GVU Trojaner auf Windows 7

amarezni · 15.06.2013, 13:21

Hallo allerseits,
ich hab mir heute leider auch den GVU Trojaner geholt. Der Rechner läuft noch und zeigt derzeit den Sperr-Bildschirm. WLAN ist ausgeschaltet. Das Betriebssystem ist Windows 7. Meine PC Kenntnisse sind leider doch sehr begrenzt.Ich hab erstmal nichts weiter gemacht und mich gleich im Forum registriert. Was soll ich nun weiter tun? Vielen Dank schon mal im Voraus.

markusg · 15.06.2013, 13:22

Hi,
kommst du an nen pc mit brenner?
download:
http://filepony.de/download-isoburner/
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die

Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe

• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

amarezni · 15.06.2013, 13:36

Ich werd versuch einen pc mit brenner aufzutreiben. vielen dank für die schnelle Antwort.

markusg · 15.06.2013, 13:39

bitte solche Zwischenposts weg lassen da neue an diesen angehangen werden, bei fragen /problemen bzw Erfolg natürlich melden.

amarezni · 16.06.2013, 13:53

Kann ich die Dateien auch auf DVD brennen oder hab da dann später Probleme, gibt hier im Internetcafe nun noch DVD´s.

markusg · 16.06.2013, 18:04

kannst du

amarezni · 16.06.2013, 18:36

otl läuft nicht durch, es steht nach einer Stunde immer noch "getting folder structure..."

markusg · 16.06.2013, 18:42

versuchs mal ohne mein script

amarezni · 16.06.2013, 22:14

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 6/16/2013 9:34:37 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.79 Gb Total Space | 178.44 Gb Free Space | 78.68% Space Free | Partition Type: NTFS
Drive D: | 979.00 Mb Total Space | 978.95 Mb Free Space | 100.00% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/02/07 08:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/12/13 08:08:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/05 13:50:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/10 09:42:05 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2012/06/07 09:09:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/06/07 09:09:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/06/05 08:45:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/06/07 09:09:32 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/06/07 09:09:32 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/02/09 02:06:40 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/09/16 10:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/11/19 22:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/19 22:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/19 22:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/19 20:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/19 19:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/19 19:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/19 19:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/18 10:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 09:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/04/01 09:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 14:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/08 10:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/01/29 12:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 12:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 10:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/11/14 11:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Admin_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
IE - HKU\Suse_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\Suse_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Suse_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 0F F8 7A 72 69 CD 01  [binary data]
IE - HKU\Suse_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=BC2BDDB7-EBE2-4AB5-9A58-F641BFC6FB54&apn_ptnrs=U3&apn_sauid=43BC0AD1-7617-4635-A341-519729774A8B&apn_dtid=OSJ000YYDE&&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012/12/13 15:21:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/05 13:50:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/06/05 07:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2007/02/13 19:10:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ktskdzr1.default\extensions
[2007/02/14 01:38:42 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ktskdzr1.default\extensions\toolbar@ask.com
[2007/02/14 01:38:42 | 000,002,308 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ktskdzr1.default\searchplugins\askcom.xml
[2012/06/29 15:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/24 06:08:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
[2012/07/05 13:50:57 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/05 13:50:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/05 13:50:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/05 13:50:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/05 13:50:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/07/05 13:50:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/05 13:50:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKU\Suse_ON_C..\Run: [Spotify] C:\Users\Suse\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\Suse_ON_C..\Run: [Spotify Web Helper] C:\Users\Suse\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Suse_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Suse_ON_C Winlogon: Shell - (C:\Users\Suse\AppData\Roaming\skype.dat) - C:\Users\Suse\AppData\Roaming\skype.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/14 05:33:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/14 05:33:57 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/06/14 05:33:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/14 05:33:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/06/14 05:33:55 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/06/14 05:33:55 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/14 05:33:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/06/14 05:33:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/06/14 05:33:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/06/14 05:33:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/06/11 23:28:48 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/06/11 23:28:47 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/06/11 23:28:34 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/06/11 23:28:34 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/06/11 23:28:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/06/11 23:28:20 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2013/05/20 05:19:58 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/05/20 05:19:57 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/20 05:19:49 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/05/20 05:19:40 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/05/20 05:19:40 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/16 10:36:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/16 10:35:38 | 000,000,004 | ---- | M] () -- C:\Users\Suse\AppData\Roaming\skype.ini
[2013/06/16 10:33:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/16 10:33:18 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2013/06/15 07:10:22 | 000,016,992 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 07:10:22 | 000,016,992 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 07:02:03 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2013/06/15 07:01:44 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/24 10:55:50 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2013/05/24 10:55:34 | 001,684,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/20 06:29:47 | 003,135,876 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/20 06:29:47 | 001,362,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/20 06:29:47 | 000,961,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/20 06:29:46 | 000,922,340 | ---- | M] () -- C:\Windows\System32\perfc007.dat
 
========== Files Created - No Company Name ==========
 
[2013/06/15 07:21:34 | 000,000,004 | ---- | C] () -- C:\Users\Suse\AppData\Roaming\skype.ini
[2012/07/02 06:20:08 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/06/14 10:36:19 | 000,068,096 | ---- | C] () -- C:\Users\Suse\AppData\Roaming\skype.dat
[2012/06/05 17:07:23 | 003,135,876 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012/06/05 17:07:23 | 000,922,340 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012/06/05 17:07:23 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012/06/05 17:07:23 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012/06/05 08:52:05 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2012/06/05 07:40:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/06/05 07:40:07 | 000,252,928 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2012/06/05 07:39:55 | 000,668,160 | ---- | C] () -- C:\Windows\System32\autochk.exe
[2012/06/05 07:10:05 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2012/06/05 07:09:13 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2009/09/23 13:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 001,684,816 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 001,362,318 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,961,352 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,589,862 | ---- | C] () -- C:\Windows\System32\perfc009(40).dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/05/06 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
 
========== LOP Check ==========
 
[2012/12/08 05:23:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2012/12/08 05:23:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/12/08 05:26:44 | 000,000,000 | ---D | M] -- C:\Users\Suse\AppData\Roaming\DVDVideoSoft
[2013/06/16 10:33:34 | 000,000,000 | ---D | M] -- C:\Users\Suse\AppData\Roaming\Spotify
[2012/06/05 07:21:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2007/02/14 04:21:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/06/05 07:21:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/06/05 07:21:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2012/06/05 07:21:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/06/05 07:21:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/12/07 11:26:43 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

Ich denke das war der ganze report ohne dein script.

markusg · 17.06.2013, 13:49

Hi,
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O20 - HKU\Suse_ON_C Winlogon: Shell - (C:\Users\Suse\AppData\Roaming\skype.dat) - C:\Users\Suse\AppData\Roaming\skype.dat ()
[2013/06/16 10:35:38 | 000,000,004 | ---- | M] () -- C:\Users\Suse\AppData\Roaming\skype.ini
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

amarezni · 17.06.2013, 23:13

windows ist leider nicht normal gestartet, den otl ordner hab ich gefunden kann den leider nicht zippen, da das programm fehlt.
Den anderen log habe ich hochgeladen.

Nach zwei Neustarts hat es dann doch geklappt, alle daten müssten hochgeladen sein.

markusg · 18.06.2013, 11:44

ok
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

b

amarezni · 18.06.2013, 13:41

17:36:15.0877 0584 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:36:15.0955 0584 ============================================================
17:36:15.0955 0584 Current date / time: 2013/06/18 17:36:15.0955
17:36:15.0955 0584 SystemInfo:
17:36:15.0955 0584
17:36:15.0955 0584 OS Version: 6.1.7601 ServicePack: 1.0
17:36:15.0955 0584 Product type: Workstation
17:36:15.0955 0584 ComputerName: SP-NOTEBOOK
17:36:15.0955 0584 UserName: Admin
17:36:15.0955 0584 Windows directory: C:\Windows
17:36:15.0955 0584 System windows directory: C:\Windows
17:36:15.0955 0584 Processor architecture: Intel x86
17:36:15.0955 0584 Number of processors: 2
17:36:15.0955 0584 Page size: 0x1000
17:36:15.0955 0584 Boot type: Safe boot
17:36:15.0955 0584 ============================================================
17:36:16.0953 0584 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:36:16.0953 0584 ============================================================
17:36:16.0953 0584 \Device\Harddisk0\DR0:
17:36:16.0953 0584 MBR partitions:
17:36:16.0953 0584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C5963E7
17:36:16.0953 0584 ============================================================
17:36:16.0969 0584 C: <-> \Device\Harddisk0\DR0\Partition1
17:36:16.0969 0584 ============================================================
17:36:16.0969 0584 Initialize success
17:36:16.0969 0584 ============================================================
17:37:11.0600 1352 ============================================================
17:37:11.0600 1352 Scan started
17:37:11.0600 1352 Mode: Manual; SigCheck; TDLFS;
17:37:11.0600 1352 ============================================================
17:37:11.0756 1352 ================ Scan system memory ========================
17:37:11.0756 1352 System memory - ok
17:37:11.0756 1352 ================ Scan services =============================
17:37:11.0927 1352 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:37:12.0193 1352 1394ohci - ok
17:37:12.0239 1352 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:37:12.0271 1352 ACPI - ok
17:37:12.0317 1352 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:37:12.0395 1352 AcpiPmi - ok
17:37:12.0520 1352 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:37:12.0536 1352 AdobeARMservice - ok
17:37:12.0614 1352 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:37:12.0645 1352 AdobeFlashPlayerUpdateSvc - ok
17:37:12.0707 1352 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:37:12.0723 1352 adp94xx - ok
17:37:12.0754 1352 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:37:12.0770 1352 adpahci - ok
17:37:12.0785 1352 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:37:12.0801 1352 adpu320 - ok
17:37:12.0848 1352 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:37:12.0957 1352 AeLookupSvc - ok
17:37:13.0019 1352 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
17:37:13.0082 1352 AFD - ok
17:37:13.0160 1352 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
17:37:13.0207 1352 AgereSoftModem - ok
17:37:13.0253 1352 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:37:13.0269 1352 agp440 - ok
17:37:13.0300 1352 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:37:13.0316 1352 aic78xx - ok
17:37:13.0378 1352 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:37:13.0409 1352 ALG - ok
17:37:13.0456 1352 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:37:13.0472 1352 aliide - ok
17:37:13.0487 1352 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:37:13.0503 1352 amdagp - ok
17:37:13.0519 1352 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:37:13.0534 1352 amdide - ok
17:37:13.0565 1352 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:37:13.0597 1352 AmdK8 - ok
17:37:13.0612 1352 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:37:13.0643 1352 AmdPPM - ok
17:37:13.0690 1352 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:37:13.0706 1352 amdsata - ok
17:37:13.0737 1352 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:37:13.0753 1352 amdsbs - ok
17:37:13.0784 1352 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:37:13.0784 1352 amdxata - ok
17:37:13.0846 1352 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:37:13.0862 1352 AntiVirSchedulerService - ok
17:37:13.0877 1352 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:37:13.0893 1352 AntiVirService - ok
17:37:13.0940 1352 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
17:37:13.0987 1352 AppID - ok
17:37:14.0033 1352 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:37:14.0080 1352 AppIDSvc - ok
17:37:14.0127 1352 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
17:37:14.0189 1352 Appinfo - ok
17:37:14.0252 1352 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
17:37:14.0283 1352 AppMgmt - ok
17:37:14.0314 1352 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:37:14.0330 1352 arc - ok
17:37:14.0345 1352 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:37:14.0361 1352 arcsas - ok
17:37:14.0377 1352 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:37:14.0501 1352 AsyncMac - ok
17:37:14.0533 1352 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:37:14.0548 1352 atapi - ok
17:37:14.0611 1352 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:37:14.0673 1352 AudioEndpointBuilder - ok
17:37:14.0673 1352 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:37:14.0720 1352 Audiosrv - ok
17:37:14.0751 1352 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:37:14.0798 1352 avgntflt - ok
17:37:14.0813 1352 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:37:14.0829 1352 avipbb - ok
17:37:14.0860 1352 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:37:14.0876 1352 avkmgr - ok
17:37:14.0923 1352 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:37:14.0954 1352 AxInstSV - ok
17:37:15.0016 1352 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:37:15.0079 1352 b06bdrv - ok
17:37:15.0125 1352 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:37:15.0172 1352 b57nd60x - ok
17:37:15.0219 1352 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:37:15.0250 1352 BDESVC - ok
17:37:15.0281 1352 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:37:15.0313 1352 Beep - ok
17:37:15.0359 1352 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
17:37:15.0422 1352 BFE - ok
17:37:15.0469 1352 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
17:37:15.0562 1352 BITS - ok
17:37:15.0578 1352 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:37:15.0593 1352 blbdrive - ok
17:37:15.0640 1352 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:37:15.0656 1352 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
17:37:15.0656 1352 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
17:37:15.0718 1352 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:37:15.0765 1352 bowser - ok
17:37:15.0796 1352 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:37:15.0827 1352 BrFiltLo - ok
17:37:15.0843 1352 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:37:15.0890 1352 BrFiltUp - ok
17:37:15.0937 1352 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
17:37:15.0968 1352 Browser - ok
17:37:15.0999 1352 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:37:16.0046 1352 Brserid - ok
17:37:16.0046 1352 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:37:16.0061 1352 BrSerWdm - ok
17:37:16.0077 1352 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:37:16.0077 1352 BrUsbMdm - ok
17:37:16.0093 1352 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:37:16.0108 1352 BrUsbSer - ok
17:37:16.0171 1352 [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
17:37:16.0217 1352 BTCFilterService - ok
17:37:16.0264 1352 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:37:16.0342 1352 BthEnum - ok
17:37:16.0373 1352 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:37:16.0405 1352 BTHMODEM - ok
17:37:16.0451 1352 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:37:16.0467 1352 BthPan - ok
17:37:16.0514 1352 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:37:16.0561 1352 BTHPORT - ok
17:37:16.0592 1352 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:37:16.0639 1352 bthserv - ok
17:37:16.0670 1352 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:37:16.0701 1352 BTHUSB - ok
17:37:16.0732 1352 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:37:16.0779 1352 cdfs - ok
17:37:16.0857 1352 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:37:16.0904 1352 cdrom - ok
17:37:16.0997 1352 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
17:37:17.0044 1352 CertPropSvc - ok
17:37:17.0153 1352 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:37:17.0247 1352 circlass - ok
17:37:17.0387 1352 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:37:17.0403 1352 CLFS - ok
17:37:17.0465 1352 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:37:17.0481 1352 clr_optimization_v2.0.50727_32 - ok
17:37:17.0559 1352 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:37:17.0621 1352 clr_optimization_v4.0.30319_32 - ok
17:37:17.0653 1352 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:37:17.0684 1352 CmBatt - ok
17:37:17.0715 1352 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:37:17.0731 1352 cmdide - ok
17:37:17.0777 1352 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
17:37:17.0824 1352 CNG - ok
17:37:17.0840 1352 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:37:17.0855 1352 Compbatt - ok
17:37:17.0918 1352 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:37:17.0933 1352 CompositeBus - ok
17:37:17.0949 1352 COMSysApp - ok
17:37:17.0965 1352 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:37:17.0980 1352 crcdisk - ok
17:37:18.0043 1352 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:37:18.0074 1352 CryptSvc - ok
17:37:18.0121 1352 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
17:37:18.0183 1352 CSC - ok
17:37:18.0214 1352 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
17:37:18.0245 1352 CscService - ok
17:37:18.0292 1352 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:37:18.0339 1352 DcomLaunch - ok
17:37:18.0370 1352 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:37:18.0401 1352 defragsvc - ok
17:37:18.0433 1352 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:37:18.0479 1352 DfsC - ok
17:37:18.0542 1352 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:37:18.0573 1352 Dhcp - ok
17:37:18.0620 1352 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:37:18.0651 1352 discache - ok
17:37:18.0698 1352 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:37:18.0713 1352 Disk - ok
17:37:18.0760 1352 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:37:18.0776 1352 Dnscache - ok
17:37:18.0807 1352 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
17:37:18.0854 1352 dot3svc - ok
17:37:18.0885 1352 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
17:37:18.0932 1352 DPS - ok
17:37:18.0979 1352 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:37:18.0994 1352 drmkaud - ok
17:37:19.0057 1352 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:37:19.0088 1352 DXGKrnl - ok
17:37:19.0119 1352 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:37:19.0166 1352 EapHost - ok
17:37:19.0275 1352 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:37:19.0384 1352 ebdrv - ok
17:37:19.0431 1352 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
17:37:19.0462 1352 EFS - ok
17:37:19.0540 1352 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:37:19.0587 1352 ehRecvr - ok
17:37:19.0618 1352 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:37:19.0649 1352 ehSched - ok
17:37:19.0696 1352 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:37:19.0727 1352 elxstor - ok
17:37:19.0759 1352 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:37:19.0790 1352 ErrDev - ok
17:37:19.0852 1352 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:37:19.0899 1352 EventSystem - ok
17:37:19.0915 1352 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:37:19.0977 1352 exfat - ok
17:37:20.0008 1352 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:37:20.0055 1352 fastfat - ok
17:37:20.0117 1352 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
17:37:20.0164 1352 Fax - ok
17:37:20.0211 1352 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:37:20.0242 1352 fdc - ok
17:37:20.0273 1352 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:37:20.0336 1352 fdPHost - ok
17:37:20.0351 1352 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:37:20.0398 1352 FDResPub - ok
17:37:20.0445 1352 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:37:20.0445 1352 FileInfo - ok
17:37:20.0476 1352 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:37:20.0523 1352 Filetrace - ok
17:37:20.0585 1352 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:37:20.0617 1352 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:37:20.0617 1352 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:37:20.0648 1352 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:37:20.0679 1352 flpydisk - ok
17:37:20.0710 1352 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:37:20.0726 1352 FltMgr - ok
17:37:20.0773 1352 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
17:37:20.0835 1352 FontCache - ok
17:37:20.0897 1352 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:37:20.0913 1352 FontCache3.0.0.0 - ok
17:37:20.0944 1352 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:37:20.0960 1352 FsDepends - ok
17:37:20.0991 1352 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:37:20.0991 1352 Fs_Rec - ok
17:37:21.0038 1352 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:37:21.0053 1352 fvevol - ok
17:37:21.0069 1352 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:37:21.0085 1352 gagp30kx - ok
17:37:21.0131 1352 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
17:37:21.0178 1352 gpsvc - ok
17:37:21.0194 1352 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:37:21.0225 1352 hcw85cir - ok
17:37:21.0287 1352 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:37:21.0319 1352 HdAudAddService - ok
17:37:21.0350 1352 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:37:21.0397 1352 HDAudBus - ok
17:37:21.0428 1352 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:37:21.0475 1352 HidBatt - ok
17:37:21.0490 1352 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:37:21.0521 1352 HidBth - ok
17:37:21.0568 1352 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:37:21.0599 1352 HidIr - ok
17:37:21.0631 1352 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
17:37:21.0677 1352 hidserv - ok
17:37:21.0724 1352 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:37:21.0755 1352 HidUsb - ok
17:37:21.0802 1352 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:37:21.0833 1352 hkmsvc - ok
17:37:21.0865 1352 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:37:21.0896 1352 HomeGroupListener - ok
17:37:21.0943 1352 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:37:21.0989 1352 HomeGroupProvider - ok
17:37:22.0052 1352 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:37:22.0052 1352 HpSAMD - ok
17:37:22.0099 1352 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:37:22.0145 1352 HTTP - ok
17:37:22.0161 1352 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:37:22.0177 1352 hwpolicy - ok
17:37:22.0223 1352 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:37:22.0255 1352 i8042prt - ok
17:37:22.0317 1352 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:37:22.0333 1352 iaStorV - ok
17:37:22.0442 1352 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:37:22.0473 1352 idsvc - ok
17:37:22.0629 1352 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
17:37:22.0832 1352 igfx - ok
17:37:22.0863 1352 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:37:22.0879 1352 iirsp - ok
17:37:22.0941 1352 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
17:37:23.0003 1352 IKEEXT - ok
17:37:23.0050 1352 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:37:23.0066 1352 intelide - ok
17:37:23.0097 1352 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:37:23.0128 1352 intelppm - ok
17:37:23.0159 1352 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:37:23.0222 1352 IPBusEnum - ok
17:37:23.0253 1352 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:37:23.0315 1352 IpFilterDriver - ok
17:37:23.0378 1352 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:37:23.0440 1352 iphlpsvc - ok
17:37:23.0487 1352 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:37:23.0518 1352 IPMIDRV - ok
17:37:23.0534 1352 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:37:23.0596 1352 IPNAT - ok
17:37:23.0627 1352 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:37:23.0659 1352 IRENUM - ok
17:37:23.0690 1352 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:37:23.0705 1352 isapnp - ok
17:37:23.0737 1352 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:37:23.0752 1352 iScsiPrt - ok
17:37:23.0783 1352 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:37:23.0799 1352 kbdclass - ok
17:37:23.0830 1352 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:37:23.0861 1352 kbdhid - ok
17:37:23.0893 1352 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
17:37:23.0908 1352 KeyIso - ok
17:37:23.0939 1352 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:37:23.0955 1352 KSecDD - ok
17:37:23.0971 1352 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:37:23.0986 1352 KSecPkg - ok
17:37:24.0017 1352 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:37:24.0080 1352 KtmRm - ok
17:37:24.0127 1352 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
17:37:24.0173 1352 LanmanServer - ok
17:37:24.0220 1352 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:37:24.0298 1352 LanmanWorkstation - ok
17:37:24.0361 1352 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:37:24.0392 1352 lltdio - ok
17:37:24.0423 1352 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:37:24.0470 1352 lltdsvc - ok
17:37:24.0517 1352 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:37:24.0563 1352 lmhosts - ok
17:37:24.0595 1352 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:37:24.0610 1352 LSI_FC - ok
17:37:24.0641 1352 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:37:24.0657 1352 LSI_SAS - ok
17:37:24.0673 1352 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:37:24.0688 1352 LSI_SAS2 - ok
17:37:24.0704 1352 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:37:24.0719 1352 LSI_SCSI - ok
17:37:24.0751 1352 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:37:24.0797 1352 luafv - ok
17:37:24.0938 1352 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
17:37:24.0969 1352 McComponentHostService - ok
17:37:25.0000 1352 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:37:25.0016 1352 Mcx2Svc - ok
17:37:25.0047 1352 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:37:25.0063 1352 megasas - ok
17:37:25.0094 1352 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:37:25.0125 1352 MegaSR - ok
17:37:25.0141 1352 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:37:25.0172 1352 MMCSS - ok
17:37:25.0203 1352 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:37:25.0250 1352 Modem - ok
17:37:25.0281 1352 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:37:25.0312 1352 monitor - ok
17:37:25.0359 1352 [ 7B8D7BB9AE3AE9CD133BBC5AA91DD3CC ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
17:37:25.0390 1352 motccgp - ok
17:37:25.0421 1352 [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
17:37:25.0453 1352 motccgpfl - ok
17:37:25.0484 1352 [ C3B0FD4F463E90B3917FF6CCEA853BB6 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
17:37:25.0515 1352 motmodem - ok
17:37:25.0609 1352 [ 36AC4DECEAE4226A5B5DD038C49658E1 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
17:37:25.0624 1352 MotoHelper - ok
17:37:25.0655 1352 [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
17:37:25.0687 1352 MotoSwitchService - ok
17:37:25.0718 1352 [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
17:37:25.0749 1352 Motousbnet - ok
17:37:25.0780 1352 [ 2136CCA3D1BF7C0248E5366B1A6C24E3 ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
17:37:25.0796 1352 motusbdevice - ok
17:37:25.0827 1352 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:37:25.0843 1352 mouclass - ok
17:37:25.0874 1352 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:37:25.0889 1352 mouhid - ok
17:37:25.0936 1352 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:37:25.0952 1352 mountmgr - ok
17:37:26.0045 1352 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:37:26.0061 1352 MozillaMaintenance - ok
17:37:26.0092 1352 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:37:26.0108 1352 mpio - ok
17:37:26.0139 1352 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:37:26.0186 1352 mpsdrv - ok
17:37:26.0233 1352 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:37:26.0295 1352 MpsSvc - ok
17:37:26.0342 1352 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:37:26.0357 1352 MRxDAV - ok
17:37:26.0389 1352 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:37:26.0420 1352 mrxsmb - ok
17:37:26.0451 1352 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:37:26.0482 1352 mrxsmb10 - ok
17:37:26.0513 1352 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:37:26.0529 1352 mrxsmb20 - ok
17:37:26.0560 1352 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\drivers\msahci.sys
17:37:26.0576 1352 msahci - ok
17:37:26.0591 1352 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:37:26.0607 1352 msdsm - ok
17:37:26.0638 1352 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:37:26.0669 1352 MSDTC - ok
17:37:26.0716 1352 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:37:26.0763 1352 Msfs - ok
17:37:26.0779 1352 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:37:26.0841 1352 mshidkmdf - ok
17:37:26.0872 1352 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:37:26.0888 1352 msisadrv - ok
17:37:26.0935 1352 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:37:26.0966 1352 MSiSCSI - ok
17:37:26.0966 1352 msiserver - ok
17:37:26.0997 1352 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:37:27.0028 1352 MSKSSRV - ok
17:37:27.0044 1352 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:37:27.0091 1352 MSPCLOCK - ok
17:37:27.0122 1352 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:37:27.0169 1352 MSPQM - ok
17:37:27.0200 1352 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:37:27.0215 1352 MsRPC - ok
17:37:27.0247 1352 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:37:27.0262 1352 mssmbios - ok
17:37:27.0278 1352 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:37:27.0325 1352 MSTEE - ok
17:37:27.0325 1352 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:37:27.0340 1352 MTConfig - ok
17:37:27.0356 1352 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:37:27.0356 1352 Mup - ok
17:37:27.0418 1352 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
17:37:27.0465 1352 napagent - ok
17:37:27.0512 1352 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:37:27.0543 1352 NativeWifiP - ok
17:37:27.0605 1352 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:37:27.0637 1352 NDIS - ok
17:37:27.0652 1352 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:37:27.0699 1352 NdisCap - ok
17:37:27.0746 1352 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:37:27.0793 1352 NdisTapi - ok
17:37:27.0839 1352 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:37:27.0886 1352 Ndisuio - ok
17:37:27.0933 1352 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:37:27.0949 1352 NdisWan - ok
17:37:27.0980 1352 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:37:28.0011 1352 NDProxy - ok
17:37:28.0042 1352 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:37:28.0089 1352 NetBIOS - ok
17:37:28.0136 1352 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:37:28.0183 1352 NetBT - ok
17:37:28.0198 1352 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
17:37:28.0214 1352 Netlogon - ok
17:37:28.0261 1352 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:37:28.0307 1352 Netman - ok
17:37:28.0370 1352 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:37:28.0432 1352 netprofm - ok
17:37:28.0463 1352 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:37:28.0479 1352 NetTcpPortSharing - ok
17:37:28.0604 1352 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
17:37:28.0760 1352 netw5v32 - ok
17:37:28.0807 1352 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:37:28.0822 1352 nfrd960 - ok
17:37:28.0853 1352 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
17:37:28.0869 1352 NlaSvc - ok
17:37:28.0885 1352 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:37:28.0931 1352 Npfs - ok
17:37:28.0963 1352 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:37:28.0994 1352 nsi - ok
17:37:29.0009 1352 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:37:29.0056 1352 nsiproxy - ok
17:37:29.0119 1352 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:37:29.0165 1352 Ntfs - ok
17:37:29.0181 1352 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:37:29.0212 1352 Null - ok
17:37:29.0243 1352 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:37:29.0259 1352 nvraid - ok
17:37:29.0306 1352 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:37:29.0321 1352 nvstor - ok
17:37:29.0337 1352 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:37:29.0353 1352 nv_agp - ok
17:37:29.0431 1352 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:37:29.0446 1352 odserv - ok
17:37:29.0493 1352 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:37:29.0509 1352 ohci1394 - ok
17:37:29.0555 1352 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:37:29.0571 1352 ose - ok
17:37:29.0587 1352 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:37:29.0618 1352 p2pimsvc - ok
17:37:29.0649 1352 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:37:29.0665 1352 p2psvc - ok
17:37:29.0696 1352 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:37:29.0711 1352 Parport - ok
17:37:29.0743 1352 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:37:29.0758 1352 partmgr - ok
17:37:29.0774 1352 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:37:29.0805 1352 Parvdm - ok
17:37:29.0852 1352 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:37:29.0867 1352 PcaSvc - ok
17:37:29.0883 1352 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
17:37:29.0899 1352 pci - ok
17:37:29.0945 1352 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:37:29.0961 1352 pciide - ok
17:37:29.0992 1352 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:37:30.0008 1352 pcmcia - ok
17:37:30.0023 1352 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:37:30.0039 1352 pcw - ok
17:37:30.0070 1352 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:37:30.0133 1352 PEAUTH - ok
17:37:30.0211 1352 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:37:30.0257 1352 PeerDistSvc - ok
17:37:30.0351 1352 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
17:37:30.0413 1352 pla - ok
17:37:30.0460 1352 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:37:30.0491 1352 PlugPlay - ok
17:37:30.0538 1352 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:37:30.0554 1352 PNRPAutoReg - ok
17:37:30.0585 1352 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:37:30.0601 1352 PNRPsvc - ok
17:37:30.0647 1352 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:37:30.0710 1352 PolicyAgent - ok
17:37:30.0757 1352 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
17:37:30.0788 1352 Power - ok
17:37:30.0819 1352 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:37:30.0866 1352 PptpMiniport - ok
17:37:30.0897 1352 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:37:30.0928 1352 Processor - ok
17:37:30.0975 1352 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
17:37:30.0991 1352 ProfSvc - ok
17:37:31.0006 1352 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:37:31.0022 1352 ProtectedStorage - ok
17:37:31.0053 1352 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:37:31.0100 1352 Psched - ok
17:37:31.0256 1352 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:37:31.0396 1352 ql2300 - ok
17:37:31.0412 1352 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:37:31.0427 1352 ql40xx - ok
17:37:31.0459 1352 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:37:31.0505 1352 QWAVE - ok
17:37:31.0521 1352 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:37:31.0568 1352 QWAVEdrv - ok
17:37:31.0599 1352 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:37:31.0615 1352 RasAcd - ok
17:37:31.0630 1352 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:37:31.0677 1352 RasAgileVpn - ok
17:37:31.0724 1352 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:37:31.0771 1352 RasAuto - ok
17:37:31.0802 1352 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:37:31.0849 1352 Rasl2tp - ok
17:37:31.0911 1352 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
17:37:31.0958 1352 RasMan - ok
17:37:31.0989 1352 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:37:32.0036 1352 RasPppoe - ok
17:37:32.0083 1352 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:37:32.0129 1352 RasSstp - ok
17:37:32.0176 1352 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:37:32.0207 1352 rdbss - ok
17:37:32.0223 1352 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:37:32.0254 1352 rdpbus - ok
17:37:32.0285 1352 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:37:32.0301 1352 RDPCDD - ok
17:37:32.0348 1352 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:37:32.0363 1352 RDPDR - ok
17:37:32.0395 1352 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:37:32.0441 1352 RDPENCDD - ok
17:37:32.0473 1352 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:37:32.0519 1352 RDPREFMP - ok
17:37:32.0566 1352 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:37:32.0582 1352 RDPWD - ok
17:37:32.0644 1352 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:37:32.0660 1352 rdyboost - ok
17:37:32.0691 1352 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:37:32.0738 1352 RemoteAccess - ok
17:37:32.0785 1352 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:37:32.0816 1352 RemoteRegistry - ok
17:37:32.0847 1352 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:37:32.0894 1352 RFCOMM - ok
17:37:32.0941 1352 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
17:37:32.0987 1352 rismxdp - ok
17:37:33.0003 1352 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:37:33.0065 1352 RpcEptMapper - ok
17:37:33.0097 1352 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:37:33.0128 1352 RpcLocator - ok
17:37:33.0175 1352 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\Windows\system32\rpcnet.exe
17:37:33.0190 1352 rpcnet - ok
17:37:33.0221 1352 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
17:37:33.0253 1352 RpcSs - ok
17:37:33.0299 1352 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:37:33.0331 1352 rspndr - ok
17:37:33.0362 1352 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:37:33.0393 1352 s3cap - ok
17:37:33.0409 1352 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
17:37:33.0424 1352 SamSs - ok
17:37:33.0440 1352 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:37:33.0455 1352 sbp2port - ok
17:37:33.0502 1352 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:37:33.0549 1352 SCardSvr - ok
17:37:33.0611 1352 [ 52402149E66200C2C2BDA115BCA757D6 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
17:37:33.0627 1352 SCDEmu - ok
17:37:33.0658 1352 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:37:33.0705 1352 scfilter - ok
17:37:33.0752 1352 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
17:37:33.0799 1352 Schedule - ok
17:37:33.0814 1352 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:37:33.0845 1352 SCPolicySvc - ok
17:37:33.0861 1352 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
17:37:33.0877 1352 sdbus - ok
17:37:33.0923 1352 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:37:33.0939 1352 SDRSVC - ok
17:37:33.0986 1352 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:37:34.0001 1352 secdrv - ok
17:37:34.0033 1352 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:37:34.0079 1352 seclogon - ok
17:37:34.0126 1352 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
17:37:34.0173 1352 SENS - ok
17:37:34.0220 1352 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:37:34.0235 1352 SensrSvc - ok
17:37:34.0251 1352 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:37:34.0282 1352 Serenum - ok
17:37:34.0313 1352 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:37:34.0345 1352 Serial - ok
17:37:34.0376 1352 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:37:34.0391 1352 sermouse - ok
17:37:34.0438 1352 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
17:37:34.0485 1352 SessionEnv - ok
17:37:34.0532 1352 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:37:34.0563 1352 sffdisk - ok
17:37:34.0579 1352 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:37:34.0610 1352 sffp_mmc - ok
17:37:34.0641 1352 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:37:34.0672 1352 sffp_sd - ok
17:37:34.0703 1352 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:37:34.0750 1352 sfloppy - ok
17:37:34.0797 1352 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:37:34.0828 1352 SharedAccess - ok
17:37:34.0859 1352 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:37:34.0891 1352 ShellHWDetection - ok
17:37:34.0922 1352 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:37:34.0937 1352 sisagp - ok
17:37:34.0953 1352 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:37:34.0984 1352 SiSRaid2 - ok
17:37:35.0000 1352 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:37:35.0015 1352 SiSRaid4 - ok
17:37:35.0156 1352 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:37:35.0312 1352 Skype C2C Service - ok
17:37:35.0405 1352 [ 0A0A0183711EFB04F9BCC32BB44471F2 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:37:35.0421 1352 SkypeUpdate - ok
17:37:35.0437 1352 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:37:35.0468 1352 Smb - ok
17:37:35.0515 1352 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:37:35.0546 1352 SNMPTRAP - ok
17:37:35.0577 1352 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:37:35.0593 1352 spldr - ok
17:37:35.0639 1352 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
17:37:35.0671 1352 Spooler - ok
17:37:35.0795 1352 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
17:37:35.0951 1352 sppsvc - ok
17:37:35.0967 1352 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:37:36.0014 1352 sppuinotify - ok
17:37:36.0061 1352 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:37:36.0123 1352 srv - ok
17:37:36.0139 1352 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:37:36.0170 1352 srv2 - ok
17:37:36.0185 1352 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:37:36.0217 1352 srvnet - ok
17:37:36.0263 1352 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:37:36.0295 1352 SSDPSRV - ok
17:37:36.0326 1352 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
17:37:36.0326 1352 ssmdrv - ok
17:37:36.0341 1352 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:37:36.0388 1352 SstpSvc - ok
17:37:36.0435 1352 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:37:36.0435 1352 stexstor - ok
17:37:36.0497 1352 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
17:37:36.0544 1352 StiSvc - ok
17:37:36.0575 1352 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:37:36.0575 1352 storflt - ok
17:37:36.0622 1352 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
17:37:36.0653 1352 StorSvc - ok
17:37:36.0700 1352 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:37:36.0700 1352 storvsc - ok
17:37:36.0731 1352 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
17:37:36.0747 1352 swenum - ok
17:37:36.0778 1352 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:37:36.0841 1352 swprv - ok
17:37:36.0887 1352 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
17:37:36.0934 1352 SysMain - ok
17:37:36.0965 1352 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:37:37.0012 1352 TabletInputService - ok
17:37:37.0043 1352 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
17:37:37.0075 1352 TapiSrv - ok
17:37:37.0121 1352 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:37:37.0168 1352 TBS - ok
17:37:37.0246 1352 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:37:37.0293 1352 Tcpip - ok
17:37:37.0340 1352 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:37:37.0371 1352 TCPIP6 - ok
17:37:37.0418 1352 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:37:37.0449 1352 tcpipreg - ok
17:37:37.0496 1352 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:37:37.0511 1352 TDPIPE - ok
17:37:37.0527 1352 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:37:37.0558 1352 TDTCP - ok
17:37:37.0589 1352 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:37:37.0621 1352 tdx - ok
17:37:37.0652 1352 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:37:37.0667 1352 TermDD - ok
17:37:37.0699 1352 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
17:37:37.0761 1352 TermService - ok
17:37:37.0792 1352 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:37:37.0808 1352 Themes - ok
17:37:37.0823 1352 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:37:37.0855 1352 THREADORDER - ok
17:37:37.0870 1352 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:37:37.0917 1352 TrkWks - ok
17:37:37.0979 1352 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:37:38.0011 1352 TrustedInstaller - ok
17:37:38.0057 1352 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:37:38.0104 1352 tssecsrv - ok
17:37:38.0135 1352 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:37:38.0151 1352 TsUsbFlt - ok
17:37:38.0213 1352 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:37:38.0245 1352 tunnel - ok
17:37:38.0260 1352 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:37:38.0276 1352 uagp35 - ok
17:37:38.0291 1352 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:37:38.0323 1352 udfs - ok
17:37:38.0385 1352 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:37:38.0416 1352 UI0Detect - ok
17:37:38.0463 1352 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:37:38.0479 1352 uliagpkx - ok
17:37:38.0510 1352 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:37:38.0525 1352 umbus - ok
17:37:38.0557 1352 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:37:38.0588 1352 UmPass - ok
17:37:38.0619 1352 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
17:37:38.0666 1352 UmRdpService - ok
17:37:38.0697 1352 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:37:38.0728 1352 upnphost - ok
17:37:38.0775 1352 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:37:38.0806 1352 usbccgp - ok
17:37:38.0853 1352 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:37:38.0900 1352 usbcir - ok
17:37:38.0947 1352 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:37:38.0978 1352 usbehci - ok
17:37:39.0025 1352 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:37:39.0071 1352 usbhub - ok
17:37:39.0103 1352 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:37:39.0134 1352 usbohci - ok
17:37:39.0149 1352 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:37:39.0181 1352 usbprint - ok
17:37:39.0227 1352 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:37:39.0243 1352 USBSTOR - ok
17:37:39.0274 1352 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:37:39.0274 1352 usbuhci - ok
17:37:39.0337 1352 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:37:39.0368 1352 usbvideo - ok
17:37:39.0415 1352 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:37:39.0461 1352 UxSms - ok
17:37:39.0493 1352 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
17:37:39.0508 1352 VaultSvc - ok
17:37:39.0539 1352 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:37:39.0555 1352 vdrvroot - ok
17:37:39.0586 1352 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
17:37:39.0633 1352 vds - ok
17:37:39.0664 1352 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:37:39.0680 1352 vga - ok
17:37:39.0695 1352 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:37:39.0742 1352 VgaSave - ok
17:37:39.0789 1352 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:37:39.0805 1352 vhdmp - ok
17:37:39.0820 1352 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:37:39.0836 1352 viaagp - ok
17:37:39.0851 1352 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:37:39.0883 1352 ViaC7 - ok
17:37:39.0945 1352 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:37:39.0961 1352 viaide - ok
17:37:39.0992 1352 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:37:40.0007 1352 vmbus - ok
17:37:40.0039 1352 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:37:40.0070 1352 VMBusHID - ok
17:37:40.0101 1352 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:37:40.0117 1352 volmgr - ok
17:37:40.0132 1352 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:37:40.0148 1352 volmgrx - ok
17:37:40.0179 1352 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:37:40.0195 1352 volsnap - ok
17:37:40.0226 1352 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:37:40.0241 1352 vsmraid - ok
17:37:40.0304 1352 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
17:37:40.0366 1352 VSS - ok
17:37:40.0397 1352 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:37:40.0413 1352 vwifibus - ok
17:37:40.0444 1352 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:37:40.0507 1352 W32Time - ok
17:37:40.0553 1352 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:37:40.0553 1352 WacomPen - ok
17:37:40.0600 1352 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:37:40.0631 1352 WANARP - ok
17:37:40.0647 1352 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:37:40.0663 1352 Wanarpv6 - ok
17:37:40.0741 1352 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
17:37:40.0772 1352 wbengine - ok
17:37:40.0819 1352 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:37:40.0834 1352 WbioSrvc - ok
17:37:40.0881 1352 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:37:40.0912 1352 wcncsvc - ok
17:37:40.0943 1352 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:37:40.0959 1352 WcsPlugInService - ok
17:37:40.0990 1352 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:37:41.0006 1352 Wd - ok
17:37:41.0021 1352 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:37:41.0053 1352 Wdf01000 - ok
17:37:41.0084 1352 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:37:41.0115 1352 WdiServiceHost - ok
17:37:41.0115 1352 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:37:41.0146 1352 WdiSystemHost - ok
17:37:41.0193 1352 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
17:37:41.0209 1352 WebClient - ok
17:37:41.0224 1352 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:37:41.0255 1352 Wecsvc - ok
17:37:41.0287 1352 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:37:41.0318 1352 wercplsupport - ok
17:37:41.0365 1352 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:37:41.0411 1352 WerSvc - ok
17:37:41.0458 1352 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:37:41.0505 1352 WfpLwf - ok
17:37:41.0521 1352 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:37:41.0536 1352 WIMMount - ok
17:37:41.0614 1352 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:37:41.0630 1352 WinDefend - ok
17:37:41.0645 1352 WinHttpAutoProxySvc - ok
17:37:41.0692 1352 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:37:41.0739 1352 Winmgmt - ok
17:37:41.0801 1352 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
17:37:41.0879 1352 WinRM - ok
17:37:41.0957 1352 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:37:41.0973 1352 WinUsb - ok
17:37:42.0035 1352 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:37:42.0067 1352 Wlansvc - ok
17:37:42.0082 1352 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:37:42.0113 1352 WmiAcpi - ok
17:37:42.0160 1352 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:37:42.0191 1352 wmiApSrv - ok
17:37:42.0301 1352 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:37:42.0347 1352 WMPNetworkSvc - ok
17:37:42.0394 1352 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:37:42.0425 1352 WPCSvc - ok
17:37:42.0488 1352 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:37:42.0519 1352 WPDBusEnum - ok
17:37:42.0566 1352 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:37:42.0613 1352 ws2ifsl - ok
17:37:42.0644 1352 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
17:37:42.0675 1352 wscsvc - ok
17:37:42.0675 1352 WSearch - ok
17:37:42.0769 1352 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:37:42.0831 1352 wuauserv - ok
17:37:42.0847 1352 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:37:42.0862 1352 WudfPf - ok
17:37:42.0940 1352 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:37:42.0971 1352 WUDFRd - ok
17:37:43.0003 1352 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:37:43.0034 1352 wudfsvc - ok
17:37:43.0081 1352 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:37:43.0096 1352 WwanSvc - ok
17:37:43.0127 1352 ================ Scan global ===============================
17:37:43.0174 1352 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:37:43.0205 1352 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:37:43.0205 1352 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:37:43.0237 1352 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:37:43.0268 1352 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:37:43.0268 1352 [Global] - ok
17:37:43.0268 1352 ================ Scan MBR ==================================
17:37:43.0283 1352 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:37:43.0751 1352 \Device\Harddisk0\DR0 - ok
17:37:43.0751 1352 ================ Scan VBR ==================================
17:37:43.0767 1352 [ 4983B2BE0978AC22C0A27E477659D866 ] \Device\Harddisk0\DR0\Partition1
17:37:43.0767 1352 \Device\Harddisk0\DR0\Partition1 - ok
17:37:43.0767 1352 ============================================================
17:37:43.0767 1352 Scan finished
17:37:43.0767 1352 ============================================================
17:37:43.0783 0492 Detected object count: 2
17:37:43.0783 0492 Actual detected object count: 2
17:39:00.0254 0492 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:00.0254 0492 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:39:00.0254 0492 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:00.0254 0492 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:39:15.0495 0912 Deinitialize success

markusg · 18.06.2013, 14:35

Hi,
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

amarezni · 18.06.2013, 16:11

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-06-15.01 - Admin 18.06.2013  16:21:17.1.2 - x86 MINIMAL
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2038.1286 [GMT 2:00]
ausgeführt von:: c:\users\Suse\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Suse\4.0
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-18 bis 2013-06-18  ))))))))))))))))))))))))))))))
.
.
2013-06-18 17:12 . 2013-06-12 04:18	7068072	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{739BF9C2-8C0B-4746-BF32-79114A531B82}\mpengine.dll
2013-06-18 16:46 . 2013-06-18 16:46	--------	d-----w-	c:\users\Admin\AppData\Local\ElevatedDiagnostics
2013-06-18 14:26 . 2013-06-18 14:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-18 05:35 . 2013-06-18 09:59	--------	d-----w-	C:\_OTL
2013-06-12 03:28 . 2013-05-13 04:45	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-12 03:28 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\system32\crypt32.dll
2013-06-12 03:28 . 2013-05-13 04:45	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-12 03:28 . 2013-05-13 03:08	903168	----a-w-	c:\windows\system32\certutil.exe
2013-06-12 03:28 . 2013-05-13 03:08	43008	----a-w-	c:\windows\system32\certenc.dll
2013-06-12 03:28 . 2013-05-06 05:06	3968872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-06-12 03:28 . 2013-05-06 05:06	3913576	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-06-12 03:28 . 2013-05-10 03:20	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-12 03:28 . 2013-04-26 04:55	492544	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 03:28 . 2013-05-08 05:38	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-20 09:19 . 2013-03-19 04:53	186368	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-20 09:19 . 2013-03-19 03:33	40960	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-20 09:19 . 2013-04-10 03:14	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-05-20 09:19 . 2013-04-10 05:18	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-20 09:19 . 2013-04-10 05:18	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-20 09:19 . 2013-02-27 05:05	101720	----a-w-	c:\windows\system32\consent.exe
2013-05-20 09:19 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\system32\authui.dll
2013-05-20 09:19 . 2013-02-27 04:49	47104	----a-w-	c:\windows\system32\appinfo.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-18 17:07 . 2012-06-05 11:09	17408	----a-w-	c:\windows\system32\rpcnetp.exe
2013-06-18 17:06 . 2012-06-10 13:42	58288	----a-w-	c:\windows\system32\rpcnet.dll
2013-06-18 17:06 . 2012-06-05 11:10	17408	----a-w-	c:\windows\system32\rpcnetp.dll
2013-05-10 16:39 . 2012-10-01 21:10	39936	----a-w-	c:\windows\system32\identprv.dll
2013-05-02 00:06 . 2012-06-05 16:11	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-20 09:19	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-20 09:19	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 09:03	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-07-05 17:50 . 2012-06-05 11:34	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-16 1521352]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-07 17706088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-16 1573576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2010-06-18 19968]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-25 9472]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 12:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ktskdzr1.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=BC2BDDB7-EBE2-4AB5-9A58-F641BFC6FB54&apn_ptnrs=U3&apn_sauid=43BC0AD1-7617-4635-A341-519729774A8B&apn_dtid=OSJ000YYDE&&q=
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-18  16:28:32
ComboFix-quarantined-files.txt  2013-06-18 14:28
.
Vor Suchlauf: 7 Verzeichnis(se), 193.178.681.344 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 193.149.939.712 Bytes frei
.
- - End Of File - - B414A7BA7B53DFCEBED2F2BE84959C01

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

16.06.2013, 18:04	#6
markusg /// Malware-holic	GVU Trojaner auf Windows 7 kannst du __________________ --> GVU Trojaner auf Windows 7

16.06.2013, 18:42	#8
markusg /// Malware-holic	GVU Trojaner auf Windows 7 versuchs mal ohne mein script __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

GVU Trojaner auf Windows 7

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner auf Windows 7