| |
| |||||||
Log-Analyse und Auswertung: System Anti VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.05.2013, 13:06
| #1 |
| |  System Anti Virus Hallo, liebe Helfer, auch ich habe mir System Care Antivirus eingefangen. Der Administratoraccount kommt nicht mehr ins Internet. Ich habe nun aber gelesen, man soll nicht die Hinweise der anderen Threads befolgen, daher habe ich erstmal nichts gemacht, außer Punkt 2, Schritt 1 und 2 der Anleitung. OTL.txt OTL logfile created on: 24.05.2013 12:50:52 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Teilnehmer\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 895,29 Mb Total Physical Memory | 326,03 Mb Available Physical Memory | 36,42% Memory free 1,87 Gb Paging File | 0,86 Gb Available in Paging File | 45,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 118,87 Gb Free Space | 79,80% Space Free | Partition Type: NTFS Computer Name: PC-RAUM-1 | User Name: Dozent | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.24 12:49:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Teilnehmer\Desktop\OTL.exe PRC - [2013.05.22 15:03:51 | 000,516,096 | ---- | M] () -- C:\ProgramData\A49C15FB3DB849D00000A49B71654F53\A49C15FB3DB849D00000A49B71654F53.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.20 13:55:48 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.02.02 01:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.02.02 01:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2009.11.02 03:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009.09.08 23:12:51 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.04.19 09:33:38 | 000,387,616 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe PRC - [2009.04.19 09:33:38 | 000,178,720 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ========== Modules (No Company Name) ========== MOD - [2013.05.22 15:03:51 | 000,516,096 | ---- | M] () -- C:\ProgramData\A49C15FB3DB849D00000A49B71654F53\A49C15FB3DB849D00000A49B71654F53.exe MOD - [2010.02.18 09:51:27 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll ========== Services (SafeList) ========== SRV - [2013.04.16 17:47:13 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.09 18:48:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.09.08 23:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.04.19 09:33:38 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) SRV - [2009.04.19 09:33:38 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{056C60D5-8BBE-463E-A15C-0A905ABC7CB1}\MpKsle2e68444.sys -- (MpKsle2e68444) DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FEAC21CF-9A9B-4DFE-BD30-7E843138E57F}\MpKsld6d4cfda.sys -- (MpKsld6d4cfda) DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{669806A4-7F9A-45C1-A7CE-2D56ED51AA98}\MpKslcf90afa7.sys -- (MpKslcf90afa7) DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5BDAE7A8-7C27-4ABA-B80F-2F50663CAF46}\MpKslccbc9a8b.sys -- (MpKslccbc9a8b) DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A87641E7-074B-421E-A51F-33D7D46F5164}\MpKslb0fa1f9a.sys -- (MpKslb0fa1f9a) DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{959A5DFF-6FAC-4F9E-B0AB-B4D63015F2AE}\MpKsl9f126476.sys -- (MpKsl9f126476) DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7A43E73-EE7A-49B9-8527-2D7C42E2FF4C}\MpKsl7b710871.sys -- (MpKsl7b710871) DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60CD31B5-34FE-46A1-A8C3-727EA82A8245}\MpKsl7237ef53.sys -- (MpKsl7237ef53) DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D34291F-34D8-48FE-8ED6-682855D1DAEB}\MpKsl6a532c04.sys -- (MpKsl6a532c04) DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5C55BAF-D378-451A-AE3A-A3F13B7A52B1}\MpKsl35d48099.sys -- (MpKsl35d48099) DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB329A3F-9D9C-4059-A62C-1201699670C0}\MpKsl2013e79b.sys -- (MpKsl2013e79b) DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6EEA5D51-DD77-4592-8F94-1963CBD54F7D}\MpKsl0f5e3759.sys -- (MpKsl0f5e3759) DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB329A3F-9D9C-4059-A62C-1201699670C0}\MpKsl0b0b7015.sys -- (MpKsl0b0b7015) DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8A35E2A-8355-4AF8-B14C-5F7E00B5ED80}\MpKsl0128d60a.sys -- (MpKsl0128d60a) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dozent\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2009.09.28 00:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.07.16 16:22:10 | 000,019,064 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Users\Dozent\Desktop\hwinfo32\HWiNFO32.SYS -- (HWiNFO32) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.05.13 13:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.05.01 15:06:56 | 000,287,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2009.04.30 21:08:30 | 000,210,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lernstudio-barbarossa.de/ IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=190712_n_mont_3012_6&babsrc=SP_ss&mntrId=a49549d000000000000090e6ba7bcb72 IE - HKCU\..\SearchScopes\{27CE8DB3-8045-46BD-8403-1D24B79650CB}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE485 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8zX7xrLh&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=&SearchSource=2" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.16 17:47:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.16 17:47:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.26 13:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dozent\AppData\Roaming\mozilla\Extensions [2013.02.20 16:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dozent\AppData\Roaming\mozilla\Firefox\Profiles\t9wogsya.default\extensions [2012.11.28 15:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dozent\AppData\Roaming\mozilla\Firefox\Profiles\t9wogsya.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}.oldbackup [2013.02.20 16:08:36 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\Dozent\AppData\Roaming\mozilla\Firefox\Profiles\t9wogsya.default\extensions\sparpilot@sparpilot.com [2013.01.23 15:24:07 | 000,001,050 | ---- | M] () -- C:\Users\Dozent\AppData\Roaming\mozilla\firefox\profiles\t9wogsya.default\searchplugins\web-search-customized-web-search.xml [2013.04.16 17:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.16 17:47:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.03.22 15:25:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.22 15:25:42 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.03.22 15:25:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.03.22 15:25:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.22 15:25:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.22 15:25:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll File not found O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll File not found O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [EPSON S21 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\RunOnce: [A49C15FB3DB849D00000A49B71654F53] C:\ProgramData\A49C15FB3DB849D00000A49B71654F53\A49C15FB3DB849D00000A49B71654F53.exe () O4 - Startup: C:\Users\Dozent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Direct Downloader.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\pnrpnsp.dll File not found O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab (UI File Upload Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E455B332-9A38-4180-ABCE-BAE71CE83ADE}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.24 12:46:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dozent\Desktop\OTL.exe [2013.05.22 15:11:49 | 000,000,000 | ---D | C] -- C:\Users\Dozent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus [2013.05.22 15:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\A49C15FB3DB849D00000A49B71654F53 [2013.05.15 10:11:11 | 000,000,000 | ---D | C] -- C:\Users\Dozent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Longman [2013.05.15 10:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Longman [2013.05.15 10:10:07 | 000,000,000 | ---D | C] -- C:\Users\Dozent\Documents\Expert CAE CD-ROM [2013.04.24 14:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.24 14:02:59 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.24 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware ========== Files - Modified Within 30 Days ========== [2013.05.24 12:46:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dozent\Desktop\OTL.exe [2013.05.24 12:43:21 | 000,000,000 | ---- | M] () -- C:\Users\Dozent\defogger_reenable [2013.05.24 12:28:10 | 000,017,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.24 12:28:10 | 000,017,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.24 12:20:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.24 12:20:53 | 704,081,920 | -HS- | M] () -- C:\hiberfil.sys [2013.05.22 15:11:49 | 000,002,048 | ---- | M] () -- C:\Users\Dozent\Desktop\System Care Antivirus.lnk [2013.05.16 11:50:08 | 000,483,346 | ---- | M] () -- C:\Users\Dozent\Documents\gmx Kündigung.PDF [2013.05.15 12:01:46 | 000,659,798 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.15 12:01:46 | 000,621,074 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.15 12:01:46 | 000,132,070 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.15 12:01:46 | 000,108,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.24 14:03:01 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk ========== Files Created - No Company Name ========== [2013.05.24 12:43:21 | 000,000,000 | ---- | C] () -- C:\Users\Dozent\defogger_reenable [2013.05.22 15:11:48 | 000,002,048 | ---- | C] () -- C:\Users\Dozent\Desktop\System Care Antivirus.lnk [2013.05.16 11:49:56 | 000,483,346 | ---- | C] () -- C:\Users\Dozent\Documents\gmx Kündigung.PDF [2013.04.24 14:03:01 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.22 08:45:41 | 000,002,707 | ---- | C] () -- C:\Users\Dozent\.recently-used.xbel [2013.02.28 17:15:40 | 000,000,311 | ---- | C] () -- C:\Users\Dozent\.authorrc1 [2012.08.27 12:31:50 | 000,000,002 | ---- | C] () -- C:\Users\Dozent\uz.dat [2012.07.02 13:24:23 | 000,000,074 | ---- | C] () -- C:\Users\Dozent\geonext.ini [2010.02.18 09:57:27 | 000,001,444 | ---- | C] () -- C:\Users\Dozent\.zir.cfg [2010.02.17 14:21:25 | 000,000,680 | RHS- | C] () -- C:\Users\Dozent\ntuser.pol ========== ZeroAccess Check ========== [2013.01.17 18:56:53 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB43389$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P6PTQQTG\t.cxt.ms\lso.swf\u.sol [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.08.27 13:34:59 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Azureus [2012.07.10 17:49:10 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Babylon [2013.05.22 13:54:24 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Canon [2013.03.21 17:12:50 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Diron [2013.02.20 16:21:58 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\DynaGeo [2013.04.09 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Ekexi [2012.06.19 12:37:12 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\EPSON [2013.04.22 08:45:41 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\gtk-2.0 [2010.02.18 10:12:49 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\KompoZer [2012.04.25 13:21:21 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\mathegrafix [2012.06.26 21:45:54 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\OmegaT [2010.02.18 09:36:14 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\OpenOffice.org [2013.04.03 15:18:23 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Yhdon [2012.07.10 17:49:43 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\YourFileDownloader ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB43389$] -> Error: Cannot create file handle -> Unknown point type < End of report > Extra.txt OTL Extras logfile created on: 24.05.2013 12:50:52 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Teilnehmer\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 895,29 Mb Total Physical Memory | 326,03 Mb Available Physical Memory | 36,42% Memory free 1,87 Gb Paging File | 0,86 Gb Available in Paging File | 45,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 118,87 Gb Free Space | 79,80% Space Free | Partition Type: NTFS Computer Name: PC-RAUM-1 | User Name: Dozent | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E931A51-A183-4E66-8562-D82896E74C67}" = BCool Gadget "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{20E7BC40-33F6-4A81-9D52-B58349326206}" = Bcool "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0 "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "7-Zip" = 7-Zip 4.57 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Calc 3D Pro_is1" = Calc 3D Pro 2.1.10 "Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "DynaGeo_is1" = DynaGeo 3.8 "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "EPSON S21 Series" = Druckerdeinstallation für EPSON S21 Series "Epson Stylus S21_T21_T27 Benutzerhandbuch" = Epson Stylus S21_T21_T27 Handbuch "f(x)-Viewer_is1" = f(x)-Viewer 2.0.1 "GEONExT_is1" = GEONExT 1.74 "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "KompoZer_is1" = KompoZer 0.77 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "MatheGrafix 9_is1" = MatheGrafix 9 (Version 9.50) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "OmegaT 2.5.5_is1" = OmegaT version 2.5.5 "PROHYBRIDR" = 2007 Microsoft Office system "TIPP10_is1" = TIPP10 Version 2.0.3 "VLC media player" = VLC media player 1.1.5 "WinGimp-2.0_is1" = GIMP 2.6.8 "WinRAR archiver" = WinRAR 4.20 (32-Bit) "Z.u.L._is1" = Z.u.L. Version 9.2 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DirectDownloader" = DirectDownloader ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12.04.2013 11:06:21 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ~!#5C72.tmp, Version: 5.1.2600.0, Zeitstempel: 0x51671b05 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0012ff96 ID des fehlerhaften Prozesses: 0x600 Startzeit der fehlerhaften Anwendung: 0x01ce378f49567d38 Pfad der fehlerhaften Anwendung: C:\Users\TEILNE~1\AppData\Local\Temp\~!#5C72.tmp Pfad des fehlerhaften Moduls: unknown Berichtskennung: 8851a058-a382-11e2-ba7f-90e6ba7bcb72 Error - 18.04.2013 10:15:26 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847, Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0x80000003 Fehleroffset: 0x012ea594 ID des fehlerhaften Prozesses: 0x974 Startzeit der fehlerhaften Anwendung: 0x01ce3c3f01077820 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 6a0a5770-a832-11e2-bf36-90e6ba7bcb72 Error - 18.04.2013 10:23:21 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847, Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0x80000003 Fehleroffset: 0x004ea594 ID des fehlerhaften Prozesses: 0xc80 Startzeit der fehlerhaften Anwendung: 0x01ce3c3ffe819350 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 850774a8-a833-11e2-bf36-90e6ba7bcb72 Error - 23.04.2013 04:02:46 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: mshtml.dll, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9d776 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000d059 ID des fehlerhaften Prozesses: 0x7cc Startzeit der fehlerhaften Anwendung: 0x01ce3ff8667132e8 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\mshtml.dll Berichtskennung: 2ea72268-abec-11e2-bd28-90e6ba7bcb72 Error - 15.05.2013 05:57:12 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847, Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847, Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften Prozesses: 0xca8 Startzeit der fehlerhaften Anwendung: 0x01ce5143a7dd50e8 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: cff095e0-bd45-11e2-ba20-90e6ba7bcb72 Error - 15.05.2013 07:14:38 | Computer Name = PC-Raum-1 | Source = Application Hang | ID = 1002 Description = Programm wmplayer.exe, Version 12.0.7600.16667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fc4 Startzeit: 01ce5159be434958 Endzeit: 6 Anwendungspfad: C:\Program Files\Windows Media Player\wmplayer.exe Berichts-ID: Error - 15.05.2013 10:15:13 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: mshtml.dll, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9d776 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001d9aa6 ID des fehlerhaften Prozesses: 0x92c Startzeit der fehlerhaften Anwendung: 0x01ce517593be0d14 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\mshtml.dll Berichtskennung: db27a574-bd69-11e2-b114-90e6ba7bcb72 Error - 22.05.2013 03:01:19 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: mshtml.dll, Version: 9.0.8112.16447, Zeitstempel: 0x4fc9d776 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001d9aa6 ID des fehlerhaften Prozesses: 0x6cc Startzeit der fehlerhaften Anwendung: 0x01ce56b8eb6ca460 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\mshtml.dll Berichtskennung: 66cd4eb0-c2ad-11e2-a14d-90e6ba7bcb72 Error - 22.05.2013 09:12:18 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 20.0.1.4847, Zeitstempel: 0x51650a74 Name des fehlerhaften Moduls: NPSWF32_11_5_502_146.dll, Version: 11.5.502.146, Zeitstempel: 0x50cfc317 Ausnahmecode: 0x80000003 Fehleroffset: 0x0032fded ID des fehlerhaften Prozesses: 0x36c Startzeit der fehlerhaften Anwendung: 0x01ce56ba5a7313c0 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll Berichtskennung: 3a80c36c-c2e1-11e2-a14d-90e6ba7bcb72 Error - 24.05.2013 06:43:34 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3 Name des fehlerhaften Moduls: MediaShellOverlays.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ff471b8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6de0c225 ID des fehlerhaften Prozesses: 0xda8 Startzeit der fehlerhaften Anwendung: 0x01ce586923a76390 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: MediaShellOverlays.dll Berichtskennung: c7f1628c-c45e-11e2-b2ea-90e6ba7bcb72 [ Media Center Events ] Error - 08.12.2012 04:07:29 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0 Description = 09:07:28 - dSM-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 09:07:28 - Logos-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 09:07:28 - SMTiles-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 09:07:28 - UpdateableMarkup.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) Error - 08.12.2012 04:07:30 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0 Description = 09:07:30 - Broadband-2.enc konnte nicht abgerufen werden (Fehler: BITS 0x80070424) Error - 10.12.2012 11:07:46 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0 Description = 16:07:45 - dSM-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 16:07:45 - Logos-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 16:07:45 - SMTiles-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 16:07:45 - UpdateableMarkup.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) Error - 10.12.2012 11:07:52 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0 Description = 16:07:48 - Broadband-2.enc konnte nicht abgerufen werden (Fehler: BITS 0x80070424) Error - 11.12.2012 10:25:37 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0 Description = 15:25:27 - dSM-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 15:25:29 - Logos-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 15:25:29 - SMTiles-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 15:25:29 - UpdateableMarkup.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) Error - 11.12.2012 10:26:52 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0 Description = 15:25:39 - Broadband-2.enc konnte nicht abgerufen werden (Fehler: BITS 0x80070424) Error - 12.12.2012 06:59:19 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0 Description = 11:59:18 - dSM-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 11:59:18 - Logos-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 11:59:18 - SMTiles-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 11:59:18 - UpdateableMarkup.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) Error - 12.12.2012 06:59:25 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0 Description = 11:59:20 - Broadband-2.enc konnte nicht abgerufen werden (Fehler: BITS 0x80070424) Error - 13.12.2012 08:47:08 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0 Description = 13:47:07 - dSM-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 13:47:08 - Logos-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 13:47:08 - SMTiles-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 13:47:08 - UpdateableMarkup.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) Error - 13.12.2012 08:47:09 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0 Description = 13:47:09 - Broadband-2.enc konnte nicht abgerufen werden (Fehler: BITS 0x80070424) [ OSession Events ] Error - 01.09.2010 11:59:26 | Computer Name = PC-Raum-1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7726 seconds with 6720 seconds of active time. This session ended with a crash. [ System Events ] Error - 15.05.2013 11:35:32 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 16.05.2013 06:36:34 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 16.05.2013 13:47:51 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 22.05.2013 04:39:25 | Computer Name = PC-Raum-1 | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error - 22.05.2013 04:39:25 | Computer Name = PC-Raum-1 | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error - 22.05.2013 09:15:37 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 22.05.2013 11:39:44 | Computer Name = PC-Raum-1 | Source = DCOM | ID = 10010 Description = Error - 22.05.2013 11:42:18 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 23.05.2013 10:23:56 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016 Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 24.05.2013 06:26:03 | Computer Name = PC-Raum-1 | Source = DCOM | ID = 10010 Description = < End of report > Gmer.txt GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-05-24 14:01:29 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\00000032 WDC_WD16 rev.01.0 149,05GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Dozent\AppData\Local\Temp\ufrirpob.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 83683599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 836A8092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .rsrc C:\Windows\system32\DRIVERS\cdrom.sys section is executable [0x8B877000, 0x5AEE, 0x68000020] ? C:\Windows\system32\DRIVERS\cdrom.sys suspicious PE modification ---- User code sections - GMER 2.1 ---- .text C:\Windows\System32\svchost.exe[1336] user32.dll!GetCursorPos 770AC198 5 Bytes JMP 001B000A .text C:\Windows\System32\svchost.exe[1336] user32.dll!DialogBoxIndirectParamAorW 770D551D 5 Bytes JMP 001C000A .text C:\Windows\System32\svchost.exe[1336] ole32.dll!CoCreateInstance 773A590C 5 Bytes JMP 001A000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2040] USER32.dll!CharToOemA + 3A 770AB1DE 7 Bytes JMP 663C43E6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2040] USER32.dll!AdjustWindowRectEx + 117 770B660F 7 Bytes JMP 663C4375 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2040] USER32.dll!GetWindowInfo 770B6A82 5 Bytes JMP 6600E50D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2040] USER32.dll!MenuItemFromPoint + F 770D4B36 7 Bytes JMP 6600E9FB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2652] ntdll.dll!wcsncmp + 33B 77B7F420 7 Bytes JMP 65E36D70 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2652] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 7726C057 7 Bytes JMP 6618D713 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2652] kernel32.dll!CloseHandle + 38 7727058F 7 Bytes JMP 6618D736 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2652] kernel32.dll!GetExitCodeProcess + 2C 772730DD 7 Bytes JMP 65E51C62 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2652] GDI32.dll!GetViewportOrgEx + 21C 773085EB 7 Bytes JMP 6618D694 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2652] CRYPT32.dll!I_CryptAddRefLruEntry + 209E 75D4C679 7 Bytes JMP 005CF630 .text C:\Program Files\Mozilla Firefox\firefox.exe[2652] CRYPT32.dll!I_CryptEnumMatchingLruEntries + 188B 75D4E505 7 Bytes JMP 005CF6A0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateFile + 6 77B646B6 4 Bytes [28, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateFile + B 77B646BB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateKey + 6 77B646F6 4 Bytes [68, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateKey + B 77B646FB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateMutant + 6 77B64736 4 Bytes [68, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateMutant + B 77B6473B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateSection + 6 77B647D6 4 Bytes [A8, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateSection + B 77B647DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtMapViewOfSection + B 77B64D1B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenFile + 6 77B64DC6 4 Bytes [68, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenFile + B 77B64DCB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenKey + 6 77B64DF6 4 Bytes [A8, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenKey + B 77B64DFB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenKeyEx + B 77B64E0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenMutant + 6 77B64E46 4 Bytes [28, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenMutant + B 77B64E4B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcess + 6 77B64E76 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcess + 6 77B64E76 4 Bytes [68, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcess + B 77B64E7B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcessToken + 6 77B64E86 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcessToken + 6 77B64E86 4 Bytes [A8, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcessToken + B 77B64E8B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcessTokenEx + 6 77B64E96 4 Bytes [68, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcessTokenEx + B 77B64E9B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenSection + B 77B64EBB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThread + 6 77B64EF6 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThread + 6 77B64EF6 4 Bytes [28, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThread + B 77B64EFB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThreadToken + 6 77B64F06 4 Bytes [28, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThreadToken + B 77B64F0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThreadTokenEx + 6 77B64F16 4 Bytes [A8, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThreadTokenEx + B 77B64F1B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtQueryAttributesFile + 6 77B65026 4 Bytes [A8, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtQueryAttributesFile + B 77B6502B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtQueryFullAttributesFile + B 77B650DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtSetInformationFile + 6 77B65726 4 Bytes [28, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtSetInformationFile + B 77B6572B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtSetInformationThread + 6 77B65786 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtSetInformationThread + B 77B6578B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtUnmapViewOfSection + 6 77B65AA6 4 Bytes [28, 05, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtUnmapViewOfSection + B 77B65AAB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] kernel32.dll!CreateProcessW 7722202D 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] kernel32.dll!CreateProcessA 77222062 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SelectObject 773061D0 5 Bytes JMP 001505F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetTextColor 77306622 5 Bytes JMP 00150A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetBkMode 773066CD 5 Bytes JMP 001508F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!DeleteObject 773068B4 5 Bytes JMP 001501B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!DeleteDC 77306A2C 5 Bytes JMP 00150170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!ExtSelectClipRgn 77306C72 5 Bytes JMP 001502F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SelectClipRgn 77306D84 5 Bytes JMP 001505B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetDeviceCaps 77306E03 5 Bytes JMP 001503B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetStretchBltMode 773073CE 5 Bytes JMP 001506B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetCurrentObject 7730777C 5 Bytes JMP 00150370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextMetricsW 7730798F 5 Bytes JMP 00150E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!IntersectClipRect 77307CCA 5 Bytes JMP 001503F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextAlign 77307D15 5 Bytes JMP 00150D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetTextAlign 77307F92 5 Bytes JMP 001509F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!ExtTextOutW 77308053 5 Bytes JMP 00150970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetClipBox 773081F2 5 Bytes JMP 00150330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!MoveToEx 77308A16 5 Bytes JMP 00150470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!CreateDCA 77309975 5 Bytes JMP 001500B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!RestoreDC 77309A10 5 Bytes JMP 00150530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SaveDC 77309AD2 5 Bytes JMP 00150570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!StretchDIBits 7730AC38 5 Bytes JMP 00150770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextFaceW 7730B4CC 5 Bytes JMP 00150D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextExtentPoint32W 7730B535 5 Bytes JMP 00150670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetFontData 7730B8E8 5 Bytes JMP 00150C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!CreateDCW 7730BD21 5 Bytes JMP 001500F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!CreateICW 7730C660 5 Bytes JMP 00150130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!LineTo 7730CA20 5 Bytes JMP 00150430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetWorldTransform 7730CB42 5 Bytes JMP 001506F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextMetricsA 7730CE46 5 Bytes JMP 00150DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!Rectangle 7730F5BE 5 Bytes JMP 001509B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetICMMode 7730F8D4 5 Bytes JMP 00150DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!ExtTextOutA 77310158 5 Bytes JMP 00150930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextExtentPoint32A 773108BB 5 Bytes JMP 00150630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!Escape 77310B0D 5 Bytes JMP 00150270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!ExtEscape 77313472 5 Bytes JMP 001502B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextFaceA 77313E49 5 Bytes JMP 00150CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetPolyFillMode 77316CE1 5 Bytes JMP 00150B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetMiterLimit 77316E54 5 Bytes JMP 00150B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!ResetDCW 7732031C 5 Bytes JMP 00150AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!EndPage 773207CD 5 Bytes JMP 00150230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetGlyphOutlineW 7732C292 5 Bytes JMP 00150CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!CreateScalableFontResourceW 7732E8EF 5 Bytes JMP 00150BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!AddFontResourceW 7732ECEB 5 Bytes JMP 00150BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!RemoveFontResourceW 7732F1E1 5 Bytes JMP 00150C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!AbortDoc 77334D37 5 Bytes JMP 00150030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!EndDoc 7733517E 5 Bytes JMP 001501F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!StartPage 77335269 5 Bytes JMP 00150730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!StartDocW 77335BB6 5 Bytes JMP 001507F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!BeginPath 7733635D 5 Bytes JMP 00150830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SelectClipPath 773363B4 5 Bytes JMP 00150AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!CloseFigure 7733640F 5 Bytes JMP 00150070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!EndPath 77336466 5 Bytes JMP 00150A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!StrokePath 77336699 5 Bytes JMP 001507B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!FillPath 77336726 5 Bytes JMP 00150870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!PolylineTo 77336B94 5 Bytes JMP 001504F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!PolyBezierTo 77336C25 5 Bytes JMP 001504B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!PolyDraw 77336CD7 5 Bytes JMP 001508B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!ActivateKeyboardLayout 770A817D 5 Bytes JMP 001604F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!ScreenToClient 770AC1F2 7 Bytes JMP 00160670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!RegisterClipboardFormatA 770AE6B1 5 Bytes JMP 001602F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!RegisterClipboardFormatW 770AEDFD 5 Bytes JMP 001602B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!SetCursor 770B52EA 5 Bytes JMP 00160530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!MonitorFromWindow 770B590A 7 Bytes JMP 00160630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!PostMessageW 770B6225 5 Bytes JMP 001605F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!IsWindowVisible 770B6939 7 Bytes JMP 001606B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClientRect 770B74B1 7 Bytes JMP 001605B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!MapWindowPoints 770B7915 5 Bytes JMP 00160570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetParent 770B7AB3 7 Bytes JMP 001606F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!SetClipboardData 770C4979 5 Bytes JMP 00160170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!EmptyClipboard 770C4A28 5 Bytes JMP 00160130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardData 770C4B47 5 Bytes JMP 00160030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!EnumClipboardFormats 770C4D98 5 Bytes JMP 001601B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardFormatNameW 770C7EB2 5 Bytes JMP 00160230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!SetClipboardViewer 770C8F4D 5 Bytes JMP 001604B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardFormatNameA 770C8F61 5 Bytes JMP 00160270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetOpenClipboardWindow 770C902F 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetOpenClipboardWindow 770C902F 5 Bytes JMP 001603F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!ChangeClipboardChain 770D3425 5 Bytes JMP 00160430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetTopWindow 770D3A5D 7 Bytes JMP 00160730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!CloseClipboard 770D5BA7 5 Bytes JMP 001600B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!OpenClipboard 770D5BB9 5 Bytes JMP 00160070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!IsClipboardFormatAvailable 770D5C3A 5 Bytes JMP 001600F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardSequenceNumber 770D5C4E 5 Bytes JMP 00160330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardOwner 770D5C60 5 Bytes JMP 00160370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!CountClipboardFormats 770D5DC9 5 Bytes JMP 001601F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!SetCursorPos 770EC1D8 5 Bytes JMP 00160770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardViewer 77104B57 5 Bytes JMP 00160470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetPriorityClipboardFormat 77104C59 5 Bytes JMP 001603B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ole32.dll!OleSetClipboard 773AF2FE 5 Bytes JMP 00170030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ole32.dll!OleIsCurrentClipboard 773B2489 5 Bytes JMP 00170070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ole32.dll!OleGetClipboard 773DF825 5 Bytes JMP 001700B0 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85de6698]<< 85de6698 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b5a030] 85b5a030 Trace 3 CLASSPNP.SYS[87bc159e] -> nt!IofCallDriver -> [0x85df3ef8] 85df3ef8 Trace \Driver\00000493[0x85df4350] -> IRP_MJ_CREATE -> 0x85de6698 85de6698 ---- Modules - GMER 2.1 ---- Module (noname) (*** hidden *** ) 8B854000-8B869000 (86016 bytes) ---- Processes - GMER 2.1 ---- Process C:\Windows\System32\svchost.exe (*** hidden *** ) 1336 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Windows\$NtUninstallKB43389$\2657797194 0 bytes File C:\Windows\$NtUninstallKB43389$\624790592 0 bytes File C:\Windows\$NtUninstallKB43389$\624790592\@ 2048 bytes File C:\Windows\$NtUninstallKB43389$\624790592\Desktop.ini 4608 bytes File C:\Windows\$NtUninstallKB43389$\624790592\L 0 bytes File C:\Windows\$NtUninstallKB43389$\624790592\L\00000004.@ 804 bytes File C:\Windows\$NtUninstallKB43389$\624790592\L\201d3dde 198 bytes File C:\Windows\$NtUninstallKB43389$\624790592\L\24fb4792 69 bytes File C:\Windows\$NtUninstallKB43389$\624790592\L\4cce1f70 2044 bytes File C:\Windows\$NtUninstallKB43389$\624790592\L\6715e287 69 bytes File C:\Windows\$NtUninstallKB43389$\624790592\L\76603ac3 2415 bytes File C:\Windows\$NtUninstallKB43389$\624790592\L\xadqgnnk 108544 bytes File C:\Windows\$NtUninstallKB43389$\624790592\U 0 bytes File C:\Windows\$NtUninstallKB43389$\624790592\U\00000004.@ 2048 bytes File C:\Windows\$NtUninstallKB43389$\624790592\U\00000008.@ 1024 bytes File C:\Windows\$NtUninstallKB43389$\624790592\U\000000cb.@ 1632 bytes File C:\Windows\$NtUninstallKB43389$\624790592\U\80000000.@ 11776 bytes File C:\Windows\$NtUninstallKB43389$\624790592\U\80000032.@ 90624 bytes File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H0X9XI0\iframe3[5].htm 0 bytes File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAX244AE\st[1].htm 0 bytes File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAX244AE\player[1].htm 0 bytes File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAX244AE\view[1].htm 198 bytes File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GCYD5Q\stCA5XDO69 0 bytes File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GCYD5Q\stCAQS2GKW 0 bytes File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GCYD5Q\st[11] 0 bytes ---- EOF - GMER 2.1 ---- Vielen Dank im Voraus für eure Hilfe. Ich muss aber leider sagen, dass ich erst wieder am Montag eure Hinweise befolgen kann. |
|
24.05.2013, 13:19
| #2 |
| /// Malware-holic   | System Anti Virus Hi,
__________________wer keine Windows updates zb macht, muss sich nicht wundern :-( otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\RunOnce: [A49C15FB3DB849D00000A49B71654F53] C:\ProgramData\A49C15FB3DB849D00000A49B71654F53\A49C15FB3DB849D00000A49B71654F53.exe ()
[2013.05.22 15:11:49 | 000,000,000 | ---D | C] -- C:\Users\Dozent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
:files
C:\ProgramData\A49C15FB3DB849D00000A49B71654F53
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
27.05.2013, 20:32
| #3 |
| | System Anti Virus Ja, hab ich gemacht. Dankeschön bis hierhin erstmal.... Ich kann erst morgen wieder hier schauen.
__________________All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\A49C15FB3DB849D00000A49B71654F53 not found. C:\ProgramData\A49C15FB3DB849D00000A49B71654F53\A49C15FB3DB849D00000A49B71654F53.exe moved successfully. C:\Users\Dozent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus folder moved successfully. ========== FILES ========== C:\ProgramData\A49C15FB3DB849D00000A49B71654F53 folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Dozent ->Temp folder emptied: 166407437 bytes ->Temporary Internet Files folder emptied: 375932941 bytes ->Java cache emptied: 5698039 bytes ->FireFox cache emptied: 86354511 bytes ->Flash cache emptied: 2222 bytes User: Public User: Teilnehmer ->Temp folder emptied: 78130752 bytes ->Temporary Internet Files folder emptied: 47715977 bytes ->Java cache emptied: 473248 bytes ->FireFox cache emptied: 70187739 bytes ->Flash cache emptied: 506 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 643017164 bytes RecycleBin emptied: 154624 bytes Total Files Cleaned = 1.406,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05272013_175414 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
27.05.2013, 21:33
| #4 |
| /// Malware-holic | System Anti Virus normaler Modus läuft? dann: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.05.2013, 10:57
| #5 |
| | System Anti Virus Hallo, wahrscheinlich habe ich das nun von Anfang an falsch gemacht. Denn der Administratoraccount kommt gar nicht ins Internet, daher habe ich mich unter dem anderen Account eingeloggt und diese ganzen Anleitungen befolgt. Das Administrator-Passwort, das ich für Downloads brauchte, musste ich dann hier und da eingeben. Unter diesem anderen Account läuft der normale Modus. Code:
ATTFilter 11:51:23.0575 0672 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:51:23.0805 0672 ============================================================
11:51:23.0805 0672 Current date / time: 2013/05/28 11:51:23.0805
11:51:23.0805 0672 SystemInfo:
11:51:23.0805 0672
11:51:23.0805 0672 OS Version: 6.1.7600 ServicePack: 0.0
11:51:23.0805 0672 Product type: Workstation
11:51:23.0805 0672 ComputerName: PC-RAUM-1
11:51:23.0805 0672 UserName: Dozent
11:51:23.0805 0672 Windows directory: C:\Windows
11:51:23.0805 0672 System windows directory: C:\Windows
11:51:23.0805 0672 Processor architecture: Intel x86
11:51:23.0805 0672 Number of processors: 2
11:51:23.0805 0672 Page size: 0x1000
11:51:23.0805 0672 Boot type: Normal boot
11:51:23.0805 0672 ============================================================
11:51:25.0005 0672 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x11EE4, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
11:51:25.0005 0672 ============================================================
11:51:25.0005 0672 \Device\Harddisk0\DR0:
11:51:25.0005 0672 MBR partitions:
11:51:25.0005 0672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:51:25.0005 0672 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
11:51:25.0005 0672 ============================================================
11:51:25.0055 0672 C: <-> \Device\Harddisk0\DR0\Partition2
11:51:25.0115 0672 ============================================================
11:51:25.0115 0672 Initialize success
11:51:25.0115 0672 ============================================================
11:52:07.0445 3376 ============================================================
11:52:07.0445 3376 Scan started
11:52:07.0445 3376 Mode: Manual; SigCheck; TDLFS;
11:52:07.0445 3376 ============================================================
11:52:08.0505 3376 ================ Scan system memory ========================
11:52:08.0505 3376 System memory - ok
11:52:08.0505 3376 ================ Scan services =============================
11:52:08.0695 3376 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:52:08.0825 3376 1394ohci - ok
11:52:08.0865 3376 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
11:52:08.0885 3376 ACPI - ok
11:52:08.0895 3376 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
11:52:08.0975 3376 AcpiPmi - ok
11:52:09.0015 3376 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:52:09.0025 3376 adp94xx - ok
11:52:09.0065 3376 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:52:09.0085 3376 adpahci - ok
11:52:09.0095 3376 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:52:09.0115 3376 adpu320 - ok
11:52:09.0135 3376 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:52:09.0215 3376 AeLookupSvc - ok
11:52:09.0265 3376 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
11:52:09.0345 3376 AFD - ok
11:52:09.0355 3376 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
11:52:09.0365 3376 agp440 - ok
11:52:09.0395 3376 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
11:52:09.0405 3376 aic78xx - ok
11:52:09.0435 3376 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
11:52:09.0495 3376 ALG - ok
11:52:09.0515 3376 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
11:52:09.0525 3376 aliide - ok
11:52:09.0535 3376 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
11:52:09.0545 3376 amdagp - ok
11:52:09.0555 3376 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
11:52:09.0565 3376 amdide - ok
11:52:09.0595 3376 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:52:09.0625 3376 AmdK8 - ok
11:52:09.0655 3376 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:52:09.0685 3376 AmdPPM - ok
11:52:09.0715 3376 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:52:09.0735 3376 amdsata - ok
11:52:09.0745 3376 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:52:09.0765 3376 amdsbs - ok
11:52:09.0785 3376 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:52:09.0795 3376 amdxata - ok
11:52:09.0815 3376 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
11:52:09.0885 3376 AppID - ok
11:52:09.0905 3376 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:52:10.0035 3376 AppIDSvc - ok
11:52:10.0045 3376 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
11:52:10.0105 3376 Appinfo - ok
11:52:10.0135 3376 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
11:52:10.0145 3376 arc - ok
11:52:10.0155 3376 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:52:10.0175 3376 arcsas - ok
11:52:10.0185 3376 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:52:10.0305 3376 AsyncMac - ok
11:52:10.0325 3376 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
11:52:10.0325 3376 atapi - ok
11:52:10.0345 3376 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:52:10.0405 3376 AudioEndpointBuilder - ok
11:52:10.0435 3376 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:52:10.0455 3376 Audiosrv - ok
11:52:10.0475 3376 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:52:10.0535 3376 AxInstSV - ok
11:52:10.0555 3376 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
11:52:10.0605 3376 b06bdrv - ok
11:52:10.0625 3376 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
11:52:10.0665 3376 b57nd60x - ok
11:52:10.0695 3376 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
11:52:10.0735 3376 BDESVC - ok
11:52:10.0775 3376 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
11:52:10.0815 3376 Beep - ok
11:52:10.0835 3376 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:52:10.0865 3376 blbdrive - ok
11:52:10.0905 3376 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:52:10.0955 3376 bowser - ok
11:52:10.0975 3376 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:52:10.0995 3376 BrFiltLo - ok
11:52:11.0015 3376 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:52:11.0065 3376 BrFiltUp - ok
11:52:11.0105 3376 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
11:52:11.0135 3376 Browser - ok
11:52:11.0165 3376 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:52:11.0215 3376 Brserid - ok
11:52:11.0235 3376 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:52:11.0285 3376 BrSerWdm - ok
11:52:11.0295 3376 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:52:11.0325 3376 BrUsbMdm - ok
11:52:11.0345 3376 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:52:11.0375 3376 BrUsbSer - ok
11:52:11.0395 3376 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:52:11.0425 3376 BTHMODEM - ok
11:52:11.0445 3376 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
11:52:11.0485 3376 bthserv - ok
11:52:11.0535 3376 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:52:11.0585 3376 cdfs - ok
11:52:11.0605 3376 [ 9E8E9A56FAF5F3C1E1AEA68DD7225403 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:52:11.0605 3376 Suspicious file (Forged): C:\Windows\system32\DRIVERS\cdrom.sys. Real md5: 9E8E9A56FAF5F3C1E1AEA68DD7225403, Fake md5: BA6E70AA0E6091BC39DE29477D866A77
11:52:11.0605 3376 cdrom ( Virus.Win32.ZAccess.k ) - infected
11:52:11.0605 3376 cdrom - detected Virus.Win32.ZAccess.k (0)
11:52:11.0645 3376 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
11:52:11.0665 3376 CertPropSvc - ok
11:52:11.0685 3376 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:52:11.0715 3376 circlass - ok
11:52:11.0745 3376 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
11:52:11.0765 3376 CLFS - ok
11:52:11.0825 3376 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:52:11.0835 3376 clr_optimization_v2.0.50727_32 - ok
11:52:11.0895 3376 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:52:11.0925 3376 clr_optimization_v4.0.30319_32 - ok
11:52:11.0945 3376 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:52:11.0955 3376 CmBatt - ok
11:52:11.0985 3376 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
11:52:11.0995 3376 cmdide - ok
11:52:12.0025 3376 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
11:52:12.0045 3376 CNG - ok
11:52:12.0065 3376 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:52:12.0075 3376 Compbatt - ok
11:52:12.0085 3376 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:52:12.0115 3376 CompositeBus - ok
11:52:12.0115 3376 COMSysApp - ok
11:52:12.0195 3376 cpuz132 - ok
11:52:12.0215 3376 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:52:12.0225 3376 crcdisk - ok
11:52:12.0265 3376 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:52:12.0345 3376 CryptSvc - ok
11:52:12.0375 3376 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
11:52:12.0475 3376 DcomLaunch - ok
11:52:12.0515 3376 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
11:52:12.0555 3376 defragsvc - ok
11:52:12.0615 3376 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:52:12.0685 3376 DfsC - ok
11:52:12.0715 3376 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:52:12.0775 3376 Dhcp - ok
11:52:12.0805 3376 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
11:52:12.0845 3376 discache - ok
11:52:12.0875 3376 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:52:12.0885 3376 Disk - ok
11:52:12.0925 3376 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:52:12.0975 3376 Dnscache - ok
11:52:12.0995 3376 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
11:52:13.0045 3376 dot3svc - ok
11:52:13.0065 3376 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
11:52:13.0105 3376 DPS - ok
11:52:13.0135 3376 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:52:13.0165 3376 drmkaud - ok
11:52:13.0215 3376 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:52:13.0235 3376 DXGKrnl - ok
11:52:13.0275 3376 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
11:52:13.0295 3376 EapHost - ok
11:52:13.0375 3376 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
11:52:13.0475 3376 ebdrv - ok
11:52:13.0515 3376 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
11:52:13.0595 3376 EFS - ok
11:52:13.0645 3376 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:52:13.0725 3376 ehRecvr - ok
11:52:13.0745 3376 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
11:52:13.0795 3376 ehSched - ok
11:52:13.0815 3376 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:52:13.0835 3376 elxstor - ok
11:52:13.0845 3376 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
11:52:13.0875 3376 ErrDev - ok
11:52:13.0925 3376 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
11:52:13.0965 3376 EventSystem - ok
11:52:14.0005 3376 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
11:52:14.0045 3376 exfat - ok
11:52:14.0075 3376 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:52:14.0095 3376 fastfat - ok
11:52:14.0125 3376 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
11:52:14.0195 3376 Fax - ok
11:52:14.0225 3376 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:52:14.0245 3376 fdc - ok
11:52:14.0275 3376 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
11:52:14.0295 3376 fdPHost - ok
11:52:14.0305 3376 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
11:52:14.0345 3376 FDResPub - ok
11:52:14.0385 3376 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:52:14.0385 3376 FileInfo - ok
11:52:14.0405 3376 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:52:14.0425 3376 Filetrace - ok
11:52:14.0445 3376 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:52:14.0475 3376 flpydisk - ok
11:52:14.0505 3376 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:52:14.0515 3376 FltMgr - ok
11:52:14.0555 3376 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
11:52:14.0615 3376 FontCache - ok
11:52:14.0665 3376 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:52:14.0675 3376 FontCache3.0.0.0 - ok
11:52:14.0735 3376 [ F33425DBD8CDF00C1F318BA0EDC8D048 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
11:52:14.0755 3376 ForceWare Intelligent Application Manager (IAM) - ok
11:52:14.0785 3376 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:52:14.0795 3376 FsDepends - ok
11:52:14.0825 3376 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:52:14.0835 3376 Fs_Rec - ok
11:52:14.0865 3376 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:52:14.0875 3376 fvevol - ok
11:52:14.0895 3376 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:52:14.0905 3376 gagp30kx - ok
11:52:14.0935 3376 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
11:52:14.0975 3376 gpsvc - ok
11:52:15.0005 3376 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:52:15.0055 3376 hcw85cir - ok
11:52:15.0085 3376 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:52:15.0115 3376 HdAudAddService - ok
11:52:15.0135 3376 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:52:15.0165 3376 HDAudBus - ok
11:52:15.0185 3376 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:52:15.0215 3376 HidBatt - ok
11:52:15.0235 3376 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:52:15.0275 3376 HidBth - ok
11:52:15.0285 3376 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:52:15.0315 3376 HidIr - ok
11:52:15.0345 3376 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
11:52:15.0365 3376 hidserv - ok
11:52:15.0405 3376 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:52:15.0415 3376 HidUsb - ok
11:52:15.0435 3376 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:52:15.0485 3376 hkmsvc - ok
11:52:15.0515 3376 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:52:15.0525 3376 HomeGroupListener - ok
11:52:15.0555 3376 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:52:15.0585 3376 HomeGroupProvider - ok
11:52:15.0615 3376 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
11:52:15.0625 3376 HpSAMD - ok
11:52:15.0645 3376 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:52:15.0695 3376 HTTP - ok
11:52:15.0775 3376 [ ADFA0D6F486612EEB13E86AEC7D2A25D ] HWiNFO32 C:\Users\Dozent\Desktop\hwinfo32\HWiNFO32.SYS
11:52:15.0785 3376 HWiNFO32 - ok
11:52:15.0815 3376 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:52:15.0825 3376 hwpolicy - ok
11:52:15.0835 3376 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:52:15.0875 3376 i8042prt - ok
11:52:15.0915 3376 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:52:15.0925 3376 iaStorV - ok
11:52:15.0965 3376 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:52:15.0995 3376 idsvc - ok
11:52:16.0015 3376 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:52:16.0025 3376 iirsp - ok
11:52:16.0065 3376 [ C5B04409186A27409BD069580208A6D3 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
11:52:16.0065 3376 IJPLMSVC - ok
11:52:16.0105 3376 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
11:52:16.0155 3376 IKEEXT - ok
11:52:16.0225 3376 [ 8B27C21412AE4404EB0ACFE1D98579EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:52:16.0295 3376 IntcAzAudAddService - ok
11:52:16.0315 3376 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
11:52:16.0325 3376 intelide - ok
11:52:16.0335 3376 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:52:16.0365 3376 intelppm - ok
11:52:16.0385 3376 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:52:16.0425 3376 IPBusEnum - ok
11:52:16.0445 3376 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:52:16.0495 3376 IpFilterDriver - ok
11:52:16.0515 3376 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:52:16.0545 3376 IPMIDRV - ok
11:52:16.0545 3376 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:52:16.0585 3376 IPNAT - ok
11:52:16.0605 3376 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:52:16.0615 3376 IRENUM - ok
11:52:16.0635 3376 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
11:52:16.0645 3376 isapnp - ok
11:52:16.0675 3376 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
11:52:16.0695 3376 iScsiPrt - ok
11:52:16.0725 3376 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:52:16.0735 3376 kbdclass - ok
11:52:16.0745 3376 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:52:16.0775 3376 kbdhid - ok
11:52:16.0805 3376 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
11:52:16.0815 3376 KeyIso - ok
11:52:16.0835 3376 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:52:16.0845 3376 KSecDD - ok
11:52:16.0875 3376 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:52:16.0885 3376 KSecPkg - ok
11:52:16.0925 3376 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
11:52:16.0965 3376 KtmRm - ok
11:52:17.0015 3376 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
11:52:17.0045 3376 LanmanServer - ok
11:52:17.0075 3376 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:52:17.0115 3376 LanmanWorkstation - ok
11:52:17.0145 3376 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:52:17.0175 3376 lltdio - ok
11:52:17.0205 3376 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:52:17.0225 3376 lltdsvc - ok
11:52:17.0265 3376 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
11:52:17.0305 3376 lmhosts - ok
11:52:17.0335 3376 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:52:17.0345 3376 LSI_FC - ok
11:52:17.0385 3376 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:52:17.0395 3376 LSI_SAS - ok
11:52:17.0405 3376 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:52:17.0415 3376 LSI_SAS2 - ok
11:52:17.0425 3376 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:52:17.0435 3376 LSI_SCSI - ok
11:52:17.0455 3376 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
11:52:17.0505 3376 luafv - ok
11:52:17.0595 3376 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:52:17.0605 3376 MBAMProtector - ok
11:52:17.0675 3376 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:52:17.0685 3376 MBAMScheduler - ok
11:52:17.0725 3376 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:52:17.0745 3376 MBAMService - ok
11:52:17.0775 3376 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:52:17.0785 3376 Mcx2Svc - ok
11:52:17.0805 3376 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:52:17.0815 3376 megasas - ok
11:52:17.0835 3376 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:52:17.0845 3376 MegaSR - ok
11:52:17.0885 3376 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
11:52:17.0925 3376 MMCSS - ok
11:52:17.0955 3376 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
11:52:18.0005 3376 Modem - ok
11:52:18.0035 3376 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:52:18.0065 3376 monitor - ok
11:52:18.0095 3376 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:52:18.0105 3376 mouclass - ok
11:52:18.0115 3376 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:52:18.0145 3376 mouhid - ok
11:52:18.0175 3376 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:52:18.0175 3376 mountmgr - ok
11:52:18.0215 3376 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:52:18.0225 3376 MozillaMaintenance - ok
11:52:18.0265 3376 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
11:52:18.0275 3376 MpFilter - ok
11:52:18.0295 3376 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
11:52:18.0305 3376 mpio - ok
11:52:18.0365 3376 MpKsl0128d60a - ok
11:52:18.0365 3376 MpKsl0b0b7015 - ok
11:52:18.0375 3376 MpKsl0f5e3759 - ok
11:52:18.0385 3376 MpKsl2013e79b - ok
11:52:18.0395 3376 MpKsl35d48099 - ok
11:52:18.0405 3376 MpKsl6a532c04 - ok
11:52:18.0425 3376 MpKsl7237ef53 - ok
11:52:18.0435 3376 MpKsl7b710871 - ok
11:52:18.0435 3376 MpKsl9f126476 - ok
11:52:18.0445 3376 MpKslb0fa1f9a - ok
11:52:18.0455 3376 MpKslccbc9a8b - ok
11:52:18.0465 3376 MpKslcf90afa7 - ok
11:52:18.0475 3376 MpKsld6d4cfda - ok
11:52:18.0485 3376 MpKsle2e68444 - ok
11:52:18.0515 3376 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:52:18.0565 3376 mpsdrv - ok
11:52:18.0595 3376 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:52:18.0625 3376 MRxDAV - ok
11:52:18.0655 3376 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:52:18.0705 3376 mrxsmb - ok
11:52:18.0725 3376 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:52:18.0755 3376 mrxsmb10 - ok
11:52:18.0785 3376 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:52:18.0795 3376 mrxsmb20 - ok
11:52:18.0815 3376 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
11:52:18.0825 3376 msahci - ok
11:52:18.0835 3376 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
11:52:18.0855 3376 msdsm - ok
11:52:18.0885 3376 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
11:52:18.0915 3376 MSDTC - ok
11:52:18.0965 3376 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:52:18.0985 3376 Msfs - ok
11:52:18.0995 3376 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:52:19.0035 3376 mshidkmdf - ok
11:52:19.0065 3376 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
11:52:19.0075 3376 msisadrv - ok
11:52:19.0105 3376 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:52:19.0145 3376 MSiSCSI - ok
11:52:19.0155 3376 msiserver - ok
11:52:19.0175 3376 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:52:19.0225 3376 MSKSSRV - ok
11:52:19.0245 3376 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:52:19.0285 3376 MSPCLOCK - ok
11:52:19.0315 3376 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:52:19.0345 3376 MSPQM - ok
11:52:19.0385 3376 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:52:19.0395 3376 MsRPC - ok
11:52:19.0415 3376 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:52:19.0425 3376 mssmbios - ok
11:52:19.0435 3376 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:52:19.0455 3376 MSTEE - ok
11:52:19.0465 3376 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:52:19.0475 3376 MTConfig - ok
11:52:19.0495 3376 [ 0F24624106D8042E7F27882D9D6FF5C0 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
11:52:19.0545 3376 MTsensor - ok
11:52:19.0585 3376 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
11:52:19.0595 3376 Mup - ok
11:52:19.0625 3376 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
11:52:19.0675 3376 napagent - ok
11:52:19.0705 3376 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:52:19.0735 3376 NativeWifiP - ok
11:52:19.0775 3376 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:52:19.0795 3376 NDIS - ok
11:52:19.0815 3376 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:52:19.0855 3376 NdisCap - ok
11:52:19.0875 3376 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:52:19.0895 3376 NdisTapi - ok
11:52:19.0905 3376 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:52:19.0935 3376 Ndisuio - ok
11:52:19.0945 3376 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:52:19.0975 3376 NdisWan - ok
11:52:19.0985 3376 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:52:20.0025 3376 NDProxy - ok
11:52:20.0045 3376 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:52:20.0085 3376 NetBIOS - ok
11:52:20.0115 3376 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:52:20.0135 3376 NetBT - ok
11:52:20.0155 3376 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
11:52:20.0165 3376 Netlogon - ok
11:52:20.0205 3376 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
11:52:20.0245 3376 Netman - ok
11:52:20.0275 3376 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
11:52:20.0305 3376 netprofm - ok
11:52:20.0335 3376 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:52:20.0345 3376 NetTcpPortSharing - ok
11:52:20.0365 3376 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:52:20.0375 3376 nfrd960 - ok
11:52:20.0415 3376 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:52:20.0425 3376 NisDrv - ok
11:52:20.0465 3376 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:52:20.0485 3376 NisSrv - ok
11:52:20.0505 3376 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
11:52:20.0545 3376 NlaSvc - ok
11:52:20.0585 3376 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:52:20.0605 3376 Npfs - ok
11:52:20.0665 3376 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
11:52:20.0725 3376 nsi - ok
11:52:20.0755 3376 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:52:20.0795 3376 nsiproxy - ok
11:52:20.0845 3376 [ 84A1A494791DA6AC7292D82F97E40BEC ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
11:52:20.0865 3376 nSvcIp - ok
11:52:20.0965 3376 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:52:21.0025 3376 Ntfs - ok
11:52:21.0065 3376 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
11:52:21.0095 3376 Null - ok
11:52:21.0125 3376 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
11:52:21.0175 3376 NVENETFD - ok
11:52:21.0345 3376 [ 8B75F652726A2BA3197860F300514E3F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:52:21.0575 3376 nvlddmkm - ok
11:52:21.0615 3376 [ D22E432E402499AC264A113D7168B91F ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
11:52:21.0625 3376 NVNET - ok
11:52:21.0685 3376 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:52:21.0695 3376 nvraid - ok
11:52:21.0715 3376 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:52:21.0735 3376 nvstor - ok
11:52:21.0765 3376 [ 92A8601DDFA4A926FE629FA12CB2BC61 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
11:52:21.0765 3376 nvstor32 - ok
11:52:21.0785 3376 [ 387DC341E2AED29EB8F67B6EE53BB43B ] nvsvc C:\Windows\system32\nvvsvc.exe
11:52:21.0795 3376 nvsvc - ok
11:52:21.0825 3376 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
11:52:21.0835 3376 nv_agp - ok
11:52:21.0895 3376 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:52:21.0915 3376 odserv - ok
11:52:21.0935 3376 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
11:52:21.0965 3376 ohci1394 - ok
11:52:21.0995 3376 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:52:22.0005 3376 ose - ok
11:52:22.0045 3376 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:52:22.0105 3376 p2pimsvc - ok
11:52:22.0145 3376 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
11:52:22.0165 3376 p2psvc - ok
11:52:22.0195 3376 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:52:22.0235 3376 Parport - ok
11:52:22.0275 3376 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:52:22.0285 3376 partmgr - ok
11:52:22.0305 3376 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
11:52:22.0335 3376 Parvdm - ok
11:52:22.0365 3376 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:52:22.0385 3376 PcaSvc - ok
11:52:22.0395 3376 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
11:52:22.0415 3376 pci - ok
11:52:22.0435 3376 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
11:52:22.0445 3376 pciide - ok
11:52:22.0475 3376 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:52:22.0505 3376 pcmcia - ok
11:52:22.0565 3376 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
11:52:22.0595 3376 pcw - ok
11:52:22.0685 3376 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:52:22.0715 3376 PEAUTH - ok
11:52:22.0795 3376 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
11:52:22.0885 3376 pla - ok
11:52:22.0925 3376 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:52:22.0975 3376 PlugPlay - ok
11:52:22.0985 3376 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:52:23.0015 3376 PNRPAutoReg - ok
11:52:23.0045 3376 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:52:23.0055 3376 PNRPsvc - ok
11:52:23.0095 3376 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:52:23.0135 3376 PolicyAgent - ok
11:52:23.0185 3376 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
11:52:23.0205 3376 Power - ok
11:52:23.0235 3376 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:52:23.0275 3376 PptpMiniport - ok
11:52:23.0305 3376 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:52:23.0345 3376 Processor - ok
11:52:23.0365 3376 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
11:52:23.0435 3376 ProfSvc - ok
11:52:23.0455 3376 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:52:23.0465 3376 ProtectedStorage - ok
11:52:23.0495 3376 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:52:23.0515 3376 Psched - ok
11:52:23.0555 3376 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:52:23.0605 3376 ql2300 - ok
11:52:23.0615 3376 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:52:23.0625 3376 ql40xx - ok
11:52:23.0665 3376 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
11:52:23.0695 3376 QWAVE - ok
11:52:23.0735 3376 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:52:23.0745 3376 QWAVEdrv - ok
11:52:23.0765 3376 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:52:23.0805 3376 RasAcd - ok
11:52:23.0835 3376 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:52:23.0875 3376 RasAgileVpn - ok
11:52:23.0905 3376 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
11:52:23.0945 3376 RasAuto - ok
11:52:23.0975 3376 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:52:24.0015 3376 Rasl2tp - ok
11:52:24.0045 3376 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
11:52:24.0075 3376 RasMan - ok
11:52:24.0075 3376 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:52:24.0115 3376 RasPppoe - ok
11:52:24.0145 3376 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:52:24.0165 3376 RasSstp - ok
11:52:24.0195 3376 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:52:24.0215 3376 rdbss - ok
11:52:24.0225 3376 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:52:24.0245 3376 rdpbus - ok
11:52:24.0255 3376 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:52:24.0275 3376 RDPCDD - ok
11:52:24.0295 3376 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:52:24.0315 3376 RDPENCDD - ok
11:52:24.0325 3376 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:52:24.0355 3376 RDPREFMP - ok
11:52:24.0385 3376 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:52:24.0445 3376 RDPWD - ok
11:52:24.0475 3376 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:52:24.0485 3376 rdyboost - ok
11:52:24.0535 3376 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
11:52:24.0585 3376 RemoteAccess - ok
11:52:24.0625 3376 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:52:24.0665 3376 RemoteRegistry - ok
11:52:24.0695 3376 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:52:24.0735 3376 RpcEptMapper - ok
11:52:24.0775 3376 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
11:52:24.0795 3376 RpcLocator - ok
11:52:24.0825 3376 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
11:52:24.0845 3376 RpcSs - ok
11:52:24.0875 3376 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:52:24.0925 3376 rspndr - ok
11:52:24.0945 3376 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
11:52:24.0955 3376 SamSs - ok
11:52:24.0975 3376 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
11:52:24.0985 3376 sbp2port - ok
11:52:25.0015 3376 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:52:25.0045 3376 SCardSvr - ok
11:52:25.0065 3376 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:52:25.0085 3376 scfilter - ok
11:52:25.0125 3376 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
11:52:25.0195 3376 Schedule - ok
11:52:25.0225 3376 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:52:25.0255 3376 SCPolicySvc - ok
11:52:25.0265 3376 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:52:25.0325 3376 SDRSVC - ok
11:52:25.0345 3376 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:52:25.0395 3376 secdrv - ok
11:52:25.0415 3376 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
11:52:25.0465 3376 seclogon - ok
11:52:25.0485 3376 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
11:52:25.0525 3376 SENS - ok
11:52:25.0545 3376 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:52:25.0595 3376 SensrSvc - ok
11:52:25.0605 3376 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:52:25.0615 3376 Serenum - ok
11:52:25.0625 3376 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:52:25.0665 3376 Serial - ok
11:52:25.0685 3376 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:52:25.0695 3376 sermouse - ok
11:52:25.0735 3376 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
11:52:25.0785 3376 SessionEnv - ok
11:52:25.0815 3376 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
11:52:25.0845 3376 sffdisk - ok
11:52:25.0875 3376 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:52:25.0905 3376 sffp_mmc - ok
11:52:25.0925 3376 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
11:52:25.0975 3376 sffp_sd - ok
11:52:25.0995 3376 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:52:26.0015 3376 sfloppy - ok
11:52:26.0045 3376 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:52:26.0095 3376 ShellHWDetection - ok
11:52:26.0115 3376 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
11:52:26.0125 3376 sisagp - ok
11:52:26.0125 3376 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:52:26.0145 3376 SiSRaid2 - ok
11:52:26.0155 3376 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:52:26.0165 3376 SiSRaid4 - ok
11:52:26.0185 3376 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:52:26.0235 3376 Smb - ok
11:52:26.0275 3376 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:52:26.0285 3376 SNMPTRAP - ok
11:52:26.0305 3376 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
11:52:26.0315 3376 spldr - ok
11:52:26.0345 3376 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
11:52:26.0405 3376 Spooler - ok
11:52:26.0495 3376 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
11:52:26.0595 3376 sppsvc - ok
11:52:26.0615 3376 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:52:26.0645 3376 sppuinotify - ok
11:52:26.0675 3376 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:52:26.0715 3376 srv - ok
11:52:26.0755 3376 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:52:26.0785 3376 srv2 - ok
11:52:26.0835 3376 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:52:26.0865 3376 srvnet - ok
11:52:26.0895 3376 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:52:26.0945 3376 SSDPSRV - ok
11:52:26.0965 3376 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:52:26.0995 3376 SstpSvc - ok
11:52:27.0035 3376 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:52:27.0045 3376 stexstor - ok
11:52:27.0085 3376 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
11:52:27.0125 3376 StiSvc - ok
11:52:27.0165 3376 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:52:27.0175 3376 swenum - ok
11:52:27.0205 3376 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
11:52:27.0235 3376 swprv - ok
11:52:27.0275 3376 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
11:52:27.0325 3376 SysMain - ok
11:52:27.0345 3376 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:52:27.0385 3376 TabletInputService - ok
11:52:27.0405 3376 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
11:52:27.0445 3376 TapiSrv - ok
11:52:27.0465 3376 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
11:52:27.0505 3376 TBS - ok
11:52:27.0575 3376 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:52:27.0615 3376 Tcpip - ok
11:52:27.0645 3376 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:52:27.0665 3376 TCPIP6 - ok
11:52:27.0725 3376 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:52:27.0795 3376 tcpipreg - ok
11:52:27.0815 3376 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:52:27.0905 3376 TDPIPE - ok
11:52:27.0935 3376 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:52:27.0975 3376 TDTCP - ok
11:52:27.0995 3376 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:52:28.0035 3376 tdx - ok
11:52:28.0065 3376 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:52:28.0075 3376 TermDD - ok
11:52:28.0105 3376 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
11:52:28.0155 3376 TermService - ok
11:52:28.0185 3376 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
11:52:28.0195 3376 Themes - ok
11:52:28.0215 3376 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
11:52:28.0235 3376 THREADORDER - ok
11:52:28.0275 3376 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
11:52:28.0315 3376 TrkWks - ok
11:52:28.0375 3376 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:52:28.0405 3376 TrustedInstaller - ok
11:52:28.0435 3376 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:52:28.0475 3376 tssecsrv - ok
11:52:28.0515 3376 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:52:28.0565 3376 tunnel - ok
11:52:28.0595 3376 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:52:28.0605 3376 uagp35 - ok
11:52:28.0635 3376 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:52:28.0665 3376 udfs - ok
11:52:28.0695 3376 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:52:28.0725 3376 UI0Detect - ok
11:52:28.0755 3376 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
11:52:28.0765 3376 uliagpkx - ok
11:52:28.0775 3376 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:52:28.0795 3376 umbus - ok
11:52:28.0805 3376 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:52:28.0845 3376 UmPass - ok
11:52:28.0865 3376 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
11:52:28.0915 3376 upnphost - ok
11:52:28.0935 3376 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
11:52:29.0015 3376 usbccgp - ok
11:52:29.0035 3376 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
11:52:29.0065 3376 usbcir - ok
11:52:29.0095 3376 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:52:29.0115 3376 usbehci - ok
11:52:29.0135 3376 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:52:29.0155 3376 usbhub - ok
11:52:29.0165 3376 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:52:29.0195 3376 usbohci - ok
11:52:29.0215 3376 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:52:29.0235 3376 usbprint - ok
11:52:29.0265 3376 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:52:29.0295 3376 usbscan - ok
11:52:29.0325 3376 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:52:29.0395 3376 USBSTOR - ok
11:52:29.0415 3376 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:52:29.0435 3376 usbuhci - ok
11:52:29.0475 3376 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
11:52:29.0495 3376 UxSms - ok
11:52:29.0505 3376 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
11:52:29.0515 3376 VaultSvc - ok
11:52:29.0535 3376 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
11:52:29.0545 3376 vdrvroot - ok
11:52:29.0575 3376 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
11:52:29.0605 3376 vds - ok
11:52:29.0635 3376 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:52:29.0665 3376 vga - ok
11:52:29.0695 3376 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:52:29.0715 3376 VgaSave - ok
11:52:29.0735 3376 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
11:52:29.0755 3376 vhdmp - ok
11:52:29.0775 3376 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
11:52:29.0785 3376 viaagp - ok
11:52:29.0795 3376 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
11:52:29.0825 3376 ViaC7 - ok
11:52:29.0845 3376 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
11:52:29.0855 3376 viaide - ok
11:52:29.0875 3376 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
11:52:29.0885 3376 volmgr - ok
11:52:29.0905 3376 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:52:29.0925 3376 volmgrx - ok
11:52:29.0935 3376 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
11:52:29.0955 3376 volsnap - ok
11:52:29.0965 3376 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:52:29.0975 3376 vsmraid - ok
11:52:30.0025 3376 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
11:52:30.0085 3376 VSS - ok
11:52:30.0115 3376 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:52:30.0125 3376 vwifibus - ok
11:52:30.0145 3376 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
11:52:30.0195 3376 W32Time - ok
11:52:30.0225 3376 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:52:30.0235 3376 WacomPen - ok
11:52:30.0255 3376 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:52:30.0285 3376 WANARP - ok
11:52:30.0295 3376 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:52:30.0315 3376 Wanarpv6 - ok
11:52:30.0375 3376 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:52:30.0415 3376 WatAdminSvc - ok
11:52:30.0465 3376 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
11:52:30.0555 3376 wbengine - ok
11:52:30.0575 3376 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:52:30.0595 3376 WbioSrvc - ok
11:52:30.0625 3376 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:52:30.0655 3376 wcncsvc - ok
11:52:30.0675 3376 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:52:30.0715 3376 WcsPlugInService - ok
11:52:30.0755 3376 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:52:30.0765 3376 Wd - ok
11:52:30.0795 3376 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:52:30.0815 3376 Wdf01000 - ok
11:52:30.0835 3376 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:52:30.0865 3376 WdiServiceHost - ok
11:52:30.0875 3376 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:52:30.0885 3376 WdiSystemHost - ok
11:52:30.0925 3376 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
11:52:30.0985 3376 WebClient - ok
11:52:31.0005 3376 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:52:31.0035 3376 Wecsvc - ok
11:52:31.0045 3376 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:52:31.0085 3376 wercplsupport - ok
11:52:31.0115 3376 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
11:52:31.0135 3376 WerSvc - ok
11:52:31.0175 3376 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:52:31.0195 3376 WfpLwf - ok
11:52:31.0205 3376 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:52:31.0215 3376 WIMMount - ok
11:52:31.0225 3376 WinHttpAutoProxySvc - ok
11:52:31.0305 3376 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:52:31.0335 3376 Winmgmt - ok
11:52:31.0385 3376 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
11:52:31.0455 3376 WinRM - ok
11:52:31.0505 3376 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:52:31.0535 3376 Wlansvc - ok
11:52:31.0545 3376 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:52:31.0555 3376 WmiAcpi - ok
11:52:31.0595 3376 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:52:31.0625 3376 wmiApSrv - ok
11:52:31.0685 3376 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:52:31.0755 3376 WMPNetworkSvc - ok
11:52:31.0785 3376 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:52:31.0805 3376 WPCSvc - ok
11:52:31.0815 3376 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:52:31.0835 3376 WPDBusEnum - ok
11:52:31.0855 3376 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:52:31.0895 3376 ws2ifsl - ok
11:52:31.0905 3376 WSearch - ok
11:52:31.0935 3376 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:52:31.0975 3376 WudfPf - ok
11:52:32.0005 3376 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:52:32.0035 3376 WUDFRd - ok
11:52:32.0045 3376 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:52:32.0085 3376 wudfsvc - ok
11:52:32.0155 3376 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
11:52:32.0185 3376 WwanSvc - ok
11:52:32.0195 3376 ================ Scan global ===============================
11:52:32.0245 3376 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
11:52:32.0285 3376 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
11:52:32.0295 3376 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
11:52:32.0335 3376 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
11:52:32.0355 3376 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
11:52:32.0355 3376 [Global] - ok
11:52:32.0365 3376 ================ Scan MBR ==================================
11:52:32.0375 3376 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:52:32.0665 3376 \Device\Harddisk0\DR0 - ok
11:52:32.0665 3376 ================ Scan VBR ==================================
11:52:32.0665 3376 [ 14EFABAB0569D2C740D249759F92DC5E ] \Device\Harddisk0\DR0\Partition1
11:52:32.0665 3376 \Device\Harddisk0\DR0\Partition1 - ok
11:52:32.0695 3376 [ 504AF3E3E13403BB8E3398252F8F29E6 ] \Device\Harddisk0\DR0\Partition2
11:52:32.0695 3376 \Device\Harddisk0\DR0\Partition2 - ok
11:52:32.0705 3376 ============================================================
11:52:32.0705 3376 Scan finished
11:52:32.0705 3376 ============================================================
11:52:32.0715 2240 Detected object count: 1
11:52:32.0715 2240 Actual detected object count: 1
11:53:05.0705 2240 cdrom ( Virus.Win32.ZAccess.k ) - skipped by user
11:53:05.0705 2240 cdrom ( Virus.Win32.ZAccess.k ) - User select action: Skip
11:53:27.0625 3696 Deinitialize success
Geändert von red_angel (28.05.2013 um 11:06 Uhr) |
|
28.05.2013, 11:08
| #6 |
| /// Malware-holic | System Anti Virus ok, konfiguriere wie eben, wähle, wenn möglich, cure, sonst delete. Dann neustarten und erneut nach den Einstellungen scannen, Log posten
__________________ --> System Anti Virus |
|
28.05.2013, 11:16
| #7 |
| | System Anti Virus OK... Code:
ATTFilter 12:12:26.0186 2380 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:12:26.0342 2380 ============================================================
12:12:26.0342 2380 Current date / time: 2013/05/28 12:12:26.0342
12:12:26.0342 2380 SystemInfo:
12:12:26.0342 2380
12:12:26.0342 2380 OS Version: 6.1.7600 ServicePack: 0.0
12:12:26.0342 2380 Product type: Workstation
12:12:26.0342 2380 ComputerName: PC-RAUM-1
12:12:26.0342 2380 UserName: Dozent
12:12:26.0342 2380 Windows directory: C:\Windows
12:12:26.0342 2380 System windows directory: C:\Windows
12:12:26.0342 2380 Processor architecture: Intel x86
12:12:26.0342 2380 Number of processors: 2
12:12:26.0342 2380 Page size: 0x1000
12:12:26.0342 2380 Boot type: Normal boot
12:12:26.0342 2380 ============================================================
12:12:27.0090 2380 BG loaded
12:12:27.0418 2380 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x11EE4, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
12:12:27.0418 2380 ============================================================
12:12:27.0418 2380 \Device\Harddisk0\DR0:
12:12:27.0418 2380 MBR partitions:
12:12:27.0418 2380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:12:27.0418 2380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
12:12:27.0418 2380 ============================================================
12:12:27.0449 2380 C: <-> \Device\Harddisk0\DR0\Partition2
12:12:27.0449 2380 ============================================================
12:12:27.0449 2380 Initialize success
12:12:27.0449 2380 ============================================================
12:12:39.0929 2472 ============================================================
12:12:39.0929 2472 Scan started
12:12:39.0929 2472 Mode: Manual; SigCheck; TDLFS;
12:12:39.0929 2472 ============================================================
12:12:41.0692 2472 ================ Scan system memory ========================
12:12:41.0692 2472 System memory - ok
12:12:41.0692 2472 ================ Scan services =============================
12:12:41.0895 2472 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
12:12:42.0020 2472 1394ohci - ok
12:12:42.0051 2472 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
12:12:42.0066 2472 ACPI - ok
12:12:42.0082 2472 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
12:12:42.0144 2472 AcpiPmi - ok
12:12:42.0191 2472 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:12:42.0207 2472 adp94xx - ok
12:12:42.0238 2472 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:12:42.0254 2472 adpahci - ok
12:12:42.0269 2472 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:12:42.0285 2472 adpu320 - ok
12:12:42.0316 2472 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:12:42.0363 2472 AeLookupSvc - ok
12:12:42.0410 2472 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
12:12:42.0456 2472 AFD - ok
12:12:42.0472 2472 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
12:12:42.0488 2472 agp440 - ok
12:12:42.0503 2472 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:12:42.0519 2472 aic78xx - ok
12:12:42.0534 2472 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:12:42.0597 2472 ALG - ok
12:12:42.0612 2472 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
12:12:42.0628 2472 aliide - ok
12:12:42.0644 2472 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
12:12:42.0659 2472 amdagp - ok
12:12:42.0675 2472 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
12:12:42.0690 2472 amdide - ok
12:12:42.0706 2472 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:12:42.0737 2472 AmdK8 - ok
12:12:42.0768 2472 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:12:42.0800 2472 AmdPPM - ok
12:12:42.0846 2472 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:12:42.0862 2472 amdsata - ok
12:12:42.0878 2472 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:12:42.0893 2472 amdsbs - ok
12:12:42.0924 2472 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:12:42.0940 2472 amdxata - ok
12:12:42.0956 2472 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
12:12:43.0018 2472 AppID - ok
12:12:43.0049 2472 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:12:43.0143 2472 AppIDSvc - ok
12:12:43.0174 2472 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
12:12:43.0221 2472 Appinfo - ok
12:12:43.0252 2472 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:12:43.0252 2472 arc - ok
12:12:43.0283 2472 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:12:43.0299 2472 arcsas - ok
12:12:43.0314 2472 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:12:43.0424 2472 AsyncMac - ok
12:12:43.0439 2472 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
12:12:43.0455 2472 atapi - ok
12:12:43.0470 2472 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:12:43.0517 2472 AudioEndpointBuilder - ok
12:12:43.0548 2472 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:12:43.0580 2472 Audiosrv - ok
12:12:43.0595 2472 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:12:43.0658 2472 AxInstSV - ok
12:12:43.0689 2472 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:12:43.0751 2472 b06bdrv - ok
12:12:43.0767 2472 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:12:43.0798 2472 b57nd60x - ok
12:12:43.0829 2472 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:12:43.0892 2472 BDESVC - ok
12:12:43.0923 2472 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:12:43.0938 2472 Beep - ok
12:12:43.0970 2472 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:12:44.0001 2472 blbdrive - ok
12:12:44.0032 2472 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:12:44.0048 2472 bowser - ok
12:12:44.0063 2472 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:12:44.0094 2472 BrFiltLo - ok
12:12:44.0126 2472 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:12:44.0157 2472 BrFiltUp - ok
12:12:44.0188 2472 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
12:12:44.0235 2472 Browser - ok
12:12:44.0266 2472 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:12:44.0313 2472 Brserid - ok
12:12:44.0344 2472 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:12:44.0375 2472 BrSerWdm - ok
12:12:44.0391 2472 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:12:44.0422 2472 BrUsbMdm - ok
12:12:44.0438 2472 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:12:44.0469 2472 BrUsbSer - ok
12:12:44.0484 2472 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:12:44.0531 2472 BTHMODEM - ok
12:12:44.0562 2472 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:12:44.0625 2472 bthserv - ok
12:12:44.0672 2472 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:12:44.0718 2472 cdfs - ok
12:12:44.0734 2472 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:12:44.0765 2472 cdrom - ok
12:12:44.0828 2472 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
12:12:44.0859 2472 CertPropSvc - ok
12:12:44.0890 2472 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:12:44.0906 2472 circlass - ok
12:12:44.0921 2472 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:12:44.0937 2472 CLFS - ok
12:12:44.0984 2472 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:12:44.0999 2472 clr_optimization_v2.0.50727_32 - ok
12:12:45.0062 2472 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:12:45.0093 2472 clr_optimization_v4.0.30319_32 - ok
12:12:45.0124 2472 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:12:45.0140 2472 CmBatt - ok
12:12:45.0155 2472 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
12:12:45.0171 2472 cmdide - ok
12:12:45.0202 2472 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
12:12:45.0249 2472 CNG - ok
12:12:45.0264 2472 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:12:45.0264 2472 Compbatt - ok
12:12:45.0280 2472 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:12:45.0311 2472 CompositeBus - ok
12:12:45.0311 2472 COMSysApp - ok
12:12:45.0389 2472 cpuz132 - ok
12:12:45.0405 2472 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:12:45.0420 2472 crcdisk - ok
12:12:45.0452 2472 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:12:45.0514 2472 CryptSvc - ok
12:12:45.0545 2472 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
12:12:45.0608 2472 DcomLaunch - ok
12:12:45.0639 2472 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:12:45.0686 2472 defragsvc - ok
12:12:45.0732 2472 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:12:45.0779 2472 DfsC - ok
12:12:45.0810 2472 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:12:45.0873 2472 Dhcp - ok
12:12:45.0904 2472 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:12:45.0935 2472 discache - ok
12:12:45.0982 2472 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:12:45.0998 2472 Disk - ok
12:12:46.0029 2472 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:12:46.0076 2472 Dnscache - ok
12:12:46.0107 2472 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
12:12:46.0138 2472 dot3svc - ok
12:12:46.0185 2472 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
12:12:46.0232 2472 DPS - ok
12:12:46.0247 2472 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:12:46.0294 2472 drmkaud - ok
12:12:46.0325 2472 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:12:46.0356 2472 DXGKrnl - ok
12:12:46.0388 2472 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:12:46.0419 2472 EapHost - ok
12:12:46.0481 2472 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:12:46.0575 2472 ebdrv - ok
12:12:46.0622 2472 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
12:12:46.0684 2472 EFS - ok
12:12:46.0731 2472 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:12:46.0778 2472 ehRecvr - ok
12:12:46.0793 2472 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
12:12:46.0856 2472 ehSched - ok
12:12:46.0871 2472 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:12:46.0902 2472 elxstor - ok
12:12:46.0918 2472 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
12:12:46.0934 2472 ErrDev - ok
12:12:46.0996 2472 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:12:47.0074 2472 EventSystem - ok
12:12:47.0105 2472 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:12:47.0152 2472 exfat - ok
12:12:47.0183 2472 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:12:47.0214 2472 fastfat - ok
12:12:47.0230 2472 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
12:12:47.0277 2472 Fax - ok
12:12:47.0292 2472 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:12:47.0324 2472 fdc - ok
12:12:47.0355 2472 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:12:47.0386 2472 fdPHost - ok
12:12:47.0402 2472 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:12:47.0448 2472 FDResPub - ok
12:12:47.0480 2472 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:12:47.0495 2472 FileInfo - ok
12:12:47.0511 2472 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:12:47.0526 2472 Filetrace - ok
12:12:47.0542 2472 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:12:47.0558 2472 flpydisk - ok
12:12:47.0589 2472 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:12:47.0604 2472 FltMgr - ok
12:12:47.0651 2472 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
12:12:47.0698 2472 FontCache - ok
12:12:47.0760 2472 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:12:47.0760 2472 FontCache3.0.0.0 - ok
12:12:47.0823 2472 [ F33425DBD8CDF00C1F318BA0EDC8D048 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
12:12:47.0854 2472 ForceWare Intelligent Application Manager (IAM) - ok
12:12:47.0901 2472 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:12:47.0901 2472 FsDepends - ok
12:12:47.0932 2472 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:12:47.0948 2472 Fs_Rec - ok
12:12:47.0979 2472 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:12:47.0994 2472 fvevol - ok
12:12:47.0994 2472 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:12:48.0010 2472 gagp30kx - ok
12:12:48.0041 2472 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
12:12:48.0088 2472 gpsvc - ok
12:12:48.0119 2472 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:12:48.0166 2472 hcw85cir - ok
12:12:48.0197 2472 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:12:48.0228 2472 HdAudAddService - ok
12:12:48.0244 2472 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:12:48.0275 2472 HDAudBus - ok
12:12:48.0291 2472 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:12:48.0322 2472 HidBatt - ok
12:12:48.0353 2472 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:12:48.0369 2472 HidBth - ok
12:12:48.0384 2472 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:12:48.0416 2472 HidIr - ok
12:12:48.0447 2472 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
12:12:48.0478 2472 hidserv - ok
12:12:48.0494 2472 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:12:48.0509 2472 HidUsb - ok
12:12:48.0525 2472 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:12:48.0572 2472 hkmsvc - ok
12:12:48.0587 2472 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:12:48.0603 2472 HomeGroupListener - ok
12:12:48.0634 2472 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:12:48.0665 2472 HomeGroupProvider - ok
12:12:48.0696 2472 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
12:12:48.0712 2472 HpSAMD - ok
12:12:48.0728 2472 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:12:48.0774 2472 HTTP - ok
12:12:48.0868 2472 [ ADFA0D6F486612EEB13E86AEC7D2A25D ] HWiNFO32 C:\Users\Dozent\Desktop\hwinfo32\HWiNFO32.SYS
12:12:48.0868 2472 HWiNFO32 - ok
12:12:48.0899 2472 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:12:48.0915 2472 hwpolicy - ok
12:12:48.0930 2472 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:12:48.0946 2472 i8042prt - ok
12:12:48.0993 2472 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:12:49.0008 2472 iaStorV - ok
12:12:49.0040 2472 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:12:49.0071 2472 idsvc - ok
12:12:49.0086 2472 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:12:49.0102 2472 iirsp - ok
12:12:49.0133 2472 [ C5B04409186A27409BD069580208A6D3 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
12:12:49.0149 2472 IJPLMSVC - ok
12:12:49.0180 2472 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
12:12:49.0227 2472 IKEEXT - ok
12:12:49.0320 2472 [ 8B27C21412AE4404EB0ACFE1D98579EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:12:49.0398 2472 IntcAzAudAddService - ok
12:12:49.0430 2472 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
12:12:49.0430 2472 intelide - ok
12:12:49.0461 2472 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:12:49.0492 2472 intelppm - ok
12:12:49.0523 2472 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:12:49.0570 2472 IPBusEnum - ok
12:12:49.0586 2472 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:12:49.0632 2472 IpFilterDriver - ok
12:12:49.0664 2472 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:12:49.0679 2472 IPMIDRV - ok
12:12:49.0695 2472 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:12:49.0726 2472 IPNAT - ok
12:12:49.0773 2472 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:12:49.0788 2472 IRENUM - ok
12:12:49.0788 2472 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
12:12:49.0835 2472 isapnp - ok
12:12:49.0851 2472 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:12:49.0866 2472 iScsiPrt - ok
12:12:49.0882 2472 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:12:49.0898 2472 kbdclass - ok
12:12:49.0913 2472 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:12:49.0960 2472 kbdhid - ok
12:12:49.0960 2472 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
12:12:49.0976 2472 KeyIso - ok
12:12:50.0007 2472 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:12:50.0022 2472 KSecDD - ok
12:12:50.0054 2472 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:12:50.0069 2472 KSecPkg - ok
12:12:50.0116 2472 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:12:50.0178 2472 KtmRm - ok
12:12:50.0225 2472 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
12:12:50.0256 2472 LanmanServer - ok
12:12:50.0272 2472 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:12:50.0303 2472 LanmanWorkstation - ok
12:12:50.0350 2472 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:12:50.0381 2472 lltdio - ok
12:12:50.0412 2472 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:12:50.0444 2472 lltdsvc - ok
12:12:50.0475 2472 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:12:50.0506 2472 lmhosts - ok
12:12:50.0537 2472 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:12:50.0553 2472 LSI_FC - ok
12:12:50.0584 2472 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:12:50.0600 2472 LSI_SAS - ok
12:12:50.0600 2472 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:12:50.0615 2472 LSI_SAS2 - ok
12:12:50.0615 2472 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:12:50.0631 2472 LSI_SCSI - ok
12:12:50.0646 2472 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:12:50.0693 2472 luafv - ok
12:12:50.0756 2472 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:12:50.0756 2472 MBAMProtector - ok
12:12:50.0834 2472 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:12:50.0865 2472 MBAMScheduler - ok
12:12:50.0896 2472 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:12:50.0912 2472 MBAMService - ok
12:12:50.0974 2472 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:12:50.0990 2472 Mcx2Svc - ok
12:12:51.0005 2472 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:12:51.0021 2472 megasas - ok
12:12:51.0036 2472 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:12:51.0052 2472 MegaSR - ok
12:12:51.0083 2472 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:12:51.0130 2472 MMCSS - ok
12:12:51.0161 2472 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:12:51.0192 2472 Modem - ok
12:12:51.0224 2472 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:12:51.0255 2472 monitor - ok
12:12:51.0286 2472 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:12:51.0286 2472 mouclass - ok
12:12:51.0302 2472 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:12:51.0333 2472 mouhid - ok
12:12:51.0364 2472 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:12:51.0380 2472 mountmgr - ok
12:12:51.0411 2472 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:12:51.0426 2472 MozillaMaintenance - ok
12:12:51.0458 2472 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:12:51.0473 2472 MpFilter - ok
12:12:51.0504 2472 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
12:12:51.0504 2472 mpio - ok
12:12:51.0567 2472 MpKsl0128d60a - ok
12:12:51.0567 2472 MpKsl0b0b7015 - ok
12:12:51.0582 2472 MpKsl0f5e3759 - ok
12:12:51.0582 2472 MpKsl2013e79b - ok
12:12:51.0598 2472 MpKsl35d48099 - ok
12:12:51.0598 2472 MpKsl6a532c04 - ok
12:12:51.0614 2472 MpKsl7237ef53 - ok
12:12:51.0614 2472 MpKsl7b710871 - ok
12:12:51.0629 2472 MpKsl9f126476 - ok
12:12:51.0629 2472 MpKslb0fa1f9a - ok
12:12:51.0645 2472 MpKslccbc9a8b - ok
12:12:51.0645 2472 MpKslcf90afa7 - ok
12:12:51.0660 2472 MpKsld6d4cfda - ok
12:12:51.0660 2472 MpKsle2e68444 - ok
12:12:51.0692 2472 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:12:51.0754 2472 mpsdrv - ok
12:12:51.0785 2472 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:12:51.0816 2472 MRxDAV - ok
12:12:51.0832 2472 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:12:51.0863 2472 mrxsmb - ok
12:12:51.0894 2472 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:12:51.0926 2472 mrxsmb10 - ok
12:12:51.0957 2472 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:12:51.0957 2472 mrxsmb20 - ok
12:12:51.0972 2472 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
12:12:51.0988 2472 msahci - ok
12:12:52.0004 2472 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
12:12:52.0019 2472 msdsm - ok
12:12:52.0050 2472 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:12:52.0082 2472 MSDTC - ok
12:12:52.0113 2472 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:12:52.0144 2472 Msfs - ok
12:12:52.0160 2472 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:12:52.0191 2472 mshidkmdf - ok
12:12:52.0222 2472 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
12:12:52.0222 2472 msisadrv - ok
12:12:52.0253 2472 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:12:52.0300 2472 MSiSCSI - ok
12:12:52.0300 2472 msiserver - ok
12:12:52.0331 2472 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:12:52.0378 2472 MSKSSRV - ok
12:12:52.0409 2472 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:12:52.0440 2472 MSPCLOCK - ok
12:12:52.0472 2472 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:12:52.0503 2472 MSPQM - ok
12:12:52.0534 2472 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:12:52.0550 2472 MsRPC - ok
12:12:52.0565 2472 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:12:52.0565 2472 mssmbios - ok
12:12:52.0581 2472 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:12:52.0612 2472 MSTEE - ok
12:12:52.0612 2472 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:12:52.0628 2472 MTConfig - ok
12:12:52.0643 2472 [ 0F24624106D8042E7F27882D9D6FF5C0 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
12:12:52.0690 2472 MTsensor - ok
12:12:52.0721 2472 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:12:52.0721 2472 Mup - ok
12:12:52.0752 2472 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
12:12:52.0799 2472 napagent - ok
12:12:52.0830 2472 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:12:52.0877 2472 NativeWifiP - ok
12:12:52.0924 2472 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:12:52.0955 2472 NDIS - ok
12:12:52.0971 2472 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:12:53.0018 2472 NdisCap - ok
12:12:53.0033 2472 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:12:53.0064 2472 NdisTapi - ok
12:12:53.0080 2472 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:12:53.0096 2472 Ndisuio - ok
12:12:53.0127 2472 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:12:53.0142 2472 NdisWan - ok
12:12:53.0158 2472 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:12:53.0220 2472 NDProxy - ok
12:12:53.0236 2472 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:12:53.0283 2472 NetBIOS - ok
12:12:53.0314 2472 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:12:53.0345 2472 NetBT - ok
12:12:53.0376 2472 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
12:12:53.0392 2472 Netlogon - ok
12:12:53.0423 2472 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:12:53.0486 2472 Netman - ok
12:12:53.0517 2472 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:12:53.0532 2472 netprofm - ok
12:12:53.0564 2472 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:12:53.0579 2472 NetTcpPortSharing - ok
12:12:53.0595 2472 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:12:53.0626 2472 nfrd960 - ok
12:12:53.0657 2472 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:12:53.0688 2472 NisDrv - ok
12:12:53.0720 2472 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
12:12:53.0735 2472 NisSrv - ok
12:12:53.0829 2472 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
12:12:53.0891 2472 NlaSvc - ok
12:12:53.0922 2472 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:12:53.0938 2472 Npfs - ok
12:12:53.0954 2472 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:12:53.0969 2472 nsi - ok
12:12:53.0985 2472 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:12:54.0032 2472 nsiproxy - ok
12:12:54.0078 2472 [ 84A1A494791DA6AC7292D82F97E40BEC ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
12:12:54.0094 2472 nSvcIp - ok
12:12:54.0188 2472 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:12:54.0219 2472 Ntfs - ok
12:12:54.0250 2472 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:12:54.0281 2472 Null - ok
12:12:54.0312 2472 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
12:12:54.0328 2472 NVENETFD - ok
12:12:54.0827 2472 [ 8B75F652726A2BA3197860F300514E3F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:12:55.0108 2472 nvlddmkm - ok
12:12:55.0155 2472 [ D22E432E402499AC264A113D7168B91F ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
12:12:55.0264 2472 NVNET - ok
12:12:55.0280 2472 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:12:55.0311 2472 nvraid - ok
12:12:55.0326 2472 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:12:55.0326 2472 nvstor - ok
12:12:55.0358 2472 [ 92A8601DDFA4A926FE629FA12CB2BC61 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
12:12:55.0358 2472 nvstor32 - ok
12:12:55.0404 2472 [ 387DC341E2AED29EB8F67B6EE53BB43B ] nvsvc C:\Windows\system32\nvvsvc.exe
12:12:55.0420 2472 nvsvc - ok
12:12:55.0436 2472 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
12:12:55.0451 2472 nv_agp - ok
12:12:55.0514 2472 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:12:55.0529 2472 odserv - ok
12:12:55.0545 2472 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:12:55.0576 2472 ohci1394 - ok
12:12:55.0607 2472 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:12:55.0623 2472 ose - ok
12:12:55.0685 2472 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:12:55.0748 2472 p2pimsvc - ok
12:12:55.0779 2472 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:12:55.0794 2472 p2psvc - ok
12:12:55.0841 2472 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:12:55.0888 2472 Parport - ok
12:12:55.0919 2472 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:12:55.0919 2472 partmgr - ok
12:12:55.0935 2472 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:12:55.0966 2472 Parvdm - ok
12:12:55.0982 2472 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:12:55.0997 2472 PcaSvc - ok
12:12:56.0028 2472 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
12:12:56.0044 2472 pci - ok
12:12:56.0044 2472 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
12:12:56.0060 2472 pciide - ok
12:12:56.0091 2472 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:12:56.0106 2472 pcmcia - ok
12:12:56.0122 2472 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:12:56.0138 2472 pcw - ok
12:12:56.0169 2472 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:12:56.0200 2472 PEAUTH - ok
12:12:56.0247 2472 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
12:12:56.0325 2472 pla - ok
12:12:56.0418 2472 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:12:56.0450 2472 PlugPlay - ok
12:12:56.0481 2472 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:12:56.0496 2472 PNRPAutoReg - ok
12:12:56.0528 2472 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:12:56.0543 2472 PNRPsvc - ok
12:12:56.0574 2472 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:12:56.0621 2472 PolicyAgent - ok
12:12:56.0652 2472 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
12:12:56.0699 2472 Power - ok
12:12:56.0715 2472 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:12:56.0762 2472 PptpMiniport - ok
12:12:56.0793 2472 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:12:56.0824 2472 Processor - ok
12:12:56.0855 2472 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
12:12:56.0918 2472 ProfSvc - ok
12:12:56.0933 2472 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:12:56.0933 2472 ProtectedStorage - ok
12:12:56.0964 2472 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:12:56.0980 2472 Psched - ok
12:12:57.0027 2472 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:12:57.0074 2472 ql2300 - ok
12:12:57.0089 2472 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:12:57.0105 2472 ql40xx - ok
12:12:57.0152 2472 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:12:57.0198 2472 QWAVE - ok
12:12:57.0230 2472 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:12:57.0230 2472 QWAVEdrv - ok
12:12:57.0245 2472 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:12:57.0292 2472 RasAcd - ok
12:12:57.0339 2472 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:12:57.0370 2472 RasAgileVpn - ok
12:12:57.0401 2472 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:12:57.0448 2472 RasAuto - ok
12:12:57.0479 2472 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:12:57.0526 2472 Rasl2tp - ok
12:12:57.0573 2472 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
12:12:57.0588 2472 RasMan - ok
12:12:57.0604 2472 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:12:57.0651 2472 RasPppoe - ok
12:12:57.0682 2472 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:12:57.0713 2472 RasSstp - ok
12:12:57.0729 2472 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:12:57.0760 2472 rdbss - ok
12:12:57.0791 2472 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:12:57.0807 2472 rdpbus - ok
12:12:57.0822 2472 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:12:57.0854 2472 RDPCDD - ok
12:12:57.0854 2472 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:12:57.0885 2472 RDPENCDD - ok
12:12:57.0900 2472 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:12:57.0916 2472 RDPREFMP - ok
12:12:57.0947 2472 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:12:57.0994 2472 RDPWD - ok
12:12:58.0041 2472 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:12:58.0041 2472 rdyboost - ok
12:12:58.0088 2472 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:12:58.0134 2472 RemoteAccess - ok
12:12:58.0181 2472 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:12:58.0212 2472 RemoteRegistry - ok
12:12:58.0244 2472 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:12:58.0290 2472 RpcEptMapper - ok
12:12:58.0306 2472 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:12:58.0337 2472 RpcLocator - ok
12:12:58.0368 2472 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
12:12:58.0384 2472 RpcSs - ok
12:12:58.0415 2472 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:12:58.0462 2472 rspndr - ok
12:12:58.0493 2472 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
12:12:58.0493 2472 SamSs - ok
12:12:58.0509 2472 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
12:12:58.0524 2472 sbp2port - ok
12:12:58.0556 2472 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:12:58.0571 2472 SCardSvr - ok
12:12:58.0587 2472 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:12:58.0618 2472 scfilter - ok
12:12:58.0649 2472 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
12:12:58.0743 2472 Schedule - ok
12:12:58.0774 2472 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:12:58.0805 2472 SCPolicySvc - ok
12:12:58.0836 2472 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:12:58.0883 2472 SDRSVC - ok
12:12:58.0914 2472 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:12:58.0961 2472 secdrv - ok
12:12:58.0992 2472 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:12:59.0024 2472 seclogon - ok
12:12:59.0055 2472 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
12:12:59.0086 2472 SENS - ok
12:12:59.0117 2472 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:12:59.0164 2472 SensrSvc - ok
12:12:59.0180 2472 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:12:59.0180 2472 Serenum - ok
12:12:59.0195 2472 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:12:59.0226 2472 Serial - ok
12:12:59.0258 2472 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:12:59.0273 2472 sermouse - ok
12:12:59.0289 2472 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
12:12:59.0336 2472 SessionEnv - ok
12:12:59.0367 2472 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
12:12:59.0398 2472 sffdisk - ok
12:12:59.0414 2472 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:12:59.0445 2472 sffp_mmc - ok
12:12:59.0476 2472 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
12:12:59.0492 2472 sffp_sd - ok
12:12:59.0523 2472 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:12:59.0538 2472 sfloppy - ok
12:12:59.0570 2472 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:12:59.0601 2472 ShellHWDetection - ok
12:12:59.0632 2472 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
12:12:59.0648 2472 sisagp - ok
12:12:59.0648 2472 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:12:59.0663 2472 SiSRaid2 - ok
12:12:59.0679 2472 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:12:59.0679 2472 SiSRaid4 - ok
12:12:59.0694 2472 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:12:59.0741 2472 Smb - ok
12:12:59.0772 2472 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:12:59.0772 2472 SNMPTRAP - ok
12:12:59.0804 2472 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:12:59.0804 2472 spldr - ok
12:12:59.0835 2472 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
12:12:59.0882 2472 Spooler - ok
12:12:59.0960 2472 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
12:13:00.0053 2472 sppsvc - ok
12:13:00.0084 2472 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:13:00.0116 2472 sppuinotify - ok
12:13:00.0147 2472 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:13:00.0162 2472 srv - ok
12:13:00.0209 2472 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:13:00.0225 2472 srv2 - ok
12:13:00.0272 2472 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:13:00.0303 2472 srvnet - ok
12:13:00.0334 2472 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:13:00.0381 2472 SSDPSRV - ok
12:13:00.0396 2472 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:13:00.0428 2472 SstpSvc - ok
12:13:00.0474 2472 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:13:00.0490 2472 stexstor - ok
12:13:00.0537 2472 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
12:13:00.0568 2472 StiSvc - ok
12:13:00.0599 2472 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:13:00.0599 2472 swenum - ok
12:13:00.0615 2472 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:13:00.0646 2472 swprv - ok
12:13:00.0677 2472 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
12:13:00.0724 2472 SysMain - ok
12:13:00.0740 2472 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:13:00.0771 2472 TabletInputService - ok
12:13:00.0786 2472 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
12:13:00.0833 2472 TapiSrv - ok
12:13:00.0880 2472 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:13:00.0911 2472 TBS - ok
12:13:00.0974 2472 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:13:01.0020 2472 Tcpip - ok
12:13:01.0036 2472 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:13:01.0067 2472 TCPIP6 - ok
12:13:01.0083 2472 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:13:01.0130 2472 tcpipreg - ok
12:13:01.0161 2472 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:13:01.0208 2472 TDPIPE - ok
12:13:01.0239 2472 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:13:01.0270 2472 TDTCP - ok
12:13:01.0286 2472 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:13:01.0332 2472 tdx - ok
12:13:01.0364 2472 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:13:01.0364 2472 TermDD - ok
12:13:01.0395 2472 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
12:13:01.0457 2472 TermService - ok
12:13:01.0473 2472 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:13:01.0488 2472 Themes - ok
12:13:01.0504 2472 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:13:01.0520 2472 THREADORDER - ok
12:13:01.0551 2472 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:13:01.0613 2472 TrkWks - ok
12:13:01.0660 2472 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:13:01.0691 2472 TrustedInstaller - ok
12:13:01.0722 2472 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:13:01.0769 2472 tssecsrv - ok
12:13:01.0816 2472 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:13:01.0863 2472 tunnel - ok
12:13:01.0894 2472 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:13:01.0910 2472 uagp35 - ok
12:13:01.0941 2472 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:13:01.0972 2472 udfs - ok
12:13:01.0988 2472 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:13:02.0019 2472 UI0Detect - ok
12:13:02.0050 2472 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
12:13:02.0066 2472 uliagpkx - ok
12:13:02.0066 2472 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:13:02.0081 2472 umbus - ok
12:13:02.0097 2472 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:13:02.0128 2472 UmPass - ok
12:13:02.0159 2472 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:13:02.0206 2472 upnphost - ok
12:13:02.0237 2472 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
12:13:02.0284 2472 usbccgp - ok
12:13:02.0315 2472 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
12:13:02.0346 2472 usbcir - ok
12:13:02.0378 2472 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:13:02.0393 2472 usbehci - ok
12:13:02.0409 2472 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:13:02.0424 2472 usbhub - ok
12:13:02.0440 2472 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:13:02.0471 2472 usbohci - ok
12:13:02.0502 2472 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:13:02.0518 2472 usbprint - ok
12:13:02.0549 2472 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:13:02.0580 2472 usbscan - ok
12:13:02.0596 2472 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:13:02.0643 2472 USBSTOR - ok
12:13:02.0658 2472 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:13:02.0690 2472 usbuhci - ok
12:13:02.0736 2472 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:13:02.0752 2472 UxSms - ok
12:13:02.0768 2472 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
12:13:02.0768 2472 VaultSvc - ok
12:13:02.0799 2472 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
12:13:02.0799 2472 vdrvroot - ok
12:13:02.0861 2472 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
12:13:02.0892 2472 vds - ok
12:13:02.0924 2472 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:13:02.0955 2472 vga - ok
12:13:02.0986 2472 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:13:03.0002 2472 VgaSave - ok
12:13:03.0017 2472 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
12:13:03.0033 2472 vhdmp - ok
12:13:03.0064 2472 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
12:13:03.0064 2472 viaagp - ok
12:13:03.0080 2472 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:13:03.0111 2472 ViaC7 - ok
12:13:03.0126 2472 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
12:13:03.0142 2472 viaide - ok
12:13:03.0158 2472 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
12:13:03.0173 2472 volmgr - ok
12:13:03.0189 2472 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:13:03.0204 2472 volmgrx - ok
12:13:03.0220 2472 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
12:13:03.0236 2472 volsnap - ok
12:13:03.0236 2472 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:13:03.0251 2472 vsmraid - ok
12:13:03.0298 2472 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
12:13:03.0345 2472 VSS - ok
12:13:03.0376 2472 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:13:03.0392 2472 vwifibus - ok
12:13:03.0407 2472 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:13:03.0454 2472 W32Time - ok
12:13:03.0470 2472 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:13:03.0485 2472 WacomPen - ok
12:13:03.0501 2472 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:13:03.0516 2472 WANARP - ok
12:13:03.0532 2472 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:13:03.0548 2472 Wanarpv6 - ok
12:13:03.0610 2472 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:13:03.0657 2472 WatAdminSvc - ok
12:13:03.0688 2472 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
12:13:03.0782 2472 wbengine - ok
12:13:03.0797 2472 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:13:03.0813 2472 WbioSrvc - ok
12:13:03.0875 2472 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:13:03.0891 2472 wcncsvc - ok
12:13:03.0906 2472 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:13:03.0969 2472 WcsPlugInService - ok
12:13:04.0000 2472 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:13:04.0016 2472 Wd - ok
12:13:04.0047 2472 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:13:04.0062 2472 Wdf01000 - ok
12:13:04.0078 2472 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:13:04.0125 2472 WdiServiceHost - ok
12:13:04.0125 2472 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:13:04.0140 2472 WdiSystemHost - ok
12:13:04.0203 2472 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
12:13:04.0250 2472 WebClient - ok
12:13:04.0281 2472 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:13:04.0296 2472 Wecsvc - ok
12:13:04.0312 2472 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:13:04.0359 2472 wercplsupport - ok
12:13:04.0390 2472 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:13:04.0406 2472 WerSvc - ok
12:13:04.0437 2472 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:13:04.0452 2472 WfpLwf - ok
12:13:04.0468 2472 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:13:04.0484 2472 WIMMount - ok
12:13:04.0499 2472 WinHttpAutoProxySvc - ok
12:13:04.0562 2472 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:13:04.0593 2472 Winmgmt - ok
12:13:04.0718 2472 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
12:13:04.0796 2472 WinRM - ok
12:13:04.0983 2472 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:13:05.0014 2472 Wlansvc - ok
12:13:05.0030 2472 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:13:05.0045 2472 WmiAcpi - ok
12:13:05.0076 2472 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:13:05.0108 2472 wmiApSrv - ok
12:13:05.0170 2472 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:13:05.0248 2472 WMPNetworkSvc - ok
12:13:05.0279 2472 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:13:05.0295 2472 WPCSvc - ok
12:13:05.0295 2472 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:13:05.0310 2472 WPDBusEnum - ok
12:13:05.0342 2472 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:13:05.0373 2472 ws2ifsl - ok
12:13:05.0373 2472 WSearch - ok
12:13:05.0404 2472 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:13:05.0466 2472 WudfPf - ok
12:13:05.0498 2472 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:13:05.0513 2472 WUDFRd - ok
12:13:05.0544 2472 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:13:05.0560 2472 wudfsvc - ok
12:13:05.0591 2472 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:13:05.0607 2472 WwanSvc - ok
12:13:05.0607 2472 ================ Scan global ===============================
12:13:05.0669 2472 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
12:13:05.0700 2472 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
12:13:05.0716 2472 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
12:13:05.0763 2472 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:13:05.0778 2472 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:13:05.0778 2472 [Global] - ok
12:13:05.0794 2472 ================ Scan MBR ==================================
12:13:05.0794 2472 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:13:06.0527 2472 \Device\Harddisk0\DR0 - ok
12:13:06.0543 2472 ================ Scan VBR ==================================
12:13:06.0543 2472 [ 14EFABAB0569D2C740D249759F92DC5E ] \Device\Harddisk0\DR0\Partition1
12:13:06.0558 2472 \Device\Harddisk0\DR0\Partition1 - ok
12:13:06.0574 2472 [ 504AF3E3E13403BB8E3398252F8F29E6 ] \Device\Harddisk0\DR0\Partition2
12:13:06.0574 2472 \Device\Harddisk0\DR0\Partition2 - ok
12:13:06.0574 2472 ============================================================
12:13:06.0574 2472 Scan finished
12:13:06.0574 2472 ============================================================
12:13:06.0590 2464 Detected object count: 0
12:13:06.0590 2464 Actual detected object count: 0
|
|
28.05.2013, 11:18
| #8 |
| /// Malware-holic | System Anti Virus Hi, nutzt du den PC fürs onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.05.2013, 11:33
| #9 |
| | System Anti Virus Ja, ich habe ihn vor Kurzem noch ab und an zu solchen Zwecken genutzt. Dann konnte ich aber nicht mehr in meinen ebay Account. Mein Username wurde durch seltsame, teils chinesische Zeichen, dargestellt. Und nach Eingabe des Passworts kam ich zwar auf die Startseite, doch bei dem Versuch, in "mein Ebay" o.ä. zu kommen, sollte ich immer wieder mein Passwort eingeben. Als ich einmal online Banking machen wollte, stand auf der Startseite ein Hinweis, es gäbe eine neue Sicherheitsüberprüfung, die einige Sekunden (oder Minuten) dauern würde. Danach wurde ich gebeten, eine Testüberweisung auf ein angegebenes Konto zu tätigen. Seitdem habe ich weder Banking noch Online Shopping hier betrieben. Dieser PC steht an meinem Arbeitsplatz. Es gibt aber weitere Personen, die Zugang zu diesem haben. Seit oben erwähnten Vorgängen hat sich jemand, die hier PC-Kurse gibt, den PC wohl angeblich angesehen und ihn angeblich "auf Vordermann" gebracht. Meine Passworte fürs Banking und ebay habe ich in der Zwischenzeit an meinem privaten PC geändert. Ich habe es hier nicht wieder versucht, mich einzuloggen. Der PC funktionierte zwischenzeitlich, wenn auch teils sehr langsam, bis dass eben in dem Administratoraccount letzte Woche nichts mehr ging. |
|
28.05.2013, 13:55
| #10 |
| /// Malware-holic | System Anti Virus Also wenn ihr denjenigen noch bezahlt habt dafür war das rausgeschmissenes Geld. Hier war das Rootkit.tdss drauf. ich würde niemals an nem fremden PC onlinebanking machen, undkeine Mails abrufen das is viel zu unsicher. 1. habt ihr ne it abteilung? Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC für onlinebanking, verwendest Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Ich würde den, da ihr daran außerdem arbeitet einmal neu aufsetzen und absichern, anleitungen bekommt ihr, müsst ihr aber mit dem cheff absprechen denke ich.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.05.2013, 19:30
| #11 |
| | System Anti Virus Ich arbeite hier in einer Zweigstelle, die Zentrale sitzt in Kaiserslautern. Ob die da eine IT-Abteilung haben, weiß ich nicht, aber die machen sich nicht die Mühe, hier her zu kommen. Und wenn, dann würde man ewig darauf warten. Ich würde also gerne die Bereinigung mitmachen. Sie möchten ja hier, dass alles ok ist. Also vielen Dank im Voraus. Ich muss nur sagen, dass ich die Schritte nicht jeden Tag ausführen kann. Vielen Dank!! |
|
28.05.2013, 20:26
| #12 |
| /// Malware-holic | System Anti Virus Hi, dass solltet ihr rausfinden ob die Firmenzentrale da Richtlinien hatt, unter Umständen kannst du dir sonst ärger einhandeln, zumal Rootkits sensible Daten stehlen können, wie zb Passwörter.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.05.2013, 21:17
| #13 |
| | System Anti Virus Aber wenn das Ding da drauf ist und ich es entfernen möchte, kann das doch nur gut sein.... Keine Ahnung, was die "Expertin" vorher gemacht hatte, aber sie hatte auch nicht erst bei der Zentrale nachgefragt. |
|
28.05.2013, 21:26
| #14 |
| /// Malware-holic | System Anti Virus hi, aber wie gesagt, haben Firmen spezielle Richtlinien, bzw sollten sie. 2. wenn wir die Malware evtl. nicht vollständig entfernen, kann das evtl. falls ihr ne IT-Abteilung habt ärger für dich geben, da du das nicht gemeldet hast. 3. wird eure IT-Abteilung dafür bezahlt das zu tun, und deswegen haben wir das hier auch so geregelt, dass wir bei solchen PC's nicht reinigen, wenn es denn eine solche gibt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.05.2013, 14:19
| #15 |
| | System Anti Virus Ok, ich versuche mich mal zu erkundigen. Haben denn dieser Rootkit und System Anti Virus etwas miteinander zu tun? Und woher kommen diese? Danke |
|
| Themen zu System Anti Virus |
| 0x8007042, 7-zip, antivirus, bho, canon, classpnp.sys, error, explorer, firefox, flash player, format, home, install.exe, logfile, mozilla, ntdll.dll, ntopenkeyex, nvidia, object, plug-in, realtek, registry, rundll, scan, security, software, svchost.exe, system, system anti virus, system care, temp, updates, virus, warnung, windows |
Textbox. 
Linear-Darstellung
