| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner Windows 7 64bitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.06.2013, 20:52
| #1 |
| |  GVU Trojaner Windows 7 64bit Hallo sitze gerade mit dem "GVU-Trojaner Laptop" einer Bekannten hier und bin so ein bischen am verzweifeln Okay habe jetzt endlich geschafft OTL in der Eingabeaufforderung zum laufen zu bekommen ich hoffe ich hab alles richtig gemacht OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.06.2013 23:36:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,93 Gb Total Physical Memory | 3,34 Gb Available Physical Memory | 85,00% Memory free
7,85 Gb Paging File | 7,27 Gb Available in Paging File | 92,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 59,68 Gb Free Space | 51,26% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 155,18 Gb Free Space | 47,05% Space Free | Partition Type: NTFS
Drive F: | 3,60 Gb Total Space | 3,59 Gb Free Space | 99,65% Space Free | Partition Type: FAT32
Computer Name: BLACKY | User Name: hennings | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09A702CF-1CD8-41F5-A79D-6A5149765C46}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{138EDA98-2377-4054-AA15-F892E36230A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{1D6E4D5E-9F81-477B-A69E-4287A4A6C3BD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FEA2542-5DB1-4577-9F65-F3B89A940171}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2EC6C688-7CB1-4A7E-9249-8B74E927F9E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{36F6DAC7-9513-4628-9065-C01F75CDF5CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38595D5D-D290-44C4-80C5-55718E0A20DB}" = rport=137 | protocol=17 | dir=out | app=system |
"{52A99679-4024-49BF-B6F0-2686FD10A116}" = rport=139 | protocol=6 | dir=out | app=system |
"{58510DB6-2B17-4045-B100-C62973B70DED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{722F1C38-41B9-4E96-B9EE-6430BFC9907A}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{7FAE5277-AD7D-4BA5-AE1F-5D7558B41091}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{816A6515-7347-424B-97BF-7F1DD2E5DCE6}" = lport=139 | protocol=6 | dir=in | app=system |
"{84352942-5B46-47CB-9BF1-5FBC5E194AEE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{929DC834-E7B1-43AE-A2CB-230C9689491F}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{9FF780F4-5A82-47ED-9E2A-0E8B7F22017D}" = rport=138 | protocol=17 | dir=out | app=system |
"{A6AFBE7A-86BF-430A-84A7-BA6305C2CFFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA4F69FA-8E0C-42C6-9107-A5437EEC2427}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AB5CE496-A92F-4C4C-B236-CD3EA93CED0E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B01623D9-280C-4412-849D-8A02C5C9686C}" = lport=138 | protocol=17 | dir=in | app=system |
"{B721684B-03A6-4F80-B06F-9AE51B515B2F}" = lport=445 | protocol=6 | dir=in | app=system |
"{C93E77EE-248D-4D5E-9793-A27C2DECF870}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DDBFD1BF-3A75-477B-8F39-18151AA74301}" = rport=445 | protocol=6 | dir=out | app=system |
"{DEBB420C-3D8D-4942-A106-F1EC1BC7B83C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1CDEC9A-9425-44AF-AAC2-653652727222}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{087301D8-DA85-45F1-87A0-19BA5FF54E80}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0AA244F0-CFA5-4254-B907-B9C979424AD0}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{1034E5EE-14AB-4690-B9C0-B1E007922737}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{152D4F6F-BC23-4325-BCC5-4C60BCFB5644}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{17705DFE-165D-4482-BFC9-6B29E73E9152}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1847D1DF-AF56-4F4A-89C2-2ACD5B13DE01}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{1CB95BC9-6D8D-4108-BD2E-400F91DD1672}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{271A1E1D-FBAA-4BB8-AC9F-A8C8ACDFD804}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{2F835211-CC71-4E2E-9ACA-758DB2FE3A84}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2F989E16-4930-4014-84FA-806E543F22C2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{351F6BB4-BDEC-4837-A200-7DBA121B9E5B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C7C95A5-695E-455F-9A38-EE4460065A54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3CB354FB-BFBE-4354-98A9-49C7893D11BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F2FA61B-3CF7-4D68-B60E-87F972447403}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{3F357359-F8D9-4F74-9C28-849079FCBE84}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3FC6C1A2-BC77-488C-B4E6-12F501DB28E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40F04EDC-8B80-41D9-A1BF-7E19B85E32F3}" = protocol=6 | dir=in | app=c:\users\hennings\appdata\local\akamai\netsession_win.exe |
"{48C154CF-5D48-4CB9-8D55-6DD65E30435C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4ABBFAF6-B753-41AC-B654-BC45DDDEFCBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4AC7B15D-CDD2-49E8-8631-6E18C4D721D6}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{4C514F68-35AF-4DBA-9E13-C5C57744DF90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6221EB0D-1F60-412F-B7A9-35C58D011F9E}" = protocol=6 | dir=in | app=c:\users\hennings\appdata\local\microsoft\windows\temporary internet files\content.ie5\5746y1ph\jewelquest3sdm.exe |
"{64FE7875-CE3D-4C50-8E6E-7D0D042E182F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{696640B8-DFF8-4760-ACA6-37159F86B319}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E5DFF0C-49A2-4A0F-A3FB-2F997A44EC6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F9208B9-F42E-4EE0-8B88-EFC6FA9CA5D2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7EE9196C-A450-465D-8240-9E256849ADB4}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe |
"{84FC25A7-263B-4AAC-B76D-C897CD2288A8}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{875DB52D-6CFE-418A-9C77-223C6C71D0D5}" = protocol=6 | dir=out | app=system |
"{96BF1A5C-1C5D-494D-8D43-A647FBF0176F}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{9A5429F1-2D12-4A14-AD26-8E5C1DA58E30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BD6B0FA-C64F-4CAB-93C4-3B6A3F2C90B5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9EB06D8C-D675-47B7-8716-1F5B66AD6491}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A0432E7B-8C76-4E93-9AB0-298570D4A218}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe |
"{C0660D67-4304-4E80-A494-4251B10EBDAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D1C9518F-E936-46CB-9B1D-9721CC5F3541}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DD9EA906-D43C-4C97-AA6F-E8FDD99A0A27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DEB3A5F7-1858-4C63-90C6-8A2116C1EB8A}" = protocol=17 | dir=in | app=c:\users\hennings\appdata\local\microsoft\windows\temporary internet files\content.ie5\5746y1ph\jewelquest3sdm.exe |
"{E30E3C33-3015-44A0-8C1B-B0F6E16411D8}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{EA62B3FA-F83A-4DB2-9C5C-7CB68C6DEBE4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F1406A4F-F07D-475B-9C33-4DE75A019A99}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{F68ED9DC-F62B-44F8-8FFD-C7C29AE4CB4C}" = protocol=17 | dir=in | app=c:\users\hennings\appdata\local\akamai\netsession_win.exe |
"{FE460BF2-CEDA-46FF-8981-5BB1E075D333}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{36F9F4BC-8FBB-4E12-A2A2-BE9C04C9C452}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"TCP Query User{4C09E496-0AD6-4FB9-94DC-95D44AEFFC94}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"TCP Query User{805622A3-9AEB-4B31-9FE4-E616E43BE32C}C:\users\hennings\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\hennings\appdata\local\akamai\netsession_win.exe |
"TCP Query User{FD9ACD04-EB89-465B-9C25-B32BB4227CA9}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{6136E05A-C548-474B-A1BC-F802F314C354}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{6578CF92-43E0-4F94-BF78-434D219A33C0}C:\users\hennings\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\hennings\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B79C19B2-ACAB-430F-B49A-519FF9A7CE85}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{BC754B0A-2176-430C-9052-F397BF0F109D}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2E414A76-E6A7-3504-4235-29EAB3FE1F7A}" = ATI AVIVO64 Codecs
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96CCD84C-3F80-C618-6202-568608213C7E}" = ccc-utility64
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FDB61EAE-7C1D-7EB6-E1EE-14528E3EB266}" = ATI Catalyst Install Manager
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.11_WHQL
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{011162D5-6853-9D60-2BD4-1F3D01966A59}" = CCC Help English
"{05CF7905-AD18-769E-7717-1DC8AF388BEA}" = CCC Help Hungarian
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1382CAD9-2A6A-F826-96DF-27CC6CC7B3B0}" = CCC Help Czech
"{1F4C4124-6D6C-4282-63B8-F9468E4404BC}" = Catalyst Control Center InstallProxy
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = TotalMedia
"{28452235-8D43-464B-EDB2-18DA5542722D}" = CCC Help Portuguese
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3BD37E91-C31A-CB8A-C48C-21CE58723AEF}" = CCC Help Polish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{47A1A0D5-37DE-7A02-F411-8DFBA338CCC2}" = CCC Help Swedish
"{47B4F3BD-1FCB-914B-397A-7220136A175F}" = CCC Help Japanese
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4D38B420-FDA9-282A-DBBA-3E8E9158A5F4}" = Catalyst Control Center Localization All
"{597535B3-348A-8FBF-1C39-C21E634C1E8A}" = CCC Help Norwegian
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{69A7B958-4617-9924-F32B-7C1FF3C7EE6C}" = Catalyst Control Center Graphics Previews Common
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73AA1842-2960-328C-E51E-CEC0B23950C2}" = Catalyst Control Center Graphics Previews Vista
"{75CE15F1-3508-D4AA-6EB4-AB9D55FAD076}" = CCC Help Russian
"{76246D4D-C095-5B94-9EFA-0F6DFF804BB1}" = CCC Help Greek
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CC4640-98F0-603A-2CDB-A981F09FED6D}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D1C43EB-EAE9-5D8C-FEF4-E00AF6B9500F}" = CCC Help Finnish
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81BEA2F5-4F9B-4AF5-A9B2-3210F71931D3}" = Catalyst Control Center - Branding
"{886EA01E-D4B4-D2E1-CEA2-213E9C06DFF5}" = CCC Help Spanish
"{88799CBD-90A6-67FB-310E-79CAB1479F0F}" = CCC Help Chinese Traditional
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2F5A60-B69E-4BD4-A457-1A1009CAC017}" = Tv IR
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8847D7-DF68-2325-250A-96BE101FCF69}" = CCC Help Italian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AA8F54E5-393C-B09B-B641-7CE1D1E1933F}" = CCC Help Dutch
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B8174E5B-B515-3423-1273-4B4B6B483C4B}" = CCC Help Chinese Standard
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1234B72-5EAF-807C-46E8-59A1C9FEF6CA}" = CCC Help Turkish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D042E67C-C16C-4FC3-BBD8-877CFE20B6C4}" = Diver Install 64-bit
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D5CCDB0C-00B7-3A4F-3877-6C57920F05D8}" = CCC Help Korean
"{DA8D3A2D-5FD5-82D1-C9A8-801079EE0FD0}" = CCC Help Thai
"{DAB623DC-33F2-E22E-7B24-2270E8AB1EB3}" = ccc-core-static
"{DDA92568-FE0E-E2F4-35A5-7CD99ADACF26}" = CCC Help Danish
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC6A04DE-135E-AC5C-AA19-8E350AA5B6D4}" = CCC Help German
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ASUS WebStorage" = ASUS WebStorage
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"DivXCodec" = DivX 4.11 Codec
"ElsterFormular" = ElsterFormular
"ElsterFormular 2008 - 2009 2008-2009" = ElsterFormular 2008 - 2009
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{9B2F5A60-B69E-4BD4-A457-1A1009CAC017}" = Tv IR
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D042E67C-C16C-4FC3-BBD8-877CFE20B6C4}" = Diver Install 64-bit
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"Interloper" = Interloper (remove only)
"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.06.2013 06:51:42 | Computer Name = blacky | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 02.06.2013 08:46:22 | Computer Name = blacky | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 02.06.2013 09:01:33 | Computer Name = blacky | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 02.06.2013 09:18:45 | Computer Name = blacky | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 02.06.2013 10:11:10 | Computer Name = blacky | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000420 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0xef4 Startzeit der fehlerhaften Anwendung: 0x01ce5f9b01034fa0
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 4606177f-cb8e-11e2-8535-20cf30d349f1
Error - 02.06.2013 10:38:55 | Computer Name = blacky | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 02.06.2013 12:19:22 | Computer Name = blacky | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
nicht initialisiert werden. Details: Could not query the status of the EventSystem
service. System Error: Der Computer wird heruntergefahren. .
Error - 02.06.2013 12:49:14 | Computer Name = blacky | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 02.06.2013 13:54:58 | Computer Name = blacky | Source = Application Virtualization Client | ID = 5009
Description = {hap=12:app=OfficeVirt 9014006604070000:tid=C54} Application Virtualization
Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.5138.5002.sft'
herstellen (Rückgabecode 00000729-00000026, ursprünglicher Rückgabecode 00000729-00000026).
Error - 02.06.2013 13:54:58 | Computer Name = blacky | Source = Application Virtualization Client | ID = 3008
Description = {hap=12:app=OfficeVirt 9014006604070000:tid=C54} Der Client konnte
keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode
00000729-00000026).
[ OSession Events ]
Error - 18.02.2013 17:14:12 | Computer Name = blacky | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 02.06.2013 17:35:04 | Computer Name = blacky | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.06.2013 17:35:06 | Computer Name = blacky | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.06.2013 17:35:10 | Computer Name = blacky | Source = DCOM | ID = 10005
Description =
Error - 02.06.2013 17:35:11 | Computer Name = blacky | Source = DCOM | ID = 10005
Description =
Error - 02.06.2013 17:35:14 | Computer Name = blacky | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.06.2013 17:35:14 | Computer Name = blacky | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.06.2013 17:35:14 | Computer Name = blacky | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.06.2013 17:35:14 | Computer Name = blacky | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.06.2013 17:35:14 | Computer Name = blacky | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.06.2013 17:35:14 | Computer Name = blacky | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
[/code] OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.06.2013 23:36:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 3,34 Gb Available Physical Memory | 85,00% Memory free 7,85 Gb Paging File | 7,27 Gb Available in Paging File | 92,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 59,68 Gb Free Space | 51,26% Space Free | Partition Type: NTFS Drive D: | 329,79 Gb Total Space | 155,18 Gb Free Space | 47,05% Space Free | Partition Type: NTFS Drive F: | 3,60 Gb Total Space | 3,59 Gb Free Space | 99,65% Space Free | Partition Type: FAT32 Computer Name: BLACKY | User Name: hennings | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.02 17:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2010.10.09 11:00:14 | 000,859,712 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV:64bit: - [2010.08.11 15:44:45 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.06.22 21:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.02.23 13:56:42 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV:64bit: - [2010.02.23 13:56:40 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy) SRV:64bit: - [2009.08.07 00:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.05.18 18:22:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.28 17:23:32 | 004,561,152 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.07.28 18:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.03.31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.11 07:57:59 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2010.09.14 10:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.08.11 16:15:49 | 007,765,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.08.11 15:11:07 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.07.30 19:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt) DRV:64bit: - [2010.07.30 19:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt) DRV:64bit: - [2010.07.30 19:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint) DRV:64bit: - [2010.07.15 02:47:41 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.07.14 08:17:27 | 000,735,360 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010.04.13 12:15:03 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.03.02 10:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.02.25 05:26:57 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) DRV:64bit: - [2010.02.23 13:57:30 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2009.09.18 06:13:02 | 000,063,520 | ---- | M] (Siano) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smsbda.sys -- (smsbda) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.18 10:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.08.07 00:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.13 19:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2008.12.08 18:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2013.03.20 10:07:16 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2009.03.31 10:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=10&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKCU\..\SearchScopes,DefaultScope = {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms} IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb143/?search={searchTerms}&loc=IB_DS&a=6R8sjmEvVb&i=26 IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms} IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=10&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0 FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2 FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb143/?loc=IB_DS&a=6R8sjmEvVb&&i=26&search=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "MyStart Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb143?a=6R8sjmEvVb&i=26" FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.18 20:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hennings\AppData\Roaming\mozilla\Extensions [2012.09.24 15:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hennings\AppData\Roaming\mozilla\Firefox\Profiles\4yqfmeq3.default\extensions [2012.07.08 23:25:03 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\hennings\AppData\Roaming\mozilla\Firefox\Profiles\4yqfmeq3.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012.05.08 20:59:26 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\hennings\AppData\Roaming\mozilla\Firefox\Profiles\4yqfmeq3.default\extensions\ffxtlbr@incredibar.com [2012.09.24 15:41:40 | 000,518,756 | ---- | M] () (No name found) -- C:\Users\hennings\AppData\Roaming\mozilla\firefox\profiles\4yqfmeq3.default\extensions\toolbar@web.de.xpi [2013.04.24 23:26:02 | 000,002,402 | ---- | M] () -- C:\Users\hennings\AppData\Roaming\mozilla\firefox\profiles\4yqfmeq3.default\searchplugins\bingp.xml [2012.05.08 20:58:45 | 000,002,203 | ---- | M] () -- C:\Users\hennings\AppData\Roaming\mozilla\firefox\profiles\4yqfmeq3.default\searchplugins\MyStart Search.xml [2012.07.02 00:01:01 | 000,003,949 | ---- | M] () -- C:\Users\hennings\AppData\Roaming\mozilla\firefox\profiles\4yqfmeq3.default\searchplugins\sweetim.xml [2012.07.10 21:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.28 00:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.04.28 00:19:12 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - Extension: YouTube = C:\Users\hennings\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\hennings\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\hennings\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TV IR] C:\Program Files (x86)\TV IR\TV IR.exe () O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\hennings\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_SD1FE.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [Exetender_148] "C:\Program Files (x86)\FreeRide Games\GPlayer.exe" /schedule 300000 File not found O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (Reg Error: Key error.) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADB52966-51AD-4FA0-A287-59ADCB798AC7}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\hennings\AppData\Roaming\skype.dat) - C:\Users\hennings\AppData\Roaming\skype.dat () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.03 04:55:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.06.02 19:19:11 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.05.23 23:19:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.23 23:19:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.23 23:19:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.23 23:19:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.23 23:19:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.23 23:19:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.23 23:19:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.23 23:19:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.23 23:19:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.23 23:19:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.23 23:19:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.23 23:19:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.23 23:19:44 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.23 23:19:44 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.23 23:19:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.18 19:08:00 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.18 19:07:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.18 19:07:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.18 19:07:56 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.18 18:48:48 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.18 18:48:48 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.18 18:41:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.05 13:32:48 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.05.05 13:32:47 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.05.05 13:32:47 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.05.05 13:32:47 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.05.05 13:32:47 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.05.05 13:32:47 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.05.05 13:30:53 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.05.05 13:30:52 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.05.05 13:30:52 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.05.05 13:30:51 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.05.05 13:30:51 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.05.05 13:30:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.02 23:33:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.02 23:33:20 | 3161,886,720 | -HS- | M] () -- C:\hiberfil.sys [2013.06.02 23:32:28 | 000,000,004 | ---- | M] () -- C:\Users\hennings\AppData\Roaming\skype.ini [2013.06.02 20:01:54 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.02 20:01:54 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.02 19:27:54 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl [2013.06.02 19:04:18 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat [2013.06.02 18:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.02 18:39:44 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.02 18:39:44 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.02 18:39:44 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.02 18:39:44 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.02 18:39:44 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.22 06:50:32 | 000,504,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.18 18:21:56 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.18 18:21:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.02 19:04:18 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2013.06.02 14:45:58 | 000,000,004 | ---- | C] () -- C:\Users\hennings\AppData\Roaming\skype.ini [2013.04.04 21:55:30 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013.04.04 21:55:30 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.10.05 13:04:40 | 000,010,495 | ---- | C] () -- C:\Users\hennings\stella7_elster_2048.pfx [2012.09.24 18:14:56 | 000,114,599 | ---- | C] () -- C:\Users\hennings\ESt2010_Hennings_Nico_und_Hennings_Annina.elfo [2012.09.24 17:05:15 | 000,102,806 | ---- | C] () -- C:\Users\hennings\ESt2009_Hennings_Nico_und_Hennings_Annina.elfo [2012.09.12 17:56:01 | 000,106,855 | ---- | C] () -- C:\Users\hennings\ESt2011_Hennings_Nico_und_Hennings_Annina.elfo [2012.07.16 19:24:59 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\sh33w32.dll [2012.07.15 23:01:32 | 000,063,488 | ---- | C] () -- C:\Users\hennings\xobglu16.dll [2012.07.15 23:01:32 | 000,023,552 | ---- | C] () -- C:\Users\hennings\xobglu32.dll [2012.07.10 21:37:36 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2012.06.04 22:12:59 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\PTTreeIcons.dll [2012.01.11 15:50:34 | 000,060,928 | ---- | C] () -- C:\Users\hennings\AppData\Roaming\skype.dat [2011.07.11 18:50:33 | 014,197,342 | ---- | C] () -- C:\Users\hennings\AppData\Roaming\UserTile.png [2011.05.10 16:07:10 | 000,000,000 | ---- | C] () -- C:\Users\hennings\AppData\Local\{74FEBED8-0213-4C3E-8789-354B16466E07} [2011.05.07 11:28:27 | 000,000,000 | ---- | C] () -- C:\Users\hennings\AppData\Local\{20F37F93-5E3F-49E2-9B6F-0BB2F8D03AF3} ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E8C44CB4 < End of report > [/code] |
|
02.06.2013, 20:54
| #2 |
| /// Malware-holic   | GVU Trojaner Windows 7 64bit Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O20 - HKCU Winlogon: Shell - (C:\Users\hennings\AppData\Roaming\skype.dat) - C:\Users\hennings\AppData\Roaming\skype.dat ()
[2013.06.02 23:32:28 | 000,000,004 | ---- | M] () -- C:\Users\hennings\AppData\Roaming\skype.ini
:files
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ Geändert von markusg (02.06.2013 um 21:01 Uhr) |
|
02.06.2013, 21:24
| #3 |
| | GVU Trojaner Windows 7 64bit Soweit scheint es erstmal wieder zu laufen...
__________________Upload sollte geklappt haben |
|
02.06.2013, 21:28
| #4 |
| /// Malware-holic | GVU Trojaner Windows 7 64bit Danke fürs hochladen. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.06.2013, 21:34
| #5 |
| | GVU Trojaner Windows 7 64bit Und das TDSSkiller log ist zu groß... -.- ^^ also als Code Code:
ATTFilter 00:30:29.0798 2732 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:30:29.0829 2732 ============================================================
00:30:29.0829 2732 Current date / time: 2013/06/03 00:30:29.0829
00:30:29.0829 2732 SystemInfo:
00:30:29.0829 2732
00:30:29.0829 2732 OS Version: 6.1.7601 ServicePack: 1.0
00:30:29.0829 2732 Product type: Workstation
00:30:29.0829 2732 ComputerName: BLACKY
00:30:29.0829 2732 UserName: hennings
00:30:29.0829 2732 Windows directory: C:\Windows
00:30:29.0829 2732 System windows directory: C:\Windows
00:30:29.0829 2732 Running under WOW64
00:30:29.0829 2732 Processor architecture: Intel x64
00:30:29.0829 2732 Number of processors: 8
00:30:29.0829 2732 Page size: 0x1000
00:30:29.0829 2732 Boot type: Normal boot
00:30:29.0829 2732 ============================================================
00:30:34.0525 2732 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:30:34.0540 2732 Drive \Device\Harddisk1\DR2 - Size: 0xE74B0000 (3.61 Gb), SectorSize: 0x200, Cylinders: 0x1D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:30:34.0556 2732 ============================================================
00:30:34.0556 2732 \Device\Harddisk0\DR0:
00:30:34.0587 2732 MBR partitions:
00:30:34.0587 2732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2710040, BlocksNum 0xE8E1C28
00:30:34.0603 2732 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10FF2468, BlocksNum 0x29393BC8
00:30:34.0603 2732 \Device\Harddisk1\DR2:
00:30:34.0603 2732 MBR partitions:
00:30:34.0603 2732 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x738600
00:30:34.0603 2732 ============================================================
00:30:34.0790 2732 C: <-> \Device\Harddisk0\DR0\Partition1
00:30:34.0946 2732 D: <-> \Device\Harddisk0\DR0\Partition2
00:30:34.0946 2732 ============================================================
00:30:34.0946 2732 Initialize success
00:30:34.0946 2732 ============================================================
00:30:41.0841 4276 ============================================================
00:30:41.0841 4276 Scan started
00:30:41.0841 4276 Mode: Manual;
00:30:41.0841 4276 ============================================================
00:30:44.0883 4276 ================ Scan system memory ========================
00:30:44.0883 4276 System memory - ok
00:30:44.0883 4276 ================ Scan services =============================
00:30:45.0928 4276 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:30:45.0928 4276 1394ohci - ok
00:30:46.0022 4276 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:30:46.0038 4276 ACPI - ok
00:30:46.0084 4276 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:30:46.0100 4276 AcpiPmi - ok
00:30:46.0334 4276 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:30:46.0350 4276 AdobeARMservice - ok
00:30:46.0989 4276 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:30:47.0020 4276 AdobeFlashPlayerUpdateSvc - ok
00:30:47.0114 4276 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:30:47.0145 4276 adp94xx - ok
00:30:47.0223 4276 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:30:47.0270 4276 adpahci - ok
00:30:47.0301 4276 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:30:47.0301 4276 adpu320 - ok
00:30:47.0410 4276 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
00:30:47.0426 4276 ADSMService - ok
00:30:47.0473 4276 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:30:47.0488 4276 AeLookupSvc - ok
00:30:47.0566 4276 [ 734D1BA96BE6AD8D04E6AFEAD569EA8A ] AFBAgent C:\Windows\system32\FBAgent.exe
00:30:47.0598 4276 AFBAgent - ok
00:30:47.0676 4276 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
00:30:47.0676 4276 Afc - ok
00:30:47.0800 4276 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:30:47.0832 4276 AFD - ok
00:30:47.0988 4276 [ 7E077309910CE334C3B2B7B8665A55C4 ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
00:30:48.0128 4276 AffinegyService - ok
00:30:48.0175 4276 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:30:48.0190 4276 agp440 - ok
00:30:48.0627 4276 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
00:30:48.0643 4276 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
00:30:48.0643 4276 Akamai ( HiddenFile.Multi.Generic ) - warning
00:30:48.0643 4276 Akamai - detected HiddenFile.Multi.Generic (1)
00:30:48.0705 4276 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:30:48.0736 4276 ALG - ok
00:30:48.0799 4276 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:30:48.0814 4276 aliide - ok
00:30:48.0861 4276 [ 4DC67E735CF6FF48C0AA65ADDD9ED02B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:30:48.0861 4276 AMD External Events Utility - ok
00:30:48.0924 4276 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:30:48.0939 4276 amdide - ok
00:30:48.0986 4276 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:30:49.0002 4276 AmdK8 - ok
00:30:49.0329 4276 [ 83CE9DBEB00232195C55CA1A71EC4626 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:30:49.0501 4276 amdkmdag - ok
00:30:49.0563 4276 [ EDE53A9C875A1FB6281A8D25F56CCD72 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
00:30:49.0563 4276 amdkmdap - ok
00:30:49.0579 4276 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:30:49.0594 4276 AmdPPM - ok
00:30:49.0641 4276 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:30:49.0657 4276 amdsata - ok
00:30:49.0688 4276 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:30:49.0719 4276 amdsbs - ok
00:30:49.0750 4276 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:30:49.0750 4276 amdxata - ok
00:30:49.0813 4276 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:30:49.0844 4276 AppID - ok
00:30:49.0891 4276 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:30:49.0891 4276 AppIDSvc - ok
00:30:49.0969 4276 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
00:30:49.0969 4276 Appinfo - ok
00:30:50.0094 4276 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:30:50.0109 4276 Apple Mobile Device - ok
00:30:50.0156 4276 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:30:50.0187 4276 arc - ok
00:30:50.0203 4276 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:30:50.0218 4276 arcsas - ok
00:30:50.0265 4276 [ 88FBC8BEBFD38566235EAA5E4DBC4E05 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
00:30:50.0265 4276 AsDsm - ok
00:30:50.0468 4276 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
00:30:50.0468 4276 ASLDRService - ok
00:30:50.0530 4276 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
00:30:50.0530 4276 ASMMAP64 - ok
00:30:50.0562 4276 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:30:50.0577 4276 AsyncMac - ok
00:30:50.0624 4276 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:30:50.0624 4276 atapi - ok
00:30:50.0952 4276 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
00:30:51.0045 4276 athr - ok
00:30:51.0123 4276 [ CBE5F8B3E54198F5DFE403A55A95DE08 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
00:30:51.0123 4276 AtiHDAudioService - ok
00:30:51.0154 4276 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
00:30:51.0326 4276 ATKGFNEXSrv - ok
00:30:51.0482 4276 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:30:51.0513 4276 AudioEndpointBuilder - ok
00:30:51.0576 4276 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:30:51.0576 4276 AudioSrv - ok
00:30:51.0623 4276 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:30:51.0638 4276 AxInstSV - ok
00:30:51.0732 4276 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:30:51.0763 4276 b06bdrv - ok
00:30:51.0810 4276 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:30:51.0825 4276 b57nd60a - ok
00:30:51.0872 4276 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:30:51.0888 4276 BDESVC - ok
00:30:51.0935 4276 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:30:51.0950 4276 Beep - ok
00:30:52.0075 4276 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:30:52.0106 4276 BFE - ok
00:30:52.0278 4276 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
00:30:52.0325 4276 BITS - ok
00:30:52.0356 4276 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:30:52.0371 4276 blbdrive - ok
00:30:52.0418 4276 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:30:52.0434 4276 bowser - ok
00:30:52.0465 4276 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:30:52.0465 4276 BrFiltLo - ok
00:30:52.0496 4276 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:30:52.0496 4276 BrFiltUp - ok
00:30:52.0574 4276 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:30:52.0574 4276 Browser - ok
00:30:52.0683 4276 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:30:52.0793 4276 Brserid - ok
00:30:52.0824 4276 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:30:52.0839 4276 BrSerWdm - ok
00:30:52.0886 4276 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:30:52.0917 4276 BrUsbMdm - ok
00:30:52.0933 4276 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:30:52.0933 4276 BrUsbSer - ok
00:30:52.0949 4276 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:30:52.0949 4276 BTHMODEM - ok
00:30:52.0995 4276 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:30:53.0011 4276 bthserv - ok
00:30:53.0058 4276 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:30:53.0073 4276 cdfs - ok
00:30:53.0120 4276 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:30:53.0136 4276 cdrom - ok
00:30:53.0198 4276 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:30:53.0214 4276 CertPropSvc - ok
00:30:53.0245 4276 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:30:53.0276 4276 circlass - ok
00:30:53.0323 4276 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:30:53.0339 4276 CLFS - ok
00:30:53.0541 4276 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:30:53.0557 4276 clr_optimization_v2.0.50727_32 - ok
00:30:53.0885 4276 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:30:53.0885 4276 clr_optimization_v2.0.50727_64 - ok
00:30:54.0087 4276 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:30:54.0103 4276 clr_optimization_v4.0.30319_32 - ok
00:30:54.0290 4276 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:30:54.0306 4276 clr_optimization_v4.0.30319_64 - ok
00:30:54.0337 4276 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:30:54.0353 4276 CmBatt - ok
00:30:54.0399 4276 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:30:54.0415 4276 cmdide - ok
00:30:54.0477 4276 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:30:54.0509 4276 CNG - ok
00:30:54.0602 4276 [ 1D6C3F92AF23E352875438085F6AEDEE ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
00:30:54.0602 4276 CnxtHdAudService - ok
00:30:54.0633 4276 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:30:54.0633 4276 Compbatt - ok
00:30:54.0696 4276 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:30:54.0711 4276 CompositeBus - ok
00:30:54.0727 4276 COMSysApp - ok
00:30:54.0774 4276 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:30:54.0789 4276 crcdisk - ok
00:30:54.0836 4276 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:30:54.0852 4276 CryptSvc - ok
00:30:55.0117 4276 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:30:55.0133 4276 cvhsvc - ok
00:30:55.0242 4276 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:30:55.0289 4276 DcomLaunch - ok
00:30:55.0335 4276 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:30:55.0351 4276 defragsvc - ok
00:30:55.0382 4276 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:30:55.0398 4276 DfsC - ok
00:30:55.0507 4276 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:30:55.0538 4276 Dhcp - ok
00:30:55.0601 4276 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:30:55.0601 4276 discache - ok
00:30:55.0663 4276 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:30:55.0679 4276 Disk - ok
00:30:55.0772 4276 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:30:55.0835 4276 Dnscache - ok
00:30:55.0913 4276 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:30:55.0928 4276 dot3svc - ok
00:30:56.0006 4276 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:30:56.0006 4276 DPS - ok
00:30:56.0115 4276 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:30:56.0131 4276 drmkaud - ok
00:30:56.0334 4276 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:30:56.0349 4276 DXGKrnl - ok
00:30:56.0396 4276 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:30:56.0412 4276 EapHost - ok
00:30:57.0020 4276 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:30:57.0114 4276 ebdrv - ok
00:30:57.0145 4276 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:30:57.0145 4276 EFS - ok
00:30:57.0301 4276 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:30:57.0332 4276 ehRecvr - ok
00:30:57.0395 4276 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:30:57.0410 4276 ehSched - ok
00:30:57.0519 4276 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:30:57.0551 4276 elxstor - ok
00:30:57.0566 4276 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:30:57.0566 4276 ErrDev - ok
00:30:57.0629 4276 [ 0975BF32399A24117E317B5BF1D5D0AA ] ETD C:\Windows\system32\DRIVERS\ETD.sys
00:30:57.0629 4276 ETD - ok
00:30:57.0816 4276 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:30:57.0847 4276 EventSystem - ok
00:30:57.0894 4276 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:30:57.0909 4276 exfat - ok
00:30:57.0956 4276 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:30:57.0972 4276 fastfat - ok
00:30:58.0175 4276 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:30:58.0221 4276 Fax - ok
00:30:58.0268 4276 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:30:58.0284 4276 fdc - ok
00:30:58.0377 4276 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:30:58.0393 4276 fdPHost - ok
00:30:58.0424 4276 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:30:58.0440 4276 FDResPub - ok
00:30:58.0471 4276 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:30:58.0487 4276 FileInfo - ok
00:30:58.0565 4276 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:30:58.0580 4276 Filetrace - ok
00:30:58.0611 4276 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:30:58.0627 4276 flpydisk - ok
00:30:58.0689 4276 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:30:58.0721 4276 FltMgr - ok
00:30:58.0877 4276 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:30:58.0939 4276 FontCache - ok
00:30:59.0033 4276 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:30:59.0033 4276 FontCache3.0.0.0 - ok
00:30:59.0111 4276 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:30:59.0126 4276 FsDepends - ok
00:30:59.0173 4276 [ 5814011B2F6E088E29D689B5FCD49B8F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
00:30:59.0189 4276 fssfltr - ok
00:30:59.0391 4276 [ F6717211C1EC2CDDAA81B97B0727C2E9 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:30:59.0438 4276 fsssvc - ok
00:30:59.0844 4276 [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk C:\Windows\SysWOW64\FsUsbExDisk.SYS
00:30:59.0844 4276 FsUsbExDisk - ok
00:30:59.0875 4276 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:30:59.0875 4276 Fs_Rec - ok
00:30:59.0953 4276 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:30:59.0969 4276 fvevol - ok
00:31:00.0015 4276 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:31:00.0031 4276 gagp30kx - ok
00:31:00.0203 4276 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:31:00.0249 4276 gpsvc - ok
00:31:00.0312 4276 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:31:00.0327 4276 hcw85cir - ok
00:31:00.0405 4276 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:31:00.0437 4276 HdAudAddService - ok
00:31:00.0483 4276 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:31:00.0483 4276 HDAudBus - ok
00:31:00.0546 4276 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
00:31:00.0546 4276 HECIx64 - ok
00:31:00.0577 4276 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:31:00.0593 4276 HidBatt - ok
00:31:00.0624 4276 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:31:00.0655 4276 HidBth - ok
00:31:00.0671 4276 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:31:00.0733 4276 HidIr - ok
00:31:00.0795 4276 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:31:00.0811 4276 hidserv - ok
00:31:00.0920 4276 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:31:00.0936 4276 HidUsb - ok
00:31:00.0983 4276 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:31:00.0998 4276 hkmsvc - ok
00:31:01.0061 4276 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:31:01.0092 4276 HomeGroupListener - ok
00:31:01.0139 4276 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:31:01.0154 4276 HomeGroupProvider - ok
00:31:01.0201 4276 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:31:01.0217 4276 HpSAMD - ok
00:31:01.0341 4276 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:31:01.0388 4276 HTTP - ok
00:31:01.0419 4276 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:31:01.0419 4276 hwpolicy - ok
00:31:01.0482 4276 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:31:01.0497 4276 i8042prt - ok
00:31:01.0591 4276 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:31:01.0622 4276 iaStor - ok
00:31:01.0700 4276 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:31:01.0716 4276 iaStorV - ok
00:31:01.0934 4276 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:31:01.0981 4276 idsvc - ok
00:31:02.0090 4276 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:31:02.0121 4276 iirsp - ok
00:31:02.0324 4276 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:31:02.0418 4276 IKEEXT - ok
00:31:02.0433 4276 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:31:02.0465 4276 intelide - ok
00:31:02.0527 4276 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:31:02.0527 4276 intelppm - ok
00:31:02.0589 4276 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:31:02.0621 4276 IPBusEnum - ok
00:31:02.0652 4276 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:31:02.0683 4276 IpFilterDriver - ok
00:31:02.0792 4276 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:31:02.0823 4276 iphlpsvc - ok
00:31:02.0870 4276 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:31:02.0886 4276 IPMIDRV - ok
00:31:02.0933 4276 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:31:02.0948 4276 IPNAT - ok
00:31:02.0964 4276 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:31:02.0964 4276 IRENUM - ok
00:31:03.0011 4276 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:31:03.0042 4276 isapnp - ok
00:31:03.0104 4276 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:31:03.0120 4276 iScsiPrt - ok
00:31:03.0167 4276 [ DB917B998CBC15A153C00DD6EFC34C13 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
00:31:03.0167 4276 JMCR - ok
00:31:03.0213 4276 [ DE4B2249D95C7815D06A39EA5FF4EE53 ] JME C:\Windows\system32\DRIVERS\JME.sys
00:31:03.0229 4276 JME - ok
00:31:03.0245 4276 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
00:31:03.0245 4276 kbdclass - ok
00:31:03.0307 4276 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
00:31:03.0338 4276 kbdhid - ok
00:31:03.0385 4276 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
00:31:03.0385 4276 kbfiltr - ok
00:31:03.0416 4276 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:31:03.0416 4276 KeyIso - ok
00:31:03.0479 4276 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:31:03.0479 4276 KSecDD - ok
00:31:03.0510 4276 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:31:03.0525 4276 KSecPkg - ok
00:31:03.0572 4276 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:31:03.0588 4276 ksthunk - ok
00:31:03.0681 4276 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:31:03.0697 4276 KtmRm - ok
00:31:03.0775 4276 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:31:03.0791 4276 LanmanServer - ok
00:31:03.0837 4276 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:31:03.0853 4276 LanmanWorkstation - ok
00:31:03.0869 4276 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:31:03.0884 4276 lltdio - ok
00:31:03.0962 4276 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:31:03.0962 4276 lltdsvc - ok
00:31:03.0993 4276 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:31:03.0993 4276 lmhosts - ok
00:31:04.0118 4276 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:31:04.0134 4276 LMS - ok
00:31:04.0165 4276 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:31:04.0181 4276 LSI_FC - ok
00:31:04.0227 4276 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:31:04.0259 4276 LSI_SAS - ok
00:31:04.0274 4276 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:31:04.0274 4276 LSI_SAS2 - ok
00:31:04.0305 4276 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:31:04.0321 4276 LSI_SCSI - ok
00:31:04.0352 4276 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:31:04.0368 4276 luafv - ok
00:31:04.0415 4276 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:31:04.0430 4276 Mcx2Svc - ok
00:31:04.0508 4276 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:31:04.0524 4276 megasas - ok
00:31:04.0571 4276 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:31:04.0602 4276 MegaSR - ok
00:31:04.0914 4276 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:31:04.0929 4276 Microsoft Office Groove Audit Service - ok
00:31:04.0976 4276 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:31:04.0992 4276 MMCSS - ok
00:31:05.0023 4276 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:31:05.0039 4276 Modem - ok
00:31:05.0101 4276 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:31:05.0117 4276 monitor - ok
00:31:05.0163 4276 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:31:05.0163 4276 mouclass - ok
00:31:05.0179 4276 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:31:05.0210 4276 mouhid - ok
00:31:05.0288 4276 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:31:05.0288 4276 mountmgr - ok
00:31:05.0382 4276 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:31:05.0397 4276 MozillaMaintenance - ok
00:31:05.0444 4276 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:31:05.0460 4276 mpio - ok
00:31:05.0491 4276 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:31:05.0507 4276 mpsdrv - ok
00:31:05.0678 4276 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:31:05.0787 4276 MpsSvc - ok
00:31:05.0881 4276 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:31:05.0897 4276 MRxDAV - ok
00:31:05.0975 4276 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:31:05.0975 4276 mrxsmb - ok
00:31:06.0037 4276 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:31:06.0068 4276 mrxsmb10 - ok
00:31:06.0115 4276 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:31:06.0131 4276 mrxsmb20 - ok
00:31:06.0177 4276 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:31:06.0177 4276 msahci - ok
00:31:06.0255 4276 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:31:06.0271 4276 msdsm - ok
00:31:06.0302 4276 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:31:06.0318 4276 MSDTC - ok
00:31:06.0380 4276 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:31:06.0396 4276 Msfs - ok
00:31:06.0427 4276 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:31:06.0443 4276 mshidkmdf - ok
00:31:06.0489 4276 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:31:06.0489 4276 msisadrv - ok
00:31:06.0552 4276 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:31:06.0567 4276 MSiSCSI - ok
00:31:06.0583 4276 msiserver - ok
00:31:06.0614 4276 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:31:06.0614 4276 MSKSSRV - ok
00:31:06.0630 4276 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:31:06.0645 4276 MSPCLOCK - ok
00:31:06.0661 4276 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:31:06.0661 4276 MSPQM - ok
00:31:06.0739 4276 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:31:06.0755 4276 MsRPC - ok
00:31:06.0817 4276 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:31:06.0817 4276 mssmbios - ok
00:31:06.0879 4276 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:31:06.0879 4276 MSTEE - ok
00:31:06.0879 4276 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:31:06.0895 4276 MTConfig - ok
00:31:06.0942 4276 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
00:31:06.0942 4276 MTsensor - ok
00:31:06.0973 4276 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:31:06.0973 4276 Mup - ok
00:31:07.0082 4276 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:31:07.0113 4276 napagent - ok
00:31:07.0223 4276 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:31:07.0269 4276 NativeWifiP - ok
00:31:07.0441 4276 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:31:07.0488 4276 NDIS - ok
00:31:07.0535 4276 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:31:07.0550 4276 NdisCap - ok
00:31:07.0581 4276 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:31:07.0597 4276 NdisTapi - ok
00:31:07.0659 4276 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:31:07.0722 4276 Ndisuio - ok
00:31:07.0831 4276 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:31:07.0847 4276 NdisWan - ok
00:31:07.0893 4276 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:31:07.0956 4276 NDProxy - ok
00:31:08.0018 4276 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:31:08.0034 4276 NetBIOS - ok
00:31:08.0143 4276 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:31:08.0143 4276 NetBT - ok
00:31:08.0283 4276 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:31:08.0283 4276 Netlogon - ok
00:31:08.0361 4276 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:31:08.0377 4276 Netman - ok
00:31:08.0424 4276 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:31:08.0455 4276 netprofm - ok
00:31:08.0486 4276 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:31:08.0486 4276 NetTcpPortSharing - ok
00:31:08.0517 4276 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:31:08.0517 4276 nfrd960 - ok
00:31:08.0564 4276 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:31:08.0580 4276 NlaSvc - ok
00:31:08.0595 4276 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:31:08.0611 4276 Npfs - ok
00:31:08.0658 4276 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:31:08.0658 4276 nsi - ok
00:31:08.0705 4276 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:31:08.0705 4276 nsiproxy - ok
00:31:08.0892 4276 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:31:08.0939 4276 Ntfs - ok
00:31:08.0985 4276 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:31:09.0001 4276 Null - ok
00:31:09.0079 4276 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:31:09.0079 4276 nvraid - ok
00:31:09.0141 4276 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:31:09.0141 4276 nvstor - ok
00:31:09.0173 4276 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:31:09.0173 4276 nv_agp - ok
00:31:09.0438 4276 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:31:09.0469 4276 odserv - ok
00:31:09.0516 4276 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:31:09.0531 4276 ohci1394 - ok
00:31:09.0625 4276 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:31:09.0641 4276 ose - ok
00:31:10.0249 4276 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:31:10.0405 4276 osppsvc - ok
00:31:10.0499 4276 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:31:10.0514 4276 p2pimsvc - ok
00:31:10.0608 4276 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:31:10.0623 4276 p2psvc - ok
00:31:10.0639 4276 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:31:10.0655 4276 Parport - ok
00:31:10.0733 4276 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:31:10.0748 4276 partmgr - ok
00:31:10.0811 4276 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:31:10.0826 4276 PcaSvc - ok
00:31:10.0842 4276 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:31:10.0857 4276 pci - ok
00:31:10.0920 4276 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:31:10.0920 4276 pciide - ok
00:31:11.0013 4276 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:31:11.0045 4276 pcmcia - ok
00:31:11.0076 4276 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:31:11.0076 4276 pcw - ok
00:31:11.0154 4276 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:31:11.0169 4276 PEAUTH - ok
00:31:11.0466 4276 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:31:11.0481 4276 PerfHost - ok
00:31:11.0575 4276 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:31:11.0622 4276 pla - ok
00:31:11.0715 4276 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:31:11.0747 4276 PlugPlay - ok
00:31:11.0856 4276 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:31:11.0856 4276 PNRPAutoReg - ok
00:31:11.0903 4276 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:31:11.0918 4276 PNRPsvc - ok
00:31:11.0981 4276 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:31:11.0981 4276 PolicyAgent - ok
00:31:12.0043 4276 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:31:12.0059 4276 Power - ok
00:31:12.0105 4276 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:31:12.0121 4276 PptpMiniport - ok
00:31:12.0168 4276 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:31:12.0183 4276 Processor - ok
00:31:12.0230 4276 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:31:12.0246 4276 ProfSvc - ok
00:31:12.0277 4276 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:31:12.0277 4276 ProtectedStorage - ok
00:31:12.0339 4276 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:31:12.0355 4276 Psched - ok
00:31:12.0605 4276 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:31:12.0667 4276 ql2300 - ok
00:31:12.0714 4276 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:31:12.0714 4276 ql40xx - ok
00:31:12.0776 4276 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:31:12.0807 4276 QWAVE - ok
00:31:12.0854 4276 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:31:12.0870 4276 QWAVEdrv - ok
00:31:12.0885 4276 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:31:12.0901 4276 RasAcd - ok
00:31:12.0948 4276 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:31:12.0963 4276 RasAgileVpn - ok
00:31:13.0026 4276 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:31:13.0041 4276 RasAuto - ok
00:31:13.0104 4276 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:31:13.0119 4276 Rasl2tp - ok
00:31:13.0213 4276 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:31:13.0229 4276 RasMan - ok
00:31:13.0275 4276 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:31:13.0416 4276 RasPppoe - ok
00:31:13.0431 4276 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:31:13.0447 4276 RasSstp - ok
00:31:13.0525 4276 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:31:13.0556 4276 rdbss - ok
00:31:13.0619 4276 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:31:13.0634 4276 rdpbus - ok
00:31:13.0665 4276 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:31:13.0665 4276 RDPCDD - ok
00:31:13.0697 4276 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:31:13.0697 4276 RDPENCDD - ok
00:31:13.0743 4276 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:31:13.0743 4276 RDPREFMP - ok
00:31:13.0821 4276 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:31:13.0853 4276 RDPWD - ok
00:31:13.0931 4276 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:31:13.0962 4276 rdyboost - ok
00:31:14.0040 4276 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:31:14.0040 4276 RemoteAccess - ok
00:31:14.0133 4276 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:31:14.0149 4276 RemoteRegistry - ok
00:31:14.0352 4276 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
00:31:14.0399 4276 RichVideo - ok
00:31:14.0492 4276 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:31:14.0508 4276 RpcEptMapper - ok
00:31:14.0570 4276 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:31:14.0570 4276 RpcLocator - ok
00:31:14.0695 4276 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:31:14.0711 4276 RpcSs - ok
00:31:14.0789 4276 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:31:14.0820 4276 rspndr - ok
00:31:14.0851 4276 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:31:14.0851 4276 SamSs - ok
00:31:14.0898 4276 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:31:14.0898 4276 sbp2port - ok
00:31:14.0976 4276 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:31:14.0976 4276 SCardSvr - ok
00:31:15.0038 4276 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:31:15.0054 4276 scfilter - ok
00:31:15.0179 4276 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:31:15.0225 4276 Schedule - ok
00:31:15.0257 4276 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:31:15.0257 4276 SCPolicySvc - ok
00:31:15.0335 4276 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
00:31:15.0335 4276 sdbus - ok
00:31:15.0381 4276 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:31:15.0397 4276 SDRSVC - ok
00:31:15.0459 4276 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:31:15.0475 4276 seclogon - ok
00:31:15.0522 4276 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:31:15.0537 4276 SENS - ok
00:31:15.0569 4276 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:31:15.0584 4276 SensrSvc - ok
00:31:15.0615 4276 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:31:15.0615 4276 Serenum - ok
00:31:15.0662 4276 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:31:15.0678 4276 Serial - ok
00:31:15.0709 4276 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:31:15.0725 4276 sermouse - ok
00:31:15.0771 4276 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:31:15.0787 4276 SessionEnv - ok
00:31:15.0990 4276 [ 7251169D5676396840911F64BB4BC3B2 ] SfCtlCom C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
00:31:16.0052 4276 SfCtlCom - ok
00:31:16.0099 4276 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:31:16.0099 4276 sffdisk - ok
00:31:16.0130 4276 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:31:16.0146 4276 sffp_mmc - ok
00:31:16.0161 4276 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:31:16.0177 4276 sffp_sd - ok
00:31:16.0255 4276 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:31:16.0255 4276 sfloppy - ok
00:31:16.0442 4276 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
00:31:16.0442 4276 Sftfs - ok
00:31:16.0614 4276 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:31:16.0645 4276 sftlist - ok
00:31:16.0754 4276 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:31:16.0754 4276 Sftplay - ok
00:31:16.0879 4276 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:31:16.0879 4276 Sftredir - ok
00:31:16.0910 4276 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
00:31:16.0910 4276 Sftvol - ok
00:31:16.0957 4276 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:31:16.0973 4276 sftvsa - ok
00:31:17.0160 4276 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:31:17.0175 4276 SharedAccess - ok
00:31:17.0316 4276 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:31:17.0378 4276 ShellHWDetection - ok
00:31:17.0409 4276 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
00:31:17.0425 4276 SiSGbeLH - ok
00:31:17.0472 4276 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:31:17.0472 4276 SiSRaid2 - ok
00:31:17.0487 4276 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:31:17.0487 4276 SiSRaid4 - ok
00:31:17.0519 4276 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:31:17.0534 4276 Smb - ok
00:31:17.0628 4276 [ D39FB29C22C3977DE4A5077C63091A1A ] smsbda C:\Windows\system32\drivers\smsbda.sys
00:31:17.0628 4276 smsbda - ok
00:31:17.0721 4276 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:31:17.0737 4276 SNMPTRAP - ok
00:31:17.0753 4276 SNP2UVC - ok
00:31:17.0799 4276 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:31:17.0815 4276 spldr - ok
00:31:17.0924 4276 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:31:17.0955 4276 Spooler - ok
00:31:18.0455 4276 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:31:18.0470 4276 sppsvc - ok
00:31:18.0579 4276 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:31:18.0595 4276 sppuinotify - ok
00:31:18.0704 4276 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:31:18.0751 4276 srv - ok
00:31:19.0016 4276 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:31:19.0047 4276 srv2 - ok
00:31:19.0094 4276 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:31:19.0172 4276 srvnet - ok
00:31:19.0422 4276 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:31:19.0500 4276 SSDPSRV - ok
00:31:19.0625 4276 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:31:19.0640 4276 SstpSvc - ok
00:31:19.0734 4276 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:31:19.0749 4276 stexstor - ok
00:31:19.0890 4276 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:31:19.0937 4276 stisvc - ok
00:31:19.0983 4276 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:31:19.0983 4276 swenum - ok
00:31:20.0093 4276 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:31:20.0139 4276 swprv - ok
00:31:20.0389 4276 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:31:20.0420 4276 SysMain - ok
00:31:20.0451 4276 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:31:20.0467 4276 TabletInputService - ok
00:31:20.0529 4276 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:31:20.0561 4276 TapiSrv - ok
00:31:20.0639 4276 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:31:20.0639 4276 TBS - ok
00:31:20.0888 4276 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:31:20.0935 4276 Tcpip - ok
00:31:21.0060 4276 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:31:21.0075 4276 TCPIP6 - ok
00:31:21.0153 4276 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:31:21.0169 4276 tcpipreg - ok
00:31:21.0216 4276 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:31:21.0216 4276 TDPIPE - ok
00:31:21.0263 4276 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:31:21.0294 4276 TDTCP - ok
00:31:21.0341 4276 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:31:21.0356 4276 tdx - ok
00:31:21.0403 4276 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:31:21.0403 4276 TermDD - ok
00:31:21.0481 4276 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:31:21.0528 4276 TermService - ok
00:31:21.0528 4276 TFsExDisk - ok
00:31:21.0590 4276 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:31:21.0606 4276 Themes - ok
00:31:21.0668 4276 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:31:21.0668 4276 THREADORDER - ok
00:31:21.0793 4276 [ 963C903E5176C5CDCAE321D48635B21F ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
00:31:21.0824 4276 TMBMServer - ok
00:31:21.0902 4276 [ 803EE35DF92815EA5D41CEE7410C8CC1 ] tmpreflt C:\Windows\system32\DRIVERS\tmpreflt.sys
00:31:21.0902 4276 tmpreflt - ok
00:31:22.0027 4276 [ 3AE913B4FBF06EE49831FF9DB2330830 ] TmProxy C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
00:31:22.0089 4276 TmProxy - ok
00:31:22.0136 4276 [ 21CC12B7F8B44E91D03EAD5B17AAF0B2 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
00:31:22.0152 4276 tmtdi - ok
00:31:22.0214 4276 [ 9BD32132A3470CEFB3CBEA5FA492BD6F ] tmxpflt C:\Windows\system32\DRIVERS\tmxpflt.sys
00:31:22.0214 4276 tmxpflt - ok
00:31:22.0261 4276 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:31:22.0308 4276 TrkWks - ok
00:31:22.0370 4276 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:31:22.0417 4276 TrustedInstaller - ok
00:31:22.0464 4276 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:31:22.0464 4276 tssecsrv - ok
00:31:22.0495 4276 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:31:22.0495 4276 TsUsbFlt - ok
00:31:22.0557 4276 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:31:22.0573 4276 tunnel - ok
00:31:22.0635 4276 [ C45A3E051C65106A28982CAED125F855 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
00:31:22.0635 4276 TurboB - ok
00:31:22.0698 4276 [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
00:31:22.0713 4276 TurboBoost - ok
00:31:22.0776 4276 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:31:22.0823 4276 uagp35 - ok
00:31:22.0947 4276 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:31:22.0963 4276 udfs - ok
00:31:23.0041 4276 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:31:23.0041 4276 UI0Detect - ok
00:31:23.0103 4276 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:31:23.0119 4276 uliagpkx - ok
00:31:23.0135 4276 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
00:31:23.0150 4276 umbus - ok
00:31:23.0181 4276 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:31:23.0197 4276 UmPass - ok
00:31:23.0525 4276 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
00:31:23.0587 4276 UNS - ok
00:31:23.0681 4276 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:31:23.0727 4276 upnphost - ok
00:31:23.0774 4276 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
00:31:23.0790 4276 USBAAPL64 - ok
00:31:23.0821 4276 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:31:23.0852 4276 usbccgp - ok
00:31:23.0899 4276 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:31:23.0915 4276 usbcir - ok
00:31:23.0930 4276 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
00:31:23.0946 4276 usbehci - ok
00:31:24.0008 4276 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:31:24.0024 4276 usbhub - ok
00:31:24.0039 4276 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:31:24.0055 4276 usbohci - ok
00:31:24.0102 4276 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:31:24.0102 4276 usbprint - ok
00:31:24.0149 4276 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:31:24.0164 4276 usbscan - ok
00:31:24.0180 4276 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:31:24.0195 4276 USBSTOR - ok
00:31:24.0227 4276 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:31:24.0242 4276 usbuhci - ok
00:31:24.0273 4276 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
00:31:24.0289 4276 usbvideo - ok
00:31:24.0320 4276 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:31:24.0320 4276 UxSms - ok
00:31:24.0367 4276 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:31:24.0367 4276 VaultSvc - ok
00:31:24.0398 4276 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:31:24.0398 4276 vdrvroot - ok
00:31:24.0507 4276 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:31:24.0539 4276 vds - ok
00:31:24.0585 4276 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:31:24.0585 4276 vga - ok
00:31:24.0601 4276 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:31:24.0617 4276 VgaSave - ok
00:31:24.0835 4276 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:31:24.0851 4276 vhdmp - ok
00:31:24.0897 4276 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:31:24.0913 4276 viaide - ok
00:31:24.0960 4276 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:31:24.0975 4276 volmgr - ok
00:31:25.0163 4276 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:31:25.0194 4276 volmgrx - ok
00:31:25.0287 4276 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:31:25.0303 4276 volsnap - ok
00:31:25.0553 4276 [ B01CE1F5A44126892240D179A6DBD43F ] vsapint C:\Windows\system32\DRIVERS\vsapint.sys
00:31:25.0553 4276 vsapint - ok
00:31:25.0631 4276 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:31:25.0631 4276 vsmraid - ok
00:31:25.0818 4276 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:31:25.0880 4276 VSS - ok
00:31:25.0896 4276 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:31:25.0927 4276 vwifibus - ok
00:31:25.0927 4276 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:31:25.0927 4276 vwififlt - ok
00:31:25.0958 4276 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
00:31:25.0974 4276 vwifimp - ok
00:31:26.0021 4276 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:31:26.0036 4276 W32Time - ok
00:31:26.0083 4276 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:31:26.0099 4276 WacomPen - ok
00:31:26.0161 4276 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:31:26.0177 4276 WANARP - ok
00:31:26.0177 4276 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:31:26.0177 4276 Wanarpv6 - ok
00:31:26.0348 4276 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:31:26.0411 4276 wbengine - ok
00:31:26.0457 4276 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:31:26.0473 4276 WbioSrvc - ok
00:31:26.0551 4276 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:31:26.0567 4276 wcncsvc - ok
00:31:26.0629 4276 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:31:26.0645 4276 WcsPlugInService - ok
00:31:26.0676 4276 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:31:26.0707 4276 Wd - ok
00:31:26.0769 4276 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:31:26.0785 4276 Wdf01000 - ok
00:31:26.0832 4276 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:31:26.0832 4276 WdiServiceHost - ok
00:31:26.0879 4276 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:31:26.0879 4276 WdiSystemHost - ok
00:31:26.0941 4276 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:31:26.0957 4276 WebClient - ok
00:31:27.0050 4276 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:31:27.0066 4276 Wecsvc - ok
00:31:27.0113 4276 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:31:27.0144 4276 wercplsupport - ok
00:31:27.0144 4276 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:31:27.0159 4276 WerSvc - ok
00:31:27.0191 4276 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:31:27.0206 4276 WfpLwf - ok
00:31:27.0253 4276 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
00:31:27.0269 4276 WimFltr - ok
00:31:27.0315 4276 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:31:27.0331 4276 WIMMount - ok
00:31:27.0362 4276 WinDefend - ok
00:31:27.0362 4276 WinHttpAutoProxySvc - ok
00:31:27.0503 4276 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:31:27.0565 4276 Winmgmt - ok
00:31:27.0783 4276 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:31:27.0846 4276 WinRM - ok
00:31:27.0939 4276 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:31:27.0955 4276 WinUsb - ok
00:31:28.0095 4276 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:31:28.0158 4276 Wlansvc - ok
00:31:28.0205 4276 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:31:28.0220 4276 WmiAcpi - ok
00:31:28.0298 4276 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:31:28.0314 4276 wmiApSrv - ok
00:31:28.0361 4276 WMPNetworkSvc - ok
00:31:28.0407 4276 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:31:28.0407 4276 WPCSvc - ok
00:31:28.0454 4276 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:31:28.0470 4276 WPDBusEnum - ok
00:31:28.0501 4276 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:31:28.0517 4276 ws2ifsl - ok
00:31:28.0548 4276 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
00:31:28.0563 4276 wscsvc - ok
00:31:28.0563 4276 WSearch - ok
00:31:28.0782 4276 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:31:28.0891 4276 wuauserv - ok
00:31:28.0953 4276 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:31:29.0047 4276 WudfPf - ok
00:31:29.0094 4276 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:31:29.0187 4276 WUDFRd - ok
00:31:29.0234 4276 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:31:29.0250 4276 wudfsvc - ok
00:31:29.0328 4276 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
00:31:29.0343 4276 WwanSvc - ok
00:31:29.0359 4276 ================ Scan global ===============================
00:31:29.0546 4276 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:31:29.0687 4276 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:31:29.0780 4276 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:31:29.0811 4276 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:31:29.0936 4276 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:31:29.0967 4276 [Global] - ok
00:31:29.0967 4276 ================ Scan MBR ==================================
00:31:29.0999 4276 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:31:32.0822 4276 \Device\Harddisk0\DR0 - ok
00:31:32.0822 4276 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2
00:31:32.0838 4276 \Device\Harddisk1\DR2 - ok
00:31:32.0838 4276 ================ Scan VBR ==================================
00:31:32.0869 4276 [ 0D740FDC01E51F9EA305A11E9086CEDD ] \Device\Harddisk0\DR0\Partition1
00:31:32.0900 4276 \Device\Harddisk0\DR0\Partition1 - ok
00:31:32.0931 4276 [ 1F8E67CC100C5C23D515D756BA76A78A ] \Device\Harddisk0\DR0\Partition2
00:31:32.0963 4276 \Device\Harddisk0\DR0\Partition2 - ok
00:31:32.0963 4276 [ C05984A1A479B0651FE182C046D192A2 ] \Device\Harddisk1\DR2\Partition1
00:31:32.0963 4276 \Device\Harddisk1\DR2\Partition1 - ok
00:31:32.0963 4276 ============================================================
00:31:32.0963 4276 Scan finished
00:31:32.0963 4276 ============================================================
00:31:32.0978 1064 Detected object count: 1
00:31:32.0978 1064 Actual detected object count: 1
00:31:43.0290 1064 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
00:31:43.0290 1064 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
00:31:54.0038 5384 Deinitialize success
Geändert von Wauzie (02.06.2013 um 21:40 Uhr) |
|
03.06.2013, 12:08
| #6 |
| /// Malware-holic | GVU Trojaner Windows 7 64bit bitte noch mal anleitung lesen, und tdss killer wie angegeben nutzen.
__________________ --> GVU Trojaner Windows 7 64bit |
|
03.06.2013, 16:58
| #7 |
| | GVU Trojaner Windows 7 64bit okay es war dann gestern wohl doch etwas zu spät:  Code:
ATTFilter 19:51:54.0205 5796 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:51:54.0283 5796 ============================================================
19:51:54.0283 5796 Current date / time: 2013/06/03 19:51:54.0283
19:51:54.0283 5796 SystemInfo:
19:51:54.0283 5796
19:51:54.0283 5796 OS Version: 6.1.7601 ServicePack: 1.0
19:51:54.0283 5796 Product type: Workstation
19:51:54.0283 5796 ComputerName: BLACKY
19:51:54.0283 5796 UserName: hennings
19:51:54.0283 5796 Windows directory: C:\Windows
19:51:54.0283 5796 System windows directory: C:\Windows
19:51:54.0283 5796 Running under WOW64
19:51:54.0283 5796 Processor architecture: Intel x64
19:51:54.0283 5796 Number of processors: 8
19:51:54.0283 5796 Page size: 0x1000
19:51:54.0283 5796 Boot type: Normal boot
19:51:54.0283 5796 ============================================================
19:52:01.0069 5796 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:52:01.0116 5796 Drive \Device\Harddisk1\DR1 - Size: 0xE74B0000 (3.61 Gb), SectorSize: 0x200, Cylinders: 0x1D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:52:01.0132 5796 ============================================================
19:52:01.0132 5796 \Device\Harddisk0\DR0:
19:52:01.0132 5796 MBR partitions:
19:52:01.0132 5796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2710040, BlocksNum 0xE8E1C28
19:52:01.0147 5796 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10FF2468, BlocksNum 0x29393BC8
19:52:01.0147 5796 \Device\Harddisk1\DR1:
19:52:01.0147 5796 MBR partitions:
19:52:01.0147 5796 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x738600
19:52:01.0147 5796 ============================================================
19:52:01.0241 5796 C: <-> \Device\Harddisk0\DR0\Partition1
19:52:01.0319 5796 D: <-> \Device\Harddisk0\DR0\Partition2
19:52:01.0319 5796 ============================================================
19:52:01.0319 5796 Initialize success
19:52:01.0319 5796 ============================================================
19:54:48.0988 2020 ============================================================
19:54:48.0988 2020 Scan started
19:54:48.0988 2020 Mode: Manual; SigCheck; TDLFS;
19:54:48.0988 2020 ============================================================
19:54:50.0751 2020 ================ Scan system memory ========================
19:54:50.0751 2020 System memory - ok
19:54:50.0751 2020 ================ Scan services =============================
19:54:50.0922 2020 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:54:51.0187 2020 1394ohci - ok
19:54:51.0219 2020 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:54:51.0250 2020 ACPI - ok
19:54:51.0265 2020 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:54:51.0375 2020 AcpiPmi - ok
19:54:51.0468 2020 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:54:51.0484 2020 AdobeARMservice - ok
19:54:51.0624 2020 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:54:51.0655 2020 AdobeFlashPlayerUpdateSvc - ok
19:54:51.0718 2020 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:54:51.0749 2020 adp94xx - ok
19:54:51.0780 2020 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:54:51.0827 2020 adpahci - ok
19:54:51.0843 2020 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:54:51.0858 2020 adpu320 - ok
19:54:51.0921 2020 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
19:54:51.0952 2020 ADSMService ( UnsignedFile.Multi.Generic ) - warning
19:54:51.0952 2020 ADSMService - detected UnsignedFile.Multi.Generic (1)
19:54:51.0999 2020 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:54:52.0139 2020 AeLookupSvc - ok
19:54:52.0170 2020 [ 734D1BA96BE6AD8D04E6AFEAD569EA8A ] AFBAgent C:\Windows\system32\FBAgent.exe
19:54:52.0217 2020 AFBAgent - ok
19:54:52.0264 2020 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
19:54:52.0295 2020 Afc - ok
19:54:52.0326 2020 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:54:52.0420 2020 AFD - ok
19:54:52.0482 2020 [ 7E077309910CE334C3B2B7B8665A55C4 ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
19:54:52.0591 2020 AffinegyService - ok
19:54:52.0623 2020 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:54:52.0638 2020 agp440 - ok
19:54:52.0810 2020 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
19:54:52.0857 2020 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
19:54:52.0872 2020 Akamai ( HiddenFile.Multi.Generic ) - warning
19:54:52.0872 2020 Akamai - detected HiddenFile.Multi.Generic (1)
19:54:52.0903 2020 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:54:52.0966 2020 ALG - ok
19:54:53.0013 2020 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:54:53.0028 2020 aliide - ok
19:54:53.0044 2020 [ 4DC67E735CF6FF48C0AA65ADDD9ED02B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:54:53.0137 2020 AMD External Events Utility - ok
19:54:53.0153 2020 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:54:53.0169 2020 amdide - ok
19:54:53.0215 2020 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:54:53.0278 2020 AmdK8 - ok
19:54:53.0496 2020 [ 83CE9DBEB00232195C55CA1A71EC4626 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:54:53.0699 2020 amdkmdag - ok
19:54:53.0730 2020 [ EDE53A9C875A1FB6281A8D25F56CCD72 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:54:53.0761 2020 amdkmdap - ok
19:54:53.0793 2020 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:54:53.0808 2020 AmdPPM - ok
19:54:53.0839 2020 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:54:53.0855 2020 amdsata - ok
19:54:53.0886 2020 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:54:53.0917 2020 amdsbs - ok
19:54:53.0917 2020 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:54:53.0933 2020 amdxata - ok
19:54:53.0964 2020 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:54:54.0183 2020 AppID - ok
19:54:54.0229 2020 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:54:54.0276 2020 AppIDSvc - ok
19:54:54.0323 2020 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:54:54.0370 2020 Appinfo - ok
19:54:54.0432 2020 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:54:54.0510 2020 Apple Mobile Device - ok
19:54:54.0541 2020 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:54:54.0573 2020 arc - ok
19:54:54.0588 2020 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:54:54.0604 2020 arcsas - ok
19:54:54.0619 2020 [ 88FBC8BEBFD38566235EAA5E4DBC4E05 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
19:54:54.0619 2020 AsDsm - ok
19:54:54.0682 2020 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
19:54:54.0682 2020 ASLDRService - ok
19:54:54.0697 2020 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:54:54.0697 2020 ASMMAP64 - ok
19:54:54.0729 2020 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:54:54.0822 2020 AsyncMac - ok
19:54:54.0838 2020 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:54:54.0853 2020 atapi - ok
19:54:54.0916 2020 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:54:55.0025 2020 athr - ok
19:54:55.0056 2020 [ CBE5F8B3E54198F5DFE403A55A95DE08 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:54:55.0087 2020 AtiHDAudioService - ok
19:54:55.0103 2020 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
19:54:55.0119 2020 ATKGFNEXSrv - ok
19:54:55.0165 2020 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:54:55.0243 2020 AudioEndpointBuilder - ok
19:54:55.0275 2020 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:54:55.0306 2020 AudioSrv - ok
19:54:55.0353 2020 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:54:55.0462 2020 AxInstSV - ok
19:54:55.0493 2020 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:54:55.0571 2020 b06bdrv - ok
19:54:55.0602 2020 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:54:55.0649 2020 b57nd60a - ok
19:54:55.0696 2020 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:54:55.0758 2020 BDESVC - ok
19:54:55.0789 2020 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:54:55.0852 2020 Beep - ok
19:54:55.0883 2020 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:54:55.0992 2020 BFE - ok
19:54:56.0023 2020 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:54:56.0117 2020 BITS - ok
19:54:56.0133 2020 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:54:56.0164 2020 blbdrive - ok
19:54:56.0195 2020 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:54:56.0257 2020 bowser - ok
19:54:56.0289 2020 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:54:56.0382 2020 BrFiltLo - ok
19:54:56.0382 2020 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:54:56.0398 2020 BrFiltUp - ok
19:54:56.0429 2020 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:54:56.0476 2020 Browser - ok
19:54:56.0507 2020 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:54:56.0585 2020 Brserid - ok
19:54:56.0585 2020 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:54:56.0632 2020 BrSerWdm - ok
19:54:56.0647 2020 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:54:56.0679 2020 BrUsbMdm - ok
19:54:56.0679 2020 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:54:56.0710 2020 BrUsbSer - ok
19:54:56.0725 2020 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:54:56.0741 2020 BTHMODEM - ok
19:54:56.0772 2020 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:54:56.0850 2020 bthserv - ok
19:54:56.0881 2020 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:54:56.0928 2020 cdfs - ok
19:54:56.0975 2020 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:54:57.0006 2020 cdrom - ok
19:54:57.0037 2020 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:54:57.0131 2020 CertPropSvc - ok
19:54:57.0162 2020 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:54:57.0193 2020 circlass - ok
19:54:57.0225 2020 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:54:57.0240 2020 CLFS - ok
19:54:57.0303 2020 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:54:57.0334 2020 clr_optimization_v2.0.50727_32 - ok
19:54:57.0396 2020 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:54:57.0443 2020 clr_optimization_v2.0.50727_64 - ok
19:54:57.0505 2020 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:54:57.0708 2020 clr_optimization_v4.0.30319_32 - ok
19:54:57.0755 2020 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:54:57.0833 2020 clr_optimization_v4.0.30319_64 - ok
19:54:57.0849 2020 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:54:57.0895 2020 CmBatt - ok
19:54:57.0942 2020 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:54:57.0958 2020 cmdide - ok
19:54:57.0989 2020 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:54:58.0051 2020 CNG - ok
19:54:58.0098 2020 [ 1D6C3F92AF23E352875438085F6AEDEE ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
19:54:58.0129 2020 CnxtHdAudService - ok
19:54:58.0161 2020 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:54:58.0176 2020 Compbatt - ok
19:54:58.0192 2020 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:54:58.0254 2020 CompositeBus - ok
19:54:58.0254 2020 COMSysApp - ok
19:54:58.0285 2020 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:54:58.0301 2020 crcdisk - ok
19:54:58.0332 2020 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:54:58.0379 2020 CryptSvc - ok
19:54:58.0473 2020 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:54:58.0535 2020 cvhsvc - ok
19:54:58.0707 2020 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:54:58.0785 2020 DcomLaunch - ok
19:54:58.0816 2020 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:54:58.0878 2020 defragsvc - ok
19:54:58.0909 2020 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:54:58.0987 2020 DfsC - ok
19:54:59.0019 2020 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:54:59.0081 2020 Dhcp - ok
19:54:59.0112 2020 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:54:59.0175 2020 discache - ok
19:54:59.0206 2020 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:54:59.0237 2020 Disk - ok
19:54:59.0268 2020 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:54:59.0346 2020 Dnscache - ok
19:54:59.0377 2020 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:54:59.0440 2020 dot3svc - ok
19:54:59.0471 2020 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:54:59.0533 2020 DPS - ok
19:54:59.0565 2020 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:54:59.0596 2020 drmkaud - ok
19:54:59.0658 2020 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:54:59.0674 2020 DXGKrnl - ok
19:54:59.0721 2020 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:54:59.0799 2020 EapHost - ok
19:54:59.0861 2020 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:54:59.0955 2020 ebdrv - ok
19:54:59.0986 2020 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:55:00.0048 2020 EFS - ok
19:55:00.0126 2020 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:55:00.0235 2020 ehRecvr - ok
19:55:00.0267 2020 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:55:00.0313 2020 ehSched - ok
19:55:00.0360 2020 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:55:00.0376 2020 elxstor - ok
19:55:00.0391 2020 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:55:00.0438 2020 ErrDev - ok
19:55:00.0485 2020 [ 0975BF32399A24117E317B5BF1D5D0AA ] ETD C:\Windows\system32\DRIVERS\ETD.sys
19:55:00.0501 2020 ETD - ok
19:55:00.0547 2020 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:55:00.0641 2020 EventSystem - ok
19:55:00.0657 2020 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:55:00.0688 2020 exfat - ok
19:55:00.0703 2020 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:55:00.0750 2020 fastfat - ok
19:55:00.0797 2020 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:55:00.0875 2020 Fax - ok
19:55:00.0906 2020 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:55:00.0953 2020 fdc - ok
19:55:00.0984 2020 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:55:01.0062 2020 fdPHost - ok
19:55:01.0078 2020 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:55:01.0125 2020 FDResPub - ok
19:55:01.0140 2020 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:55:01.0140 2020 FileInfo - ok
19:55:01.0171 2020 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:55:01.0234 2020 Filetrace - ok
19:55:01.0281 2020 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:55:01.0327 2020 flpydisk - ok
19:55:01.0374 2020 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:55:01.0405 2020 FltMgr - ok
19:55:01.0468 2020 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:55:01.0577 2020 FontCache - ok
19:55:01.0624 2020 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:55:01.0639 2020 FontCache3.0.0.0 - ok
19:55:01.0671 2020 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:55:01.0702 2020 FsDepends - ok
19:55:01.0733 2020 [ 5814011B2F6E088E29D689B5FCD49B8F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:55:01.0764 2020 fssfltr - ok
19:55:01.0827 2020 [ F6717211C1EC2CDDAA81B97B0727C2E9 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:55:01.0858 2020 fsssvc - ok
19:55:01.0936 2020 [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk C:\Windows\SysWOW64\FsUsbExDisk.SYS
19:55:01.0951 2020 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
19:55:01.0951 2020 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
19:55:01.0998 2020 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:55:02.0014 2020 Fs_Rec - ok
19:55:02.0045 2020 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:55:02.0076 2020 fvevol - ok
19:55:02.0107 2020 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:55:02.0123 2020 gagp30kx - ok
19:55:02.0154 2020 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:55:02.0232 2020 gpsvc - ok
19:55:02.0248 2020 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:55:02.0295 2020 hcw85cir - ok
19:55:02.0341 2020 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:55:02.0388 2020 HdAudAddService - ok
19:55:02.0419 2020 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:55:02.0451 2020 HDAudBus - ok
19:55:02.0482 2020 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:55:02.0497 2020 HECIx64 - ok
19:55:02.0529 2020 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:55:02.0575 2020 HidBatt - ok
19:55:02.0591 2020 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:55:02.0653 2020 HidBth - ok
19:55:02.0669 2020 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:55:02.0716 2020 HidIr - ok
19:55:02.0747 2020 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:55:02.0809 2020 hidserv - ok
19:55:02.0841 2020 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:55:02.0856 2020 HidUsb - ok
19:55:02.0887 2020 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:55:02.0919 2020 hkmsvc - ok
19:55:02.0950 2020 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:55:03.0012 2020 HomeGroupListener - ok
19:55:03.0059 2020 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:55:03.0090 2020 HomeGroupProvider - ok
19:55:03.0121 2020 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:55:03.0153 2020 HpSAMD - ok
19:55:03.0199 2020 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:55:03.0277 2020 HTTP - ok
19:55:03.0309 2020 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:55:03.0309 2020 hwpolicy - ok
19:55:03.0340 2020 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:55:03.0355 2020 i8042prt - ok
19:55:03.0402 2020 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:55:03.0433 2020 iaStor - ok
19:55:03.0449 2020 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:55:03.0465 2020 iaStorV - ok
19:55:03.0558 2020 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:55:03.0636 2020 idsvc - ok
19:55:03.0652 2020 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:55:03.0683 2020 iirsp - ok
19:55:03.0730 2020 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:55:03.0839 2020 IKEEXT - ok
19:55:03.0855 2020 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:55:03.0870 2020 intelide - ok
19:55:03.0886 2020 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:55:03.0901 2020 intelppm - ok
19:55:03.0933 2020 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:55:03.0979 2020 IPBusEnum - ok
19:55:03.0995 2020 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:55:04.0057 2020 IpFilterDriver - ok
19:55:04.0104 2020 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:55:04.0151 2020 iphlpsvc - ok
19:55:04.0182 2020 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:55:04.0229 2020 IPMIDRV - ok
19:55:04.0276 2020 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:55:04.0354 2020 IPNAT - ok
19:55:04.0385 2020 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:55:04.0401 2020 IRENUM - ok
19:55:04.0432 2020 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:55:04.0447 2020 isapnp - ok
19:55:04.0463 2020 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:55:04.0510 2020 iScsiPrt - ok
19:55:04.0541 2020 [ DB917B998CBC15A153C00DD6EFC34C13 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
19:55:04.0557 2020 JMCR - ok
19:55:04.0588 2020 [ DE4B2249D95C7815D06A39EA5FF4EE53 ] JME C:\Windows\system32\DRIVERS\JME.sys
19:55:04.0619 2020 JME - ok
19:55:04.0650 2020 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:55:04.0666 2020 kbdclass - ok
19:55:04.0713 2020 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:55:04.0759 2020 kbdhid - ok
19:55:04.0791 2020 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
19:55:04.0806 2020 kbfiltr - ok
19:55:04.0822 2020 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:55:04.0853 2020 KeyIso - ok
19:55:04.0900 2020 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:55:04.0931 2020 KSecDD - ok
19:55:04.0931 2020 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:55:04.0947 2020 KSecPkg - ok
19:55:04.0962 2020 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:55:05.0025 2020 ksthunk - ok
19:55:05.0056 2020 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:55:05.0103 2020 KtmRm - ok
19:55:05.0134 2020 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:55:05.0181 2020 LanmanServer - ok
19:55:05.0196 2020 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:55:05.0243 2020 LanmanWorkstation - ok
19:55:05.0274 2020 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:55:05.0290 2020 lltdio - ok
19:55:05.0321 2020 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:55:05.0383 2020 lltdsvc - ok
19:55:05.0415 2020 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:55:05.0430 2020 lmhosts - ok
19:55:05.0493 2020 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:55:05.0524 2020 LMS ( UnsignedFile.Multi.Generic ) - warning
19:55:05.0524 2020 LMS - detected UnsignedFile.Multi.Generic (1)
19:55:05.0555 2020 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:55:05.0586 2020 LSI_FC - ok
19:55:05.0602 2020 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:55:05.0633 2020 LSI_SAS - ok
19:55:05.0649 2020 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:55:05.0664 2020 LSI_SAS2 - ok
19:55:05.0680 2020 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:55:05.0695 2020 LSI_SCSI - ok
19:55:05.0711 2020 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:55:05.0758 2020 luafv - ok
19:55:05.0805 2020 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:55:05.0851 2020 Mcx2Svc - ok
19:55:05.0867 2020 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:55:05.0898 2020 megasas - ok
19:55:05.0914 2020 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:55:05.0929 2020 MegaSR - ok
19:55:06.0023 2020 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:55:06.0226 2020 Microsoft Office Groove Audit Service - ok
19:55:06.0257 2020 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:55:06.0335 2020 MMCSS - ok
19:55:06.0366 2020 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:55:06.0429 2020 Modem - ok
19:55:06.0460 2020 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:55:06.0475 2020 monitor - ok
19:55:06.0507 2020 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:55:06.0507 2020 mouclass - ok
19:55:06.0522 2020 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:55:06.0553 2020 mouhid - ok
19:55:06.0569 2020 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:55:06.0585 2020 mountmgr - ok
19:55:06.0631 2020 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:55:06.0647 2020 MozillaMaintenance - ok
19:55:06.0678 2020 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:55:06.0709 2020 mpio - ok
19:55:06.0741 2020 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:55:06.0787 2020 mpsdrv - ok
19:55:06.0834 2020 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:55:06.0912 2020 MpsSvc - ok
19:55:06.0928 2020 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:55:06.0959 2020 MRxDAV - ok
19:55:06.0990 2020 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:55:07.0037 2020 mrxsmb - ok
19:55:07.0084 2020 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:55:07.0099 2020 mrxsmb10 - ok
19:55:07.0131 2020 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:55:07.0162 2020 mrxsmb20 - ok
19:55:07.0193 2020 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:55:07.0224 2020 msahci - ok
19:55:07.0271 2020 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:55:07.0302 2020 msdsm - ok
19:55:07.0318 2020 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:55:07.0365 2020 MSDTC - ok
19:55:07.0396 2020 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:55:07.0458 2020 Msfs - ok
19:55:07.0489 2020 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:55:07.0536 2020 mshidkmdf - ok
19:55:07.0583 2020 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:55:07.0583 2020 msisadrv - ok
19:55:07.0630 2020 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:55:07.0723 2020 MSiSCSI - ok
19:55:07.0723 2020 msiserver - ok
19:55:07.0755 2020 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:55:07.0833 2020 MSKSSRV - ok
19:55:07.0848 2020 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:55:07.0895 2020 MSPCLOCK - ok
19:55:07.0895 2020 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:55:07.0942 2020 MSPQM - ok
19:55:07.0973 2020 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:55:07.0989 2020 MsRPC - ok
19:55:08.0020 2020 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:55:08.0035 2020 mssmbios - ok
19:55:08.0051 2020 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:55:08.0129 2020 MSTEE - ok
19:55:08.0129 2020 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:55:08.0160 2020 MTConfig - ok
19:55:08.0191 2020 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
19:55:08.0207 2020 MTsensor - ok
19:55:08.0207 2020 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:55:08.0223 2020 Mup - ok
19:55:08.0269 2020 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:55:08.0301 2020 napagent - ok
19:55:08.0332 2020 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:55:08.0394 2020 NativeWifiP - ok
19:55:08.0441 2020 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:55:08.0503 2020 NDIS - ok
19:55:08.0519 2020 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:55:08.0581 2020 NdisCap - ok
19:55:08.0613 2020 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:55:08.0659 2020 NdisTapi - ok
19:55:08.0675 2020 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:55:08.0737 2020 Ndisuio - ok
19:55:08.0769 2020 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:55:08.0831 2020 NdisWan - ok
19:55:08.0847 2020 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:55:08.0893 2020 NDProxy - ok
19:55:08.0925 2020 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:55:08.0971 2020 NetBIOS - ok
19:55:09.0003 2020 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:55:09.0065 2020 NetBT - ok
19:55:09.0081 2020 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:55:09.0096 2020 Netlogon - ok
19:55:09.0127 2020 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:55:09.0190 2020 Netman - ok
19:55:09.0221 2020 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:55:09.0252 2020 netprofm - ok
19:55:09.0283 2020 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:55:09.0299 2020 NetTcpPortSharing - ok
19:55:09.0315 2020 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:55:09.0330 2020 nfrd960 - ok
19:55:09.0346 2020 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:55:09.0393 2020 NlaSvc - ok
19:55:09.0393 2020 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:55:09.0439 2020 Npfs - ok
19:55:09.0471 2020 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:55:09.0533 2020 nsi - ok
19:55:09.0549 2020 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:55:09.0611 2020 nsiproxy - ok
19:55:09.0673 2020 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:55:09.0751 2020 Ntfs - ok
19:55:09.0767 2020 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:55:09.0814 2020 Null - ok
19:55:09.0845 2020 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:55:09.0861 2020 nvraid - ok
19:55:09.0861 2020 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:55:09.0876 2020 nvstor - ok
19:55:09.0892 2020 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:55:09.0907 2020 nv_agp - ok
19:55:10.0001 2020 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:55:10.0079 2020 odserv - ok
19:55:10.0126 2020 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:55:10.0157 2020 ohci1394 - ok
19:55:10.0204 2020 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:55:10.0219 2020 ose - ok
19:55:10.0391 2020 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:55:10.0563 2020 osppsvc - ok
19:55:10.0609 2020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:55:10.0656 2020 p2pimsvc - ok
19:55:10.0687 2020 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:55:10.0734 2020 p2psvc - ok
19:55:10.0750 2020 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:55:10.0781 2020 Parport - ok
19:55:10.0812 2020 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:55:10.0828 2020 partmgr - ok
19:55:10.0890 2020 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:55:10.0937 2020 PcaSvc - ok
19:55:10.0968 2020 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:55:10.0984 2020 pci - ok
19:55:11.0015 2020 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:55:11.0015 2020 pciide - ok
19:55:11.0046 2020 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:55:11.0062 2020 pcmcia - ok
19:55:11.0077 2020 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:55:11.0093 2020 pcw - ok
19:55:11.0093 2020 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:55:11.0140 2020 PEAUTH - ok
19:55:11.0218 2020 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:55:11.0265 2020 PerfHost - ok
19:55:11.0343 2020 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:55:11.0436 2020 pla - ok
19:55:11.0467 2020 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:55:11.0530 2020 PlugPlay - ok
19:55:11.0577 2020 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:55:11.0608 2020 PNRPAutoReg - ok
19:55:11.0639 2020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:55:11.0670 2020 PNRPsvc - ok
19:55:11.0733 2020 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:55:11.0811 2020 PolicyAgent - ok
19:55:11.0842 2020 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:55:11.0889 2020 Power - ok
19:55:11.0935 2020 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:55:11.0982 2020 PptpMiniport - ok
19:55:12.0029 2020 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:55:12.0045 2020 Processor - ok
19:55:12.0076 2020 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:55:12.0138 2020 ProfSvc - ok
19:55:12.0154 2020 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:55:12.0185 2020 ProtectedStorage - ok
19:55:12.0216 2020 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:55:12.0263 2020 Psched - ok
19:55:12.0325 2020 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:55:12.0403 2020 ql2300 - ok
19:55:12.0403 2020 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:55:12.0419 2020 ql40xx - ok
19:55:12.0466 2020 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:55:12.0481 2020 QWAVE - ok
19:55:12.0497 2020 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:55:12.0528 2020 QWAVEdrv - ok
19:55:12.0544 2020 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:55:12.0575 2020 RasAcd - ok
19:55:12.0606 2020 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:55:12.0637 2020 RasAgileVpn - ok
19:55:12.0684 2020 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:55:12.0762 2020 RasAuto - ok
19:55:12.0793 2020 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:55:12.0840 2020 Rasl2tp - ok
19:55:12.0856 2020 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:55:12.0903 2020 RasMan - ok
19:55:12.0949 2020 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:55:13.0027 2020 RasPppoe - ok
19:55:13.0027 2020 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:55:13.0059 2020 RasSstp - ok
19:55:13.0090 2020 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:55:13.0121 2020 rdbss - ok
19:55:13.0152 2020 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:55:13.0168 2020 rdpbus - ok
19:55:13.0199 2020 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:55:13.0230 2020 RDPCDD - ok
19:55:13.0246 2020 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:55:13.0293 2020 RDPENCDD - ok
19:55:13.0324 2020 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:55:13.0355 2020 RDPREFMP - ok
19:55:13.0386 2020 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:55:13.0449 2020 RDPWD - ok
19:55:13.0495 2020 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:55:13.0527 2020 rdyboost - ok
19:55:13.0573 2020 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:55:13.0620 2020 RemoteAccess - ok
19:55:13.0651 2020 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:55:13.0698 2020 RemoteRegistry - ok
19:55:13.0792 2020 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:55:13.0823 2020 RichVideo ( UnsignedFile.Multi.Generic ) - warning
19:55:13.0823 2020 RichVideo - detected UnsignedFile.Multi.Generic (1)
19:55:13.0885 2020 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:55:13.0963 2020 RpcEptMapper - ok
19:55:13.0995 2020 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:55:14.0026 2020 RpcLocator - ok
19:55:14.0073 2020 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:55:14.0119 2020 RpcSs - ok
19:55:14.0135 2020 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:55:14.0182 2020 rspndr - ok
19:55:14.0197 2020 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:55:14.0213 2020 SamSs - ok
19:55:14.0244 2020 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:55:14.0275 2020 sbp2port - ok
19:55:14.0307 2020 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:55:14.0353 2020 SCardSvr - ok
19:55:14.0385 2020 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:55:14.0431 2020 scfilter - ok
19:55:14.0478 2020 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:55:14.0556 2020 Schedule - ok
19:55:14.0587 2020 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:55:14.0619 2020 SCPolicySvc - ok
19:55:14.0650 2020 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
19:55:14.0681 2020 sdbus - ok
19:55:14.0728 2020 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:55:14.0775 2020 SDRSVC - ok
19:55:14.0821 2020 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:55:14.0884 2020 seclogon - ok
19:55:14.0899 2020 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:55:14.0962 2020 SENS - ok
19:55:14.0977 2020 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:55:15.0024 2020 SensrSvc - ok
19:55:15.0055 2020 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:55:15.0087 2020 Serenum - ok
19:55:15.0102 2020 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:55:15.0133 2020 Serial - ok
19:55:15.0149 2020 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:55:15.0180 2020 sermouse - ok
19:55:15.0227 2020 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:55:15.0274 2020 SessionEnv - ok
19:55:15.0336 2020 [ 7251169D5676396840911F64BB4BC3B2 ] SfCtlCom C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
19:55:15.0492 2020 SfCtlCom - ok
19:55:15.0523 2020 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:55:15.0570 2020 sffdisk - ok
19:55:15.0586 2020 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:55:15.0617 2020 sffp_mmc - ok
19:55:15.0633 2020 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:55:15.0679 2020 sffp_sd - ok
19:55:15.0711 2020 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:55:15.0742 2020 sfloppy - ok
19:55:15.0789 2020 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:55:15.0835 2020 Sftfs - ok
19:55:15.0898 2020 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:55:15.0976 2020 sftlist - ok
19:55:15.0991 2020 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:55:16.0007 2020 Sftplay - ok
19:55:16.0023 2020 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:55:16.0038 2020 Sftredir - ok
19:55:16.0038 2020 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:55:16.0054 2020 Sftvol - ok
19:55:16.0069 2020 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:55:16.0085 2020 sftvsa - ok
19:55:16.0147 2020 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:55:16.0210 2020 SharedAccess - ok
19:55:16.0257 2020 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:55:16.0335 2020 ShellHWDetection - ok
19:55:16.0350 2020 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
19:55:16.0366 2020 SiSGbeLH - ok
19:55:16.0381 2020 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:55:16.0397 2020 SiSRaid2 - ok
19:55:16.0413 2020 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:55:16.0428 2020 SiSRaid4 - ok
19:55:16.0444 2020 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:55:16.0491 2020 Smb - ok
19:55:16.0522 2020 [ D39FB29C22C3977DE4A5077C63091A1A ] smsbda C:\Windows\system32\drivers\smsbda.sys
19:55:16.0522 2020 smsbda - ok
19:55:16.0553 2020 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:55:16.0569 2020 SNMPTRAP - ok
19:55:16.0584 2020 SNP2UVC - ok
19:55:16.0600 2020 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:55:16.0600 2020 spldr - ok
19:55:16.0631 2020 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:55:16.0678 2020 Spooler - ok
19:55:16.0818 2020 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:55:16.0896 2020 sppsvc - ok
19:55:16.0912 2020 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:55:16.0959 2020 sppuinotify - ok
19:55:16.0990 2020 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:55:17.0037 2020 srv - ok
19:55:17.0083 2020 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:55:17.0146 2020 srv2 - ok
19:55:17.0161 2020 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:55:17.0193 2020 srvnet - ok
19:55:17.0208 2020 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:55:17.0286 2020 SSDPSRV - ok
19:55:17.0317 2020 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:55:17.0364 2020 SstpSvc - ok
19:55:17.0395 2020 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:55:17.0395 2020 stexstor - ok
19:55:17.0442 2020 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:55:17.0520 2020 stisvc - ok
19:55:17.0551 2020 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:55:17.0567 2020 swenum - ok
19:55:17.0614 2020 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:55:17.0676 2020 swprv - ok
19:55:17.0770 2020 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:55:17.0879 2020 SysMain - ok
19:55:17.0910 2020 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:55:17.0941 2020 TabletInputService - ok
19:55:17.0957 2020 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:55:18.0004 2020 TapiSrv - ok
19:55:18.0035 2020 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:55:18.0082 2020 TBS - ok
19:55:18.0144 2020 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:55:18.0238 2020 Tcpip - ok
19:55:18.0285 2020 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:55:18.0331 2020 TCPIP6 - ok
19:55:18.0363 2020 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:55:18.0378 2020 tcpipreg - ok
19:55:18.0409 2020 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:55:18.0472 2020 TDPIPE - ok
19:55:18.0503 2020 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:55:18.0534 2020 TDTCP - ok
19:55:18.0565 2020 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:55:18.0643 2020 tdx - ok
19:55:18.0659 2020 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:55:18.0675 2020 TermDD - ok
19:55:18.0690 2020 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:55:18.0753 2020 TermService - ok
19:55:18.0768 2020 TFsExDisk - ok
19:55:18.0784 2020 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:55:18.0831 2020 Themes - ok
19:55:18.0862 2020 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:55:18.0877 2020 THREADORDER - ok
19:55:18.0924 2020 [ 963C903E5176C5CDCAE321D48635B21F ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
19:55:18.0955 2020 TMBMServer - ok
19:55:18.0987 2020 [ 803EE35DF92815EA5D41CEE7410C8CC1 ] tmpreflt C:\Windows\system32\DRIVERS\tmpreflt.sys
19:55:19.0002 2020 tmpreflt - ok
19:55:19.0033 2020 [ 3AE913B4FBF06EE49831FF9DB2330830 ] TmProxy C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
19:55:19.0143 2020 TmProxy - ok
19:55:19.0158 2020 [ 21CC12B7F8B44E91D03EAD5B17AAF0B2 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
19:55:19.0174 2020 tmtdi - ok
19:55:19.0205 2020 [ 9BD32132A3470CEFB3CBEA5FA492BD6F ] tmxpflt C:\Windows\system32\DRIVERS\tmxpflt.sys
19:55:19.0221 2020 tmxpflt - ok
19:55:19.0267 2020 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:55:19.0330 2020 TrkWks - ok
19:55:19.0392 2020 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:55:19.0533 2020 TrustedInstaller - ok
19:55:19.0564 2020 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:55:19.0611 2020 tssecsrv - ok
19:55:19.0642 2020 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:55:19.0689 2020 TsUsbFlt - ok
19:55:19.0720 2020 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:55:19.0782 2020 tunnel - ok
19:55:19.0813 2020 [ C45A3E051C65106A28982CAED125F855 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
19:55:19.0845 2020 TurboB - ok
19:55:19.0891 2020 [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:55:19.0907 2020 TurboBoost - ok
19:55:19.0923 2020 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:55:19.0938 2020 uagp35 - ok
19:55:19.0969 2020 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:55:20.0063 2020 udfs - ok
19:55:20.0110 2020 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:55:20.0157 2020 UI0Detect - ok
19:55:20.0188 2020 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:55:20.0203 2020 uliagpkx - ok
19:55:20.0235 2020 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:55:20.0266 2020 umbus - ok
19:55:20.0297 2020 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:55:20.0313 2020 UmPass - ok
19:55:20.0453 2020 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:55:20.0515 2020 UNS ( UnsignedFile.Multi.Generic ) - warning
19:55:20.0515 2020 UNS - detected UnsignedFile.Multi.Generic (1)
19:55:20.0562 2020 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:55:20.0609 2020 upnphost - ok
19:55:20.0640 2020 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:55:20.0703 2020 USBAAPL64 - ok
19:55:20.0734 2020 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:55:20.0781 2020 usbccgp - ok
19:55:20.0812 2020 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:55:20.0874 2020 usbcir - ok
19:55:20.0890 2020 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:55:20.0937 2020 usbehci - ok
19:55:20.0968 2020 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:55:20.0999 2020 usbhub - ok
19:55:21.0015 2020 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:55:21.0046 2020 usbohci - ok
19:55:21.0061 2020 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:55:21.0124 2020 usbprint - ok
19:55:21.0139 2020 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:55:21.0171 2020 usbscan - ok
19:55:21.0186 2020 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:55:21.0233 2020 USBSTOR - ok
19:55:21.0264 2020 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:55:21.0311 2020 usbuhci - ok
19:55:21.0327 2020 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:55:21.0373 2020 usbvideo - ok
19:55:21.0389 2020 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:55:21.0451 2020 UxSms - ok
19:55:21.0467 2020 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:55:21.0483 2020 VaultSvc - ok
19:55:21.0498 2020 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:55:21.0514 2020 vdrvroot - ok
19:55:21.0545 2020 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:55:21.0639 2020 vds - ok
19:55:21.0654 2020 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:55:21.0670 2020 vga - ok
19:55:21.0701 2020 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:55:21.0779 2020 VgaSave - ok
19:55:21.0826 2020 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:55:21.0826 2020 vhdmp - ok
19:55:21.0857 2020 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:55:21.0857 2020 viaide - ok
19:55:21.0873 2020 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:55:21.0873 2020 volmgr - ok
19:55:21.0919 2020 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:55:21.0966 2020 volmgrx - ok
19:55:21.0982 2020 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:55:21.0997 2020 volsnap - ok
19:55:22.0075 2020 [ B01CE1F5A44126892240D179A6DBD43F ] vsapint C:\Windows\system32\DRIVERS\vsapint.sys
19:55:22.0107 2020 vsapint - ok
19:55:22.0138 2020 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:55:22.0138 2020 vsmraid - ok
19:55:22.0200 2020 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:55:22.0294 2020 VSS - ok
19:55:22.0294 2020 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:55:22.0325 2020 vwifibus - ok
19:55:22.0341 2020 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:55:22.0356 2020 vwififlt - ok
19:55:22.0372 2020 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:55:22.0403 2020 vwifimp - ok
19:55:22.0434 2020 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:55:22.0481 2020 W32Time - ok
19:55:22.0512 2020 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:55:22.0543 2020 WacomPen - ok
19:55:22.0559 2020 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:55:22.0621 2020 WANARP - ok
19:55:22.0637 2020 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:55:22.0653 2020 Wanarpv6 - ok
19:55:22.0699 2020 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:55:22.0793 2020 wbengine - ok
19:55:22.0824 2020 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:55:22.0871 2020 WbioSrvc - ok
19:55:22.0918 2020 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:55:22.0996 2020 wcncsvc - ok
19:55:23.0011 2020 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:55:23.0058 2020 WcsPlugInService - ok
19:55:23.0089 2020 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:55:23.0089 2020 Wd - ok
19:55:23.0136 2020 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:55:23.0199 2020 Wdf01000 - ok
19:55:23.0230 2020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:55:23.0339 2020 WdiServiceHost - ok
19:55:23.0339 2020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:55:23.0355 2020 WdiSystemHost - ok
19:55:23.0386 2020 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:55:23.0417 2020 WebClient - ok
19:55:23.0448 2020 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:55:23.0479 2020 Wecsvc - ok
19:55:23.0511 2020 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:55:23.0557 2020 wercplsupport - ok
19:55:23.0557 2020 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:55:23.0589 2020 WerSvc - ok
19:55:23.0604 2020 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:55:23.0651 2020 WfpLwf - ok
19:55:23.0682 2020 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:55:23.0682 2020 WimFltr - ok
19:55:23.0713 2020 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:55:23.0713 2020 WIMMount - ok
19:55:23.0745 2020 WinDefend - ok
19:55:23.0745 2020 WinHttpAutoProxySvc - ok
19:55:23.0807 2020 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:55:23.0916 2020 Winmgmt - ok
19:55:23.0963 2020 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:55:24.0057 2020 WinRM - ok
19:55:24.0088 2020 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:55:24.0135 2020 WinUsb - ok
19:55:24.0181 2020 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:55:24.0244 2020 Wlansvc - ok
19:55:24.0259 2020 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:55:24.0275 2020 WmiAcpi - ok
19:55:24.0322 2020 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:55:24.0353 2020 wmiApSrv - ok
19:55:24.0384 2020 WMPNetworkSvc - ok
19:55:24.0400 2020 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:55:24.0431 2020 WPCSvc - ok
19:55:24.0462 2020 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:55:24.0478 2020 WPDBusEnum - ok
19:55:24.0509 2020 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:55:24.0571 2020 ws2ifsl - ok
19:55:24.0587 2020 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:55:24.0634 2020 wscsvc - ok
19:55:24.0634 2020 WSearch - ok
19:55:24.0712 2020 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:55:24.0821 2020 wuauserv - ok
19:55:24.0837 2020 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:55:24.0899 2020 WudfPf - ok
19:55:24.0915 2020 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:55:24.0946 2020 WUDFRd - ok
19:55:24.0961 2020 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:55:24.0993 2020 wudfsvc - ok
19:55:25.0024 2020 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:55:25.0071 2020 WwanSvc - ok
19:55:25.0071 2020 ================ Scan global ===============================
19:55:25.0133 2020 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:55:25.0164 2020 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:55:25.0180 2020 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:55:25.0211 2020 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:55:25.0273 2020 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:55:25.0273 2020 [Global] - ok
19:55:25.0273 2020 ================ Scan MBR ==================================
19:55:25.0305 2020 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:55:25.0710 2020 \Device\Harddisk0\DR0 - ok
19:55:25.0710 2020 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:55:25.0866 2020 \Device\Harddisk1\DR1 - ok
19:55:25.0882 2020 ================ Scan VBR ==================================
19:55:25.0882 2020 [ 0D740FDC01E51F9EA305A11E9086CEDD ] \Device\Harddisk0\DR0\Partition1
19:55:25.0882 2020 \Device\Harddisk0\DR0\Partition1 - ok
19:55:25.0897 2020 [ 1F8E67CC100C5C23D515D756BA76A78A ] \Device\Harddisk0\DR0\Partition2
19:55:25.0897 2020 \Device\Harddisk0\DR0\Partition2 - ok
19:55:25.0913 2020 [ C05984A1A479B0651FE182C046D192A2 ] \Device\Harddisk1\DR1\Partition1
19:55:25.0913 2020 \Device\Harddisk1\DR1\Partition1 - ok
19:55:25.0913 2020 ============================================================
19:55:25.0913 2020 Scan finished
19:55:25.0913 2020 ============================================================
19:55:25.0929 3800 Detected object count: 6
19:55:25.0929 3800 Actual detected object count: 6
19:56:29.0686 3800 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:29.0686 3800 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:56:29.0686 3800 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:56:29.0686 3800 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:56:29.0686 3800 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:29.0686 3800 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:56:29.0686 3800 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:29.0702 3800 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:56:29.0702 3800 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:29.0702 3800 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:56:29.0702 3800 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:29.0702 3800 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:56:33.0040 5788 Deinitialize success
|
|
03.06.2013, 16:59
| #8 |
| /// Malware-holic | GVU Trojaner Windows 7 64bit Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.06.2013, 17:27
| #9 |
| | GVU Trojaner Windows 7 64bit Die im Hinweis erwähnte Fehlermeldung kam natürlich auch Combofix Log C: Code:
ATTFilter ComboFix 13-06-03.05 - hennings 03.06.2013 20:10:02.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4021.2380 [GMT 2:00]
ausgeführt von:: c:\users\hennings\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\users\hennings\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\hennings\xobglu32.dll
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-03 bis 2013-06-03 ))))))))))))))))))))))))))))))
.
.
2013-06-02 17:19 . 2013-06-02 17:19 -------- d-----w- C:\found.000
2013-06-01 11:10 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51763247-1A88-4CD1-A42F-8C15833B6005}\mpengine.dll
2013-05-23 21:20 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-23 21:20 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-23 21:20 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-18 17:08 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-18 17:08 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-18 17:07 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-18 17:07 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-18 17:07 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-18 17:07 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-18 16:48 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-18 16:48 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-18 16:48 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-18 16:41 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-18 16:41 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-18 16:41 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-05 11:32 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-05-05 11:32 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-05-05 11:32 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-05-05 11:32 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-05-05 11:32 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-05-05 11:32 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-05-05 11:31 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-05-05 11:30 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-05-05 11:30 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-05 11:30 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-05-05 11:30 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-05-05 11:30 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-05 11:30 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-05-05 11:30 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-29 07:11 . 2013-04-23 19:38 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-05-18 17:49 . 2010-12-13 21:23 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-18 16:21 . 2012-08-04 21:29 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-18 16:21 . 2011-06-04 10:56 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2011-10-11 20:28 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-18 17:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-18 17:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-18 17:14 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-18 17:14 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-18 17:14 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-18 17:14 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-20 08:07 . 2013-04-04 19:55 233472 ----a-w- c:\windows\SysWow64\FsUsbExService.Exe
2013-03-20 08:07 . 2013-04-04 19:55 37344 ----a-w- c:\windows\SysWow64\FsUsbExDisk.Sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\hennings\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TV IR"="c:\program files (x86)\TV IR\TV IR.exe" [2010-09-29 1149952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
c:\users\hennings\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [N/A]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3\TMMonitor.exe [2011-4-30 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 smsbda;DVB-T TV Stick;c:\windows\system32\drivers\smsbda.sys;c:\windows\SYSNATIVE\drivers\smsbda.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe;c:\program files\Trend Micro\Internet Security\TmProxy.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys;c:\windows\SYSNATIVE\DRIVERS\tmpreflt.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 16:22]
.
2013-04-06 c:\windows\Tasks\Norton Security Scan for hennings.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.6.13\Nss.exe [2011-03-30 17:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1022904]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\hennings\AppData\Roaming\Mozilla\Firefox\Profiles\4yqfmeq3.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb143/?loc=IB_DS&a=6R8sjmEvVb&&i=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8sjmEvVb&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - cc2072b40000000000004e5d6065b508
FF - user.js: extensions.incredibar_i.instlDay - 15468
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:59
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8sjmEvVb
FF - user.js: extensions.incredibar_i.upn2n - 92824325938285845
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{58124A0B-DC32-4180-9BFF-E0E21AE34026} - c:\program files (x86)\IMinent Toolbar\tbcore3.dll
Toolbar-Locked - (no file)
Toolbar-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - c:\program files (x86)\IMinent Toolbar\tbcore3.dll
Wow6432Node-HKCU-Run-Syncables - c:\program files (x86)\syncables\syncables desktop\Syncables.exe
Wow6432Node-HKCU-Run-Exetender_148 - c:\program files (x86)\FreeRide Games\GPlayer.exe
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Toolbar-Locked - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-03 20:23:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-03 18:23
.
Vor Suchlauf: 12 Verzeichnis(se), 65.452.433.408 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 64.999.051.264 Bytes frei
.
- - End Of File - - CA70479D067F06FA6C24D8CEB339FCA8
|
|
03.06.2013, 18:28
| #10 |
| /// Malware-holic | GVU Trojaner Windows 7 64bit Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.06.2013, 19:37
| #11 |
| | GVU Trojaner Windows 7 64bit Es wurden keine infizierten Objekte gefunden Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.03.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 hennings :: BLACKY [Administrator] Schutz: Aktiviert 03.06.2013 21:37:31 mbam-log-2013-06-03 (21-37-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 393955 Laufzeit: 43 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
03.06.2013, 19:44
| #12 |
| /// Malware-holic | GVU Trojaner Windows 7 64bit Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.06.2013, 19:48
| #13 |
| | GVU Trojaner Windows 7 64bit okay das könnte einen Moment dauern da es nicht mein PC ist |
|
03.06.2013, 19:54
| #14 |
| /// Malware-holic | GVU Trojaner Windows 7 64bit lass solche zwischenposts weg, da neue an diesen angehangen werden, müsste ich imer hier reingucken, also, wenns nich grad n halbes Jahr dauert, nimm dir die Zeit :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GVU Trojaner Windows 7 64bit |
| 64bit, bekannte, eingabeaufforderung, gvu trojaner, gvu trojaner windows 7, gvu-trojaner, hoffe, iminent toolbar, install.exe, laptop, laufe, laufen, microsoft office starter 2010, ntdll.dll, plug-in, richtig, sitze, troja, trojaner, verzweifel, windows, windows 7, windows 7 64bit |
Textbox. 
WARNUNG an die MITLESER: 
Linear-Darstellung
