5328 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:52:50.0390 5328 wercplsupport - ok
14:52:50.0421 5328 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:52:50.0499 5328 WerSvc - ok
14:52:50.0546 5328 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:52:50.0608 5328 WfpLwf - ok
14:52:50.0639 5328 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:52:50.0655 5328 WIMMount - ok
14:52:50.0671 5328 WinDefend - ok
14:52:50.0686 5328 WinHttpAutoProxySvc - ok
14:52:50.0749 5328 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:52:50.0827 5328 Winmgmt - ok
14:52:50.0889 5328 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:52:51.0029 5328 WinRM - ok
14:52:51.0092 5328 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:52:51.0139 5328 WinUsb - ok
14:52:51.0185 5328 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:52:51.0263 5328 Wlansvc - ok
14:52:51.0373 5328 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:52:51.0482 5328 wlidsvc - ok
14:52:51.0497 5328 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:52:51.0529 5328 WmiAcpi - ok
14:52:51.0560 5328 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:52:51.0607 5328 wmiApSrv - ok
14:52:51.0622 5328 WMPNetworkSvc - ok
14:52:51.0653 5328 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:52:51.0685 5328 WPCSvc - ok
14:52:51.0700 5328 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:52:51.0731 5328 WPDBusEnum - ok
14:52:51.0763 5328 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:52:51.0841 5328 ws2ifsl - ok
14:52:51.0872 5328 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
14:52:51.0919 5328 wscsvc - ok
14:52:51.0934 5328 WSearch - ok
14:52:51.0997 5328 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:52:52.0121 5328 wuauserv - ok
14:52:52.0153 5328 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:52:52.0184 5328 WudfPf - ok
14:52:52.0231 5328 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:52:52.0277 5328 WUDFRd - ok
14:52:52.0293 5328 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:52:52.0324 5328 wudfsvc - ok
14:52:52.0371 5328 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
14:52:52.0402 5328 WwanSvc - ok
14:52:52.0433 5328 ZTEusbmdm6k - ok
14:52:52.0449 5328 ZTEusbnmea - ok
14:52:52.0465 5328 ZTEusbser6k - ok
14:52:52.0465 5328 ================ Scan global ===============================
14:52:52.0496 5328 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:52:52.0527 5328 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:52:52.0543 5328 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:52:52.0574 5328 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:52:52.0605 5328 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:52:52.0621 5328 [Global] - ok
14:52:52.0621 5328 ================ Scan MBR ==================================
14:52:52.0621 5328 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:52:52.0933 5328 \Device\Harddisk0\DR0 - ok
14:52:52.0933 5328 ================ Scan VBR ==================================
14:52:52.0948 5328 [ 9E4E7A367223D184ADD95D5D666CEB50 ] \Device\Harddisk0\DR0\Partition1
14:52:52.0948 5328 \Device\Harddisk0\DR0\Partition1 - ok
14:52:52.0979 5328 [ A82A29538C7D41D2EE58053E452EB639 ] \Device\Harddisk0\DR0\Partition2
14:52:52.0979 5328 \Device\Harddisk0\DR0\Partition2 - ok
14:52:52.0979 5328 ============================================================
14:52:52.0979 5328 Scan finished
14:52:52.0979 5328 ============================================================
14:52:53.0011 4128 Detected object count: 3
14:52:53.0011 4128 Actual detected object count: 3
14:53:09.0469 4128 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user
14:53:09.0469 4128 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:53:09.0469 4128 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
14:53:09.0469 4128 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:53:09.0469 4128 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
14:53:09.0469 4128 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:53:14.0117 2016 Deinitialize success
DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483
Run by Murat Celik at 14:49:43 on 2013-05-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8174.6537 [GMT 2:00]
.
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIIVE.EXE
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Windows\splwow64.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Murat Celik\Downloads\Defogger.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Microsoft-Konto-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIIVE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2530 Series"
uRun: [Scan Buttons] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE
mRun: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe /S
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE
StartupFolder: C:\Users\MURATC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2013-5-19 84536]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013-5-19 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54104]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-9-19 122880]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2012-7-26 90112]
R2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-1-23 1858048]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2012-7-26 32544]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-11-26 7329648]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-11-26 719216]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
R3 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356968]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-26 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2012-7-26 48416]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2012-7-26 29472]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2012-7-26 48416]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2012-11-26 18288]
.
=============== Created Last 30 ================
.
2013-05-19 21:51:07 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-19 20:25:34 98816 ----a-w- C:\Windows\sed.exe
2013-05-19 20:25:34 256000 ----a-w- C:\Windows\PEV.exe
2013-05-19 20:25:34 208896 ----a-w- C:\Windows\MBR.exe
2013-05-19 17:02:09 -------- d-----w- C:\Users\Murat Celik\AppData\Roaming\sns
2013-05-19 17:02:09 -------- d-----w- C:\Users\Murat Celik\AppData\Roaming\FPAV
2013-05-19 14:16:41 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-19 14:01:08 -------- d-----w- C:\ProgramData\S.N.Safe&Software
2013-05-19 14:01:08 -------- d-----w- C:\Program Files (x86)\SnS Soft
2013-05-19 13:56:56 -------- d-----w- C:\Users\Murat Celik\AppData\Local\Downloaded Installations
2013-05-19 09:37:23 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C1CD049E-8BE6-4BBE-A7DD-2018D85E816C}\mpengine.dll
2013-05-19 08:58:09 64856 ----a-w- C:\Windows\System32\klfphc.dll
2013-05-19 08:57:36 66616 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
2013-05-19 08:57:30 84536 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys
2013-05-19 08:57:06 -------- d-----w- C:\Windows\ELAMBKUP
2013-05-19 08:57:03 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch
2013-05-19 08:57:00 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-05-19 08:57:00 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-05-19 08:56:11 89944 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-05-19 08:39:10 -------- d-----w- C:\Users\Murat Celik\AppData\Local\Programs
2013-05-19 08:30:01 -------- d-----w- C:\Users\Murat Celik\AppData\Local\ElevatedDiagnostics
2013-05-19 08:29:43 -------- d-----w- C:\Users\Murat Celik\AppData\Local\Diagnostics
2013-05-18 23:32:03 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-18 23:32:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-18 23:29:04 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-18 23:29:04 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-18 23:29:04 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-18 23:29:03 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-18 23:28:57 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-18 23:28:18 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-18 23:28:18 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-18 23:28:16 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-18 23:28:16 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-18 23:28:16 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-13 10:16:57 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-05-13 10:16:57 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-13 10:16:53 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-05-13 10:16:41 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-05-13 10:16:40 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-05-13 10:16:40 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-05-13 10:16:40 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-05-13 10:16:40 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-05-13 10:16:40 112640 ----a-w- C:\Windows\System32\smss.exe
2013-05-02 19:55:15 -------- d-----w- C:\Users\Murat Celik\.gimp-2.6
2013-05-02 19:55:00 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
.
==================== Find3M ====================
.
2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-07 08:52:46 120200 ----a-w- C:\Windows\SysWow64\DLLDEV32i.dll
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 14:50:16,75 ===============
--- --- --- Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 26.07.2012 20:47:24
System Uptime: 20.05.2013 14:42:53 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M5A78L/USB3
Processor: AMD FX(tm)-6100 Six-Core Processor | AM3R2 | 1386/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 391,153 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP62: 19.05.2013 01:29:16 - Windows Update
RP63: 19.05.2013 01:53:33 - Removed Adobe Reader X (10.1.7) MUI.
RP64: 19.05.2013 16:00:29 - Installed SafenSoft SysWatch.
RP65: 19.05.2013 21:48:19 - Removed SafenSoft SysWatch.
RP66: 20.05.2013 00:31:26 - Removed SafenSoft SysWatch.
.
==== Installed Programs ======================
.
Adobe AIR
Anleitung für Epson Connect
ArtRage Studio
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS WebStorage
ASUSUpdate
ATI Catalyst Install Manager
Bamboo
Bamboo Dock
Bamboo Dock 3.3
Blender
CPUID CPU-Z 1.61.2
CrystalDiskInfo 5.3.0
D3DX10
Epson Benutzerhandbuch WF-2530 Series
Epson Event Manager
Epson FAX Utility
Epson Netzwerkhandbuch WF-2530 Series
Epson PC-FAX Driver
EPSON Scan
EPSON WF-2530 Series Printer Uninstall
EpsonNet Print
EPU-4 Engine
Firebird SQL Server - MAGIX Edition
Fotogalerie
GIMP 2.6.11
GIMP 2.8.2
HitFilm 2 Ultimate
Kaspersky PURE 3.0
MAGIX Content und Soundpools
MAGIX Foto & Grafik Designer 7
MAGIX Foto Manager MX Deluxe
MAGIX Music Maker 2013 Premium
MAGIX Music Maker 2013 Premium Soundpools
MAGIX Music Maker 2013 Soundpools
MAGIX Music Studio
MAGIX Screenshare
MAGIX Slideshow Maker 2
MAGIX Speed burnR (MSI)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
NVIDIA 3D Vision Controller-Treiber 275.33
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Treiber 311.06
NVIDIA Grafiktreiber 311.06
NVIDIA HD-Audiotreiber 1.2.23.3
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 311.06
NVIDIA Update 1.11.3
NVIDIA Update Components
OpenOffice.org 3.2
PC Probe II
Photo Common
Photo Gallery
Presto! PageManager 9.03 SE
RAIDXpert
Realtek Ethernet Controller Driver
Realtek Ethernet Diagnostic Utility
Realtek High Definition Audio Driver
Samplitude Pro X Silver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Text-To-Speech-Runtime
Turbo Key
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Vita 2
Vita 2 Zusatzcontent
Vita Bass Machine
Vita Rock Drums
Vita String Ensemble
Vita World Percussion
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== End Of File ===========================
Code:
ATTFilter ComboFix 13-05-18.04 - Murat Celik 20.05.2013 15:06:25.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8174.6360 [GMT 2:00]
ausgeführt von:: c:\users\Murat Celik\Downloads\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Murat Celik\AppData\Roaming\FPAV
c:\users\Murat Celik\AppData\Roaming\FPAV\update.xml
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-20 bis 2013-05-20 ))))))))))))))))))))))))))))))
.
.
2013-05-20 13:15 . 2013-05-20 13:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-20 13:15 . 2013-05-20 13:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-19 17:02 . 2013-05-19 17:02 -------- d-----w- c:\users\Murat Celik\AppData\Roaming\sns
2013-05-19 14:16 . 2013-05-19 14:16 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-19 14:01 . 2013-05-19 14:01 -------- d-----w- c:\programdata\S.N.Safe&Software
2013-05-19 14:01 . 2013-05-19 14:01 -------- d-----w- c:\program files (x86)\SnS Soft
2013-05-19 13:56 . 2013-05-19 13:56 -------- d-----w- c:\users\Murat Celik\AppData\Local\Downloaded Installations
2013-05-19 09:37 . 2013-05-13 23:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1CD049E-8BE6-4BBE-A7DD-2018D85E816C}\mpengine.dll
2013-05-19 08:58 . 2012-07-11 15:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2013-05-19 08:57 . 2011-06-02 12:39 66616 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2013-05-19 08:57 . 2011-06-02 12:39 84536 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2013-05-19 08:57 . 2013-05-19 08:57 -------- dc----w- c:\windows\system32\DRVSTORE
2013-05-19 08:57 . 2013-05-19 08:57 -------- d-----w- c:\windows\ELAMBKUP
2013-05-19 08:57 . 2013-05-19 08:57 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
2013-05-19 08:57 . 2013-05-20 12:44 -------- d-----w- c:\programdata\Kaspersky Lab
2013-05-19 08:57 . 2013-05-19 08:57 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-05-19 08:56 . 2012-11-02 13:48 89944 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-05-19 08:56 . 2012-11-02 13:48 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2013-05-19 08:39 . 2013-05-19 08:39 -------- d-----w- c:\users\Murat Celik\AppData\Local\Programs
2013-05-19 08:30 . 2013-05-19 08:30 -------- d-----w- c:\users\Murat Celik\AppData\Local\ElevatedDiagnostics
2013-05-19 08:29 . 2013-05-19 19:51 -------- d-----w- c:\users\Murat Celik\AppData\Local\Diagnostics
2013-05-18 23:32 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-18 23:32 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-18 23:32 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-18 23:29 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-18 23:29 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-18 23:29 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-18 23:29 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-18 23:29 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-18 23:29 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-18 23:28 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-18 23:28 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-18 23:28 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-18 23:28 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-18 23:28 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-18 23:28 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-13 10:16 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-13 10:16 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-05-13 10:16 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-05-13 10:16 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-13 10:16 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-13 10:16 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-05-13 10:16 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-05-13 10:16 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-05-13 10:16 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-05-09 16:21 . 2013-05-18 12:50 -------- d-----w- c:\users\Murat Celik\AppData\Roaming\gtk-2.0
2013-05-02 19:55 . 2013-05-18 12:50 -------- d-----w- c:\users\Murat Celik\.gimp-2.6
2013-05-02 19:55 . 2013-05-19 20:44 -------- d-----r- c:\users\Public
2013-05-02 19:55 . 2013-05-02 19:55 -------- d-----w- c:\program files (x86)\GIMP-2.0
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 23:38 . 2012-10-07 19:52 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-13 14:24 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-18 23:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-18 23:28 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-18 23:28 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-18 23:28 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-18 23:28 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-18 23:28 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-07 08:52 . 2007-04-27 09:43 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2012-10-10 20:22 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 245872 ----a-w- c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-06-29 16:59 . 2012-08-06 19:58 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 16:20 459784 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE" [2012-02-27 283232]
"Scan Buttons"="c:\program files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE" [2011-01-21 214360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Turbo Key"="c:\program files\ASUS\Turbo Key\TurboKey.exe" [2009-11-24 1874432]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe" [2011-04-11 734544]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-11-28 646232]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-04-03 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-04-03 863360]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
"PMSpeed"="c:\program files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE" [2010-07-29 116632]
.
c:\users\Murat Celik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-14 29472]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-05-19 18288]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2011-06-02 84536]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2011-06-02 66616]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-10-18 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-09-19 122880]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-14 32544]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-07-13 7329648]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 719216]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-03 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-03 29528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 41387995
*NewlyCreated* - 53764290
*NewlyCreated* - 71007075
*Deregistered* - 41387995
*Deregistered* - 53764290
*Deregistered* - 71007075
*Deregistered* - aswMBR
*Deregistered* - awdiiaob
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-04-11 03:35 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-04-11 03:35 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 16:22 492040 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager.9.alb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.eps"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.gif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.iff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.pcd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.png"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tga"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tiff"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-20 15:19:24
ComboFix-quarantined-files.txt 2013-05-20 13:19
ComboFix2.txt 2013-05-19 20:44
.
Vor Suchlauf: 13 Verzeichnis(se), 420.045.410.304 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 419.741.708.288 Bytes frei
.
- - End Of File - - 1B7EE5F28136B027A0DAF66991D4C577
|
|
20.05.2013, 16:43
| #8 |
| /// TB-Ausbilder | Rootkit gefunden. Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Downloade Dir bitteSchritt 2: Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!  Schritt 3: Scan mit SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.05.2013, 22:51
| #9 |
| | Rootkit gefunden. Erstmal vielen Dank dass du dir an deinem, laut deiner Signatur, eigentlich freien Tag die Zeit genommen hast. Ich weiß es zu schätzen.  Nun zu den Logs. Habe wieder alle Schritte abgearbeitet. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.20.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Murat Celik :: MURATCELIK-PC [Administrator] Schutz: Aktiviert 20.05.2013 21:59:41 mbam-log-2013-05-20 (21-59-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 236411 Laufzeit: 3 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=798b167ec166064ba932b867ec8e3713
# engine=13875
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-20 09:33:48
# local_time=2013-05-20 11:33:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 129385 120715478 0 0
# scanned=141534
# found=0
# cleaned=0
# scan_time=4824
Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky PURE 3.0 Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` ---- EDIT2 Habe nach weiterem lesen im Forum bemerkt dass ich GMER nie hätte mit meinem 64bit OS scannen/betreiben dürfen? Ist GMER nur für 32 bit Betriebssysteme? Dann ist es für mich wohl nutzlos und der gemachte LOG hier ist wertlos? EDIT1 Habe zur Kontrolle abschliessend nochmal GMER aktuell gedownloaded und einen Scan machen lassen. Es zeigt leider etwas an im Log. Sind das Viren? Diese Dateien haben merkwürdige Zahlenkombinationen am Ende z.B. [1180:4576]. Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-20 23:53:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-001CA0 rev.15.01H15 465,76GB
Running: llikksn3.exe; Driver: C:\Users\MURATC~1\AppData\Local\Temp\awdiiaob.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1180:4576] 000007fef779cef8
Thread C:\Windows\system32\svchost.exe [1484:2136] 000007fef92335c0
Thread C:\Windows\system32\svchost.exe [1484:3056] 000007fef9235600
Thread C:\Windows\system32\svchost.exe [1484:2336] 000007fef6942888
Thread C:\Windows\system32\svchost.exe [1484:2096] 000007fef6932940
Thread C:\Windows\system32\svchost.exe [1484:3540] 000007fef6942a40
Thread C:\Windows\System32\spoolsv.exe [1984:3280] 000007fef52b10c8
Thread C:\Windows\System32\spoolsv.exe [1984:3312] 000007fef5fd6144
Thread C:\Windows\System32\spoolsv.exe [1984:3316] 000007fef5ae5fd0
Thread C:\Windows\System32\spoolsv.exe [1984:3328] 000007fef81c3438
Thread C:\Windows\System32\spoolsv.exe [1984:3332] 000007fef5ae63ec
Thread C:\Windows\System32\spoolsv.exe [1984:3348] 000007fef5435e5c
Thread C:\Windows\System32\spoolsv.exe [1984:3388] 000007fef540e088
Thread C:\Windows\System32\spoolsv.exe [1984:3568] 000007fef5408230
---- EOF - GMER 2.1 ----
Geändert von RootkitOpfer (20.05.2013 um 23:13 Uhr) |
|
21.05.2013, 08:19
| #10 |
| /// TB-Ausbilder | Rootkit gefunden. Nach dem Update von GMER läuft es auch auf 64bit. Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Schritt 2: ESET deinstallieren (Optional)
Abschließend noch Tipps zu folgenden Themen:
Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
 Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.05.2013, 10:07
| #11 |
| | Rootkit gefunden. Habe wieder alle Schritte befolgt. Anschliessend das update GMER runtergeladen von eurem Link. Habe zum Schluss nochmal GMER gestartet und diese Meldung bekommen. GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-21 11:03:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-001CA0 rev.15.01H15 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\MURATC~1\AppData\Local\Temp\awdiiaob.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [860:4192] 000007fef7fb88f8
Thread C:\Windows\System32\svchost.exe [860:4932] 000007fef7d344e0
---- EOF - GMER 2.1 ----
Ist das in Ordnung? |
|
21.05.2013, 10:09
| #12 |
| /// TB-Ausbilder | Rootkit gefunden. Yo keine Auffälligkeiten Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Rootkit gefunden. |
| angemeldet, antworten, avira, desktop, dsl, fake, folge, gen, gmer, knapp, leute, link, löschen, namen, problem, programme, rootkit, schädlinge, seite, svchost.exe, system, system32, verbindung, windows, windows 7 |
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
