Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
BKA WIN7 nur mehr weisse Fläche

BKA WIN7 nur mehr weisse Fläche


Plagegeister aller Art und deren Bekämpfung: BKA WIN7 nur mehr weisse Fläche

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 06.07.2013, 14:54   #1
momorossi
 
BKA WIN7 nur mehr weisse Fläche - Standard

BKA WIN7 nur mehr weisse Fläche


Hi

habe seit gestern offensichtlich BKA Trojaner - konnte nicht feststellen welchen konkret

bei boot nur mehr "weisser Screen" - auch im "safe mode" nogo, nur "DOS Mode" geht noch

befallener Laptopist Win7 64 Bit professional

habe :
- bootfähigen USB Stick
- zweiten Computer mit Web Access
- große Verzweiflung

Danke im Voraus für Hilfe
Peter

Alt 06.07.2013, 14:57   #2
markusg
/// Malware-holic
 
BKA WIN7 nur mehr weisse Fläche - Standard

BKA WIN7 nur mehr weisse Fläche


Hi,
Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung
1 (FRST-Variante) und Anleitung
2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und
    boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten
    Anleitung     oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.

  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und
    klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.

  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und
    klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle
in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei
    > Speichern unter...     und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere
    den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf
deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________
Alt 06.07.2013, 15:18   #3
momorossi
 
BKA WIN7 nur mehr weisse Fläche - Standard

BKA WIN7 nur mehr weisse Fläche


Hi

danke für die superschnelle Antwort - anbei das Ergebnis (bin im DOS mode hochgefahren, da ich nicht als admin anloggen konnte und den user auch nicht ändern konnte)

danke für Deine Hilfe
peter


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by pe130296 (administrator) on 06-07-2013 16:13:34
Running from E:\
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: []  [x]
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [PasswordRegistration] C:\Windows\system32\MsPwdRegistration.exe [31080 2010-08-19] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-15] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2927928 2012-05-19] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [HPRAService] C:\Program Files\RA2HP\HPRAService.exe [139776 2012-12-18] (Hewlett-Packard Company)
HKLM\...\Run: [VX3000] C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKCU\...\Run: [HP Photosmart 7520 series (NET)] "C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN28L2B1D805VV:NW" -scfn "HP Photosmart 7520 series (NET)" -AutoStart 1 [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\pe130296\AppData\Roaming\skype.dat [54272 2011-11-17] () <==== ATTENTION 
HKLM-x32\...\Run: [COEMsgDisplay] c:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe [26624 2007-04-11] (Hewlett Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [GetITIcon] C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe [861696 2011-08-30] (Hewlett-Packard Company)
HKLM-x32\...\Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" [979104 2010-06-15] (McAfee, Inc.)
HKLM-x32\...\Run: [IDA] C:\Program Files (x86)\Hewlett-Packard\PC COE\IDA.EXE [176128 2011-04-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] c:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start [322432 2012-04-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-04-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [eepc_SmartClient] C:\Program Files (x86)\SmartClient\Smart.exe [115200 2013-01-31] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [124224 2011-08-31] (McAfee, Inc.)
HKLM-x32\...\Run: [SafeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe" [69632 2009-08-19] ()
HKLM-x32\...\Run: [SafeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" [172092 2011-09-15] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey [333416 2012-11-27] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [PlantronicsURE.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe [625040 2013-02-28] (Plantronics, Inc.)
HKLM-x32\...\Run: [PlantronicsBatteryStatus.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe [356752 2013-02-28] (Plantronics, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey [12105344 2012-09-28] (Microsoft Corporation)
HKLM-x32\...\Run: [AgentUiRunKey] "C:\Program Files (x86)\PC Backup\Agent.exe" -ni -sss -e hxxp://localhost:16386/ [299856 2012-11-28] (Autonomy Corporation plc)
HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKU\Administrator\...\RunOnce: [DefUserRunOnceSettings] "c:\windows\system32\wscript.exe c:\windows\custmenu\runonce_settings.vbs" [399 2010-11-26] ()
HKU\Administrator\...\RunOnce: [DeleteIE864BitIcon] c:\windows\deleteie64biticon.bat [x]
HKU\Default\...\RunOnce: [DefUserRunOnceSettings] "c:\windows\system32\wscript.exe c:\windows\custmenu\runonce_settings.vbs" [399 2010-11-26] ()
HKU\Default\...\RunOnce: [DeleteIE864BitIcon] c:\windows\deleteie64biticon.bat [x]
HKU\Default User\...\RunOnce: [DefUserRunOnceSettings] "c:\windows\system32\wscript.exe c:\windows\custmenu\runonce_settings.vbs" [399 2010-11-26] ()
HKU\Default User\...\RunOnce: [DeleteIE864BitIcon] c:\windows\deleteie64biticon.bat [x]
Lsa: [Notification Packages] sbnp scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\pe130296\create_shortcut.vbs (No File)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\pe130296\reg_off2k7.vbs (No File)
Startup: C:\ProgramData\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\pe130296\create_shortcut.vbs (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\pe130296\reg_off2k7.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\pe130296\create_shortcut.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\pe130296\reg_off2k7.vbs (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.hp.com/Country/Austria/Pages/index.aspx
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://athp.hp.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://athp.hp.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3A4BD30C-6ADE-4536-A668-BFFA1D20DE74} URL = hxxp://search.portal.hp.com/search/simple.asp?query={searchTerms}
SearchScopes: HKCU - {6C336C69-4D05-4234-956F-525EC5BB10C6} URL = hxxp://peoplefinder.portal.hp.com/peoplefinder/peoplefinder.asp?pf_SearchType=0&pf_SearchVal={searchTerms}&pf_SearchOption=0
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: DIALux Browser Helper Object - {F586CB96-7091-42ec-9829-F5D5CE65AFC1} - C:\Program Files (x86)\DIAL GmbH\DIALux\Dialux.BHO.dll (DIAL GmbH)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://forrester.webex.com/client/WBXclient-T28L10NSP10EP1-16277/webex/ieatgpc1.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

==================== Services (Whitelisted) =================

S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
S2 AgentService; C:\Program Files (x86)\PC Backup\AgentService.exe [6777680 2012-11-28] (Autonomy Corporation plc)
S3 DialComService; C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [1931536 2013-03-29] (DIAL GmbH)
S2 enterceptAgent; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [1498224 2010-06-15] (McAfee, Inc.)
S2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [75608 2010-08-19] (Microsoft Corporation)
S2 hips; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [39840 2010-01-26] (McAfee, Inc.)
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [368512 2012-04-04] (Hewlett-Packard Company)
S2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [222528 2009-12-16] (McAfee, Inc.)
R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [20792 2011-08-31] (McAfee, Inc.)
S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)
S2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [181480 2011-08-31] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [66880 2011-08-31] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-08-31] (McAfee, Inc.)
S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 radexecd; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [300776 2010-04-21] (Hewlett-Packard)
S2 radsched; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [190184 2010-04-21] (Hewlett-Packard)
S2 Radstgms; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [333544 2010-04-21] (Hewlett-Packard)
S2 SafeBootClientManager; C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [385084 2011-09-15] (McAfee, Inc.)
S2 svctimehpc; C:\Program Files (x86)\Products\Time Service\svctimehpc.exe [13387128 2012-09-11] ()
S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-01] (Broadcom Corporation.)
S3 Firehk; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)
S3 FirehkMP; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)
S3 firelm01; C:\Windows\system32\drivers\firelm01.sys [38968 2010-06-15] (McAfee, Inc.)
R0 FirePM; C:\Windows\System32\Drivers\FirePM.sys [186784 2010-06-15] (McAfee, Inc.)
S1 FireTDI; C:\Windows\system32\Drivers\FireTDI.sys [254520 2010-06-15] (McAfee, Inc.)
S1 FireTDI; C:\Windows\system32\Drivers\FireTDI.sys [254520 2010-06-15] (McAfee, Inc.)
S3 HIPK; C:\Windows\System32\drivers\HIPK.sys [138904 2010-01-26] (McAfee, Inc.)
S3 HIPPSK; C:\Windows\System32\drivers\HIPPSK.sys [45424 2010-01-26] (McAfee, Inc.)
S3 HIPQK; C:\Windows\System32\drivers\HIPQK.sys [40152 2010-01-26] (McAfee, Inc.)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26200 2012-02-27] (JMicron Technology Corp.)
S3 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2012-11-28] ()
S3 Mandiant_Tools; C:\ProgramData\Application Data\Time Service\mktools.sys [25168 2013-05-08] ()
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [158584 2011-08-31] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [228752 2011-08-31] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [642824 2011-08-31] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100904 2011-08-31] (McAfee, Inc.)
S4 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [86368 2011-08-31] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-08-31] (McAfee, Inc.)
S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-03-12] (Intel Corporation)
S3 RadiaMsi; C:\Windows\System32\DRIVERS\radiamsi.sys [43032 2010-01-13] (Hewlett Packard)
S1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2011-09-15] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [62792 2011-09-15] (McAfee, Inc.)
S1 SbRegFlt; C:\Windows\System32\Drivers\SbRegFlt.sys [15688 2011-09-15] (McAfee, Inc.)
S3 SmbDrvAMDASF; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [25912 2012-05-19] (Synaptics Incorporated)
S3 SmbDrvIntel; C:\Windows\system32\drivers\Smb_driver_Intel.sys [26936 2012-05-19] (Synaptics Incorporated)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-06 17:24 - 2013-07-06 17:24 - 00602112 ____A (OldTimer Tools) C:\Users\pe130296\Desktop\OTL.exe
2013-07-06 17:23 - 2013-07-06 17:23 - 00050477 ____A C:\Users\pe130296\Desktop\Defogger.exe
2013-07-06 16:13 - 2013-07-06 16:13 - 00000000 ____D C:\FRST
2013-07-06 15:28 - 2013-07-06 16:12 - 00006352 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-07-06 14:55 - 2013-07-06 14:56 - 00000004 ____A C:\Users\pe130296\AppData\Roaming\skype.ini
2013-07-06 14:55 - 2013-07-06 14:55 - 00133028 ____A C:\Windows\SysWOW64\api_hook_list.dat
2013-07-06 14:55 - 2013-07-06 14:55 - 00002033 ____A C:\Windows\System32\api_hook_list.dat
2013-07-06 13:24 - 2013-07-06 13:24 - 00000000 ____D C:\Windows\System32\%appdata%
2013-07-06 13:04 - 2013-07-06 13:04 - 00000128 ____A C:\Windows\System32\config\netlogon.ftl
2013-07-06 10:49 - 2013-07-06 10:49 - 00000000 ____D C:\Windows\pss
2013-07-05 18:03 - 2013-07-05 18:03 - 00000130 ____A C:\Windows\System32\Pen_Tablet.dat
2013-07-05 18:01 - 2013-07-06 14:38 - 00000004 ____A C:\Users\pe130296\AppData\Roaming\skype.ini.bak
2013-07-01 11:58 - 2013-07-01 11:58 - 00072349 ____A C:\Users\pe130296\Desktop\ZOLI_CEE TS Consulting Sales Improvement 2013-06-19.pptx
2013-07-01 11:20 - 2005-04-30 01:22 - 01192223 ____A C:\Users\pe130296\Documents\selling2senior_executives.zip
2013-06-26 19:27 - 2013-06-26 19:27 - 00921624 ____A C:\img2-001.raw
2013-06-26 19:24 - 2013-07-06 14:34 - 00000412 ___AH C:\Windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2013-06-26 19:24 - 2013-07-06 14:34 - 00000392 ___AH C:\Windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2013-06-26 19:24 - 2013-07-06 14:34 - 00000370 ___AH C:\Windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
2013-06-26 19:24 - 2013-07-06 14:34 - 00000370 ___AH C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2013-06-26 19:24 - 2013-07-06 14:34 - 00000346 ___AH C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2013-06-26 19:24 - 2013-07-06 14:34 - 00000338 ___AH C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2013-06-26 19:24 - 2013-07-06 14:34 - 00000278 ___AH C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2013-06-26 19:11 - 2013-06-26 19:15 - 00000000 ____D C:\Users\pe130296\AppData\Roaming\Skype
2013-06-26 19:11 - 2013-06-26 19:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-26 19:11 - 2013-06-26 19:11 - 00000000 ____D C:\ProgramData\Skype
2013-06-26 19:05 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2013-06-26 19:05 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2013-06-24 15:55 - 2013-06-24 15:55 - 00001848 ____A C:\Users\pe130296\Documents\1 Page Bus Prio.html
2013-06-24 15:53 - 2013-06-24 15:53 - 00002026 ____A C:\Users\pe130296\Documents\Opportuntiy Modeling.html
2013-06-24 15:52 - 2013-06-24 15:52 - 00002035 ____A C:\Users\pe130296\Documents\Depart _ Arrive _ Prios.html
2013-06-24 15:52 - 2013-06-24 15:52 - 00001997 ____A C:\Users\pe130296\Documents\SWOT.html
2013-06-12 09:21 - 2010-01-26 19:56 - 00040328 ____A (McAfee, Inc.) C:\Windows\SysWOW64\HIPIS0e011b5.dll
2013-06-12 09:21 - 2010-01-26 19:44 - 00047080 ____A (McAfee, Inc.) C:\Windows\System32\HIPIS0e011b5.dll

==================== One Month Modified Files and Folders =======

2013-07-06 17:24 - 2013-07-06 17:24 - 00602112 ____A (OldTimer Tools) C:\Users\pe130296\Desktop\OTL.exe
2013-07-06 17:23 - 2013-07-06 17:23 - 00050477 ____A C:\Users\pe130296\Desktop\Defogger.exe
2013-07-06 16:13 - 2013-07-06 16:13 - 00000000 ____D C:\FRST
2013-07-06 16:12 - 2013-07-06 15:28 - 00006352 ____A C:\Windows\System32\PerfStringBackup.TMP
2013-07-06 14:56 - 2013-07-06 14:55 - 00000004 ____A C:\Users\pe130296\AppData\Roaming\skype.ini
2013-07-06 14:55 - 2013-07-06 14:55 - 00133028 ____A C:\Windows\SysWOW64\api_hook_list.dat
2013-07-06 14:55 - 2013-07-06 14:55 - 00002033 ____A C:\Windows\System32\api_hook_list.dat
2013-07-06 14:55 - 2013-04-29 09:46 - 00000000 ____D C:\Program Files (x86)\PC Backup
2013-07-06 14:55 - 2013-04-26 10:32 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-06 14:55 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-06 14:55 - 2009-07-14 06:51 - 00052304 ____A C:\Windows\setupact.log
2013-07-06 14:38 - 2013-07-05 18:01 - 00000004 ____A C:\Users\pe130296\AppData\Roaming\skype.ini.bak
2013-07-06 14:34 - 2013-06-26 19:24 - 00000412 ___AH C:\Windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2013-07-06 14:34 - 2013-06-26 19:24 - 00000392 ___AH C:\Windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2013-07-06 14:34 - 2013-06-26 19:24 - 00000370 ___AH C:\Windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
2013-07-06 14:34 - 2013-06-26 19:24 - 00000370 ___AH C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2013-07-06 14:34 - 2013-06-26 19:24 - 00000346 ___AH C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2013-07-06 14:34 - 2013-06-26 19:24 - 00000338 ___AH C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2013-07-06 14:34 - 2013-06-26 19:24 - 00000278 ___AH C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2013-07-06 14:34 - 2013-05-28 08:54 - 00000308 ____A C:\Windows\Tasks\pcpm-collector.job
2013-07-06 14:34 - 2013-04-24 12:23 - 00000290 ____A C:\Windows\Tasks\Maint.job
2013-07-06 14:30 - 2013-05-28 08:54 - 00000314 ____A C:\Windows\Tasks\pcpm-consolidator.job
2013-07-06 14:28 - 2013-04-24 12:23 - 00000000 ____D C:\Users\pe130296\tracing
2013-07-06 14:27 - 2013-05-08 14:31 - 00000000 ____D C:\ProgramData\Time Service
2013-07-06 13:24 - 2013-07-06 13:24 - 00000000 ____D C:\Windows\System32\%appdata%
2013-07-06 13:04 - 2013-07-06 13:04 - 00000128 ____A C:\Windows\System32\config\netlogon.ftl
2013-07-06 11:06 - 2009-07-14 04:34 - 17825792 ____A C:\Windows\System32\config\old SYSTEM
2013-07-06 10:50 - 2009-07-14 04:34 - 83361792 ____A C:\Windows\System32\config\old SOFTWARE
2013-07-06 10:49 - 2013-07-06 10:49 - 00000000 ____D C:\Windows\pss
2013-07-06 10:49 - 2009-07-14 04:34 - 00524288 ____A C:\Windows\System32\config\old DEFAULT
2013-07-06 10:49 - 2009-07-14 04:34 - 00262144 ____A C:\Windows\System32\config\old SECURITY
2013-07-05 19:25 - 2009-07-14 07:13 - 00783270 ____A C:\Windows\System32\PerfStringBackup.INI.bak
2013-07-05 19:25 - 2009-07-14 04:36 - 00663184 ____A C:\Windows\System32\perfh009.dat.bak
2013-07-05 19:25 - 2009-07-14 04:36 - 00122052 ____A C:\Windows\System32\perfc009.dat.bak
2013-07-05 18:09 - 2013-04-24 12:32 - 00000000 ____D C:\Windows\SmartClient
2013-07-05 18:03 - 2013-07-05 18:03 - 00000130 ____A C:\Windows\System32\Pen_Tablet.dat
2013-07-05 17:58 - 2013-04-26 10:32 - 00001114 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-05 17:50 - 2013-04-24 21:58 - 00000000 ____D C:\data
2013-07-05 17:50 - 2013-04-24 21:54 - 00000000 ____D C:\mail
2013-07-05 15:40 - 2013-04-24 12:23 - 00028142 _RASH C:\Users\pe130296\ntuser.pol
2013-07-05 15:40 - 2013-04-24 12:22 - 00000000 ____D C:\users\pe130296
2013-07-05 15:40 - 2013-04-24 12:07 - 00004552 ____A C:\Windows\System32\config\oldnetlogon.ftl
2013-07-05 15:30 - 2012-05-15 15:05 - 00121561 _RASH C:\ProgramData\ntuser.pol
2013-07-05 15:09 - 2013-04-24 21:56 - 00000000 ___RD C:\Users\pe130296\Desktop\OrderFunnel
2013-07-04 16:23 - 2013-04-24 23:14 - 00000000 ___RD C:\Users\pe130296\Documents\TS Ops CEE
2013-07-04 15:14 - 2013-04-24 11:58 - 00838478 ____A C:\Windows\WindowsUpdate.log
2013-07-04 13:20 - 2013-04-24 21:56 - 00000000 ____D C:\Users\pe130296\Documents\!!!Privat
2013-07-04 11:42 - 2013-04-24 22:47 - 00000000 ___AD C:\Users\pe130296\Documents\!LBS
2013-07-04 10:53 - 2012-05-15 15:27 - 00000000 ____D C:\Program Files\RA2HP
2013-07-03 19:43 - 2009-07-14 06:45 - 00019104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 19:43 - 2009-07-14 06:45 - 00019104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 11:58 - 2013-07-01 11:58 - 00072349 ____A C:\Users\pe130296\Desktop\ZOLI_CEE TS Consulting Sales Improvement 2013-06-19.pptx
2013-06-28 09:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-26 20:16 - 2008-06-09 10:30 - 00200192 ____A C:\Users\pe130296\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-26 19:27 - 2013-06-26 19:27 - 00921624 ____A C:\img2-001.raw
2013-06-26 19:15 - 2013-06-26 19:11 - 00000000 ____D C:\Users\pe130296\AppData\Roaming\Skype
2013-06-26 19:11 - 2013-06-26 19:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-26 19:11 - 2013-06-26 19:11 - 00000000 ____D C:\ProgramData\Skype
2013-06-26 19:05 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2013-06-26 19:05 - 2013-06-26 19:05 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2013-06-26 09:44 - 2013-04-24 21:59 - 00000000 ____D C:\Users\pe130296\AppData\Local\CrashDumps
2013-06-24 15:55 - 2013-06-24 15:55 - 00001848 ____A C:\Users\pe130296\Documents\1 Page Bus Prio.html
2013-06-24 15:53 - 2013-06-24 15:53 - 00002026 ____A C:\Users\pe130296\Documents\Opportuntiy Modeling.html
2013-06-24 15:52 - 2013-06-24 15:52 - 00002035 ____A C:\Users\pe130296\Documents\Depart _ Arrive _ Prios.html
2013-06-24 15:52 - 2013-06-24 15:52 - 00001997 ____A C:\Users\pe130296\Documents\SWOT.html
2013-06-14 11:06 - 2013-04-24 21:54 - 00000000 ___RD C:\Users\pe130296\Desktop\CEE HP
2013-06-12 09:22 - 2013-04-24 16:38 - 00000000 ____D C:\Windows\HPLogin
2013-06-11 08:47 - 2012-05-15 14:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-07 13:55 - 2013-05-02 19:14 - 00000000 ____D C:\Users\pe130296\AppData\Local\Steinberg
2013-06-07 08:00 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries

ZeroAccess:
C:\Users\pe130296\AppData\Local\{69b202c0-2858-b795-3da1-b2788082b446}
C:\Users\pe130296\AppData\Local\{69b202c0-2858-b795-3da1-b2788082b446}\L
C:\Users\pe130296\AppData\Local\{69b202c0-2858-b795-3da1-b2788082b446}\U

Files to move or delete:
====================
C:\Users\pe130296\AppData\Roaming\skype.dat
C:\Users\pe130296\AppData\Roaming\skype.ini
C:\ProgramData\ntuser.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 11:45

==================== End Of Log ============================
--- --- ---

--- --- ---


zusatzinfo : habe mir den Trojaner voraussichtlich am 5.7.2013 ca. 17:00 CET eingefangen
__________________
Alt 06.07.2013, 15:21   #4
markusg
/// Malware-holic
 
BKA WIN7 nur mehr weisse Fläche - Standard

BKA WIN7 nur mehr weisse Fläche


Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\pe130296\AppData\Roaming\skype.dat [54272 2011-11-17] () <==== ATTENTION 
2013-07-06 14:55 - 2013-07-06 14:56 - 00000004 ____A C:\Users\pe130296\AppData\Roaming\skype.ini
C:\Users\pe130296\AppData\Roaming\skype.dat
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.



Navigiere bitte zu:
C:\FRST\Quarantine
Rechtsklick, mit Winrar oder einem anderen Archvierer packen und im Uploadchannel hochladen.
Trojaner-Board Upload Channel
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.07.2013, 17:17   #5
momorossi
 
BKA WIN7 nur mehr weisse Fläche - Standard

BKA WIN7 nur mehr weisse Fläche


Hi

habe mittlerweile folgende Dateien umbenannt :

Files to move or delete:
====================
C:\Users\pe130296\AppData\Roaming\skype.dat
C:\Users\pe130296\AppData\Roaming\skype.ini
C:\ProgramData\ntuser.dat

konnte nun Windows wieder starten und habe mal mcaffee laufen und
würde danach adware laufen lassen ?

cheers
peter


Alt 06.07.2013, 17:19   #6
markusg
/// Malware-holic
 
BKA WIN7 nur mehr weisse Fläche - Standard

BKA WIN7 nur mehr weisse Fläche


hab ich was von umbenennen gesagt, mach das was hier steht, sonst kann ich mir die Arbeit auch sparen
was hat mcafee als ergebniss gebracht
__________________
--> BKA WIN7 nur mehr weisse Fläche

Alt 06.07.2013, 17:23   #7
momorossi
 
BKA WIN7 nur mehr weisse Fläche - Standard

BKA WIN7 nur mehr weisse Fläche


valider punkt - mcaffee läuft noch ca. 2-3 stunden (full scan)
und hat bis dato 12 Trojaner gefunden RDN und exploit (mir sagt es nichts9

Alt 06.07.2013, 17:33   #8
markusg
/// Malware-holic
 
BKA WIN7 nur mehr weisse Fläche - Standard

BKA WIN7 nur mehr weisse Fläche


ich brauche die Fundmeldungen am ende, mit Pfadangabe
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.07.2013, 18:05   #9
momorossi
 
BKA WIN7 nur mehr weisse Fläche - Standard

BKA WIN7 nur mehr weisse Fläche


Ok schick gesammelt wenn durch

Alt 06.07.2013, 18:37   #10
markusg
/// Malware-holic
 
BKA WIN7 nur mehr weisse Fläche - Standard

BKA WIN7 nur mehr weisse Fläche


bitte solche zwischenposts weg lassen, da neue an den angehangen werden, danke
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.07.2013, 08:01   #11
momorossi
 
BKA WIN7 nur mehr weisse Fläche - Standard

BKA WIN7 nur mehr weisse Fläche


Hier nun der mcafee scan result :

Code:
ATTFilter
7/6/2013	5:35:34 PM		Modulversion                            =	5400.1158
7/6/2013	5:35:34 PM		AntiVirus-DAT-Version                   =	7127.0
7/6/2013	5:35:34 PM		Anzahl an Entdeckungssignaturen in EXTRA.DAT=	Kein
7/6/2013	5:35:34 PM		Namen der Entdeckungssignaturen in EXTRA.DAT=	Kein
7/6/2013	5:35:24 PM	Scanvorgang wurde gestartet	PE1302961\pe130296	Vollständiger Scan
7/6/2013	5:37:33 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_000c9b
7/6/2013	5:38:10 PM	Gelöscht 	pe130296	ODS(Vollständiger Scan)	c:\Documents and Settings\pe130296\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\3f39ab5d-644ea93e\IfpFfd.class	RDN/Generic Exploit!1ln (Trojanisches Pferd)
7/6/2013	5:38:10 PM	Gelöscht 	pe130296	ODS(Vollständiger Scan)	c:\Documents and Settings\pe130296\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\3f39ab5d-644ea93e\liUiTV.class	RDN/Generic Exploit!1ln (Trojanisches Pferd)
7/6/2013	5:38:10 PM	Gelöscht 	pe130296	ODS(Vollständiger Scan)	c:\Documents and Settings\pe130296\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\3f39ab5d-644ea93e\SLQSFCHfHg.class	RDN/Generic Exploit!1ln (Trojanisches Pferd)
7/6/2013	5:38:10 PM	Gelöscht 	pe130296	ODS(Vollständiger Scan)	c:\Documents and Settings\pe130296\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\3f39ab5d-644ea93e\yyO.class	Exploit-FHV!CVE2013-1493 (Trojanisches Pferd)
7/6/2013	5:38:48 PM	Gelöscht 	pe130296	ODS(Vollständiger Scan)	c:\Documents and Settings\pe130296\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\4cc5f23a-4cd659ae\kkIrUEydTI.class	Exploit-CVE2012-1723.gen.a (Trojanisches Pferd)
7/6/2013	5:38:55 PM	Gelöscht 	pe130296	ODS(Vollständiger Scan)	c:\Documents and Settings\pe130296\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\694ad808-1fbb1c2e\Choun.class	Exploit-FDI!CVE2012-1723 (Trojanisches Pferd)
7/6/2013	5:38:55 PM	Gelöscht 	pe130296	ODS(Vollständiger Scan)	c:\Documents and Settings\pe130296\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\694ad808-1fbb1c2e\Fuidi.class	Exploit-FIW!CVE2012-1723 (Trojanisches Pferd)
7/6/2013	5:38:55 PM	Gelöscht 	pe130296	ODS(Vollständiger Scan)	c:\Documents and Settings\pe130296\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\694ad808-1fbb1c2e\Ltgai.class	Exploit-FHX!55D56CF9D756 (Trojanisches Pferd)
7/6/2013	5:38:55 PM	Gelöscht 	pe130296	ODS(Vollständiger Scan)	c:\Documents and Settings\pe130296\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\694ad808-1fbb1c2e\Main.class	Exploit-CVE2012-1723.j (Trojanisches Pferd)
7/6/2013	5:38:56 PM	Gelöscht 	pe130296	ODS(Vollständiger Scan)	c:\Documents and Settings\pe130296\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\694ad808-1fbb1c2e\NIcsge.class	Exploit-CVE2012-1723.j (Trojanisches Pferd)
7/6/2013	5:38:56 PM	Gelöscht 	pe130296	ODS(Vollständiger Scan)	c:\Documents and Settings\pe130296\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\694ad808-1fbb1c2e\Sopue.class	Exploit-CVE2012-1723.j (Trojanisches Pferd)
7/6/2013	5:38:56 PM	Gelöscht 	pe130296	ODS(Vollständiger Scan)	c:\Documents and Settings\pe130296\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\694ad808-1fbb1c2e\Hohloma.class	Exploit-FIF!CVE2012-1723 (Trojanisches Pferd)
7/6/2013	5:49:27 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\Documents\Temp\301815_ENU_i386_zip.exe
7/6/2013	6:09:42 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\My Documents\Temp\301815_ENU_i386_zip.exe
7/6/2013	8:03:40 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_0000bf
7/6/2013	8:03:40 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_0000c1
7/6/2013	8:03:40 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_0000c2
7/6/2013	8:03:40 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_0000c3
7/6/2013	8:03:45 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_0000db
7/6/2013	8:04:09 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_000167
7/6/2013	8:04:11 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_000172
7/6/2013	8:04:21 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_0001b6
7/6/2013	8:04:24 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_0001c8
7/6/2013	8:04:50 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_00025f
7/6/2013	8:04:51 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_000260
7/6/2013	8:04:57 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_000285
7/6/2013	8:04:57 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_000286
7/6/2013	8:04:58 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_00028a
7/6/2013	8:05:31 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_000355
7/6/2013	8:10:18 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_000c9b
7/6/2013	8:21:56 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\Documents\Temp\301815_ENU_i386_zip.exe
7/6/2013	8:40:20 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Users\pe130296\My Documents\Temp\301815_ENU_i386_zip.exe
7/6/2013	9:32:29 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_0000bf
7/6/2013	9:32:30 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_0000c1
7/6/2013	9:32:30 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_0000c2
7/6/2013	9:32:30 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_0000c3
7/6/2013	9:32:35 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_0000db
7/6/2013	9:32:59 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_000167
7/6/2013	9:33:01 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_000172
7/6/2013	9:33:10 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_0001b6
7/6/2013	9:33:13 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_0001c8
7/6/2013	9:33:40 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_00025f
7/6/2013	9:33:40 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_000260
7/6/2013	9:33:47 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_000285
7/6/2013	9:33:47 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_000286
7/6/2013	9:33:48 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_00028a
7/6/2013	9:34:23 PM	Nicht gescannt (Die Datei ist verschlüsselt) 	c:\Documents and Settings\pe130296\AppData\LocalLow\Google\GoogleEarth\webdata\f_000355
7/6/2013	9:38:28 PM	Scan-Zusammenfassung	PE1302961\pe130296	Scan-Zusammenfassung
7/6/2013	9:38:28 PM	Scan-Zusammenfassung	PE1302961\pe130296	Gescannte Prozesse: 124
7/6/2013	9:38:28 PM	Scan-Zusammenfassung	PE1302961\pe130296	Erkannte Prozesse: 0
7/6/2013	9:38:28 PM	Scan-Zusammenfassung	PE1302961\pe130296	Gesäuberte Prozesse: 0
7/6/2013	9:38:28 PM	Scan-Zusammenfassung	PE1302961\pe130296	Gescannte Boot-Sektoren: 1
7/6/2013	9:38:28 PM	Scan-Zusammenfassung	PE1302961\pe130296	Erkannte Boot-Sektoren: 0
7/6/2013	9:38:28 PM	Scan-Zusammenfassung	PE1302961\pe130296	Gesäuberte Boot-Sektoren: 0
7/6/2013	9:38:28 PM	Scan-Zusammenfassung	PE1302961\pe130296	Gescannte Dateien: 415535
7/6/2013	9:38:28 PM	Scan-Zusammenfassung	PE1302961\pe130296	Dateien mit Erkennungen: 3
7/6/2013	9:38:28 PM	Scan-Zusammenfassung	PE1302961\pe130296	Dateierkennungen: 12
7/6/2013	9:38:28 PM	Scan-Zusammenfassung	PE1302961\pe130296	Gesäuberte Dateien: 0
7/6/2013	9:38:28 PM	Scan-Zusammenfassung	PE1302961\pe130296	Gelöschte Dateien: 3
7/6/2013	9:38:28 PM	Scan-Zusammenfassung	PE1302961\pe130296	Nicht gescannte Dateien: 94
7/6/2013	9:38:28 PM	Scan-Zusammenfassung	PE1302961\pe130296	Laufzeit: 4:03:04
7/6/2013	9:38:28 PM	Scanvorgang wurde beendet	PE1302961\pe130296	Vollständiger Scan
habe jetzt ja blöderweise die "3" files unbenannt und dann mcafee :-(
Frage : soll ich wieder "zurückbenennen" wie ursprünglich und dann das machen was Du geschrieben hast ?
( komm mir ehrlich gesagt ein wenig blöd vor )

Alt 08.07.2013, 11:56   #12
markusg
/// Malware-holic
 
BKA WIN7 nur mehr weisse Fläche - Standard

BKA WIN7 nur mehr weisse Fläche


nein.
lösche sie.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.07.2013, 14:24   #13
momorossi
 
BKA WIN7 nur mehr weisse Fläche - Standard

BKA WIN7 nur mehr weisse Fläche


log file von TDSSKiller :

Code:
ATTFilter
15:12:17.0395 4040  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:12:19.0408 4040  ============================================================
15:12:19.0408 4040  Current date / time: 2013/07/08 15:12:19.0408
15:12:19.0408 4040  SystemInfo:
15:12:19.0408 4040  
15:12:19.0408 4040  OS Version: 6.1.7601 ServicePack: 1.0
15:12:19.0408 4040  Product type: Workstation
15:12:19.0408 4040  ComputerName: PE1302961
15:12:19.0408 4040  UserName: pe130296
15:12:19.0408 4040  Windows directory: C:\Windows
15:12:19.0408 4040  System windows directory: C:\Windows
15:12:19.0408 4040  Running under WOW64
15:12:19.0408 4040  Processor architecture: Intel x64
15:12:19.0408 4040  Number of processors: 4
15:12:19.0408 4040  Page size: 0x1000
15:12:19.0408 4040  Boot type: Normal boot
15:12:19.0408 4040  ============================================================
15:12:20.0016 4040  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:12:20.0016 4040  ============================================================
15:12:20.0016 4040  \Device\Harddisk0\DR0:
15:12:20.0016 4040  MBR partitions:
15:12:20.0016 4040  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385030
15:12:20.0016 4040  ============================================================
15:12:20.0016 4040  C: <-> \Device\Harddisk0\DR0\Partition1
15:12:20.0016 4040  ============================================================
15:12:20.0016 4040  Initialize success
15:12:20.0016 4040  ============================================================
15:12:56.0021 11040  ============================================================
15:12:56.0021 11040  Scan started
15:12:56.0021 11040  Mode: Manual; SigCheck; TDLFS; 
15:12:56.0021 11040  ============================================================
15:12:56.0832 11040  ================ Scan system memory ========================
15:12:56.0832 11040  System memory - ok
15:12:56.0832 11040  ================ Scan services =============================
15:12:57.0051 11040  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:12:57.0238 11040  1394ohci - ok
15:12:57.0347 11040  [ 5E8EFEB338DEB1F485420B090FE6C85E ] ac.sharedstore  C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
15:12:57.0441 11040  ac.sharedstore - ok
15:12:57.0472 11040  [ EE9407D42154190C3169D11EA4B8C711 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
15:12:57.0534 11040  Accelerometer - ok
15:12:57.0581 11040  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:12:57.0675 11040  ACPI - ok
15:12:57.0722 11040  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:12:57.0909 11040  AcpiPmi - ok
15:12:57.0956 11040  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:12:57.0987 11040  adp94xx - ok
15:12:58.0018 11040  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:12:58.0049 11040  adpahci - ok
15:12:58.0065 11040  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:12:58.0080 11040  adpu320 - ok
15:12:58.0096 11040  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:12:58.0143 11040  AeLookupSvc - ok
15:12:58.0190 11040  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:12:58.0330 11040  AFD - ok
15:12:58.0595 11040  [ 4A3CC2EF18E51B3FFDADC811525A6362 ] AgentService    C:\Program Files (x86)\PC Backup\AgentService.exe
15:12:58.0720 11040  AgentService - ok
15:12:58.0767 11040  [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
15:12:58.0876 11040  AgereModemAudio - ok
15:12:58.0923 11040  [ DDF52C4C92D831A4CDB7788B37585E36 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
15:12:59.0063 11040  AgereSoftModem - ok
15:12:59.0094 11040  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:12:59.0141 11040  agp440 - ok
15:12:59.0172 11040  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:12:59.0250 11040  ALG - ok
15:12:59.0297 11040  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:12:59.0313 11040  aliide - ok
15:12:59.0328 11040  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:12:59.0344 11040  amdide - ok
15:12:59.0360 11040  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:12:59.0438 11040  AmdK8 - ok
15:12:59.0438 11040  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:12:59.0484 11040  AmdPPM - ok
15:12:59.0516 11040  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:12:59.0578 11040  amdsata - ok
15:12:59.0609 11040  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:12:59.0625 11040  amdsbs - ok
15:12:59.0640 11040  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:12:59.0703 11040  amdxata - ok
15:12:59.0718 11040  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:12:59.0890 11040  AppID - ok
15:12:59.0921 11040  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:12:59.0984 11040  AppIDSvc - ok
15:13:00.0015 11040  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:13:00.0140 11040  Appinfo - ok
15:13:00.0218 11040  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:13:00.0296 11040  Apple Mobile Device - ok
15:13:00.0311 11040  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:13:00.0374 11040  AppMgmt - ok
15:13:00.0405 11040  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
15:13:00.0420 11040  arc - ok
15:13:00.0452 11040  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:13:00.0467 11040  arcsas - ok
15:13:00.0545 11040  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:13:00.0639 11040  aspnet_state - ok
15:13:00.0670 11040  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:13:00.0732 11040  AsyncMac - ok
15:13:00.0779 11040  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:13:00.0810 11040  atapi - ok
15:13:00.0951 11040  [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:13:01.0060 11040  atikmdag - ok
15:13:01.0107 11040  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:13:01.0200 11040  AudioEndpointBuilder - ok
15:13:01.0200 11040  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:13:01.0232 11040  AudioSrv - ok
15:13:01.0263 11040  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:13:01.0388 11040  AxInstSV - ok
15:13:01.0450 11040  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:13:01.0528 11040  b06bdrv - ok
15:13:01.0559 11040  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:13:01.0622 11040  b57nd60a - ok
15:13:01.0653 11040  [ BC9E4469FE2CE605902D4C8BB09E8236 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
15:13:01.0715 11040  bcbtums - ok
15:13:01.0746 11040  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:13:01.0809 11040  BDESVC - ok
15:13:01.0840 11040  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:13:01.0902 11040  Beep - ok
15:13:01.0965 11040  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:13:02.0074 11040  BFE - ok
15:13:02.0121 11040  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:13:02.0230 11040  BITS - ok
15:13:02.0246 11040  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:13:02.0261 11040  blbdrive - ok
15:13:02.0308 11040  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:13:02.0370 11040  Bonjour Service - ok
15:13:02.0417 11040  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:13:02.0511 11040  bowser - ok
15:13:02.0542 11040  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:13:02.0573 11040  BrFiltLo - ok
15:13:02.0573 11040  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:13:02.0589 11040  BrFiltUp - ok
15:13:02.0636 11040  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
15:13:02.0729 11040  Browser - ok
15:13:02.0760 11040  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:13:02.0854 11040  Brserid - ok
15:13:02.0854 11040  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:13:02.0901 11040  BrSerWdm - ok
15:13:02.0916 11040  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:13:02.0963 11040  BrUsbMdm - ok
15:13:02.0963 11040  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:13:02.0994 11040  BrUsbSer - ok
15:13:03.0026 11040  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
15:13:03.0088 11040  BthEnum - ok
15:13:03.0119 11040  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:13:03.0166 11040  BTHMODEM - ok
15:13:03.0197 11040  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:13:03.0244 11040  BthPan - ok
15:13:03.0275 11040  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
15:13:03.0338 11040  BTHPORT - ok
15:13:03.0384 11040  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:13:03.0431 11040  bthserv - ok
15:13:03.0447 11040  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
15:13:03.0509 11040  BTHUSB - ok
15:13:03.0556 11040  [ 93F0E54C65EF7FCB56287FA685E4C4B7 ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
15:13:03.0618 11040  btwampfl - ok
15:13:03.0634 11040  [ D1F3C58892C621935947C0261BAEF3C0 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
15:13:03.0681 11040  btwaudio - ok
15:13:03.0696 11040  [ 9C7A3858D87F3A2574C1D326CA6C1461 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
15:13:03.0759 11040  btwavdt - ok
15:13:03.0837 11040  [ CE6AD9E2874D19069569F03C819B558C ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:13:03.0930 11040  btwdins - ok
15:13:03.0977 11040  [ AC602E3B6940B48E454D90545D85E8C3 ] BTWDPAN         C:\Windows\system32\DRIVERS\btwdpan.sys
15:13:04.0024 11040  BTWDPAN - ok
15:13:04.0040 11040  [ B1ACFD00CDD13B48D86F46BFEC153BF9 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
15:13:04.0118 11040  btwl2cap - ok
15:13:04.0133 11040  [ BB892C59D453E127797F8C5B203678DC ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
15:13:04.0180 11040  btwrchid - ok
15:13:04.0211 11040  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:13:04.0258 11040  cdfs - ok
15:13:04.0289 11040  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:13:04.0352 11040  cdrom - ok
15:13:04.0383 11040  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:13:04.0461 11040  CertPropSvc - ok
15:13:04.0492 11040  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
15:13:04.0508 11040  circlass - ok
15:13:04.0539 11040  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:13:04.0555 11040  CLFS - ok
15:13:04.0617 11040  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:13:04.0648 11040  clr_optimization_v2.0.50727_32 - ok
15:13:04.0679 11040  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:13:04.0711 11040  clr_optimization_v2.0.50727_64 - ok
15:13:04.0773 11040  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:13:04.0851 11040  clr_optimization_v4.0.30319_32 - ok
15:13:04.0867 11040  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:13:04.0913 11040  clr_optimization_v4.0.30319_64 - ok
15:13:04.0929 11040  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:13:04.0960 11040  CmBatt - ok
15:13:04.0991 11040  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:13:04.0991 11040  cmdide - ok
15:13:05.0038 11040  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:13:05.0147 11040  CNG - ok
15:13:05.0163 11040  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:13:05.0179 11040  Compbatt - ok
15:13:05.0194 11040  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:13:05.0272 11040  CompositeBus - ok
15:13:05.0288 11040  COMSysApp - ok
15:13:05.0381 11040  [ 507C2FC2C2FE0102D1EA568FE2B6E940 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:13:05.0444 11040  cphs - ok
15:13:05.0475 11040  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:13:05.0491 11040  crcdisk - ok
15:13:05.0522 11040  [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:13:05.0600 11040  CryptSvc - ok
15:13:05.0631 11040  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
15:13:05.0725 11040  CSC - ok
15:13:05.0740 11040  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
15:13:05.0787 11040  CscService - ok
15:13:05.0834 11040  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:13:05.0881 11040  DcomLaunch - ok
15:13:05.0912 11040  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:13:05.0974 11040  defragsvc - ok
15:13:05.0990 11040  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:13:06.0068 11040  DfsC - ok
15:13:06.0115 11040  [ 0DAF7DA005BCA551672217F880B7CABC ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:13:06.0208 11040  Dhcp - ok
15:13:06.0302 11040  [ F68AAAA42D372CF459BB716E0499E6DA ] DialComService  C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe
15:13:06.0380 11040  DialComService - ok
15:13:06.0411 11040  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:13:06.0458 11040  discache - ok
15:13:06.0489 11040  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
15:13:06.0505 11040  Disk - ok
15:13:06.0520 11040  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
15:13:06.0614 11040  dmvsc - ok
15:13:06.0645 11040  [ A06098E823EE2E63D42691C0D7BCDE46 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:13:06.0707 11040  Dnscache - ok
15:13:06.0739 11040  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:13:06.0832 11040  dot3svc - ok
15:13:06.0863 11040  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:13:06.0941 11040  DPS - ok
15:13:07.0004 11040  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:13:07.0066 11040  drmkaud - ok
15:13:07.0113 11040  [ AE2661B8ADFA325AF0EA096D969533F3 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:13:07.0222 11040  DXGKrnl - ok
15:13:07.0253 11040  [ E53D32044F4A03D64D6C91CF0A22A77E ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
15:13:07.0316 11040  e1cexpress - ok
15:13:07.0363 11040  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:13:07.0441 11040  EapHost - ok
15:13:07.0534 11040  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:13:07.0612 11040  ebdrv - ok
15:13:07.0643 11040  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:13:07.0768 11040  EFS - ok
15:13:07.0815 11040  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:13:07.0924 11040  ehRecvr - ok
15:13:07.0971 11040  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:13:07.0987 11040  ehSched - ok
15:13:08.0033 11040  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:13:08.0049 11040  elxstor - ok
15:13:08.0143 11040  [ C3D8C7E58D6194286A6D3985CABF19E7 ] enterceptAgent  C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe
15:13:08.0252 11040  enterceptAgent - ok
15:13:08.0267 11040  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:13:08.0283 11040  ErrDev - ok
15:13:08.0345 11040  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:13:08.0408 11040  EventSystem - ok
15:13:08.0439 11040  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:13:08.0470 11040  exfat - ok
15:13:08.0486 11040  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:13:08.0533 11040  fastfat - ok
15:13:08.0564 11040  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:13:08.0657 11040  Fax - ok
15:13:08.0689 11040  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
15:13:08.0720 11040  fdc - ok
15:13:08.0767 11040  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:13:08.0829 11040  fdPHost - ok
15:13:08.0845 11040  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:13:08.0891 11040  FDResPub - ok
15:13:08.0923 11040  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:13:08.0938 11040  FileInfo - ok
15:13:08.0938 11040  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:13:08.0969 11040  Filetrace - ok
15:13:09.0016 11040  [ 98960643434EC32304EF1D84194B6A28 ] FIMPasswordReset C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe
15:13:09.0063 11040  FIMPasswordReset - ok
15:13:09.0094 11040  [ 04EB7C3063834C50FEF94AE77B05CBF9 ] Firehk          C:\Windows\system32\DRIVERS\firehk.sys
15:13:09.0172 11040  Firehk - ok
15:13:09.0172 11040  [ 04EB7C3063834C50FEF94AE77B05CBF9 ] FirehkMP        C:\Windows\system32\DRIVERS\firehk.sys
15:13:09.0188 11040  FirehkMP - ok
15:13:09.0219 11040  [ 91C7C2C38D51A1AB25F909189A2C2DB9 ] firelm01        C:\Windows\system32\drivers\firelm01.sys
15:13:09.0266 11040  firelm01 - ok
15:13:09.0281 11040  [ 7A5AF3EE86BBB96A5B2C96FACBFE124F ] FirePM          C:\Windows\system32\Drivers\FirePM.sys
15:13:09.0359 11040  FirePM - ok
15:13:09.0391 11040  [ 9D0071CB93C9CEBFB927F443C75E3251 ] FireTDI         C:\Windows\system32\Drivers\FireTDI.sys
15:13:09.0453 11040  FireTDI - ok
15:13:09.0515 11040  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:13:09.0625 11040  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:13:09.0625 11040  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:13:09.0656 11040  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:13:09.0687 11040  flpydisk - ok
15:13:09.0734 11040  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:13:09.0781 11040  FltMgr - ok
15:13:09.0812 11040  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:13:09.0859 11040  FontCache - ok
15:13:09.0905 11040  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:13:10.0015 11040  FontCache3.0.0.0 - ok
15:13:10.0030 11040  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:13:10.0046 11040  FsDepends - ok
15:13:10.0061 11040  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:13:10.0108 11040  Fs_Rec - ok
15:13:10.0139 11040  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:13:10.0202 11040  fvevol - ok
15:13:10.0233 11040  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:13:10.0249 11040  gagp30kx - ok
15:13:10.0280 11040  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:13:10.0327 11040  GEARAspiWDM - ok
15:13:10.0358 11040  [ C188969AC82AFF6B2A6CD967046C81B7 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:13:10.0389 11040  gpsvc - ok
15:13:10.0451 11040  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:13:10.0467 11040  gupdate - ok
15:13:10.0467 11040  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:13:10.0483 11040  gupdatem - ok
15:13:10.0498 11040  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:13:10.0561 11040  hcw85cir - ok
15:13:10.0592 11040  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:13:10.0685 11040  HDAudBus - ok
15:13:10.0701 11040  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:13:10.0732 11040  HidBatt - ok
15:13:10.0748 11040  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:13:10.0763 11040  HidBth - ok
15:13:10.0795 11040  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:13:10.0810 11040  HidIr - ok
15:13:10.0841 11040  [ 46BBE8EA221461A65F18A078528F4B2C ] hidkmdf         C:\Windows\system32\DRIVERS\hidkmdf.sys
15:13:10.0888 11040  hidkmdf - ok
15:13:10.0919 11040  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:13:10.0966 11040  hidserv - ok
15:13:11.0013 11040  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:13:11.0075 11040  HidUsb - ok
15:13:11.0107 11040  [ A5FA050FF3A5F3630C2598D32E339DEF ] HIPK            C:\Windows\system32\drivers\HIPK.sys
15:13:11.0153 11040  HIPK - ok
15:13:11.0169 11040  [ E8EB147DC272DBA6F0EBA31D17E752C6 ] HIPPSK          C:\Windows\system32\drivers\HIPPSK.sys
15:13:11.0216 11040  HIPPSK - ok
15:13:11.0216 11040  [ 1F95E665632A39AC57E1C605E49C5816 ] HIPQK           C:\Windows\system32\drivers\HIPQK.sys
15:13:11.0263 11040  HIPQK - ok
15:13:11.0309 11040  [ 44CD99A1B57827ED9E98851B0BAEE851 ] hips            C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe
15:13:11.0419 11040  hips - ok
15:13:11.0450 11040  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:13:11.0559 11040  hkmsvc - ok
15:13:11.0590 11040  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:13:11.0668 11040  HomeGroupListener - ok
15:13:11.0684 11040  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:13:11.0777 11040  HomeGroupProvider - ok
15:13:11.0933 11040  [ 44AD1D87919994161131D5FB16C5B551 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
15:13:12.0027 11040  HP Power Assistant Service - ok
15:13:12.0136 11040  [ 9164A3C0E6C15C5CD0C61B10233B4843 ] hpCMSrv         c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
15:13:12.0230 11040  hpCMSrv - ok
15:13:12.0261 11040  [ 7D2F0F709D88ED2617AFB0864D7B963E ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
15:13:12.0308 11040  hpdskflt - ok
15:13:12.0355 11040  [ B52C679621627ADBF4C800227EC60A41 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
15:13:12.0417 11040  hpHotkeyMonitor - ok
15:13:12.0433 11040  [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:13:12.0495 11040  HpqKbFiltr - ok
15:13:12.0526 11040  [ 5298E3B4844328A11C9EB6C001CF0529 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:13:12.0542 11040  hpqwmiex - ok
15:13:12.0573 11040  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:13:12.0635 11040  HpSAMD - ok
15:13:12.0651 11040  [ 21685DC7E55FE3A0BB74DDD1606843B8 ] hpsrv           C:\Windows\system32\Hpservice.exe
15:13:12.0713 11040  hpsrv - ok
15:13:12.0745 11040  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:13:12.0838 11040  HTTP - ok
15:13:12.0838 11040  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:13:12.0901 11040  hwpolicy - ok
15:13:12.0916 11040  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:13:12.0963 11040  i8042prt - ok
15:13:12.0979 11040  [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
15:13:12.0994 11040  iaStor - ok
15:13:13.0057 11040  [ 7DEC78C80C628E9D36883C06C3C07E3C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:13:13.0135 11040  IAStorDataMgrSvc - ok
15:13:13.0166 11040  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:13:13.0228 11040  iaStorV - ok
15:13:13.0275 11040  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:13:13.0353 11040  idsvc - ok
15:13:13.0587 11040  [ 3FB253E8059A1AAC3A8B83A31D094CC5 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:13:13.0977 11040  igfx - ok
15:13:14.0008 11040  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:13:14.0024 11040  iirsp - ok
15:13:14.0071 11040  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:13:14.0180 11040  IKEEXT - ok
15:13:14.0227 11040  [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:13:14.0336 11040  IntcDAud - ok
15:13:14.0351 11040  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:13:14.0367 11040  intelide - ok
15:13:14.0398 11040  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:13:14.0445 11040  intelppm - ok
15:13:14.0476 11040  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:13:14.0539 11040  IPBusEnum - ok
15:13:14.0539 11040  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:13:14.0617 11040  IpFilterDriver - ok
15:13:14.0648 11040  [ A17826C992170BB859911A7BAE401704 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:13:14.0679 11040  iphlpsvc - ok
15:13:14.0695 11040  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:13:14.0757 11040  IPMIDRV - ok
15:13:14.0788 11040  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:13:14.0882 11040  IPNAT - ok
15:13:14.0929 11040  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:13:15.0022 11040  iPod Service - ok
15:13:15.0053 11040  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:13:15.0069 11040  IRENUM - ok
15:13:15.0085 11040  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:13:15.0100 11040  isapnp - ok
15:13:15.0116 11040  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:13:15.0163 11040  iScsiPrt - ok
15:13:15.0194 11040  [ B2381712638B0B714D0EEAB9A1F7C640 ] iusb3hcs        C:\Windows\system32\drivers\iusb3hcs.sys
15:13:15.0287 11040  iusb3hcs - ok
15:13:15.0334 11040  [ FD2C6457232E95C014DAD21DEBC64867 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
15:13:15.0397 11040  iusb3hub - ok
15:13:15.0428 11040  [ F6A2B5D030BE7EDF8ADC12C9A40825A8 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
15:13:15.0490 11040  iusb3xhc - ok
15:13:15.0521 11040  [ B0C3023507CD1C2EB63249FC952504AE ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
15:13:15.0615 11040  JMCR - ok
15:13:15.0646 11040  [ FBF2B35AD5911C9DFD00D83CC7BCF0B2 ] johci           C:\Windows\system32\DRIVERS\johci.sys
15:13:15.0677 11040  johci - ok
15:13:15.0709 11040  [ 29F31564E82BB3A6387B2C379718A88B ] JRAID           C:\Windows\system32\drivers\jraid.sys
15:13:15.0755 11040  JRAID - ok
15:13:15.0771 11040  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:13:15.0787 11040  kbdclass - ok
15:13:15.0818 11040  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:13:15.0896 11040  kbdhid - ok
15:13:15.0927 11040  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:13:15.0958 11040  KeyIso - ok
15:13:15.0989 11040  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:13:16.0052 11040  KSecDD - ok
15:13:16.0083 11040  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:13:16.0130 11040  KSecPkg - ok
15:13:16.0161 11040  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:13:16.0239 11040  ksthunk - ok
15:13:16.0270 11040  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:13:16.0317 11040  KtmRm - ok
15:13:16.0364 11040  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:13:16.0473 11040  LanmanServer - ok
15:13:16.0504 11040  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:13:16.0582 11040  LanmanWorkstation - ok
15:13:16.0613 11040  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:13:16.0660 11040  lltdio - ok
15:13:16.0676 11040  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:13:16.0707 11040  lltdsvc - ok
15:13:16.0738 11040  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:13:16.0769 11040  lmhosts - ok
15:13:16.0801 11040  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:13:16.0816 11040  LSI_FC - ok
15:13:16.0847 11040  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:13:16.0863 11040  LSI_SAS - ok
15:13:16.0863 11040  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:13:16.0879 11040  LSI_SAS2 - ok
15:13:16.0894 11040  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:13:16.0894 11040  LSI_SCSI - ok
15:13:16.0910 11040  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:13:16.0957 11040  luafv - ok
15:13:17.0003 11040  [ 1D12D4D0ABC5BB00A5E8FEB9A9601731 ] LV_Tracker      C:\Windows\system32\DRIVERS\LV_Tracker64.sys
15:13:17.0050 11040  LV_Tracker - ok
15:13:17.0113 11040  Mandiant_Tools - ok
15:13:17.0175 11040  [ 37E01B3B11063774401D4801F2DA05A1 ] McAfee SiteAdvisor Enterprise Service C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
15:13:17.0206 11040  McAfee SiteAdvisor Enterprise Service - ok
15:13:17.0284 11040  [ 74CAB26399A9084373F16E496BB494AB ] McAfeeEngineService C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
15:13:17.0378 11040  McAfeeEngineService - ok
15:13:17.0456 11040  [ AACB6AD3AEDDE4E4B115FDE632E883E8 ] McAfeeFramework C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
15:13:17.0471 11040  McAfeeFramework - ok
15:13:17.0503 11040  [ 6346EF11804B8F15154245184F8E1BDC ] McShield        C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
15:13:17.0581 11040  McShield - ok
15:13:17.0612 11040  [ 8F8A3C08AE97C2942C58E3C0976E7E92 ] McTaskManager   C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
15:13:17.0659 11040  McTaskManager - ok
15:13:17.0690 11040  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:13:17.0737 11040  Mcx2Svc - ok
15:13:17.0768 11040  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:13:17.0768 11040  megasas - ok
15:13:17.0783 11040  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:13:17.0799 11040  MegaSR - ok
15:13:17.0830 11040  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:13:17.0893 11040  MEIx64 - ok
15:13:17.0939 11040  [ EAC376DD77EC9E95D38108A27C261DCA ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
15:13:18.0002 11040  mfeapfk - ok
15:13:18.0017 11040  [ F55F50B11D635658F346DB0457BB2B79 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
15:13:18.0064 11040  mfeavfk - ok
15:13:18.0095 11040  [ ADA8C105C8F9A61284C75157C170585B ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
15:13:18.0158 11040  mfehidk - ok
15:13:18.0173 11040  [ B000720E19EF733F938A6269D630F5DD ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
15:13:18.0220 11040  mferkdet - ok
15:13:18.0236 11040  [ 8CDCC0CABD7329284C1B8A139A5C52FD ] mfetdik         C:\Windows\system32\drivers\mfetdik.sys
15:13:18.0283 11040  mfetdik - ok
15:13:18.0329 11040  [ C5A291C308FC731060F9F98F3337D643 ] mfevtp          C:\Windows\system32\mfevtps.exe
15:13:18.0392 11040  mfevtp - ok
15:13:18.0407 11040  [ 62717AB68B38EFEE54678B85E19B0538 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
15:13:18.0470 11040  mfewfpk - ok
15:13:18.0517 11040  Microsoft SharePoint Workspace Audit Service - ok
15:13:18.0548 11040  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:13:18.0610 11040  MMCSS - ok
15:13:18.0626 11040  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:13:18.0688 11040  Modem - ok
15:13:18.0735 11040  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:13:18.0782 11040  monitor - ok
15:13:18.0813 11040  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:13:18.0829 11040  mouclass - ok
15:13:18.0844 11040  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:13:18.0875 11040  mouhid - ok
15:13:18.0891 11040  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:13:18.0938 11040  mountmgr - ok
15:13:18.0969 11040  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:13:19.0031 11040  mpio - ok
15:13:19.0063 11040  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:13:19.0078 11040  mpsdrv - ok
15:13:19.0125 11040  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:13:19.0156 11040  MpsSvc - ok
15:13:19.0156 11040  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:13:19.0219 11040  MRxDAV - ok
15:13:19.0250 11040  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:13:19.0375 11040  mrxsmb - ok
15:13:19.0406 11040  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:13:19.0531 11040  mrxsmb10 - ok
15:13:19.0546 11040  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:13:19.0624 11040  mrxsmb20 - ok
15:13:19.0640 11040  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:13:19.0702 11040  msahci - ok
15:13:19.0749 11040  [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
15:13:19.0827 11040  MSCamSvc - ok
15:13:19.0843 11040  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:13:19.0921 11040  msdsm - ok
15:13:19.0936 11040  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:13:19.0968 11040  MSDTC - ok
15:13:19.0999 11040  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:13:20.0046 11040  Msfs - ok
15:13:20.0077 11040  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:13:20.0124 11040  mshidkmdf - ok
15:13:20.0139 11040  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:13:20.0155 11040  msisadrv - ok
15:13:20.0202 11040  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:13:20.0280 11040  MSiSCSI - ok
15:13:20.0280 11040  msiserver - ok
15:13:20.0326 11040  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:13:20.0373 11040  MSKSSRV - ok
15:13:20.0389 11040  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:13:20.0436 11040  MSPCLOCK - ok
15:13:20.0451 11040  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:13:20.0498 11040  MSPQM - ok
15:13:20.0514 11040  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:13:20.0560 11040  MsRPC - ok
15:13:20.0576 11040  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:13:20.0592 11040  mssmbios - ok
15:13:20.0607 11040  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:13:20.0638 11040  MSTEE - ok
15:13:20.0685 11040  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:13:20.0685 11040  MTConfig - ok
15:13:20.0716 11040  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:13:20.0732 11040  Mup - ok
15:13:20.0748 11040  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:13:20.0826 11040  napagent - ok
15:13:20.0857 11040  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:13:20.0904 11040  NativeWifiP - ok
15:13:20.0935 11040  [ C38B8AE57F78915905064A9A24DC1586 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:13:20.0950 11040  NDIS - ok
15:13:20.0966 11040  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:13:20.0997 11040  NdisCap - ok
15:13:21.0028 11040  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:13:21.0060 11040  NdisTapi - ok
15:13:21.0075 11040  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:13:21.0153 11040  Ndisuio - ok
15:13:21.0184 11040  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:13:21.0262 11040  NdisWan - ok
15:13:21.0278 11040  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:13:21.0325 11040  NDProxy - ok
15:13:21.0387 11040  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:13:21.0465 11040  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:13:21.0465 11040  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:13:21.0481 11040  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:13:21.0543 11040  NetBIOS - ok
15:13:21.0559 11040  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:13:21.0652 11040  NetBT - ok
15:13:21.0668 11040  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:13:21.0684 11040  Netlogon - ok
15:13:21.0699 11040  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:13:21.0762 11040  Netman - ok
15:13:21.0808 11040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:13:21.0886 11040  NetMsmqActivator - ok
15:13:21.0902 11040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:13:21.0902 11040  NetPipeActivator - ok
15:13:21.0918 11040  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:13:21.0964 11040  netprofm - ok
15:13:21.0980 11040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:13:21.0996 11040  NetTcpActivator - ok
15:13:21.0996 11040  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:13:22.0011 11040  NetTcpPortSharing - ok
15:13:22.0198 11040  [ 262225F08B891FD7F16B3B93A3177C1F ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw00.sys
15:13:22.0464 11040  NETwNs64 - ok
15:13:22.0510 11040  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:13:22.0510 11040  nfrd960 - ok
15:13:22.0542 11040  [ 969B8E2A0B72F7C41CAFC238A6018E2B ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:13:22.0651 11040  NlaSvc - ok
15:13:22.0666 11040  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:13:22.0698 11040  Npfs - ok
15:13:22.0713 11040  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:13:22.0744 11040  nsi - ok
15:13:22.0744 11040  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:13:22.0791 11040  nsiproxy - ok
15:13:22.0838 11040  [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:13:22.0932 11040  Ntfs - ok
15:13:22.0963 11040  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:13:22.0994 11040  Null - ok
15:13:23.0041 11040  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:13:23.0119 11040  nvraid - ok
15:13:23.0134 11040  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:13:23.0181 11040  nvstor - ok
15:13:23.0212 11040  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:13:23.0228 11040  nv_agp - ok
15:13:23.0259 11040  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:13:23.0290 11040  ohci1394 - ok
15:13:23.0353 11040  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:13:23.0431 11040  ose - ok
15:13:23.0587 11040  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:13:23.0758 11040  osppsvc - ok
15:13:23.0774 11040  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:13:23.0852 11040  p2pimsvc - ok
15:13:23.0883 11040  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:13:23.0930 11040  p2psvc - ok
15:13:23.0961 11040  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:13:24.0008 11040  Parport - ok
15:13:24.0008 11040  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:13:24.0055 11040  partmgr - ok
15:13:24.0070 11040  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:13:24.0102 11040  PcaSvc - ok
15:13:24.0133 11040  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:13:24.0226 11040  pci - ok
15:13:24.0242 11040  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:13:24.0258 11040  pciide - ok
15:13:24.0289 11040  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:13:24.0304 11040  pcmcia - ok
15:13:24.0320 11040  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:13:24.0320 11040  pcw - ok
15:13:24.0382 11040  [ BAF3216DDAA12E66EBBB31760E02BC14 ] PdiService      C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
15:13:24.0429 11040  PdiService - ok
15:13:24.0460 11040  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:13:24.0492 11040  PEAUTH - ok
15:13:24.0554 11040  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:13:24.0632 11040  PeerDistSvc - ok
15:13:24.0694 11040  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:13:24.0741 11040  PerfHost - ok
15:13:24.0788 11040  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:13:24.0866 11040  pla - ok
15:13:24.0913 11040  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:13:25.0022 11040  PlugPlay - ok
15:13:25.0069 11040  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:13:25.0147 11040  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:13:25.0147 11040  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:13:25.0178 11040  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:13:25.0209 11040  PNRPAutoReg - ok
15:13:25.0225 11040  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:13:25.0240 11040  PNRPsvc - ok
15:13:25.0272 11040  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:13:25.0350 11040  PolicyAgent - ok
15:13:25.0365 11040  [ 12B96E339A35F56807D4D788439FF484 ] Power           C:\Windows\system32\umpo.dll
15:13:25.0412 11040  Power - ok
15:13:25.0443 11040  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:13:25.0552 11040  PptpMiniport - ok
15:13:25.0568 11040  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
15:13:25.0584 11040  Processor - ok
15:13:25.0615 11040  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
15:13:25.0708 11040  ProfSvc - ok
15:13:25.0724 11040  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:13:25.0740 11040  ProtectedStorage - ok
15:13:25.0755 11040  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:13:25.0786 11040  Psched - ok
15:13:25.0849 11040  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:13:25.0942 11040  PSI_SVC_2 - ok
15:13:25.0989 11040  [ 788CB65D49D1162C5EE6814AFE5B0A70 ] PSI_SVC_2_x64   c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
15:13:26.0083 11040  PSI_SVC_2_x64 - ok
15:13:26.0114 11040  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:13:26.0145 11040  ql2300 - ok
15:13:26.0176 11040  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:13:26.0192 11040  ql40xx - ok
15:13:26.0223 11040  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:13:26.0239 11040  QWAVE - ok
15:13:26.0254 11040  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:13:26.0286 11040  QWAVEdrv - ok
15:13:26.0332 11040  [ B35396436B64C3C214742A85A2656CD2 ] radexecd        C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
15:13:27.0223 11040  radexecd - ok
15:13:27.0238 11040  [ F3BA2DE90D279D02DC01B954D5A1CB56 ] RadiaMsi        C:\Windows\system32\DRIVERS\radiamsi.sys
15:13:27.0285 11040  RadiaMsi - ok
15:13:27.0301 11040  [ 85F3944F59A61C1B8BF4252FC7A99851 ] radsched        C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
15:13:27.0379 11040  radsched - ok
15:13:27.0410 11040  [ B546334122FFB329D4C84D4D4F31AE26 ] Radstgms        C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
15:13:27.0503 11040  Radstgms - ok
15:13:27.0519 11040  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:13:27.0550 11040  RasAcd - ok
15:13:27.0597 11040  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:13:27.0659 11040  RasAgileVpn - ok
15:13:27.0691 11040  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:13:27.0722 11040  RasAuto - ok
15:13:27.0753 11040  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:13:27.0831 11040  Rasl2tp - ok
15:13:27.0847 11040  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:13:27.0893 11040  RasMan - ok
15:13:27.0925 11040  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:13:27.0956 11040  RasPppoe - ok
15:13:28.0003 11040  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:13:28.0081 11040  RasSstp - ok
15:13:28.0112 11040  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:13:28.0252 11040  rdbss - ok
15:13:28.0268 11040  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:13:28.0330 11040  rdpbus - ok
15:13:28.0346 11040  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:13:28.0393 11040  RDPCDD - ok
15:13:28.0408 11040  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:13:28.0471 11040  RDPDR - ok
15:13:28.0486 11040  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:13:28.0533 11040  RDPENCDD - ok
15:13:28.0549 11040  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:13:28.0580 11040  RDPREFMP - ok
15:13:28.0611 11040  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:13:28.0705 11040  RdpVideoMiniport - ok
15:13:28.0736 11040  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:13:28.0814 11040  RDPWD - ok
15:13:28.0845 11040  [ A115F49BEA840A5F049BC6310F35F776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:13:28.0907 11040  rdyboost - ok
15:13:28.0923 11040  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:13:28.0970 11040  RemoteAccess - ok
15:13:29.0001 11040  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:13:29.0032 11040  RemoteRegistry - ok
15:13:29.0079 11040  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:13:29.0141 11040  RFCOMM - ok
15:13:29.0173 11040  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:13:29.0251 11040  RpcEptMapper - ok
15:13:29.0297 11040  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:13:29.0313 11040  RpcLocator - ok
15:13:29.0344 11040  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:13:29.0375 11040  RpcSs - ok
15:13:29.0422 11040  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:13:29.0453 11040  rspndr - ok
15:13:29.0485 11040  [ E139B73C75591536E6061E281BC81CC4 ] RsvLock         C:\Windows\system32\drivers\RsvLock.sys
15:13:29.0531 11040  RsvLock - ok
15:13:29.0547 11040  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:13:29.0609 11040  s3cap - ok
15:13:29.0625 11040  [ 73AF7FDC3D0F7AFECEB992ADD36D6210 ] SafeBoot        C:\Windows\system32\drivers\SafeBoot.sys
15:13:29.0625 11040  Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: 73AF7FDC3D0F7AFECEB992ADD36D6210
15:13:29.0625 11040  SafeBoot ( LockedFile.Multi.Generic ) - warning
15:13:29.0625 11040  SafeBoot - detected LockedFile.Multi.Generic (1)
15:13:29.0687 11040  [ 15C103060F75FC8572E018F847D0C6A7 ] SafeBootClientManager C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe
15:13:29.0812 11040  SafeBootClientManager ( UnsignedFile.Multi.Generic ) - warning
15:13:29.0812 11040  SafeBootClientManager - detected UnsignedFile.Multi.Generic (1)
15:13:29.0828 11040  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:13:29.0843 11040  SamSs - ok
15:13:29.0875 11040  [ 945847879212999199F78A840785D3BB ] SBAlg           C:\Windows\system32\drivers\SBAlg.sys
15:13:29.0906 11040  SBAlg - ok
15:13:29.0921 11040  [ D08FAD8E364E6B6F8E6EEC3533B2F99B ] SbFlop          C:\Windows\system32\drivers\SbFlop.sys
15:13:29.0968 11040  SbFlop - ok
15:13:29.0984 11040  [ 897F5370E6DAF1AB7AFE0476786543C2 ] SbFsLock        C:\Windows\system32\drivers\SbFsLock.sys
15:13:30.0031 11040  SbFsLock - ok
15:13:30.0046 11040  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:13:30.0093 11040  sbp2port - ok
15:13:30.0109 11040  [ 13801B8CF7289BFF30FA9BE71D5DF937 ] SbRegFlt        C:\Windows\system32\drivers\SbRegFlt.sys
15:13:30.0155 11040  SbRegFlt - ok
15:13:30.0187 11040  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:13:30.0218 11040  SCardSvr - ok
15:13:30.0233 11040  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:13:30.0327 11040  scfilter - ok
15:13:30.0358 11040  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:13:30.0405 11040  Schedule - ok
15:13:30.0436 11040  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:13:30.0467 11040  SCPolicySvc - ok
15:13:30.0483 11040  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:13:30.0561 11040  SDRSVC - ok
15:13:30.0592 11040  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:13:30.0686 11040  secdrv - ok
15:13:30.0701 11040  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:13:30.0764 11040  seclogon - ok
15:13:30.0795 11040  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:13:30.0842 11040  SENS - ok
15:13:30.0857 11040  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:13:30.0889 11040  SensrSvc - ok
15:13:30.0935 11040  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:13:30.0967 11040  Serenum - ok
15:13:30.0998 11040  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
15:13:31.0045 11040  Serial - ok
15:13:31.0076 11040  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:13:31.0107 11040  sermouse - ok
15:13:31.0154 11040  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:13:31.0232 11040  SessionEnv - ok
15:13:31.0247 11040  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:13:31.0263 11040  sffdisk - ok
15:13:31.0263 11040  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:13:31.0294 11040  sffp_mmc - ok
15:13:31.0310 11040  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:13:31.0372 11040  sffp_sd - ok
15:13:31.0403 11040  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:13:31.0419 11040  sfloppy - ok
15:13:31.0435 11040  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:13:31.0497 11040  SharedAccess - ok
15:13:31.0528 11040  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:13:31.0622 11040  ShellHWDetection - ok
15:13:31.0653 11040  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:13:31.0684 11040  SiSRaid2 - ok
15:13:31.0700 11040  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:13:31.0731 11040  SiSRaid4 - ok
15:13:31.0778 11040  [ E0211E7E0D9CF5672174014BC6524E79 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:13:35.0600 11040  SkypeUpdate - ok
15:13:35.0631 11040  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:13:35.0662 11040  Smb - ok
15:13:35.0694 11040  [ 1DF92DCA354DC6A41023082FAE9E04EF ] SmbDrvAMDASF    C:\Windows\system32\drivers\Smb_driver_AMDASF.sys
15:13:35.0740 11040  SmbDrvAMDASF - ok
15:13:35.0772 11040  [ 639D0E29424C08C5A8933A3BA701488C ] SmbDrvIntel     C:\Windows\system32\drivers\Smb_driver_Intel.sys
15:13:35.0818 11040  SmbDrvIntel - ok
15:13:35.0865 11040  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:13:35.0896 11040  SNMPTRAP - ok
15:13:35.0912 11040  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:13:35.0928 11040  spldr - ok
15:13:35.0943 11040  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
15:13:36.0021 11040  Spooler - ok
15:13:36.0099 11040  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:13:36.0286 11040  sppsvc - ok
15:13:36.0318 11040  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:13:36.0333 11040  sppuinotify - ok
15:13:36.0364 11040  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:13:36.0458 11040  srv - ok
15:13:36.0474 11040  [ E10010AC9A4E8D7676EC89700BB6A24C ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:13:36.0520 11040  srv2 - ok
15:13:36.0536 11040  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:13:36.0583 11040  srvnet - ok
15:13:36.0614 11040  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:13:36.0661 11040  SSDPSRV - ok
15:13:36.0676 11040  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:13:36.0708 11040  SstpSvc - ok
15:13:36.0754 11040  [ 1ED89888F9332A03EDA24338D670B398 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
15:13:36.0879 11040  STacSV - ok
15:13:36.0879 11040  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:13:36.0895 11040  stexstor - ok
15:13:36.0926 11040  [ A1BFE4F83C3BF9A4BE9B0CE7F39EBB8F ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
15:13:37.0004 11040  STHDA - ok
15:13:37.0051 11040  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
15:13:37.0098 11040  StillCam - ok
15:13:37.0144 11040  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:13:37.0222 11040  stisvc - ok
15:13:37.0238 11040  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:13:37.0285 11040  storflt - ok
15:13:37.0300 11040  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
15:13:37.0363 11040  StorSvc - ok
15:13:37.0394 11040  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:13:37.0441 11040  storvsc - ok
15:13:37.0472 11040  svctimehpc - ok
15:13:37.0488 11040  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:13:37.0503 11040  swenum - ok
15:13:37.0534 11040  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:13:37.0550 11040  swprv - ok
15:13:37.0581 11040  [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc      C:\Windows\system32\drivers\Synth3dVsc.sys
15:13:37.0675 11040  Synth3dVsc - ok
15:13:37.0690 11040  [ 99D403440C54F4F81A0388FAC32D330A ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:13:37.0753 11040  SynTP - ok
15:13:37.0784 11040  [ 7BE4CDEA6BC7832BFE3112A350D8B9EA ] SysMain         C:\Windows\system32\sysmain.dll
15:13:37.0846 11040  SysMain - ok
15:13:37.0862 11040  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:13:37.0924 11040  TabletInputService - ok
15:13:38.0049 11040  [ D2575E3C29A6280F971E3B897CB2B8DB ] TabletServicePen C:\Windows\system32\Pen_Tablet.exe
15:13:38.0190 11040  TabletServicePen - ok
15:13:38.0205 11040  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:13:38.0283 11040  TapiSrv - ok
15:13:38.0314 11040  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:13:38.0330 11040  TBS - ok
15:13:38.0408 11040  [ B8C1AAC0523E1C33AEB0EF7572144BA2 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:13:38.0502 11040  Tcpip - ok
15:13:38.0533 11040  [ B8C1AAC0523E1C33AEB0EF7572144BA2 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:13:38.0548 11040  TCPIP6 - ok
15:13:38.0580 11040  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:13:38.0658 11040  tcpipreg - ok
15:13:38.0673 11040  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:13:38.0704 11040  TDPIPE - ok
15:13:38.0720 11040  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:13:38.0798 11040  TDTCP - ok
15:13:38.0829 11040  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:13:38.0892 11040  tdx - ok
15:13:38.0923 11040  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:13:38.0954 11040  TermDD - ok
15:13:38.0970 11040  [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
15:13:39.0048 11040  terminpt - ok
15:13:39.0079 11040  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:13:39.0157 11040  TermService - ok
15:13:39.0188 11040  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:13:39.0219 11040  Themes - ok
15:13:39.0235 11040  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:13:39.0266 11040  THREADORDER - ok
15:13:39.0313 11040  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
15:13:39.0360 11040  TPM - ok
15:13:39.0406 11040  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:13:39.0453 11040  TrkWks - ok
15:13:39.0500 11040  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:13:39.0578 11040  TrustedInstaller - ok
15:13:39.0609 11040  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:13:39.0687 11040  tssecsrv - ok
15:13:39.0718 11040  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:13:39.0781 11040  TsUsbFlt - ok
15:13:39.0796 11040  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:13:39.0843 11040  TsUsbGD - ok
15:13:39.0843 11040  [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
15:13:39.0890 11040  tsusbhub - ok
15:13:39.0921 11040  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:13:39.0999 11040  tunnel - ok
15:13:40.0030 11040  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:13:40.0046 11040  uagp35 - ok
15:13:40.0062 11040  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:13:40.0124 11040  udfs - ok
15:13:40.0155 11040  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:13:40.0186 11040  UI0Detect - ok
15:13:40.0202 11040  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:13:40.0202 11040  uliagpkx - ok
15:13:40.0233 11040  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:13:40.0296 11040  umbus - ok
15:13:40.0327 11040  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:13:40.0358 11040  UmPass - ok
15:13:40.0374 11040  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
15:13:40.0436 11040  UmRdpService - ok
15:13:40.0467 11040  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:13:40.0545 11040  upnphost - ok
15:13:40.0592 11040  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:13:40.0701 11040  usbaudio - ok
15:13:40.0732 11040  [ 2B26FCB7C634C49313FD72120FB9946E ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:13:40.0826 11040  usbccgp - ok
15:13:40.0842 11040  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:13:40.0857 11040  usbcir - ok
15:13:40.0888 11040  [ AA68C758B3F225618A5FD1ED40C383C4 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:13:40.0935 11040  usbehci - ok
15:13:40.0982 11040  [ 66E1EF753543785D7E2C44719B2C5DAD ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:13:41.0076 11040  usbhub - ok
15:13:41.0107 11040  [ B26ACA4784AD1295C25A7501FD4AB79E ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:13:41.0169 11040  usbohci - ok
15:13:41.0216 11040  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:13:41.0263 11040  usbprint - ok
15:13:41.0294 11040  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:13:41.0310 11040  usbscan - ok
15:13:41.0325 11040  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:13:41.0388 11040  USBSTOR - ok
15:13:41.0419 11040  [ 35944CFF264134FFD2E7EED0F8B81A56 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:13:41.0466 11040  usbuhci - ok
15:13:41.0497 11040  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:13:41.0544 11040  UxSms - ok
15:13:41.0559 11040  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:13:41.0575 11040  VaultSvc - ok
15:13:41.0637 11040  [ EF3BD2119454883B0D5463AD5327DD10 ] vcsFPService    C:\Windows\system32\vcsFPService.exe
15:13:41.0700 11040  vcsFPService - ok
15:13:41.0746 11040  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:13:41.0778 11040  vdrvroot - ok
15:13:41.0809 11040  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:13:41.0918 11040  vds - ok
15:13:41.0934 11040  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:13:41.0949 11040  vga - ok
15:13:41.0965 11040  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:13:41.0996 11040  VgaSave - ok
15:13:41.0996 11040  VGPU - ok
15:13:41.0996 11040  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:13:42.0058 11040  vhdmp - ok
15:13:42.0074 11040  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:13:42.0090 11040  viaide - ok
15:13:42.0121 11040  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:13:42.0168 11040  vmbus - ok
15:13:42.0183 11040  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:13:42.0230 11040  VMBusHID - ok
15:13:42.0261 11040  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:13:42.0308 11040  volmgr - ok
15:13:42.0324 11040  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:13:42.0386 11040  volmgrx - ok
15:13:42.0417 11040  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:13:42.0480 11040  volsnap - ok
15:13:42.0511 11040  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:13:42.0526 11040  vsmraid - ok
15:13:42.0573 11040  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:13:42.0636 11040  VSS - ok
15:13:42.0651 11040  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:13:42.0682 11040  vwifibus - ok
15:13:42.0714 11040  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:13:42.0745 11040  vwififlt - ok
15:13:42.0776 11040  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:13:42.0792 11040  vwifimp - ok
15:13:42.0870 11040  [ C366AE91D2CC2C1C25380061D235C36B ] VX3000          C:\Windows\system32\DRIVERS\VX3000.sys
15:13:42.0932 11040  VX3000 - ok
15:13:42.0963 11040  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:13:42.0994 11040  W32Time - ok
15:13:43.0041 11040  [ FDA15A0510F84FA46452B74529147A15 ] WacHidRouter    C:\Windows\system32\DRIVERS\wachidrouter.sys
15:13:43.0104 11040  WacHidRouter - ok
15:13:43.0119 11040  [ 1BA8286484DCAA157F8F23229AD9D809 ] wacmoumonitor   C:\Windows\system32\DRIVERS\wacmoumonitor.sys
15:13:43.0166 11040  wacmoumonitor - ok
15:13:43.0182 11040  wacommousefilter - ok
15:13:43.0197 11040  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:13:43.0213 11040  WacomPen - ok
15:13:43.0228 11040  [ EABFDBDC9BEDD325F260A3A9FEE5B3F9 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
15:13:43.0275 11040  wacomrouterfilter - ok
15:13:43.0291 11040  wacomvhid - ok
15:13:43.0291 11040  [ 8B4255329EDFBA3ECFBD0714476FAD38 ] WacomVKHid      C:\Windows\system32\DRIVERS\WacomVKHid.sys
15:13:43.0353 11040  WacomVKHid - ok
15:13:43.0384 11040  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:13:43.0462 11040  WANARP - ok
15:13:43.0478 11040  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:13:43.0494 11040  Wanarpv6 - ok
15:13:43.0540 11040  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:13:43.0650 11040  wbengine - ok
15:13:43.0665 11040  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:13:43.0696 11040  WbioSrvc - ok
15:13:43.0712 11040  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:13:43.0774 11040  wcncsvc - ok
15:13:43.0790 11040  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:13:43.0821 11040  WcsPlugInService - ok
15:13:43.0852 11040  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
15:13:43.0868 11040  Wd - ok
15:13:43.0915 11040  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:13:43.0962 11040  Wdf01000 - ok
15:13:44.0008 11040  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:13:44.0086 11040  WdiServiceHost - ok
15:13:44.0102 11040  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:13:44.0118 11040  WdiSystemHost - ok
15:13:44.0133 11040  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:13:44.0196 11040  WebClient - ok
15:13:44.0227 11040  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:13:44.0274 11040  Wecsvc - ok
15:13:44.0305 11040  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:13:44.0336 11040  wercplsupport - ok
15:13:44.0352 11040  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:13:44.0383 11040  WerSvc - ok
15:13:44.0398 11040  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:13:44.0430 11040  WfpLwf - ok
15:13:44.0461 11040  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:13:44.0476 11040  WIMMount - ok
15:13:44.0492 11040  WinDefend - ok
15:13:44.0492 11040  WinHttpAutoProxySvc - ok
15:13:44.0539 11040  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:13:44.0570 11040  Winmgmt - ok
15:13:44.0617 11040  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:13:44.0710 11040  WinRM - ok
15:13:44.0757 11040  [ FE88B288356E7B47B74B13372ADD906D ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
15:13:44.0851 11040  WinUSB - ok
15:13:44.0866 11040  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:13:44.0913 11040  Wlansvc - ok
15:13:44.0944 11040  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:13:44.0991 11040  WmiAcpi - ok
15:13:45.0022 11040  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:13:45.0085 11040  wmiApSrv - ok
15:13:45.0116 11040  WMPNetworkSvc - ok
15:13:45.0147 11040  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:13:45.0194 11040  WPCSvc - ok
15:13:45.0225 11040  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:13:45.0288 11040  WPDBusEnum - ok
15:13:45.0319 11040  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:13:45.0366 11040  ws2ifsl - ok
15:13:45.0381 11040  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:13:45.0428 11040  wscsvc - ok
15:13:45.0428 11040  WSearch - ok
15:13:45.0490 11040  [ FF3F745A22B0C9C2EF1600762E8858A1 ] WTabletServiceCon C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
15:13:45.0568 11040  WTabletServiceCon - ok
15:13:45.0615 11040  [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:13:45.0678 11040  wuauserv - ok
15:13:45.0678 11040  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:13:45.0771 11040  WudfPf - ok
15:13:45.0787 11040  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:13:45.0865 11040  WUDFRd - ok
15:13:45.0896 11040  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:13:45.0943 11040  wudfsvc - ok
15:13:45.0974 11040  [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:13:46.0036 11040  WwanSvc - ok
15:13:46.0052 11040  ================ Scan global ===============================
15:13:46.0083 11040  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:13:46.0114 11040  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:13:46.0161 11040  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:13:46.0192 11040  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:13:46.0224 11040  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:13:46.0224 11040  [Global] - ok
15:13:46.0224 11040  ================ Scan MBR ==================================
15:13:46.0239 11040  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:13:47.0050 11040  \Device\Harddisk0\DR0 - ok
15:13:47.0050 11040  ================ Scan VBR ==================================
15:13:47.0082 11040  [ CAA3069F37105048B67AB6C6A6814032 ] \Device\Harddisk0\DR0\Partition1
15:13:47.0082 11040  \Device\Harddisk0\DR0\Partition1 - ok
15:13:47.0082 11040  ============================================================
15:13:47.0082 11040  Scan finished
15:13:47.0082 11040  ============================================================
15:13:47.0097 2220  Detected object count: 5
15:13:47.0097 2220  Actual detected object count: 5
15:14:22.0307 2220  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:14:22.0307 2220  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:14:22.0307 2220  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:14:22.0307 2220  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:14:22.0323 2220  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:14:22.0323 2220  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:14:22.0323 2220  SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
15:14:22.0323 2220  SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip 
15:14:22.0323 2220  SafeBootClientManager ( UnsignedFile.Multi.Generic ) - skipped by user
15:14:22.0323 2220  SafeBootClientManager ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 08.07.2013, 14:26   #14
markusg
/// Malware-holic
 
BKA WIN7 nur mehr weisse Fläche - Standard

BKA WIN7 nur mehr weisse Fläche


Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.07.2013, 21:16   #15
momorossi
 
BKA WIN7 nur mehr weisse Fläche - Standard

BKA WIN7 nur mehr weisse Fläche


and here we go :

Code:
ATTFilter
ComboFix 13-07-08.02 - pe130296 08.07.2013  20:27:33.1.4 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.8058.5307 [GMT 2:00]
Running from: c:\users\pe130296\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\mödling.pst
c:\data\mail\archive.pst
c:\users\pe130296\AppData\Local\assembly\tmp
c:\users\pe130296\AppData\Roaming\7 9
c:\users\pe130296\AppData\Roaming\7 9\_ctypes.pyd
c:\users\pe130296\AppData\Roaming\7 9\_hashlib.pyd
c:\users\pe130296\AppData\Roaming\7 9\_socket.pyd
c:\users\pe130296\AppData\Roaming\7 9\_ssl.pyd
c:\users\pe130296\AppData\Roaming\7 9\bat.bat
c:\users\pe130296\AppData\Roaming\7 9\boost_python-vc90-mt-1_39.dll
c:\users\pe130296\AppData\Roaming\7 9\bt.lnk
c:\users\pe130296\AppData\Roaming\7 9\bz2.pyd
c:\users\pe130296\AppData\Roaming\7 9\j.exe
c:\users\pe130296\AppData\Roaming\7 9\library.zip
c:\users\pe130296\AppData\Roaming\7 9\msvcp90.dll
c:\users\pe130296\AppData\Roaming\7 9\numpy.core._dotblas.pyd
c:\users\pe130296\AppData\Roaming\7 9\numpy.core._sort.pyd
c:\users\pe130296\AppData\Roaming\7 9\numpy.core.multiarray.pyd
c:\users\pe130296\AppData\Roaming\7 9\numpy.core.scalarmath.pyd
c:\users\pe130296\AppData\Roaming\7 9\numpy.core.umath.pyd
c:\users\pe130296\AppData\Roaming\7 9\numpy.fft.fftpack_lite.pyd
c:\users\pe130296\AppData\Roaming\7 9\numpy.lib._compiled_base.pyd
c:\users\pe130296\AppData\Roaming\7 9\numpy.linalg.lapack_lite.pyd
c:\users\pe130296\AppData\Roaming\7 9\numpy.random.mtrand.pyd
c:\users\pe130296\AppData\Roaming\7 9\phatk.cl
c:\users\pe130296\AppData\Roaming\7 9\pyopencl._cl.pyd
c:\users\pe130296\AppData\Roaming\7 9\python26.dll
c:\users\pe130296\AppData\Roaming\7 9\select.pyd
c:\users\pe130296\AppData\Roaming\7 9\settings.txt
c:\users\pe130296\AppData\Roaming\7 9\svchost.exe
c:\users\pe130296\AppData\Roaming\7 9\unicodedata.pyd
c:\users\pe130296\AppData\Roaming\7 9\w9xpopen.exe
c:\users\pe130296\AppData\Roaming\Local
c:\windows\SafeBoot.scr
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-08 to 2013-07-08  )))))))))))))))))))))))))))))))
.
.
2013-07-08 18:31 . 2013-07-08 18:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-08 18:31 . 2013-07-08 18:31	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-07-08 06:56 . 2013-07-08 06:56	--------	d-----w-	c:\windows\system32\%LOCALAPPDATA%
2013-07-06 14:13 . 2013-07-06 14:13	--------	d-----w-	C:\FRST
2013-07-06 13:28 . 2013-07-08 09:25	6352	----a-w-	c:\windows\system32\PerfStringBackup.TMP
2013-07-06 11:24 . 2013-07-06 11:24	--------	d-----w-	c:\windows\system32\%appdata%
2013-06-26 17:11 . 2013-06-26 17:15	--------	d-----w-	c:\users\pe130296\AppData\Roaming\Skype
2013-06-26 17:11 . 2013-06-26 17:11	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-06-26 17:11 . 2013-06-26 17:11	--------	d-----r-	c:\program files (x86)\Skype
2013-06-26 17:11 . 2013-06-26 17:11	--------	d-----w-	c:\programdata\Skype
2013-06-26 17:05 . 2013-06-26 17:05	--------	d-----w-	c:\program files (x86)\Microsoft LifeCam
2013-06-26 17:05 . 2013-06-26 17:05	--------	d-----w-	c:\program files\Microsoft LifeCam
2013-06-12 07:21 . 2010-01-26 17:56	40328	----a-w-	c:\windows\SysWow64\HIPIS0e011b5.dll
2013-06-12 07:21 . 2010-01-26 17:44	47080	----a-w-	c:\windows\system32\HIPIS0e011b5.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-08 23:57 . 2012-05-15 14:01	140992	----a-w-	c:\windows\SysWow64\KevlarSigs.dll
2013-05-02 17:13 . 2013-05-02 17:13	2892	----a-w-	c:\windows\SysWow64\audcon.sys
2013-04-25 09:16 . 2013-04-25 09:16	61440	----a-r-	c:\users\pe130296\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F586CB96-7091-42ec-9829-F5D5CE65AFC1}]
2013-04-05 16:19	1220880	----a-w-	c:\program files (x86)\DIAL GmbH\DIALux\Dialux.BHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 7520 series (NET)"="c:\program files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"COEMsgDisplay"="c:\program files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [2007-04-11 26624]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"GetITIcon"="c:\program files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe" [2011-08-30 861696]
"McAfee Host Intrusion Prevention Tray"="c:\program files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-06-15 979104]
"IDA"="c:\program files (x86)\Hewlett-Packard\PC COE\IDA.EXE" [2011-04-02 176128]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-04-04 322432]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2012-04-26 184704]
"eepc_SmartClient"="c:\program files (x86)\SmartClient\Smart.exe" [2013-01-31 115200]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-08-31 124224]
"SafeBootTrayManager"="c:\program files (x86)\SafeBoot Tray Manager\SbTrayManager.exe" [2009-08-19 69632]
"SafeBootTokenWatcher"="c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" [2011-09-15 172092]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2012-11-27 333416]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"PlantronicsURE.exe"="c:\program files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe" [2013-02-28 625040]
"PlantronicsBatteryStatus.exe"="c:\program files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe" [2013-02-28 356752]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-09-28 12105344]
"AgentUiRunKey"="c:\program files (x86)\PC Backup\Agent.exe" [2012-11-28 299856]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-1 1380128]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-4 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 4 (0x4)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"dontdisplaylockeduserid"= 1 (0x1)
"LogonType"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"ReportControllerMissing"= 0 (0x0)
"DisableNT4Policy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	sbnp scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe;c:\program files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [x]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [x]
R2 SafeBootClientManager;SafeBoot Client Manager;c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe;c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DialComService;DIAL Communication Service;c:\program files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe;c:\program files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys;c:\windows\SYSNATIVE\DRIVERS\firehk.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker64.sys;c:\windows\SYSNATIVE\DRIVERS\LV_Tracker64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SmbDrvAMDASF;SmbDrvAMDASF;c:\windows\system32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvIntel;SmbDrvIntel;c:\windows\system32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SBAlg;SBAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S1 SbFlop;SbFlop; [x]
S1 SbRegFlt;SbRegFlt; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AgentService;AgentService;c:\program files (x86)\PC Backup\AgentService.exe;c:\program files (x86)\PC Backup\AgentService.exe [x]
S2 FIMPasswordReset;Forefront Identity Manager Password Reset Client Service;c:\program files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe;c:\program files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [x]
S2 hips;McAfee HIPSCore Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe;c:\program files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 radexecd;HPCA Notify Daemon;c:\program files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe;c:\program files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [x]
S2 radsched;HPCA Scheduler Daemon;c:\program files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe;c:\program files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [x]
S2 Radstgms;HPCA MSI Redirector;c:\program files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe;c:\program files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [x]
S2 svctimehpc;Timing Service;c:\program files (x86)\Products\Time Service\svctimehpc.exe;c:\program files (x86)\Products\Time Service\svctimehpc.exe [x]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe;c:\windows\SYSNATIVE\Pen_Tablet.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys;c:\windows\SYSNATIVE\DRIVERS\firehk.sys [x]
S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys;c:\windows\SYSNATIVE\drivers\HIPK.sys [x]
S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys;c:\windows\SYSNATIVE\drivers\HIPPSK.sys [x]
S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys;c:\windows\SYSNATIVE\drivers\HIPQK.sys [x]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 Mandiant_Tools;Mandiant_Tools;c:\programdata\Application Data\Time Service\mktools.sys;c:\programdata\Application Data\Time Service\mktools.sys [x]
S3 RadiaMsi;RadiaMsi;c:\windows\system32\DRIVERS\radiamsi.sys;c:\windows\SYSNATIVE\DRIVERS\radiamsi.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 19010735
*NewlyCreated* - MANDIANT_TOOLS
*Deregistered* - 19010735
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{86E45973-5352-439F-A115-2E8EE4D40140}]
2012-05-15 13:16	188416	----a-w-	c:\program files (x86)\Common Files\Hewlett-Packard\ActSet\HpActSet.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 08:32]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 08:32]
.
2013-07-08 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-07-08 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-07-08 c:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-07-08 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-07-08 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
- c:\program files (x86)\Hewlett-Packard\PC COE\coetl32.exe [2007-06-24 05:27]
.
2013-07-08 c:\windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-07-08 c:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-07-08 c:\windows\Tasks\Maint.job
- c:\program files (x86)\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28 14:35]
.
2013-07-08 c:\windows\Tasks\pcpm-collector.job
- c:\program files (x86)\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28 14:35]
.
2013-07-08 c:\windows\Tasks\pcpm-consolidator.job
- c:\program files (x86)\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28 14:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"PasswordRegistration"="c:\windows\system32\MsPwdRegistration.exe" [2010-08-18 31080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-30 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-30 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-30 439064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-15 1425408]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
"HPRAService"="c:\program files\RA2HP\HPRAService.exe" [2012-12-18 139776]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://intranet.hp.com/Country/Austria/Pages/index.aspx
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: basenotes.net\www
Trusted Zone: compaq.com
Trusted Zone: compaq.com.ar
Trusted Zone: compaq.com.br
Trusted Zone: compaq.com.co
Trusted Zone: compaq.com.mx
Trusted Zone: compaq.com.sg
Trusted Zone: compaq.com.ve
Trusted Zone: cpqcorp.net
Trusted Zone: dcu.org
Trusted Zone: eds.com
Trusted Zone: hp.com
Trusted Zone: hpqcorp.net
Trusted Zone: sharefile.com\hp
TCP: DhcpNameServer = 195.202.138.3 195.202.128.3 62.40.128.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk - c:\users\pe130296\create_shortcut.vbs
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk - c:\users\pe130296\reg_off2k7.vbs
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk - c:\users\pe130296\create_shortcut.vbs
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk - c:\users\pe130296\reg_off2k7.vbs
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zc_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zc_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zc.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zc.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zc.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zc.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-08  20:33:59
ComboFix-quarantined-files.txt  2013-07-08 18:33
.
Pre-Run: 362.707.161.088 bytes free
Post-Run: 362.946.236.416 bytes free
.
- - End Of File - - 7490804260309120001DFDE7B8B9DEF6
D41D8CD98F00B204E9800998ECF8427E

Antwort
Seite 1 von 2 1 2

Themen zu BKA WIN7 nur mehr weisse Fläche
64 bit, bka trojaner, boot, bootfähige, compu, computer, dos, feststellen, gestern, große, hilfe, konnte, screen, stelle, troja, trojaner, usb, verzweiflung, web, weisse, weisser, win, win7, win7 64, win7 64 bit


« GVU Trojaner | Schwarzer Bildschirm nach hochfahren mit beweglichem Mauszeiger »


Ähnliche Themen: BKA WIN7 nur mehr weisse Fläche


  1. Win7 .exe nicht mehr ausführbar
    Log-Analyse und Auswertung - 10.06.2015 (4)
  2. [Win7] Fährt nicht mehr hoch
    Alles rund um Windows - 15.02.2015 (36)
  3. Windows Explorer funktioniert nicht mehr - Win7
    Alles rund um Windows - 11.12.2014 (16)
  4. Windows Explorer funktioniert nicht mehr Win7
    Alles rund um Windows - 05.12.2014 (1)
  5. Win7: PUP.Optional.Conduit.A und mehr gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.01.2014 (7)
  6. PC fährt nicht mehr runter [Win7]
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (1)
  7. Der weisse Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 19.06.2013 (14)
  8. Win7 nicht mehr bootbar
    Alles rund um Windows - 29.03.2013 (12)
  9. PC Win7 bootet nicht mehr!
    Alles rund um Windows - 07.01.2013 (20)
  10. weisse Seite
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  11. WIN7 64 Bit GIMP2.8 funktioniert nicht mehr
    Alles rund um Windows - 21.06.2012 (2)
  12. Rootkit - win7 neu aufgesetzt - startet nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (1)
  13. Win7 Firewall nicht mehr aktivierbar (Fehlercode 13)
    Log-Analyse und Auswertung - 25.01.2012 (3)
  14. Weisse seite erscheint nach einer Suchangabe.
    Plagegeister aller Art und deren Bekämpfung - 21.09.2011 (3)
  15. Win7, die meisten Programme starten nicht mehr.
    Plagegeister aller Art und deren Bekämpfung - 18.01.2011 (5)
  16. Internet Explorer öffnet immer weisse seite
    Log-Analyse und Auswertung - 02.12.2008 (0)
  17. Problem...weisse Seite bei Mails. HJT Logfile ansehen
    Mülltonne - 23.08.2007 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA WIN7 nur mehr weisse Fläche - Hi habe seit gestern offensichtlich BKA Trojaner - konnte nicht feststellen welchen konkret bei boot nur mehr "weisser Screen" - auch im "safe mode" nogo, nur "DOS Mode" geht noch - BKA WIN7 nur mehr weisse Fläche...
Archiv
Du betrachtest: BKA WIN7 nur mehr weisse Fläche auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55