| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Problem mit Internet-VerbindungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.07.2013, 12:42
| #31 |
 |  Problem mit Internet-Verbindung et voila .. Code:
ATTFilter ComboFix 13-07-22.01 - Andreas 23.07.2013 13:11:28.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4092.2574 [GMT 2:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Andreas\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-23 bis 2013-07-23 ))))))))))))))))))))))))))))))
.
.
2013-07-23 11:20 . 2013-07-23 11:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-23 11:20 . 2013-07-23 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-23 11:20 . 2013-07-23 11:20 -------- d-----w- c:\users\AppData\AppData\Local\temp
2013-07-17 17:35 . 2013-07-17 17:35 -------- d-----w- c:\program files\7-Zip
2013-07-15 16:53 . 2013-07-15 16:53 -------- d-----w- C:\RegBackup
2013-07-15 16:00 . 2013-07-15 18:42 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-07-11 19:13 . 2013-07-11 19:12 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-11 19:12 . 2013-07-11 19:12 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-11 19:12 . 2013-07-11 19:12 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-11 19:12 . 2013-07-11 19:12 188840 ----a-w- c:\windows\system32\java.exe
2013-07-11 19:12 . 2013-07-11 19:12 -------- d-----w- c:\program files\Java
2013-07-11 07:37 . 2013-07-11 07:37 -------- d-----w- C:\FRST
2013-07-11 07:35 . 2013-05-08 04:18 1706496 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 07:35 . 2013-05-08 04:04 1548288 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 07:35 . 2013-06-04 02:03 2775040 ----a-w- c:\windows\system32\win32k.sys
2013-07-09 18:48 . 2013-07-09 18:48 478 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-09 18:21 . 2013-07-09 18:21 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-09 18:03 . 2013-07-11 19:12 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-09 18:03 . 2013-07-11 19:12 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-03 16:02 . 2013-07-03 16:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-30 22:45 . 2013-06-30 22:46 -------- d-----w- c:\program files (x86)\Mozilla Firefox(132)
2013-06-27 14:52 . 2013-07-16 21:12 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 16
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 19:07 . 2012-08-18 18:25 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-11 19:07 . 2011-05-31 06:56 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-11 09:03 . 2006-11-02 12:35 78185248 ----a-w- c:\windows\system32\mrt.exe
2013-07-09 18:21 . 2012-08-18 17:52 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-07-09 18:21 . 2010-05-12 05:05 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-16 20:40 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-08 04:50 . 2013-06-12 07:47 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 04:16 . 2013-06-12 07:47 686080 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:04 . 2013-06-12 07:47 443904 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-05-02 04:03 . 2013-06-12 07:47 37376 ----a-w- c:\windows\SysWow64\printcom.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\SysWow64\user32.dll ---
Company: Microsoft Corporation
File Description: Multi-User Windows USER API Client DLL
File Version: 6.0.6001.18000 (longhorn_rtm.080118-1840)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: user32
File size: 648704
Created time: 2009-05-26 20:40
Modified time: 2009-04-10 21:26
MD5: D29FDB5DEDBDC1BD882164DC6DC4DD53
SHA1: 84AA00AFEF6700E834E36F907A76F80AE2F73B07
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-10 345144]
.
c:\users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\AAVUpdateManager\aavus.exe;c:\program files (x86)\AAVUpdateManager\aavus.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 19:07]
.
2010-07-06 c:\windows\Tasks\{05622D7C-E102-421F-B9BD-F587BF569F37}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2013-05-24 14:21]
.
2010-07-06 c:\windows\Tasks\{26D45942-2C27-4338-93C2-049F1A435729}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2012-02-29 07:55]
.
2010-07-06 c:\windows\Tasks\{5B63F7D2-B10D-4B25-BCB3-4D2BBBDB9ABC}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2012-02-29 07:55]
.
2010-07-06 c:\windows\Tasks\{6E02B945-C0CE-453A-9BA6-230DC76E1BAC}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2013-05-24 14:21]
.
2011-04-01 c:\windows\Tasks\{83EBD7E3-5521-4D5A-897A-E105084669EA}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2013-05-24 14:21]
.
2009-05-18 c:\windows\Tasks\{B9B31758-9ABD-4FBC-875D-D4AA867B25D5}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2012-02-29 07:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-03 442368]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 790552]
"Ocs_SM"="c:\users\Andreas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-08-21 106496]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://webzugang.brnet.de/dana-na/auth/url_default/welcome.cgi
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mStart Page =
mDefault_Page_URL =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Free YouTube Download - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\programme\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pn21nwmv.default\
FF - prefs.js: browser.search.selectedEngine - Google Default
FF - prefs.js: browser.startup.homepage - hxxp://tagesschau.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Audiograbber - c:\program files (x86)\Audiograbber\Uninstall.exe
AddRemove-Audiograbber-Lame - c:\program files (x86)\Audiograbber\Lame-Uninstall.exe
AddRemove-Siedler3Deinstall - c:\windows\IsUn0407.exe
AddRemove-Siedler3MissionUninstall - c:\windows\IsUn0407.exe
AddRemove-Winamp - c:\programme\Winamp\UninstWA.exe
AddRemove-WinRAR archiver - c:\programme\WinRaR\uninstall.exe
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-07-23 13:23:59
ComboFix-quarantined-files.txt 2013-07-23 11:23
ComboFix2.txt 2013-07-21 08:12
ComboFix3.txt 2013-01-09 19:13
.
Vor Suchlauf: 20 Verzeichnis(se), 190.572.818.432 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 190.518.849.536 Bytes frei
.
- - End Of File - - 8F8569A5ED78F0F5EE829B4FB1E8C21F
48E3F1D37D7213D84BE3E5B9893067F6
|
|
24.07.2013, 00:59
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Problem mit Internet-Verbindung Rootkitscan mit GMER
__________________Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
24.07.2013, 15:34
| #33 |
| | Problem mit Internet-Verbindung hier die beiden logs. GMER ...
__________________Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-24 15:05:30
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5055GSX rev.FG002C 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\uwtiqfob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
Database version: v2013.07.24.05
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Andreas :: ANDREAS-PC [administrator]
24.07.2013 15:08:53
mbar-log-2013-07-24 (15-08-53).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 254487
Time elapsed: 37 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
24.07.2013, 15:38
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Internet-VerbindungCode:
ATTFilter INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.07.2013, 14:40
| #35 |
| | Problem mit Internet-Verbindung einmal aswMBR Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-26 13:37:52
-----------------------------
13:37:52.445 OS Version: Windows x64 6.0.6002 Service Pack 2
13:37:52.445 Number of processors: 2 586 0x1706
13:37:52.445 ComputerName: ANDREAS-PC UserName: Andreas
13:37:58.217 Initialize success
13:37:58.342 AVAST engine defs: 13050900
13:39:44.338 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:39:44.338 Disk 0 Vendor: TOSHIBA_MK5055GSX FG002C Size: 476940MB BusType: 3
13:39:44.650 Disk 0 MBR read successfully
13:39:44.650 Disk 0 MBR scan
13:39:44.650 Disk 0 Windows VISTA default MBR code
13:39:44.682 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 464628 MB offset 2048
13:39:44.713 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12308 MB offset 951560192
13:39:46.117 Disk 0 scanning C:\Windows\system32\drivers
13:40:06.836 Service scanning
13:40:54.901 Modules scanning
13:40:54.917 Disk 0 trace - called modules:
13:40:54.948 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:40:54.964 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f94790]
13:40:54.979 3 CLASSPNP.SYS[fffffa6000a43c33] -> nt!IofCallDriver -> [0xfffffa8004f8fb10]
13:40:54.979 5 hpdskflt.sys[fffffa6001bf8189] -> nt!IofCallDriver -> [0xfffffa8004bcf600]
13:40:54.995 7 acpi.sys[fffffa60008e2fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bd8940]
13:40:56.664 AVAST engine scan C:\Windows
13:41:03.388 AVAST engine scan C:\Windows\system32
13:48:30.541 AVAST engine scan C:\Windows\system32\drivers
13:49:34.395 AVAST engine scan C:\Users\Andreas
15:14:05.891 AVAST engine scan C:\ProgramData
15:19:20.929 Scan finished successfully
15:32:14.583 Disk 0 MBR has been saved successfully to "C:\Users\Andreas\Desktop\MBR.dat"
15:32:14.598 The log file has been saved successfully to "C:\Users\Andreas\Desktop\aswMBR.txt"
Code:
ATTFilter 15:33:55.0528 4304 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:33:55.0783 4304 ============================================================
15:33:55.0783 4304 Current date / time: 2013/07/26 15:33:55.0783
15:33:55.0783 4304 SystemInfo:
15:33:55.0783 4304
15:33:55.0783 4304 OS Version: 6.0.6002 ServicePack: 2.0
15:33:55.0783 4304 Product type: Workstation
15:33:55.0784 4304 ComputerName: ANDREAS-PC
15:33:55.0784 4304 UserName: Andreas
15:33:55.0784 4304 Windows directory: C:\Windows
15:33:55.0784 4304 System windows directory: C:\Windows
15:33:55.0784 4304 Running under WOW64
15:33:55.0784 4304 Processor architecture: Intel x64
15:33:55.0784 4304 Number of processors: 2
15:33:55.0784 4304 Page size: 0x1000
15:33:55.0784 4304 Boot type: Normal boot
15:33:55.0784 4304 ============================================================
15:33:57.0380 4304 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:33:57.0386 4304 ============================================================
15:33:57.0386 4304 \Device\Harddisk0\DR0:
15:33:57.0391 4304 MBR partitions:
15:33:57.0391 4304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38B7A000
15:33:57.0391 4304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38B7A800, BlocksNum 0x180A000
15:33:57.0391 4304 ============================================================
15:33:57.0535 4304 C: <-> \Device\Harddisk0\DR0\Partition1
15:33:57.0630 4304 D: <-> \Device\Harddisk0\DR0\Partition2
15:33:57.0630 4304 ============================================================
15:33:57.0630 4304 Initialize success
15:33:57.0630 4304 ============================================================
15:34:32.0780 4740 ============================================================
15:34:32.0780 4740 Scan started
15:34:32.0780 4740 Mode: Manual; SigCheck; TDLFS;
15:34:32.0780 4740 ============================================================
15:34:34.0074 4740 ================ Scan system memory ========================
15:34:34.0074 4740 System memory - ok
15:34:34.0074 4740 ================ Scan services =============================
15:34:34.0262 4740 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\AAVUpdateManager\aavus.exe
15:34:34.0418 4740 AAV UpdateService - ok
15:34:34.0776 4740 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
15:34:34.0839 4740 Accelerometer - ok
15:34:34.0917 4740 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:34:34.0948 4740 ACPI - ok
15:34:35.0042 4740 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:34:35.0104 4740 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
15:34:35.0104 4740 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
15:34:35.0260 4740 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:34:35.0276 4740 AdobeARMservice - ok
15:34:35.0931 4740 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:34:35.0978 4740 AdobeFlashPlayerUpdateSvc - ok
15:34:36.0602 4740 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:34:36.0680 4740 adp94xx - ok
15:34:36.0742 4740 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:34:36.0789 4740 adpahci - ok
15:34:36.0820 4740 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:34:36.0851 4740 adpu160m - ok
15:34:36.0882 4740 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:34:36.0898 4740 adpu320 - ok
15:34:36.0945 4740 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:34:37.0132 4740 AeLookupSvc - ok
15:34:37.0304 4740 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe
15:34:37.0413 4740 AESTFilters - ok
15:34:37.0491 4740 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
15:34:37.0584 4740 AFD - ok
15:34:37.0647 4740 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:34:37.0678 4740 agp440 - ok
15:34:37.0725 4740 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:34:37.0740 4740 aic78xx - ok
15:34:37.0756 4740 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
15:34:37.0959 4740 ALG - ok
15:34:38.0037 4740 [ E0CA5BB8E6C79533DC6B1DA7361A201E ] aliide C:\Windows\system32\drivers\aliide.sys
15:34:38.0052 4740 aliide - ok
15:34:38.0052 4740 [ 7034F8D1B9703D711D3F92C95DEB377D ] amdide C:\Windows\system32\drivers\amdide.sys
15:34:38.0068 4740 amdide - ok
15:34:38.0130 4740 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:34:38.0177 4740 AmdK8 - ok
15:34:38.0255 4740 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
15:34:38.0333 4740 Appinfo - ok
15:34:38.0520 4740 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:34:38.0520 4740 Apple Mobile Device - ok
15:34:38.0598 4740 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
15:34:38.0614 4740 arc - ok
15:34:38.0661 4740 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:34:38.0676 4740 arcsas - ok
15:34:38.0879 4740 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:34:38.0895 4740 aspnet_state - ok
15:34:38.0973 4740 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
15:34:38.0988 4740 aswFsBlk - ok
15:34:39.0066 4740 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
15:34:39.0098 4740 aswMonFlt - ok
15:34:39.0129 4740 [ 9A9565BB92EE412B77B7416DD1D32F0B ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
15:34:39.0144 4740 AswRdr - ok
15:34:39.0176 4740 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
15:34:39.0191 4740 aswRvrt - ok
15:34:39.0441 4740 [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
15:34:39.0550 4740 aswSnx - ok
15:34:39.0597 4740 [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP C:\Windows\system32\drivers\aswSP.sys
15:34:39.0644 4740 aswSP - ok
15:34:39.0659 4740 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
15:34:39.0690 4740 aswTdi - ok
15:34:39.0722 4740 [ 22F521108881DC59837F6FC614E0568F ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
15:34:39.0753 4740 aswVmm - ok
15:34:39.0800 4740 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:34:39.0878 4740 AsyncMac - ok
15:34:39.0924 4740 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
15:34:39.0940 4740 atapi - ok
15:34:40.0034 4740 [ 54CA8AAC988B441A692311E3B584D944 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
15:34:40.0143 4740 Ati External Event Utility - ok
15:34:40.0564 4740 [ 4B42547AE95A31D0E1E200B68A6C7647 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:34:41.0235 4740 atikmdag - ok
15:34:41.0297 4740 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:34:41.0406 4740 AudioEndpointBuilder - ok
15:34:41.0422 4740 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:34:41.0500 4740 AudioSrv - ok
15:34:41.0796 4740 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:34:41.0812 4740 avast! Antivirus - ok
15:34:41.0843 4740 Beep - ok
15:34:41.0890 4740 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
15:34:41.0984 4740 BFE - ok
15:34:42.0046 4740 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
15:34:42.0140 4740 BITS - ok
15:34:42.0186 4740 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:34:42.0296 4740 blbdrive - ok
15:34:42.0498 4740 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:34:42.0530 4740 Bonjour Service - ok
15:34:42.0576 4740 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:34:42.0654 4740 bowser - ok
15:34:42.0701 4740 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:34:42.0795 4740 BrFiltLo - ok
15:34:42.0857 4740 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:34:42.0935 4740 BrFiltUp - ok
15:34:43.0013 4740 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
15:34:43.0122 4740 Browser - ok
15:34:43.0185 4740 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
15:34:43.0450 4740 Brserid - ok
15:34:43.0497 4740 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:34:43.0637 4740 BrSerWdm - ok
15:34:43.0684 4740 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:34:43.0778 4740 BrUsbMdm - ok
15:34:43.0793 4740 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:34:43.0887 4740 BrUsbSer - ok
15:34:43.0934 4740 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:34:44.0027 4740 BTHMODEM - ok
15:34:44.0058 4740 catchme - ok
15:34:44.0105 4740 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:34:44.0168 4740 cdfs - ok
15:34:44.0246 4740 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:34:44.0308 4740 cdrom - ok
15:34:44.0370 4740 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
15:34:44.0433 4740 CertPropSvc - ok
15:34:44.0464 4740 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:34:44.0542 4740 circlass - ok
15:34:44.0589 4740 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
15:34:44.0620 4740 CLFS - ok
15:34:44.0714 4740 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:34:44.0729 4740 clr_optimization_v2.0.50727_32 - ok
15:34:44.0792 4740 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:34:44.0807 4740 clr_optimization_v2.0.50727_64 - ok
15:34:44.0885 4740 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:34:44.0901 4740 clr_optimization_v4.0.30319_32 - ok
15:34:44.0979 4740 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:34:45.0010 4740 clr_optimization_v4.0.30319_64 - ok
15:34:45.0057 4740 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:34:45.0166 4740 CmBatt - ok
15:34:45.0182 4740 [ 8C6AA24C1D7273A02284588426AB8CE3 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:34:45.0228 4740 cmdide - ok
15:34:45.0369 4740 [ 12E94E225BD7B05A2BCCD5C0B841E921 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:34:45.0384 4740 Com4QLBEx - ok
15:34:45.0416 4740 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:34:45.0431 4740 Compbatt - ok
15:34:45.0431 4740 COMSysApp - ok
15:34:45.0603 4740 cpuz134 - ok
15:34:45.0650 4740 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:34:45.0650 4740 crcdisk - ok
15:34:45.0712 4740 [ 1B22BC0B71F65001479DAB792C3F626C ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:34:45.0759 4740 CryptSvc - ok
15:34:45.0837 4740 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
15:34:45.0852 4740 ctxusbm - ok
15:34:45.0915 4740 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
15:34:45.0977 4740 DcomLaunch - ok
15:34:46.0040 4740 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:34:46.0118 4740 DfsC - ok
15:34:46.0227 4740 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
15:34:46.0414 4740 DFSR - ok
15:34:46.0508 4740 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:34:46.0554 4740 Dhcp - ok
15:34:46.0601 4740 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
15:34:46.0601 4740 disk - ok
15:34:46.0679 4740 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:34:46.0742 4740 Dnscache - ok
15:34:46.0820 4740 [ 57AE249F2C6A90476E8E400F0EEC3C56 ] Dokan C:\Windows\system32\drivers\dokan.sys
15:34:46.0835 4740 Dokan - ok
15:34:47.0007 4740 [ F4FEAE56DA1B5B7DC78D5F9214CDEF5E ] DokanMounter C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
15:34:47.0038 4740 DokanMounter ( UnsignedFile.Multi.Generic ) - warning
15:34:47.0038 4740 DokanMounter - detected UnsignedFile.Multi.Generic (1)
15:34:47.0100 4740 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
15:34:47.0147 4740 dot3svc - ok
15:34:47.0225 4740 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
15:34:47.0272 4740 DPS - ok
15:34:47.0334 4740 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:34:47.0397 4740 drmkaud - ok
15:34:47.0537 4740 [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:34:47.0646 4740 DXGKrnl - ok
15:34:47.0756 4740 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
15:34:47.0880 4740 E1G60 - ok
15:34:47.0943 4740 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
15:34:47.0990 4740 EapHost - ok
15:34:48.0052 4740 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
15:34:48.0068 4740 Ecache - ok
15:34:48.0177 4740 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:34:48.0255 4740 ehRecvr - ok
15:34:48.0317 4740 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
15:34:48.0348 4740 ehSched - ok
15:34:48.0395 4740 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
15:34:48.0442 4740 ehstart - ok
15:34:48.0504 4740 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:34:48.0520 4740 elxstor - ok
15:34:48.0567 4740 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:34:48.0629 4740 EMDMgmt - ok
15:34:48.0707 4740 [ F218A3A27ED6592C0E22EC3595554447 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
15:34:48.0770 4740 enecir - ok
15:34:48.0801 4740 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:34:48.0894 4740 ErrDev - ok
15:34:49.0019 4740 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
15:34:49.0066 4740 EventSystem - ok
15:34:49.0128 4740 [ 6BB25543428878BAFBC2F8446343B160 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
15:34:49.0160 4740 ewusbnet - ok
15:34:49.0222 4740 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
15:34:49.0284 4740 ew_hwusbdev - ok
15:34:49.0362 4740 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
15:34:49.0440 4740 exfat - ok
15:34:49.0440 4740 ezSharedSvc - ok
15:34:49.0456 4740 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:34:49.0518 4740 fastfat - ok
15:34:49.0534 4740 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:34:49.0596 4740 fdc - ok
15:34:49.0628 4740 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
15:34:49.0674 4740 fdPHost - ok
15:34:49.0674 4740 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
15:34:49.0737 4740 FDResPub - ok
15:34:49.0768 4740 Fildro - ok
15:34:49.0815 4740 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:34:49.0830 4740 FileInfo - ok
15:34:49.0830 4740 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:34:49.0877 4740 Filetrace - ok
15:34:49.0908 4740 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:34:49.0971 4740 flpydisk - ok
15:34:49.0986 4740 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:34:50.0002 4740 FltMgr - ok
15:34:50.0236 4740 [ F20A97F51C104DD0A163251325460747 ] FontCache C:\Windows\system32\FntCache.dll
15:34:50.0392 4740 FontCache - ok
15:34:50.0532 4740 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:34:50.0548 4740 FontCache3.0.0.0 - ok
15:34:50.0610 4740 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:34:50.0657 4740 Fs_Rec - ok
15:34:50.0704 4740 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:34:50.0720 4740 gagp30kx - ok
15:34:50.0798 4740 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:34:50.0813 4740 GEARAspiWDM - ok
15:34:50.0891 4740 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
15:34:50.0922 4740 gpsvc - ok
15:34:51.0000 4740 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:34:51.0063 4740 HdAudAddService - ok
15:34:51.0156 4740 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:34:51.0234 4740 HDAudBus - ok
15:34:51.0266 4740 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:34:51.0344 4740 HidBth - ok
15:34:51.0390 4740 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:34:51.0437 4740 HidIr - ok
15:34:51.0484 4740 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
15:34:51.0531 4740 hidserv - ok
15:34:51.0578 4740 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:34:51.0624 4740 HidUsb - ok
15:34:51.0671 4740 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
15:34:51.0718 4740 hkmsvc - ok
15:34:51.0796 4740 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:34:51.0843 4740 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
15:34:51.0843 4740 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
15:34:51.0905 4740 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:34:51.0921 4740 HpCISSs - ok
15:34:51.0968 4740 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
15:34:51.0983 4740 hpdskflt - ok
15:34:52.0030 4740 [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:34:52.0092 4740 HpqKbFiltr - ok
15:34:52.0202 4740 [ 188FF0ADF66768D53AD94F43972E1E9A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:34:52.0217 4740 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
15:34:52.0217 4740 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
15:34:52.0264 4740 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
15:34:52.0295 4740 hpsrv - ok
15:34:52.0420 4740 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:34:52.0514 4740 HTTP - ok
15:34:52.0592 4740 [ C2212C930D7A6CC21972B9882683D271 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
15:34:52.0638 4740 huawei_enumerator - ok
15:34:52.0716 4740 [ 6E05228393CD614B983568EC40C262C3 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:34:52.0794 4740 hwdatacard - ok
15:34:52.0841 4740 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:34:52.0857 4740 i2omp - ok
15:34:52.0904 4740 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:34:52.0997 4740 i8042prt - ok
15:34:53.0091 4740 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:34:53.0153 4740 iaStorV - ok
15:34:53.0340 4740 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:34:53.0418 4740 idsvc - ok
15:34:53.0465 4740 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:34:53.0481 4740 iirsp - ok
15:34:53.0574 4740 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
15:34:53.0637 4740 IKEEXT - ok
15:34:53.0684 4740 [ 475490CAF376E55E6E8B37BBDFEB2E81 ] intelide C:\Windows\system32\drivers\intelide.sys
15:34:53.0699 4740 intelide - ok
15:34:53.0746 4740 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:34:53.0808 4740 intelppm - ok
15:34:53.0855 4740 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:34:53.0918 4740 IPBusEnum - ok
15:34:53.0980 4740 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:34:54.0042 4740 IpFilterDriver - ok
15:34:54.0074 4740 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:34:54.0136 4740 iphlpsvc - ok
15:34:54.0136 4740 IpInIp - ok
15:34:54.0183 4740 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:34:54.0276 4740 IPMIDRV - ok
15:34:54.0292 4740 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:34:54.0370 4740 IPNAT - ok
15:34:54.0620 4740 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:34:54.0666 4740 iPod Service - ok
15:34:54.0729 4740 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:34:54.0854 4740 IRENUM - ok
15:34:54.0916 4740 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:34:54.0932 4740 isapnp - ok
15:34:54.0978 4740 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:34:54.0994 4740 iScsiPrt - ok
15:34:55.0025 4740 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:34:55.0041 4740 iteatapi - ok
15:34:55.0103 4740 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:34:55.0119 4740 iteraid - ok
15:34:55.0150 4740 [ BB86B1C3489463BBA1FD04C876DBE414 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
15:34:55.0244 4740 JMCR - ok
15:34:55.0275 4740 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:34:55.0290 4740 kbdclass - ok
15:34:55.0322 4740 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:34:55.0368 4740 kbdhid - ok
15:34:55.0415 4740 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
15:34:55.0493 4740 KeyIso - ok
15:34:55.0618 4740 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:34:55.0727 4740 KSecDD - ok
15:34:55.0758 4740 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:34:55.0805 4740 ksthunk - ok
15:34:55.0868 4740 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
15:34:55.0930 4740 KtmRm - ok
15:34:55.0992 4740 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:34:56.0039 4740 LanmanServer - ok
15:34:56.0086 4740 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:34:56.0133 4740 LanmanWorkstation - ok
15:34:56.0367 4740 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:34:56.0382 4740 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:34:56.0382 4740 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:34:56.0429 4740 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:34:56.0460 4740 lltdio - ok
15:34:56.0507 4740 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:34:56.0570 4740 lltdsvc - ok
15:34:56.0570 4740 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:34:56.0632 4740 lmhosts - ok
15:34:56.0679 4740 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:34:56.0694 4740 LSI_FC - ok
15:34:56.0726 4740 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:34:56.0741 4740 LSI_SAS - ok
15:34:56.0757 4740 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:34:56.0772 4740 LSI_SCSI - ok
15:34:56.0835 4740 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
15:34:56.0882 4740 luafv - ok
15:34:56.0991 4740 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
15:34:57.0006 4740 McComponentHostService - ok
15:34:57.0069 4740 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:34:57.0084 4740 Mcx2Svc - ok
15:34:57.0162 4740 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
15:34:57.0178 4740 megasas - ok
15:34:57.0240 4740 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:34:57.0272 4740 MegaSR - ok
15:34:57.0318 4740 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
15:34:57.0365 4740 MMCSS - ok
15:34:57.0412 4740 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
15:34:57.0474 4740 Modem - ok
15:34:57.0521 4740 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:34:57.0584 4740 monitor - ok
15:34:57.0599 4740 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:34:57.0615 4740 mouclass - ok
15:34:57.0677 4740 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:34:57.0724 4740 mouhid - ok
15:34:57.0771 4740 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:34:57.0786 4740 MountMgr - ok
15:34:57.0927 4740 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:34:57.0942 4740 MozillaMaintenance - ok
15:34:57.0974 4740 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
15:34:58.0005 4740 mpio - ok
15:34:58.0036 4740 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:34:58.0083 4740 mpsdrv - ok
15:34:58.0176 4740 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
15:34:58.0239 4740 MpsSvc - ok
15:34:58.0301 4740 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:34:58.0317 4740 Mraid35x - ok
15:34:58.0379 4740 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:34:58.0395 4740 MRxDAV - ok
15:34:58.0410 4740 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:34:58.0457 4740 mrxsmb - ok
15:34:58.0473 4740 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:34:58.0520 4740 mrxsmb10 - ok
15:34:58.0520 4740 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:34:58.0551 4740 mrxsmb20 - ok
15:34:58.0613 4740 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
15:34:58.0629 4740 msahci - ok
15:34:58.0691 4740 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:34:58.0707 4740 msdsm - ok
15:34:58.0769 4740 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
15:34:58.0816 4740 MSDTC - ok
15:34:58.0878 4740 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:34:58.0941 4740 Msfs - ok
15:34:59.0019 4740 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:34:59.0034 4740 msisadrv - ok
15:34:59.0081 4740 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:34:59.0144 4740 MSiSCSI - ok
15:34:59.0144 4740 msiserver - ok
15:34:59.0206 4740 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:34:59.0268 4740 MSKSSRV - ok
15:34:59.0268 4740 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:34:59.0315 4740 MSPCLOCK - ok
15:34:59.0378 4740 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:34:59.0424 4740 MSPQM - ok
15:34:59.0440 4740 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:34:59.0471 4740 MsRPC - ok
15:34:59.0502 4740 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:34:59.0518 4740 mssmbios - ok
15:34:59.0580 4740 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:34:59.0627 4740 MSTEE - ok
15:34:59.0705 4740 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
15:34:59.0721 4740 Mup - ok
15:34:59.0830 4740 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
15:34:59.0877 4740 napagent - ok
15:34:59.0939 4740 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:34:59.0970 4740 NativeWifiP - ok
15:35:00.0033 4740 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:35:00.0080 4740 NDIS - ok
15:35:00.0080 4740 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:35:00.0126 4740 NdisTapi - ok
15:35:00.0173 4740 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:35:00.0236 4740 Ndisuio - ok
15:35:00.0251 4740 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:35:00.0298 4740 NdisWan - ok
15:35:00.0298 4740 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:35:00.0345 4740 NDProxy - ok
15:35:00.0392 4740 [ F19DA517C6DEF5B273A87C092B70ACA3 ] NEOFLTR_740_24401 C:\Windows\system32\Drivers\NEOFLTR_740_24401.SYS
15:35:00.0407 4740 NEOFLTR_740_24401 - ok
15:35:00.0454 4740 Nero BackItUp Scheduler 4.0 - ok
15:35:00.0501 4740 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:35:00.0594 4740 NetBIOS - ok
15:35:00.0610 4740 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:35:00.0641 4740 netbt - ok
15:35:00.0657 4740 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
15:35:00.0672 4740 Netlogon - ok
15:35:00.0750 4740 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
15:35:00.0813 4740 Netman - ok
15:35:00.0875 4740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:35:00.0891 4740 NetMsmqActivator - ok
15:35:00.0891 4740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:35:00.0906 4740 NetPipeActivator - ok
15:35:00.0953 4740 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
15:35:01.0000 4740 netprofm - ok
15:35:01.0016 4740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:35:01.0031 4740 NetTcpActivator - ok
15:35:01.0031 4740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:35:01.0047 4740 NetTcpPortSharing - ok
15:35:01.0296 4740 [ C86984AEE87900C1EEB6942EDE3BF4B6 ] NETw3v64 C:\Windows\system32\DRIVERS\NETw3v64.sys
15:35:01.0484 4740 NETw3v64 - ok
15:35:02.0201 4740 [ 2BDCB7B7917380794C9D87AC2153CE33 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
15:35:02.0560 4740 NETw5v64 - ok
15:35:02.0576 4740 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:35:02.0591 4740 nfrd960 - ok
15:35:02.0638 4740 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
15:35:02.0716 4740 NlaSvc - ok
15:35:02.0794 4740 [ 02C1198276C0D4F39E54EB5148AF1E2A ] nmwcdcx64 C:\Windows\system32\drivers\ccdcmbox64.sys
15:35:02.0888 4740 nmwcdcx64 - ok
15:35:02.0934 4740 [ 76292103C5149EB140419F36DCF26C1B ] nmwcdnsucx64 C:\Windows\system32\drivers\nmwcdnsucx64.sys
15:35:02.0981 4740 nmwcdnsucx64 - ok
15:35:03.0044 4740 [ 2974296DA6296B4FEA3E313BF98C693D ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
15:35:03.0075 4740 nmwcdnsux64 - ok
15:35:03.0137 4740 [ D8F00FCC82451BDAA3DB93BB62AE6AC3 ] nmwcdx64 C:\Windows\system32\drivers\ccdcmbx64.sys
15:35:03.0200 4740 nmwcdx64 - ok
15:35:03.0246 4740 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:35:03.0278 4740 Npfs - ok
15:35:03.0324 4740 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
15:35:03.0371 4740 nsi - ok
15:35:03.0402 4740 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:35:03.0496 4740 nsiproxy - ok
15:35:03.0652 4740 [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:35:03.0714 4740 Ntfs - ok
15:35:03.0730 4740 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
15:35:03.0792 4740 Null - ok
15:35:03.0839 4740 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:35:03.0855 4740 nvraid - ok
15:35:03.0870 4740 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:35:03.0886 4740 nvstor - ok
15:35:03.0917 4740 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:35:03.0933 4740 nv_agp - ok
15:35:03.0948 4740 NwlnkFlt - ok
15:35:03.0948 4740 NwlnkFwd - ok
15:35:04.0011 4740 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:35:04.0073 4740 ohci1394 - ok
15:35:04.0104 4740 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:35:04.0136 4740 ose - ok
15:35:04.0198 4740 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:35:04.0307 4740 p2pimsvc - ok
15:35:04.0338 4740 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
15:35:04.0385 4740 p2psvc - ok
15:35:04.0416 4740 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
15:35:04.0510 4740 Parport - ok
15:35:04.0557 4740 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:35:04.0588 4740 partmgr - ok
15:35:04.0619 4740 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
15:35:04.0682 4740 PcaSvc - ok
15:35:04.0760 4740 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:35:04.0822 4740 pccsmcfd - ok
15:35:04.0869 4740 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
15:35:04.0884 4740 pci - ok
15:35:04.0931 4740 [ 15E5C3F89A3452EFBDA3B39816DBC4EE ] pciide C:\Windows\system32\drivers\pciide.sys
15:35:04.0947 4740 pciide - ok
15:35:04.0978 4740 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:35:04.0994 4740 pcmcia - ok
15:35:05.0025 4740 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:35:05.0134 4740 PEAUTH - ok
15:35:05.0259 4740 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:35:05.0321 4740 PerfHost - ok
15:35:05.0477 4740 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
15:35:05.0540 4740 pla - ok
15:35:05.0586 4740 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:35:05.0633 4740 PlugPlay - ok
15:35:05.0696 4740 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:35:05.0727 4740 PNRPAutoReg - ok
15:35:05.0742 4740 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:35:05.0774 4740 PNRPsvc - ok
15:35:05.0820 4740 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:35:05.0883 4740 PolicyAgent - ok
15:35:05.0992 4740 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:35:06.0039 4740 PptpMiniport - ok
15:35:06.0086 4740 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
15:35:06.0148 4740 Processor - ok
15:35:06.0195 4740 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
15:35:06.0226 4740 ProfSvc - ok
15:35:06.0273 4740 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
15:35:06.0288 4740 ProtectedStorage - ok
15:35:06.0335 4740 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:35:06.0382 4740 PSched - ok
15:35:06.0444 4740 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:35:06.0491 4740 ql2300 - ok
15:35:06.0522 4740 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:35:06.0538 4740 ql40xx - ok
15:35:06.0585 4740 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
15:35:06.0600 4740 QWAVE - ok
15:35:06.0647 4740 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:35:06.0678 4740 QWAVEdrv - ok
15:35:06.0788 4740 [ ED4E69C31EF566266BE13638EBE9DA56 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
15:35:06.0834 4740 RapiMgr - ok
15:35:06.0881 4740 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:35:06.0928 4740 RasAcd - ok
15:35:06.0975 4740 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
15:35:07.0037 4740 RasAuto - ok
15:35:07.0053 4740 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:35:07.0100 4740 Rasl2tp - ok
15:35:07.0178 4740 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
15:35:07.0209 4740 RasMan - ok
15:35:07.0240 4740 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:35:07.0287 4740 RasPppoe - ok
15:35:07.0287 4740 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:35:07.0318 4740 RasSstp - ok
15:35:07.0349 4740 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:35:07.0396 4740 rdbss - ok
15:35:07.0427 4740 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:35:07.0474 4740 RDPCDD - ok
15:35:07.0521 4740 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:35:07.0568 4740 rdpdr - ok
15:35:07.0614 4740 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:35:07.0677 4740 RDPENCDD - ok
15:35:07.0677 4740 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:35:07.0755 4740 RDPWD - ok
15:35:07.0895 4740 [ BC0A4D47472B042537F4E57B950415FA ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe
15:35:07.0942 4740 Recovery Service for Windows - ok
15:35:08.0004 4740 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:35:08.0114 4740 RemoteAccess - ok
15:35:08.0160 4740 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:35:08.0207 4740 RemoteRegistry - ok
15:35:08.0301 4740 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:35:08.0316 4740 RichVideo ( UnsignedFile.Multi.Generic ) - warning
15:35:08.0316 4740 RichVideo - detected UnsignedFile.Multi.Generic (1)
15:35:08.0379 4740 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
15:35:08.0410 4740 RpcLocator - ok
15:35:08.0472 4740 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll
15:35:08.0504 4740 RpcSs - ok
15:35:08.0550 4740 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:35:08.0597 4740 rspndr - ok
15:35:08.0660 4740 [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
15:35:08.0706 4740 RTL8169 - ok
15:35:08.0722 4740 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
15:35:08.0738 4740 SamSs - ok
15:35:08.0784 4740 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:35:08.0800 4740 sbp2port - ok
15:35:08.0831 4740 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:35:08.0894 4740 SCardSvr - ok
15:35:08.0925 4740 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
15:35:09.0003 4740 Schedule - ok
15:35:09.0034 4740 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:35:09.0065 4740 SCPolicySvc - ok
15:35:09.0112 4740 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:35:09.0174 4740 sdbus - ok
15:35:09.0221 4740 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:35:09.0284 4740 SDRSVC - ok
15:35:09.0330 4740 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:35:09.0408 4740 secdrv - ok
15:35:09.0455 4740 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
15:35:09.0518 4740 seclogon - ok
15:35:09.0533 4740 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
15:35:09.0596 4740 SENS - ok
15:35:09.0627 4740 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:35:09.0720 4740 Serenum - ok
15:35:09.0736 4740 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
15:35:09.0830 4740 Serial - ok
15:35:09.0845 4740 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:35:09.0908 4740 sermouse - ok
15:35:10.0032 4740 [ 58D5BFDF3ADF49FE9CABD78CC61D92F6 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:35:10.0079 4740 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
15:35:10.0079 4740 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
15:35:10.0126 4740 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
15:35:10.0188 4740 SessionEnv - ok
15:35:10.0220 4740 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:35:10.0266 4740 sffdisk - ok
15:35:10.0298 4740 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:35:10.0344 4740 sffp_mmc - ok
15:35:10.0376 4740 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:35:10.0438 4740 sffp_sd - ok
15:35:10.0454 4740 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:35:10.0547 4740 sfloppy - ok
15:35:10.0625 4740 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:35:10.0703 4740 SharedAccess - ok
15:35:10.0750 4740 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:35:10.0828 4740 ShellHWDetection - ok
15:35:10.0875 4740 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:35:10.0890 4740 SiSRaid2 - ok
15:35:10.0922 4740 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:35:10.0937 4740 SiSRaid4 - ok
15:35:11.0046 4740 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:35:11.0062 4740 SkypeUpdate - ok
15:35:11.0171 4740 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
15:35:11.0343 4740 slsvc - ok
15:35:11.0374 4740 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:35:11.0421 4740 SLUINotify - ok
15:35:11.0468 4740 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:35:11.0499 4740 Smb - ok
15:35:11.0561 4740 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:35:11.0577 4740 SNMPTRAP - ok
15:35:11.0608 4740 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
15:35:11.0624 4740 spldr - ok
15:35:11.0686 4740 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
15:35:11.0733 4740 Spooler - ok
15:35:11.0780 4740 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
15:35:11.0842 4740 srv - ok
15:35:11.0842 4740 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:35:11.0904 4740 srv2 - ok
15:35:11.0936 4740 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:35:11.0967 4740 srvnet - ok
15:35:12.0014 4740 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:35:12.0060 4740 SSDPSRV - ok
15:35:12.0138 4740 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:35:12.0170 4740 SstpSvc - ok
15:35:12.0310 4740 [ 72EB6157E892A674E47E08732BB5CCE3 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
15:35:12.0341 4740 STacSV - ok
15:35:12.0435 4740 [ 0C7BDA7E9A329A071C080EB5210FE019 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
15:35:12.0466 4740 STHDA - ok
15:35:12.0560 4740 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
15:35:12.0591 4740 stisvc - ok
15:35:12.0622 4740 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:35:12.0638 4740 swenum - ok
15:35:12.0700 4740 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
15:35:12.0731 4740 swprv - ok
15:35:12.0747 4740 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:35:12.0762 4740 Symc8xx - ok
15:35:12.0809 4740 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:35:12.0825 4740 Sym_hi - ok
15:35:12.0825 4740 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:35:12.0840 4740 Sym_u3 - ok
15:35:12.0872 4740 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:35:12.0887 4740 SynTP - ok
15:35:12.0965 4740 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
15:35:12.0996 4740 SysMain - ok
15:35:13.0028 4740 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:35:13.0059 4740 TabletInputService - ok
15:35:13.0106 4740 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:35:13.0152 4740 TapiSrv - ok
15:35:13.0168 4740 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
15:35:13.0230 4740 TBS - ok
15:35:13.0308 4740 [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:35:13.0340 4740 Tcpip - ok
15:35:13.0371 4740 [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:35:13.0402 4740 Tcpip6 - ok
15:35:13.0402 4740 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:35:13.0449 4740 tcpipreg - ok
15:35:13.0511 4740 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:35:13.0558 4740 TDPIPE - ok
15:35:13.0558 4740 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:35:13.0605 4740 TDTCP - ok
15:35:13.0605 4740 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:35:13.0636 4740 tdx - ok
15:35:13.0683 4740 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:35:13.0698 4740 TermDD - ok
15:35:13.0745 4740 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
15:35:13.0823 4740 TermService - ok
15:35:13.0886 4740 [ 46B389E1A1C8E66D877402FC0821A371 ] TGCM_ImportWiFiSvc C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
15:35:13.0901 4740 TGCM_ImportWiFiSvc - ok
15:35:13.0932 4740 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
15:35:13.0948 4740 Themes - ok
15:35:13.0995 4740 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
15:35:14.0042 4740 THREADORDER - ok
15:35:14.0135 4740 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
15:35:14.0151 4740 TomTomHOMEService - ok
15:35:14.0198 4740 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
15:35:14.0260 4740 TrkWks - ok
15:35:14.0322 4740 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:35:14.0385 4740 TrustedInstaller - ok
15:35:14.0432 4740 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:35:14.0478 4740 tssecsrv - ok
15:35:14.0510 4740 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:35:14.0525 4740 tunmp - ok
15:35:14.0525 4740 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:35:14.0572 4740 tunnel - ok
15:35:14.0775 4740 [ 1C31169DDDC70C1605F703DA701EAEEA ] TVCapSvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
15:35:14.0790 4740 TVCapSvc - ok
15:35:14.0822 4740 [ 290B8C381DBC15D3DBCBD2BDB6B0BA12 ] TVSched C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
15:35:14.0837 4740 TVSched - ok
15:35:14.0868 4740 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:35:14.0884 4740 uagp35 - ok
15:35:14.0946 4740 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:35:14.0993 4740 udfs - ok
15:35:15.0040 4740 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:35:15.0102 4740 UI0Detect - ok
15:35:15.0134 4740 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:35:15.0149 4740 uliagpkx - ok
15:35:15.0180 4740 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:35:15.0212 4740 uliahci - ok
15:35:15.0227 4740 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:35:15.0243 4740 UlSata - ok
15:35:15.0290 4740 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:35:15.0305 4740 ulsata2 - ok
15:35:15.0321 4740 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:35:15.0368 4740 umbus - ok
15:35:15.0414 4740 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
15:35:15.0477 4740 upnphost - ok
15:35:15.0492 4740 [ 9856C38AB8FAACCA4DD99DAC7B42F838 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
15:35:15.0524 4740 upperdev - ok
15:35:15.0586 4740 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:35:15.0648 4740 USBAAPL64 - ok
15:35:15.0726 4740 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:35:15.0789 4740 usbaudio - ok
15:35:15.0851 4740 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:35:15.0914 4740 usbccgp - ok
15:35:15.0945 4740 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:35:16.0007 4740 usbcir - ok
15:35:16.0054 4740 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:35:16.0101 4740 usbehci - ok
15:35:16.0163 4740 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:35:16.0226 4740 usbhub - ok
15:35:16.0257 4740 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:35:16.0335 4740 usbohci - ok
15:35:16.0335 4740 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:35:16.0413 4740 usbprint - ok
15:35:16.0460 4740 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:35:16.0491 4740 usbscan - ok
15:35:16.0553 4740 [ F7386007FB19E7685FC7B298560AA81F ] usbser C:\Windows\system32\drivers\usbser.sys
15:35:16.0600 4740 usbser - ok
15:35:16.0631 4740 [ 89123DC822AC7A708BD4C9E196A37610 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
15:35:16.0678 4740 UsbserFilt - ok
15:35:16.0725 4740 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:35:16.0787 4740 USBSTOR - ok
15:35:16.0818 4740 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:35:16.0865 4740 usbuhci - ok
15:35:16.0928 4740 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:35:16.0974 4740 usbvideo - ok
15:35:17.0006 4740 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
15:35:17.0052 4740 UxSms - ok
15:35:17.0084 4740 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
15:35:17.0130 4740 vds - ok
15:35:17.0177 4740 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:35:17.0240 4740 vga - ok
15:35:17.0302 4740 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:35:17.0349 4740 VgaSave - ok
15:35:17.0364 4740 [ 4F964E6828156F0EF3FA8D3A9A7895DE ] viaide C:\Windows\system32\drivers\viaide.sys
15:35:17.0380 4740 viaide - ok
15:35:17.0427 4740 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:35:17.0442 4740 volmgr - ok
15:35:17.0489 4740 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:35:17.0520 4740 volmgrx - ok
15:35:17.0567 4740 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:35:17.0598 4740 volsnap - ok
15:35:17.0645 4740 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:35:17.0661 4740 vsmraid - ok
15:35:17.0739 4740 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
15:35:17.0817 4740 VSS - ok
15:35:17.0832 4740 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
15:35:17.0910 4740 W32Time - ok
15:35:17.0942 4740 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:35:18.0020 4740 WacomPen - ok
15:35:18.0082 4740 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:35:18.0113 4740 Wanarp - ok
15:35:18.0129 4740 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:35:18.0160 4740 Wanarpv6 - ok
15:35:18.0222 4740 [ 382A7B0B632EC98DE5F0658DA9DE6159 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
15:35:18.0269 4740 WcesComm - ok
15:35:18.0332 4740 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:35:18.0394 4740 wcncsvc - ok
15:35:18.0410 4740 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:35:18.0441 4740 WcsPlugInService - ok
15:35:18.0488 4740 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
15:35:18.0503 4740 Wd - ok
15:35:18.0534 4740 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:35:18.0581 4740 Wdf01000 - ok
15:35:18.0628 4740 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:35:18.0690 4740 WdiServiceHost - ok
15:35:18.0690 4740 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:35:18.0737 4740 WdiSystemHost - ok
15:35:18.0768 4740 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
15:35:18.0800 4740 WebClient - ok
15:35:18.0800 4740 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:35:18.0878 4740 Wecsvc - ok
15:35:18.0909 4740 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:35:18.0956 4740 wercplsupport - ok
15:35:18.0971 4740 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
15:35:19.0034 4740 WerSvc - ok
15:35:19.0080 4740 WinDefend - ok
15:35:19.0096 4740 WinHttpAutoProxySvc - ok
15:35:19.0174 4740 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:35:19.0252 4740 Winmgmt - ok
15:35:19.0346 4740 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
15:35:19.0486 4740 WinRM - ok
15:35:19.0533 4740 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
15:35:19.0564 4740 winusb - ok
15:35:19.0611 4740 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:35:19.0689 4740 Wlansvc - ok
15:35:19.0892 4740 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:35:19.0970 4740 wlidsvc - ok
15:35:20.0001 4740 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:35:20.0063 4740 WmiAcpi - ok
15:35:20.0110 4740 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:35:20.0157 4740 wmiApSrv - ok
15:35:20.0204 4740 WMPNetworkSvc - ok
15:35:20.0266 4740 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:35:20.0313 4740 WPCSvc - ok
15:35:20.0391 4740 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:35:20.0453 4740 WPDBusEnum - ok
15:35:20.0500 4740 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:35:20.0562 4740 WpdUsb - ok
15:35:20.0734 4740 [ 8E344C1B4FE7EDE0E9055405B9987862 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:35:20.0765 4740 WPFFontCache_v0400 - ok
15:35:20.0828 4740 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:35:20.0859 4740 ws2ifsl - ok
15:35:20.0937 4740 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
15:35:20.0968 4740 wscsvc - ok
15:35:20.0968 4740 WSearch - ok
15:35:21.0046 4740 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:35:21.0108 4740 wuauserv - ok
15:35:21.0140 4740 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:35:21.0202 4740 WudfPf - ok
15:35:21.0202 4740 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:35:21.0233 4740 WUDFRd - ok
15:35:21.0280 4740 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:35:21.0311 4740 wudfsvc - ok
15:35:21.0374 4740 [ 07F7285220307AAFB755D890295F0F9A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
15:35:21.0420 4740 yukonx64 - ok
15:35:21.0530 4740 [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
15:35:21.0545 4740 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
15:35:21.0576 4740 ================ Scan global ===============================
15:35:21.0608 4740 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
15:35:21.0670 4740 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
15:35:21.0686 4740 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
15:35:21.0748 4740 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
15:35:21.0764 4740 [Global] - ok
15:35:21.0764 4740 ================ Scan MBR ==================================
15:35:21.0779 4740 [ 48E3F1D37D7213D84BE3E5B9893067F6 ] \Device\Harddisk0\DR0
15:35:23.0136 4740 \Device\Harddisk0\DR0 - ok
15:35:23.0136 4740 ================ Scan VBR ==================================
15:35:23.0168 4740 [ 4F671ACB12D2B23C2A215D3B242A1E8F ] \Device\Harddisk0\DR0\Partition1
15:35:23.0168 4740 \Device\Harddisk0\DR0\Partition1 - ok
15:35:23.0199 4740 [ 7B194D67144E38317068B1DBCA999781 ] \Device\Harddisk0\DR0\Partition2
15:35:23.0199 4740 \Device\Harddisk0\DR0\Partition2 - ok
15:35:23.0199 4740 ============================================================
15:35:23.0199 4740 Scan finished
15:35:23.0199 4740 ============================================================
15:35:23.0214 2084 Detected object count: 7
15:35:23.0214 2084 Actual detected object count: 7
15:38:12.0537 2084 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:38:12.0537 2084 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:38:12.0537 2084 DokanMounter ( UnsignedFile.Multi.Generic ) - skipped by user
15:38:12.0537 2084 DokanMounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:38:12.0537 2084 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:38:12.0537 2084 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:38:12.0537 2084 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
15:38:12.0537 2084 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:38:12.0537 2084 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:38:12.0552 2084 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:38:12.0552 2084 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
15:38:12.0552 2084 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:38:12.0552 2084 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
15:38:12.0552 2084 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
26.07.2013, 16:12
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Internet-Verbindung Hm, also das sieht unauffällig aus. Dass man dein Windows ohne Inplace-Upgrade oder gar Neuinstallation wieder geradebiegen kann sieht finde ich nicht so wahrscheinlich aus.... Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ --> Problem mit Internet-Verbindung |
|
01.08.2013, 05:42
| #37 |
| | Problem mit Internet-Verbindung sorry, hat etwas gedauert diesmal, aber hier die logs: MBAM: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.30.09 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Andreas :: ANDREAS-PC [Administrator] 30.07.2013 21:51:32 mbam-log-2013-07-30 (21-51-32).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 226943 Laufzeit: 4 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=18327d442d39d84a99c5ec4e0f08cf98
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-05 09:29:14
# local_time=2012-10-05 11:29:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 22931805 22931805 0 0
# compatibility_mode=5892 16776574 66 56 304120 186986618 0 0
# compatibility_mode=8192 67108863 100 0 335 335 0 0
# compatibility_mode=9217 16777214 0 13 106879692 106879693 0 0
# scanned=280288
# found=17
# cleaned=0
# scan_time=9842
C:\Users\Andreas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN6H3IZ9\bi_downloader[1].exe a variant of Win32/Somoto.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Andreas\AppData\Local\Temp\nsw6BB1.tmp a variant of Win32/Somoto.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Andreas\AppData\Local\Temp\NERO1005256\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Andreas\AppData\Local\Temp\plugtmp-7\plugin-other.swf SWF.Injector.A trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\d9b7edf-72d2bc92 a variant of Java/Exploit.Agent.NBC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\20ad3661-2f2fbe68 a variant of Java/Exploit.Blacole.AN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2b4c09a1-6d91bc46 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4f6eb3a6-78ac17a2 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\23656971-7aac1cc8 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\427ea4b4-29ebd6c3 Java/TrojanDownloader.Agent.NDR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\611e0a7d-5685e3ae multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000004.@ Win64/Conedex.C trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@ Win64/Agent.BA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\000000cb.@ Win64/Conedex.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ Win64/Sirefef.AP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000032.@ probably a variant of Win32/Sirefef.FD trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Sirefef.EZ trojan 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=18327d442d39d84a99c5ec4e0f08cf98
# engine=14605
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-31 11:02:19
# local_time=2013-08-01 01:02:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=774 16777213 85 91 473191 152021611 0 0
# compatibility_mode=5892 16776574 100 100 1302560 212835645 0 0
# compatibility_mode=9217 16777214 0 13 132728719 132728720 0 0
# scanned=445537
# found=0
# cleaned=0
# scan_time=14343
|
|
01.08.2013, 11:36
| #38 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Internet-Verbindung Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2013, 20:10
| #39 |
| | Problem mit Internet-Verbindung den cookie-culler verwende ich bereits. ebenso NoScript. soweit läuft das System wieder - vielen Dank für alles! Das ist echt eine sensationelle Hilfe!!  |
|
06.08.2013, 23:25
| #40 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Internet-Verbindung Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Problem mit Internet-Verbindung |
| administrator, anti-malware, autostart, avira, booten, dateien, explorer, folge, internetverbindung, java, keine verbindung, log, malwarebytes, mozilla, online, problem, probleme, rechner, schutz, system, updates, verbindung, virenschutz, vista, wlan |
Linear-Darstellung
