| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.05.2014, 02:22
| #1 |
| |  Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen Hallo, ich habe jetzt schon seit bestimmt einer Woche das Problem, dass mein PC und Laptop befallen sind. Schon Kaspersky, Avira und AVG mit jeweiligem Rescue Disks zur Hilfe genommen, aber die Malware umgeht das alles. FRST64: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by ADMIN (administrator) on ADMIN-PC on 27-05-2014 01:46:26
Running from E:\scans
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
() E:\scans\Defogger.exe
==================== Registry (Whitelisted) ==================
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Tcpip\Parameters: [DhcpNameServer] 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10
FireFox:
========
==================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-27 02:36 - 2014-05-27 01:43 - 00000000 ____D () C:\Windows\Panther
2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 ____D () C:\FRST
2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 _____ () C:\Users\ADMIN\defogger_reenable
2014-05-27 01:45 - 2014-05-27 01:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-05-27 01:44 - 2014-05-27 01:44 - 00001405 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-27 01:43 - 2014-05-27 01:46 - 00000000 ____D () C:\Users\ADMIN
2014-05-27 01:43 - 2014-05-27 01:44 - 00001439 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-27 01:43 - 2014-05-27 01:44 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-27 01:43 - 2014-05-27 01:44 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-27 01:43 - 2014-05-27 01:43 - 00000020 ___SH () C:\Users\ADMIN\ntuser.ini
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Netzwerkumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Lokale Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Eigene Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Druckumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 __SHD () C:\Recovery
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 ____D () C:\Users\ADMIN\AppData\Local\VirtualStore
2014-05-27 01:43 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-27 01:43 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-27 01:40 - 2014-05-27 01:40 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-05-27 01:40 - 2014-05-27 01:40 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-05-27 01:40 - 2014-05-27 01:40 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-05-27 01:39 - 2014-05-27 01:45 - 00007696 _____ () C:\Windows\WindowsUpdate.log
==================== One Month Modified Files and Folders =======
2014-05-27 02:36 - 2009-07-14 07:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-05-27 02:36 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 ____D () C:\FRST
2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 _____ () C:\Users\ADMIN\defogger_reenable
2014-05-27 01:46 - 2014-05-27 01:43 - 00000000 ____D () C:\Users\ADMIN
2014-05-27 01:45 - 2014-05-27 01:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-05-27 01:45 - 2014-05-27 01:39 - 00007696 _____ () C:\Windows\WindowsUpdate.log
2014-05-27 01:45 - 2009-07-14 06:51 - 00022393 _____ () C:\Windows\setupact.log
2014-05-27 01:44 - 2014-05-27 01:44 - 00001405 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-27 01:44 - 2014-05-27 01:43 - 00001439 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-27 01:44 - 2014-05-27 01:43 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-27 01:44 - 2014-05-27 01:43 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-27 01:43 - 2014-05-27 02:36 - 00000000 ____D () C:\Windows\Panther
2014-05-27 01:43 - 2014-05-27 01:43 - 00000020 ___SH () C:\Users\ADMIN\ntuser.ini
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Netzwerkumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Lokale Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Eigene Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Druckumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 __SHD () C:\Recovery
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 ____D () C:\Users\ADMIN\AppData\Local\VirtualStore
2014-05-27 01:43 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-27 01:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-05-27 01:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-05-27 01:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 01:42 - 2009-07-14 06:45 - 00274464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-27 01:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-27 01:40 - 2014-05-27 01:40 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-05-27 01:40 - 2014-05-27 01:40 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-05-27 01:40 - 2014-05-27 01:40 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-05-27 01:40 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-27 01:40 - 2009-07-14 06:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2014-05-27 01:40 - 2009-07-14 06:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 01:40 - 2009-07-14 06:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 01:40 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-27 01:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-05-27 01:37 - 2010-11-21 08:27 - 00000000 ____D () C:\Windows\CSC
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
LastRegBack: 2014-05-27 01:36
==================== End Of Log ============================
[/CODE] Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by ADMIN at 2014-05-27 01:46:45
Running from E:\scans
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
==================== Loaded Modules (whitelisted) =============
2014-05-26 22:28 - 2014-05-26 22:28 - 00050477 _____ () E:\scans\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/27/2014 01:43:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/27/2014 01:42:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Microsoft Office Sessions:
=========================
Error: (05/27/2014 01:43:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 4076.67 MB
Available physical RAM: 3211.14 MB
Total Pagefile: 8151.54 MB
Available Pagefile: 7258.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:95 GB) (Free:80.71 GB) NTFS
Drive d: (Daten) (Fixed) (Total:340.31 GB) (Free:213.79 GB) NTFS
Drive e: () (Removable) (Total:3.69 GB) (Free:1.75 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AECDB9E2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=95 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=347 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 007BCF32)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
==================== End Of Log ============================
Code:
ATTFilter GMER Logfile: Code:
ATTFilter OTL logfile created on: 27.05.2014 02:51:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\scans 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 81,43% Memory free 7,96 Gb Paging File | 7,23 Gb Available in Paging File | 90,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 95,00 Gb Total Space | 80,67 Gb Free Space | 84,91% Space Free | Partition Type: NTFS Drive D: | 340,31 Gb Total Space | 213,79 Gb Free Space | 62,82% Space Free | Partition Type: NTFS Drive F: | 3,69 Gb Total Space | 1,75 Gb Free Space | 47,51% Space Free | Partition Type: FAT32 Computer Name: ADMIN-PC | User Name: ADMIN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014.05.26 00:14:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\scans\OTL.exe PRC - [2014.05.26 00:01:32 | 000,380,416 | ---- | M] () -- F:\scan\h735myn9s.exe ========== Modules (No Company Name) ========== MOD - [2014.05.26 00:01:32 | 000,380,416 | ---- | M] () -- F:\scan\h735myn9s.exe ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe -- (MBAMService) SRV - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe -- (MBAMScheduler) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014.05.12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2014.05.12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon) DRV:64bit: - [2014.05.12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.05.27 02:36:13 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2014.05.27 02:34:50 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.05.27 02:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.05.27 02:34:32 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014.05.27 02:34:32 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014.05.27 02:34:32 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.05.27 02:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2014.05.27 02:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.05.27 02:34:21 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Programs [2014.05.27 02:10:27 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\ElevatedDiagnostics [2014.05.27 02:10:09 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Diagnostics [2014.05.27 02:06:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014.05.27 01:46:23 | 000,000,000 | ---D | C] -- C:\FRST [2014.05.27 01:43:55 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2014.05.27 01:43:55 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Searches [2014.05.27 01:43:55 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2014.05.27 01:43:46 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Identities [2014.05.27 01:43:43 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Contacts [2014.05.27 01:43:42 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\VirtualStore [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Vorlagen [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\AppData\Local\Verlauf [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\AppData\Local\Temporary Internet Files [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Startmenü [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\SendTo [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Recent [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Netzwerkumgebung [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Lokale Einstellungen [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Documents\Eigene Videos [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Documents\Eigene Musik [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Eigene Dateien [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Documents\Eigene Bilder [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Druckumgebung [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Cookies [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\AppData\Local\Anwendungsdaten [2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Anwendungsdaten [2014.05.27 01:43:29 | 000,000,000 | --SD | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft [2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Videos [2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Saved Games [2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Pictures [2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Music [2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Links [2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Favorites [2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Downloads [2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Documents [2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Desktop [2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2014.05.27 01:43:29 | 000,000,000 | -H-D | C] -- C:\Users\ADMIN\AppData [2014.05.27 01:43:29 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Temp [2014.05.27 01:43:29 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Microsoft [2014.05.27 01:43:29 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Media Center Programs [2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Recovery [2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Programme [2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2014.05.27 01:39:48 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2014.05.27 01:37:39 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2014.05.27 01:36:51 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2014.05.27 02:36:10 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.05.27 02:34:59 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.05.27 02:34:59 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.05.27 02:34:59 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.05.27 02:34:59 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.05.27 02:34:59 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.05.27 02:34:34 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.05.27 02:12:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.05.27 02:12:37 | 3206,025,216 | -HS- | M] () -- C:\hiberfil.sys [2014.05.27 02:12:14 | 000,017,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.05.27 02:12:13 | 000,017,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.05.27 01:46:08 | 000,000,000 | ---- | M] () -- C:\Users\ADMIN\defogger_reenable [2014.05.27 01:45:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2014.05.27 01:42:08 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.05.27 01:40:45 | 000,055,513 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2014.05.27 01:40:45 | 000,055,513 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2014.05.12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014.05.12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014.05.12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2014.05.27 02:34:34 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.05.27 01:46:08 | 000,000,000 | ---- | C] () -- C:\Users\ADMIN\defogger_reenable [2014.05.27 01:45:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2014.05.27 01:44:03 | 000,001,405 | ---- | C] () -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2014.05.27 01:43:57 | 000,001,439 | ---- | C] () -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2014.05.27 01:40:38 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2014.05.27 01:40:36 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2014.05.27 01:36:51 | 3206,025,216 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010.11.21 05:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.11.21 05:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== < End of report > |
|
27.05.2014, 06:57
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
27.05.2014, 14:53
| #3 |
| | Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen Vielen Dank für deine Hilfe. Habe jetzt beides ausgeführt, es wird aber nichts gefunden. Hier die Logs:
__________________Code:
ATTFilter 15:28:45.0796 0x0a24 TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03
15:28:50.0632 0x0a24 ============================================================
15:28:50.0632 0x0a24 Current date / time: 2014/05/27 15:28:50.0632
15:28:50.0632 0x0a24 SystemInfo:
15:28:50.0632 0x0a24
15:28:50.0632 0x0a24 OS Version: 6.1.7601 ServicePack: 1.0
15:28:50.0632 0x0a24 Product type: Workstation
15:28:50.0632 0x0a24 ComputerName: ADMIN-PC
15:28:50.0632 0x0a24 UserName: ADMIN
15:28:50.0632 0x0a24 Windows directory: C:\Windows
15:28:50.0632 0x0a24 System windows directory: C:\Windows
15:28:50.0632 0x0a24 Running under WOW64
15:28:50.0632 0x0a24 Processor architecture: Intel x64
15:28:50.0632 0x0a24 Number of processors: 4
15:28:50.0632 0x0a24 Page size: 0x1000
15:28:50.0632 0x0a24 Boot type: Normal boot
15:28:50.0632 0x0a24 ============================================================
15:28:52.0067 0x0a24 KLMD registered as C:\Windows\system32\drivers\83123767.sys
15:28:52.0130 0x0a24 System UUID: {C0BB3A22-3905-349D-43B2-13731DA10A43}
15:28:52.0535 0x0a24 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:28:52.0551 0x0a24 Drive \Device\Harddisk1\DR2 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:28:52.0551 0x0a24 ============================================================
15:28:52.0551 0x0a24 \Device\Harddisk0\DR0:
15:28:52.0551 0x0a24 MBR partitions:
15:28:52.0551 0x0a24 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:28:52.0551 0x0a24 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xBE02800
15:28:52.0566 0x0a24 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xCC33000, BlocksNum 0x2A8A0800
15:28:52.0566 0x0a24 \Device\Harddisk1\DR2:
15:28:52.0566 0x0a24 MBR partitions:
15:28:52.0566 0x0a24 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x762BC1
15:28:52.0566 0x0a24 ============================================================
15:28:52.0613 0x0a24 C: <-> \Device\Harddisk0\DR0\Partition2
15:28:52.0660 0x0a24 D: <-> \Device\Harddisk0\DR0\Partition3
15:28:52.0660 0x0a24 ============================================================
15:28:52.0660 0x0a24 Initialize success
15:28:52.0660 0x0a24 ============================================================
15:29:18.0946 0x0908 ============================================================
15:29:18.0946 0x0908 Scan started
15:29:18.0946 0x0908 Mode: Manual; SigCheck; TDLFS;
15:29:18.0946 0x0908 ============================================================
15:29:18.0946 0x0908 KSN ping started
15:29:21.0629 0x0908 KSN ping finished: true
15:29:22.0082 0x0908 ================ Scan system memory ========================
15:29:22.0082 0x0908 System memory - ok
15:29:22.0082 0x0908 ================ Scan services =============================
15:29:22.0253 0x0908 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:29:22.0347 0x0908 1394ohci - ok
15:29:22.0362 0x0908 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:29:22.0378 0x0908 ACPI - ok
15:29:22.0394 0x0908 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:29:22.0425 0x0908 AcpiPmi - ok
15:29:22.0472 0x0908 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:29:22.0487 0x0908 adp94xx - ok
15:29:22.0503 0x0908 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:29:22.0518 0x0908 adpahci - ok
15:29:22.0518 0x0908 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:29:22.0534 0x0908 adpu320 - ok
15:29:22.0565 0x0908 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:29:22.0612 0x0908 AeLookupSvc - ok
15:29:22.0628 0x0908 [ D31DC7A16DEA4A9BAF179F3D6FBDB38C, 532678D86E3E667F2E789C4873565E0B92C549A93F10802BB6D5B505CA3238CE ] AFD C:\Windows\system32\drivers\afd.sys
15:29:22.0784 0x0908 AFD - ok
15:29:22.0815 0x0908 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
15:29:22.0830 0x0908 agp440 - ok
15:29:22.0862 0x0908 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
15:29:22.0908 0x0908 ALG - ok
15:29:22.0924 0x0908 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
15:29:22.0940 0x0908 aliide - ok
15:29:22.0940 0x0908 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
15:29:22.0940 0x0908 amdide - ok
15:29:22.0971 0x0908 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:29:22.0986 0x0908 AmdK8 - ok
15:29:22.0986 0x0908 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:29:23.0018 0x0908 AmdPPM - ok
15:29:23.0033 0x0908 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:29:23.0049 0x0908 amdsata - ok
15:29:23.0064 0x0908 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:29:23.0064 0x0908 amdsbs - ok
15:29:23.0080 0x0908 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:29:23.0080 0x0908 amdxata - ok
15:29:23.0096 0x0908 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
15:29:23.0142 0x0908 AppID - ok
15:29:23.0158 0x0908 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:29:23.0205 0x0908 AppIDSvc - ok
15:29:23.0220 0x0908 [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo C:\Windows\System32\appinfo.dll
15:29:23.0283 0x0908 Appinfo - ok
15:29:23.0314 0x0908 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
15:29:23.0345 0x0908 AppMgmt - ok
15:29:23.0392 0x0908 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
15:29:23.0423 0x0908 arc - ok
15:29:23.0423 0x0908 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:29:23.0439 0x0908 arcsas - ok
15:29:23.0470 0x0908 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:29:23.0501 0x0908 AsyncMac - ok
15:29:23.0501 0x0908 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
15:29:23.0517 0x0908 atapi - ok
15:29:23.0595 0x0908 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:29:23.0720 0x0908 AudioEndpointBuilder - ok
15:29:23.0735 0x0908 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:29:23.0766 0x0908 AudioSrv - ok
15:29:23.0813 0x0908 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:29:23.0907 0x0908 AxInstSV - ok
15:29:23.0985 0x0908 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:29:24.0078 0x0908 b06bdrv - ok
15:29:24.0203 0x0908 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:29:24.0281 0x0908 b57nd60a - ok
15:29:24.0390 0x0908 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
15:29:24.0468 0x0908 BDESVC - ok
15:29:24.0484 0x0908 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
15:29:24.0546 0x0908 Beep - ok
15:29:24.0624 0x0908 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
15:29:24.0687 0x0908 BFE - ok
15:29:24.0765 0x0908 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
15:29:24.0827 0x0908 BITS - ok
15:29:24.0843 0x0908 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:29:24.0874 0x0908 blbdrive - ok
15:29:24.0905 0x0908 [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:29:24.0936 0x0908 bowser - ok
15:29:24.0952 0x0908 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:29:24.0999 0x0908 BrFiltLo - ok
15:29:25.0014 0x0908 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:29:25.0030 0x0908 BrFiltUp - ok
15:29:25.0077 0x0908 [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser C:\Windows\System32\browser.dll
15:29:25.0139 0x0908 Browser - ok
15:29:25.0155 0x0908 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:29:25.0280 0x0908 Brserid - ok
15:29:25.0295 0x0908 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:29:25.0358 0x0908 BrSerWdm - ok
15:29:25.0373 0x0908 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:29:25.0467 0x0908 BrUsbMdm - ok
15:29:25.0482 0x0908 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:29:25.0514 0x0908 BrUsbSer - ok
15:29:25.0514 0x0908 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:29:25.0592 0x0908 BTHMODEM - ok
15:29:25.0638 0x0908 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
15:29:25.0701 0x0908 bthserv - ok
15:29:25.0716 0x0908 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:29:25.0779 0x0908 cdfs - ok
15:29:25.0794 0x0908 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:29:25.0794 0x0908 cdrom - ok
15:29:25.0826 0x0908 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
15:29:25.0857 0x0908 CertPropSvc - ok
15:29:25.0904 0x0908 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
15:29:25.0950 0x0908 circlass - ok
15:29:26.0013 0x0908 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
15:29:26.0028 0x0908 CLFS - ok
15:29:26.0075 0x0908 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:29:26.0075 0x0908 clr_optimization_v2.0.50727_32 - ok
15:29:26.0122 0x0908 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:29:26.0138 0x0908 clr_optimization_v2.0.50727_64 - ok
15:29:26.0169 0x0908 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:29:26.0200 0x0908 CmBatt - ok
15:29:26.0231 0x0908 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:29:26.0247 0x0908 cmdide - ok
15:29:26.0294 0x0908 [ D5FEA92400F12412B3922087C09DA6A5, C8CD9215D26D3295FE487C96A4FC3F4C8AFED764AE9445D9858D7489823A8A2B ] CNG C:\Windows\system32\Drivers\cng.sys
15:29:26.0325 0x0908 CNG - ok
15:29:26.0356 0x0908 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:29:26.0356 0x0908 Compbatt - ok
15:29:26.0372 0x0908 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:29:26.0403 0x0908 CompositeBus - ok
15:29:26.0418 0x0908 COMSysApp - ok
15:29:26.0465 0x0908 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:29:26.0481 0x0908 crcdisk - ok
15:29:26.0512 0x0908 [ 15597883FBE9B056F276ADA3AD87D9AF, B347E0B11228E38313C59C8ED984253A8A1FF482ED137CF5F488C4AFD6B08857 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:29:26.0637 0x0908 CryptSvc - ok
15:29:26.0652 0x0908 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
15:29:26.0730 0x0908 CSC - ok
15:29:26.0777 0x0908 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
15:29:26.0824 0x0908 CscService - ok
15:29:26.0902 0x0908 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:29:26.0980 0x0908 DcomLaunch - ok
15:29:27.0011 0x0908 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
15:29:27.0058 0x0908 defragsvc - ok
15:29:27.0074 0x0908 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:29:27.0120 0x0908 DfsC - ok
15:29:27.0152 0x0908 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:29:27.0198 0x0908 Dhcp - ok
15:29:27.0214 0x0908 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
15:29:27.0261 0x0908 discache - ok
15:29:27.0292 0x0908 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
15:29:27.0323 0x0908 Disk - ok
15:29:27.0339 0x0908 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:29:27.0417 0x0908 dmvsc - ok
15:29:27.0479 0x0908 [ CD55F5355D8F55D44C9F4ED875705BD6, 321C26E3CD9F376D30F05FBDF00E96399512ED705D867E8B14793D9CE69A1C1F ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:29:27.0557 0x0908 Dnscache - ok
15:29:27.0573 0x0908 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
15:29:27.0682 0x0908 dot3svc - ok
15:29:27.0698 0x0908 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
15:29:27.0729 0x0908 DPS - ok
15:29:27.0776 0x0908 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:29:27.0807 0x0908 drmkaud - ok
15:29:27.0869 0x0908 [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:29:27.0900 0x0908 DXGKrnl - ok
15:29:27.0932 0x0908 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
15:29:27.0978 0x0908 EapHost - ok
15:29:28.0088 0x0908 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:29:28.0197 0x0908 ebdrv - ok
15:29:28.0212 0x0908 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS C:\Windows\System32\lsass.exe
15:29:28.0228 0x0908 EFS - ok
15:29:28.0337 0x0908 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:29:28.0415 0x0908 ehRecvr - ok
15:29:28.0446 0x0908 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
15:29:28.0478 0x0908 ehSched - ok
15:29:28.0524 0x0908 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:29:28.0556 0x0908 elxstor - ok
15:29:28.0556 0x0908 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:29:28.0571 0x0908 ErrDev - ok
15:29:28.0712 0x0908 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
15:29:28.0774 0x0908 EventSystem - ok
15:29:28.0790 0x0908 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
15:29:28.0821 0x0908 exfat - ok
15:29:28.0852 0x0908 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:29:28.0899 0x0908 fastfat - ok
15:29:28.0946 0x0908 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
15:29:28.0992 0x0908 Fax - ok
15:29:29.0008 0x0908 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
15:29:29.0055 0x0908 fdc - ok
15:29:29.0086 0x0908 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
15:29:29.0133 0x0908 fdPHost - ok
15:29:29.0133 0x0908 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
15:29:29.0164 0x0908 FDResPub - ok
15:29:29.0180 0x0908 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:29:29.0195 0x0908 FileInfo - ok
15:29:29.0195 0x0908 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:29:29.0226 0x0908 Filetrace - ok
15:29:29.0226 0x0908 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:29:29.0242 0x0908 flpydisk - ok
15:29:29.0242 0x0908 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:29:29.0258 0x0908 FltMgr - ok
15:29:29.0304 0x0908 [ B4447F606BB19FD8AD0BAFB59B90F5D9, 043E686029DE2710305852E3A416176E400F9FD5FB98E4F2A6F14C060FAABED5 ] FontCache C:\Windows\system32\FntCache.dll
15:29:29.0367 0x0908 FontCache - ok
15:29:29.0460 0x0908 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:29:29.0492 0x0908 FontCache3.0.0.0 - ok
15:29:29.0507 0x0908 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:29:29.0523 0x0908 FsDepends - ok
15:29:29.0554 0x0908 [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:29:29.0554 0x0908 Fs_Rec - ok
15:29:29.0570 0x0908 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:29:29.0585 0x0908 fvevol - ok
15:29:29.0616 0x0908 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:29:29.0616 0x0908 gagp30kx - ok
15:29:29.0663 0x0908 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
15:29:29.0710 0x0908 gpsvc - ok
15:29:29.0710 0x0908 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:29:29.0741 0x0908 hcw85cir - ok
15:29:29.0788 0x0908 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:29:29.0819 0x0908 HdAudAddService - ok
15:29:29.0835 0x0908 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:29:29.0866 0x0908 HDAudBus - ok
15:29:29.0882 0x0908 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:29:29.0897 0x0908 HidBatt - ok
15:29:29.0913 0x0908 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:29:29.0928 0x0908 HidBth - ok
15:29:29.0928 0x0908 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
15:29:29.0944 0x0908 HidIr - ok
15:29:29.0975 0x0908 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
15:29:30.0006 0x0908 hidserv - ok
15:29:30.0038 0x0908 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:29:30.0053 0x0908 HidUsb - ok
15:29:30.0084 0x0908 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:29:30.0116 0x0908 hkmsvc - ok
15:29:30.0147 0x0908 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:29:30.0178 0x0908 HomeGroupListener - ok
15:29:30.0209 0x0908 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:29:30.0240 0x0908 HomeGroupProvider - ok
15:29:30.0272 0x0908 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:29:30.0272 0x0908 HpSAMD - ok
15:29:30.0303 0x0908 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:29:30.0365 0x0908 HTTP - ok
15:29:30.0381 0x0908 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:29:30.0381 0x0908 hwpolicy - ok
15:29:30.0381 0x0908 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:29:30.0396 0x0908 i8042prt - ok
15:29:30.0412 0x0908 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:29:30.0428 0x0908 iaStorV - ok
15:29:30.0506 0x0908 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:29:30.0537 0x0908 idsvc - ok
15:29:30.0568 0x0908 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:29:30.0568 0x0908 iirsp - ok
15:29:30.0646 0x0908 [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
15:29:30.0693 0x0908 IKEEXT - ok
15:29:30.0708 0x0908 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
15:29:30.0724 0x0908 intelide - ok
15:29:30.0740 0x0908 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:29:30.0755 0x0908 intelppm - ok
15:29:30.0786 0x0908 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:29:30.0833 0x0908 IPBusEnum - ok
15:29:30.0864 0x0908 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:29:30.0896 0x0908 IpFilterDriver - ok
15:29:30.0927 0x0908 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:29:30.0974 0x0908 iphlpsvc - ok
15:29:30.0989 0x0908 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:29:31.0020 0x0908 IPMIDRV - ok
15:29:31.0020 0x0908 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:29:31.0067 0x0908 IPNAT - ok
15:29:31.0083 0x0908 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:29:31.0098 0x0908 IRENUM - ok
15:29:31.0098 0x0908 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:29:31.0114 0x0908 isapnp - ok
15:29:31.0130 0x0908 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:29:31.0145 0x0908 iScsiPrt - ok
15:29:31.0161 0x0908 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:29:31.0176 0x0908 kbdclass - ok
15:29:31.0192 0x0908 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:29:31.0208 0x0908 kbdhid - ok
15:29:31.0223 0x0908 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso C:\Windows\system32\lsass.exe
15:29:31.0239 0x0908 KeyIso - ok
15:29:31.0254 0x0908 [ CCD53B5BD33CE0C889E830D839C8B66E, 51B7556DA7DAA0BC75E00E53099776016A55FAA115D5A4E6830E12A0A0869C10 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:29:31.0270 0x0908 KSecDD - ok
15:29:31.0270 0x0908 [ 9FF918A261752C12639E8AD4208D2C2F, B60F7A730C92F2BF7E85A6CA14DD7671AEECEE154CEC83B1E23EF268C25C9E5E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:29:31.0286 0x0908 KSecPkg - ok
15:29:31.0286 0x0908 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:29:31.0317 0x0908 ksthunk - ok
15:29:31.0332 0x0908 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
15:29:31.0379 0x0908 KtmRm - ok
15:29:31.0395 0x0908 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:29:31.0442 0x0908 LanmanServer - ok
15:29:31.0473 0x0908 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:29:31.0520 0x0908 LanmanWorkstation - ok
15:29:31.0551 0x0908 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:29:31.0598 0x0908 lltdio - ok
15:29:31.0613 0x0908 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:29:31.0660 0x0908 lltdsvc - ok
15:29:31.0676 0x0908 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:29:31.0722 0x0908 lmhosts - ok
15:29:31.0816 0x0908 [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:29:31.0988 0x0908 LMS - ok
15:29:32.0112 0x0908 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:29:32.0128 0x0908 LSI_FC - ok
15:29:32.0144 0x0908 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:29:32.0144 0x0908 LSI_SAS - ok
15:29:32.0144 0x0908 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:29:32.0159 0x0908 LSI_SAS2 - ok
15:29:32.0159 0x0908 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:29:32.0175 0x0908 LSI_SCSI - ok
15:29:32.0190 0x0908 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
15:29:32.0222 0x0908 luafv - ok
15:29:32.0253 0x0908 [ 9D9ED48F841EA37AA5310D54B9E5D3C7, 147DBEBE08A49486F91B30DE3606AC3B7D765DA751DF6880FA5A2D8FBAA2E2A2 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
15:29:32.0300 0x0908 mbamchameleon - ok
15:29:32.0331 0x0908 [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:29:32.0362 0x0908 MBAMProtector - ok
15:29:32.0456 0x0908 [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
15:29:32.0487 0x0908 MBAMScheduler - ok
15:29:32.0534 0x0908 [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
15:29:32.0549 0x0908 MBAMService - ok
15:29:32.0565 0x0908 [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
15:29:32.0596 0x0908 MBAMWebAccessControl - ok
15:29:32.0627 0x0908 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:29:32.0658 0x0908 Mcx2Svc - ok
15:29:32.0658 0x0908 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
15:29:32.0674 0x0908 megasas - ok
15:29:32.0690 0x0908 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:29:32.0690 0x0908 MegaSR - ok
15:29:32.0736 0x0908 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:29:32.0768 0x0908 MEIx64 - ok
15:29:32.0783 0x0908 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
15:29:32.0814 0x0908 MMCSS - ok
15:29:32.0814 0x0908 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
15:29:32.0861 0x0908 Modem - ok
15:29:32.0877 0x0908 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:29:32.0908 0x0908 monitor - ok
15:29:32.0908 0x0908 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:29:32.0924 0x0908 mouclass - ok
15:29:32.0939 0x0908 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:29:32.0955 0x0908 mouhid - ok
15:29:32.0970 0x0908 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:29:32.0986 0x0908 mountmgr - ok
15:29:33.0017 0x0908 [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:29:33.0017 0x0908 MozillaMaintenance - ok
15:29:33.0033 0x0908 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
15:29:33.0048 0x0908 mpio - ok
15:29:33.0064 0x0908 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:29:33.0095 0x0908 mpsdrv - ok
15:29:33.0142 0x0908 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:29:33.0189 0x0908 MpsSvc - ok
15:29:33.0204 0x0908 [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:29:33.0236 0x0908 MRxDAV - ok
15:29:33.0251 0x0908 [ FAF015B07E3A2874A790A39B7D2C579F, C614B0E80B38EBF7C670EEB833F5E476B33042097DA07206D6C5EE3E52B9A427 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:29:33.0282 0x0908 mrxsmb - ok
15:29:33.0298 0x0908 [ 08E2345DF129082BCDFFDC1440F9C00D, 2ADF69F49DF8C43D4440B6C8A62085C51518CA895A88D37264C60A0B4B1EC55F ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:29:33.0329 0x0908 mrxsmb10 - ok
15:29:33.0329 0x0908 [ 108D87409C5812EF47D81E22843E8C9D, CAE9B91B6BD1DF1552463BD63A06288F5D3E0B81B040BC1C7EC0C2A0119CCECA ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:29:33.0360 0x0908 mrxsmb20 - ok
15:29:33.0376 0x0908 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
15:29:33.0376 0x0908 msahci - ok
15:29:33.0392 0x0908 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:29:33.0407 0x0908 msdsm - ok
15:29:33.0423 0x0908 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
15:29:33.0438 0x0908 MSDTC - ok
15:29:33.0454 0x0908 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:29:33.0485 0x0908 Msfs - ok
15:29:33.0532 0x0908 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:29:33.0610 0x0908 mshidkmdf - ok
15:29:33.0610 0x0908 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:29:33.0610 0x0908 msisadrv - ok
15:29:33.0641 0x0908 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:29:33.0688 0x0908 MSiSCSI - ok
15:29:33.0688 0x0908 msiserver - ok
15:29:33.0704 0x0908 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:29:33.0750 0x0908 MSKSSRV - ok
15:29:33.0782 0x0908 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:29:33.0844 0x0908 MSPCLOCK - ok
15:29:33.0844 0x0908 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:29:33.0875 0x0908 MSPQM - ok
15:29:33.0906 0x0908 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:29:33.0922 0x0908 MsRPC - ok
15:29:33.0922 0x0908 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:29:33.0938 0x0908 mssmbios - ok
15:29:33.0953 0x0908 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:29:34.0016 0x0908 MSTEE - ok
15:29:34.0016 0x0908 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:29:34.0031 0x0908 MTConfig - ok
15:29:34.0047 0x0908 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
15:29:34.0062 0x0908 Mup - ok
15:29:34.0094 0x0908 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
15:29:34.0140 0x0908 napagent - ok
15:29:34.0203 0x0908 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:29:34.0265 0x0908 NativeWifiP - ok
15:29:34.0312 0x0908 [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS C:\Windows\system32\drivers\ndis.sys
15:29:34.0328 0x0908 NDIS - ok
15:29:34.0343 0x0908 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:29:34.0374 0x0908 NdisCap - ok
15:29:34.0390 0x0908 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:29:34.0421 0x0908 NdisTapi - ok
15:29:34.0421 0x0908 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:29:34.0468 0x0908 Ndisuio - ok
15:29:34.0468 0x0908 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:29:34.0515 0x0908 NdisWan - ok
15:29:34.0530 0x0908 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:29:34.0562 0x0908 NDProxy - ok
15:29:34.0562 0x0908 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:29:34.0593 0x0908 NetBIOS - ok
15:29:34.0608 0x0908 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:29:34.0640 0x0908 NetBT - ok
15:29:34.0655 0x0908 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon C:\Windows\system32\lsass.exe
15:29:34.0671 0x0908 Netlogon - ok
15:29:34.0702 0x0908 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
15:29:34.0733 0x0908 Netman - ok
15:29:34.0764 0x0908 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
15:29:34.0811 0x0908 netprofm - ok
15:29:34.0842 0x0908 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:29:34.0858 0x0908 NetTcpPortSharing - ok
15:29:35.0076 0x0908 [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
15:29:35.0217 0x0908 netw5v64 - ok
15:29:35.0264 0x0908 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:29:35.0295 0x0908 nfrd960 - ok
15:29:35.0342 0x0908 [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:29:35.0388 0x0908 NlaSvc - ok
15:29:35.0388 0x0908 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:29:35.0420 0x0908 Npfs - ok
15:29:35.0435 0x0908 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
15:29:35.0482 0x0908 nsi - ok
15:29:35.0482 0x0908 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:29:35.0513 0x0908 nsiproxy - ok
15:29:35.0576 0x0908 [ 05D78AA5CB5F3F5C31160BDB955D0B7C, E3CD3FAF52ED11A8FB96D667510F1EDCA49053705AA3A13F560F8F6EC995CA45 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:29:35.0607 0x0908 Ntfs - ok
15:29:35.0622 0x0908 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
15:29:35.0700 0x0908 Null - ok
15:29:35.0747 0x0908 [ F2662FDC20518EE8A8EED4F61BA42349, 4E8810345AA7D878DC21AE0A2E6ED201FC90EE112D6D13961A8D697A98716B3F ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:29:35.0810 0x0908 NVHDA - ok
15:29:35.0841 0x0908 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:29:35.0856 0x0908 nvraid - ok
15:29:35.0872 0x0908 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:29:35.0888 0x0908 nvstor - ok
15:29:35.0903 0x0908 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:29:35.0903 0x0908 nv_agp - ok
15:29:35.0919 0x0908 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:29:35.0950 0x0908 ohci1394 - ok
15:29:35.0981 0x0908 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:29:36.0028 0x0908 p2pimsvc - ok
15:29:36.0044 0x0908 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
15:29:36.0075 0x0908 p2psvc - ok
15:29:36.0090 0x0908 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
15:29:36.0106 0x0908 Parport - ok
15:29:36.0106 0x0908 [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:29:36.0122 0x0908 partmgr - ok
15:29:36.0137 0x0908 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
15:29:36.0168 0x0908 PcaSvc - ok
15:29:36.0168 0x0908 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
15:29:36.0184 0x0908 pci - ok
15:29:36.0184 0x0908 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
15:29:36.0200 0x0908 pciide - ok
15:29:36.0215 0x0908 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:29:36.0231 0x0908 pcmcia - ok
15:29:36.0231 0x0908 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
15:29:36.0246 0x0908 pcw - ok
15:29:36.0262 0x0908 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:29:36.0324 0x0908 PEAUTH - ok
15:29:36.0402 0x0908 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:29:36.0480 0x0908 PeerDistSvc - ok
15:29:36.0543 0x0908 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:29:36.0590 0x0908 PerfHost - ok
15:29:36.0683 0x0908 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
15:29:36.0746 0x0908 pla - ok
15:29:36.0792 0x0908 [ B806E50427511BCF4AD8E8239C3E25FA, AB89B48ECCF90F701B314D18BE531CDA5ABE1636C17B994A5E4BE5AAC136B4E3 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:29:36.0855 0x0908 PlugPlay - ok
15:29:36.0870 0x0908 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:29:36.0886 0x0908 PNRPAutoReg - ok
15:29:36.0902 0x0908 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:29:36.0917 0x0908 PNRPsvc - ok
15:29:36.0964 0x0908 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:29:37.0026 0x0908 PolicyAgent - ok
15:29:37.0042 0x0908 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
15:29:37.0089 0x0908 Power - ok
15:29:37.0120 0x0908 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:29:37.0214 0x0908 PptpMiniport - ok
15:29:37.0214 0x0908 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
15:29:37.0245 0x0908 Processor - ok
15:29:37.0260 0x0908 [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc C:\Windows\system32\profsvc.dll
15:29:37.0307 0x0908 ProfSvc - ok
15:29:37.0323 0x0908 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:29:37.0338 0x0908 ProtectedStorage - ok
15:29:37.0354 0x0908 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:29:37.0401 0x0908 Psched - ok
15:29:37.0510 0x0908 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:29:37.0541 0x0908 ql2300 - ok
15:29:37.0557 0x0908 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:29:37.0572 0x0908 ql40xx - ok
15:29:37.0604 0x0908 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
15:29:37.0650 0x0908 QWAVE - ok
15:29:37.0666 0x0908 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:29:37.0682 0x0908 QWAVEdrv - ok
15:29:37.0697 0x0908 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:29:37.0744 0x0908 RasAcd - ok
15:29:37.0760 0x0908 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:29:37.0791 0x0908 RasAgileVpn - ok
15:29:37.0806 0x0908 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
15:29:37.0853 0x0908 RasAuto - ok
15:29:37.0869 0x0908 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:29:37.0900 0x0908 Rasl2tp - ok
15:29:37.0947 0x0908 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
15:29:38.0025 0x0908 RasMan - ok
15:29:38.0040 0x0908 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:29:38.0103 0x0908 RasPppoe - ok
15:29:38.0196 0x0908 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:29:38.0274 0x0908 RasSstp - ok
15:29:38.0306 0x0908 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:29:38.0368 0x0908 rdbss - ok
15:29:38.0368 0x0908 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:29:38.0384 0x0908 rdpbus - ok
15:29:38.0399 0x0908 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:29:38.0430 0x0908 RDPCDD - ok
15:29:38.0446 0x0908 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:29:38.0462 0x0908 RDPDR - ok
15:29:38.0493 0x0908 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:29:38.0524 0x0908 RDPENCDD - ok
15:29:38.0540 0x0908 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:29:38.0571 0x0908 RDPREFMP - ok
15:29:38.0586 0x0908 [ 15B66C206B5CB095BAB980553F38ED23, 3CA50786A8D3D6BAF145AFD22C1ED92C2EB39F5D6AF4F6B09B69610FDE0C5B24 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:29:38.0618 0x0908 RDPWD - ok
15:29:38.0633 0x0908 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:29:38.0633 0x0908 rdyboost - ok
15:29:38.0664 0x0908 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:29:38.0696 0x0908 RemoteAccess - ok
15:29:38.0727 0x0908 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:29:38.0758 0x0908 RemoteRegistry - ok
15:29:38.0774 0x0908 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:29:38.0820 0x0908 RpcEptMapper - ok
15:29:38.0820 0x0908 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
15:29:38.0852 0x0908 RpcLocator - ok
15:29:38.0867 0x0908 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
15:29:38.0914 0x0908 RpcSs - ok
15:29:38.0945 0x0908 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:29:38.0976 0x0908 rspndr - ok
15:29:39.0039 0x0908 [ EA5532868BA76923D75BCB2A1448D810, C1489714C9BC95BB76134E6B8F28C5A3D044E9B2857F01BFEEEE7C8A25C74E7D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:29:39.0101 0x0908 RTL8167 - ok
15:29:39.0117 0x0908 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:29:39.0164 0x0908 s3cap - ok
15:29:39.0179 0x0908 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs C:\Windows\system32\lsass.exe
15:29:39.0195 0x0908 SamSs - ok
15:29:39.0210 0x0908 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:29:39.0226 0x0908 sbp2port - ok
15:29:39.0257 0x0908 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:29:39.0288 0x0908 SCardSvr - ok
15:29:39.0304 0x0908 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:29:39.0351 0x0908 scfilter - ok
15:29:39.0398 0x0908 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
15:29:39.0460 0x0908 Schedule - ok
15:29:39.0476 0x0908 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:29:39.0507 0x0908 SCPolicySvc - ok
15:29:39.0522 0x0908 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:29:39.0569 0x0908 SDRSVC - ok
15:29:39.0600 0x0908 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:29:39.0663 0x0908 secdrv - ok
15:29:39.0663 0x0908 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
15:29:39.0694 0x0908 seclogon - ok
15:29:39.0710 0x0908 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
15:29:39.0756 0x0908 SENS - ok
15:29:39.0772 0x0908 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:29:39.0803 0x0908 SensrSvc - ok
15:29:39.0803 0x0908 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:29:39.0819 0x0908 Serenum - ok
15:29:39.0850 0x0908 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
15:29:39.0866 0x0908 Serial - ok
15:29:39.0881 0x0908 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:29:39.0912 0x0908 sermouse - ok
15:29:39.0944 0x0908 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
15:29:40.0006 0x0908 SessionEnv - ok
15:29:40.0006 0x0908 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:29:40.0022 0x0908 sffdisk - ok
15:29:40.0022 0x0908 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:29:40.0053 0x0908 sffp_mmc - ok
15:29:40.0068 0x0908 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:29:40.0084 0x0908 sffp_sd - ok
15:29:40.0084 0x0908 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:29:40.0115 0x0908 sfloppy - ok
15:29:40.0131 0x0908 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:29:40.0178 0x0908 SharedAccess - ok
15:29:40.0209 0x0908 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:29:40.0256 0x0908 ShellHWDetection - ok
15:29:40.0271 0x0908 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:29:40.0287 0x0908 SiSRaid2 - ok
15:29:40.0287 0x0908 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:29:40.0302 0x0908 SiSRaid4 - ok
15:29:40.0302 0x0908 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:29:40.0349 0x0908 Smb - ok
15:29:40.0380 0x0908 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:29:40.0412 0x0908 SNMPTRAP - ok
15:29:40.0412 0x0908 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
15:29:40.0412 0x0908 spldr - ok
15:29:40.0458 0x0908 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
15:29:40.0490 0x0908 Spooler - ok
15:29:40.0646 0x0908 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
15:29:40.0786 0x0908 sppsvc - ok
15:29:40.0802 0x0908 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:29:40.0833 0x0908 sppuinotify - ok
15:29:40.0864 0x0908 [ 2098B8556D1CEC2ACA9A29CD479E3692, D5826407C64F18C16EB36E6F00787CFAFCD9B24B5BD8AD126AD01E6E4134966F ] srv C:\Windows\system32\DRIVERS\srv.sys
15:29:40.0911 0x0908 srv - ok
15:29:40.0911 0x0908 [ D0F73A42040F21F92FD314B42AC5C9E7, A021C4318C9CFA594305458B2643BB0C22DDE1F3D51C93C9F3E7F7AB75B31278 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:29:40.0958 0x0908 srv2 - ok
15:29:40.0958 0x0908 [ 2BA8F3250828CCDB4204ECF2C6F40B6A, 22C4FBF9A87C46E69C48B681FF733D68D9CB7B7D73FB14C8C2A06E9009F9860E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:29:41.0004 0x0908 srvnet - ok
15:29:41.0036 0x0908 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:29:41.0067 0x0908 SSDPSRV - ok
15:29:41.0067 0x0908 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:29:41.0098 0x0908 SstpSvc - ok
15:29:41.0114 0x0908 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:29:41.0114 0x0908 stexstor - ok
15:29:41.0160 0x0908 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
15:29:41.0207 0x0908 stisvc - ok
15:29:41.0223 0x0908 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:29:41.0238 0x0908 storflt - ok
15:29:41.0254 0x0908 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
15:29:41.0301 0x0908 StorSvc - ok
15:29:41.0332 0x0908 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:29:41.0348 0x0908 storvsc - ok
15:29:41.0348 0x0908 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:29:41.0348 0x0908 swenum - ok
15:29:41.0379 0x0908 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
15:29:41.0426 0x0908 swprv - ok
15:29:41.0488 0x0908 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
15:29:41.0566 0x0908 SysMain - ok
15:29:41.0566 0x0908 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:29:41.0597 0x0908 TabletInputService - ok
15:29:41.0628 0x0908 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
15:29:41.0675 0x0908 TapiSrv - ok
15:29:41.0675 0x0908 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
15:29:41.0706 0x0908 TBS - ok
15:29:41.0800 0x0908 [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:29:41.0862 0x0908 Tcpip - ok
15:29:41.0909 0x0908 [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:29:41.0940 0x0908 TCPIP6 - ok
15:29:41.0956 0x0908 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:29:41.0987 0x0908 tcpipreg - ok
15:29:42.0018 0x0908 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:29:42.0050 0x0908 TDPIPE - ok
15:29:42.0050 0x0908 [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:29:42.0081 0x0908 TDTCP - ok
15:29:42.0081 0x0908 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:29:42.0112 0x0908 tdx - ok
15:29:42.0112 0x0908 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:29:42.0128 0x0908 TermDD - ok
15:29:42.0159 0x0908 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
15:29:42.0221 0x0908 TermService - ok
15:29:42.0237 0x0908 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
15:29:42.0252 0x0908 Themes - ok
15:29:42.0268 0x0908 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
15:29:42.0299 0x0908 THREADORDER - ok
15:29:42.0330 0x0908 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
15:29:42.0377 0x0908 TrkWks - ok
15:29:42.0408 0x0908 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:29:42.0471 0x0908 TrustedInstaller - ok
15:29:42.0486 0x0908 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:29:42.0533 0x0908 tssecsrv - ok
15:29:42.0549 0x0908 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:29:42.0580 0x0908 TsUsbFlt - ok
15:29:42.0580 0x0908 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:29:42.0596 0x0908 TsUsbGD - ok
15:29:42.0627 0x0908 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:29:42.0674 0x0908 tunnel - ok
15:29:42.0674 0x0908 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:29:42.0674 0x0908 uagp35 - ok
15:29:42.0689 0x0908 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:29:42.0736 0x0908 udfs - ok
15:29:42.0767 0x0908 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:29:42.0783 0x0908 UI0Detect - ok
15:29:42.0798 0x0908 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:29:42.0814 0x0908 uliagpkx - ok
15:29:42.0845 0x0908 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:29:42.0876 0x0908 umbus - ok
15:29:42.0892 0x0908 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
15:29:42.0908 0x0908 UmPass - ok
15:29:42.0923 0x0908 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
15:29:42.0954 0x0908 UmRdpService - ok
15:29:43.0095 0x0908 [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:29:43.0188 0x0908 UNS - ok
15:29:43.0298 0x0908 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
15:29:43.0376 0x0908 upnphost - ok
15:29:43.0391 0x0908 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829, 5D6E404FE0AB875202CA1A3E8E9D2F4368DF6ACCFA1C872ECFAF8399CBA3A485 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:29:43.0407 0x0908 usbccgp - ok
15:29:43.0422 0x0908 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:29:43.0438 0x0908 usbcir - ok
15:29:43.0438 0x0908 [ 74EE782B1D9C241EFE425565854C661C, E8258EA65B0FCAD4E077B176E9D9324646B652D6E651241E397346A39770D065 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:29:43.0469 0x0908 usbehci - ok
15:29:43.0485 0x0908 [ DC96BD9CCB8403251BCF25047573558E, 66EBF8A6B3BC0634F32DDCC8BA31F1EB5987E8C6853E1DC26005E3EED0945565 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:29:43.0500 0x0908 usbhub - ok
15:29:43.0516 0x0908 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:29:43.0532 0x0908 usbohci - ok
15:29:43.0532 0x0908 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:29:43.0563 0x0908 usbprint - ok
15:29:43.0578 0x0908 [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:29:43.0610 0x0908 USBSTOR - ok
15:29:43.0610 0x0908 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:29:43.0625 0x0908 usbuhci - ok
15:29:43.0656 0x0908 [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:29:43.0688 0x0908 usbvideo - ok
15:29:43.0703 0x0908 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
15:29:43.0750 0x0908 UxSms - ok
15:29:43.0750 0x0908 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc C:\Windows\system32\lsass.exe
15:29:43.0766 0x0908 VaultSvc - ok
15:29:43.0797 0x0908 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:29:43.0812 0x0908 vdrvroot - ok
15:29:43.0828 0x0908 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
15:29:43.0875 0x0908 vds - ok
15:29:43.0890 0x0908 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:29:43.0906 0x0908 vga - ok
15:29:43.0906 0x0908 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:29:43.0937 0x0908 VgaSave - ok
15:29:43.0953 0x0908 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:29:43.0953 0x0908 vhdmp - ok
15:29:43.0984 0x0908 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
15:29:43.0984 0x0908 viaide - ok
15:29:44.0000 0x0908 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:29:44.0015 0x0908 vmbus - ok
15:29:44.0015 0x0908 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:29:44.0031 0x0908 VMBusHID - ok
15:29:44.0031 0x0908 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:29:44.0046 0x0908 volmgr - ok
15:29:44.0062 0x0908 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:29:44.0078 0x0908 volmgrx - ok
15:29:44.0093 0x0908 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:29:44.0109 0x0908 volsnap - ok
15:29:44.0109 0x0908 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:29:44.0124 0x0908 vsmraid - ok
15:29:44.0187 0x0908 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
15:29:44.0265 0x0908 VSS - ok
15:29:44.0280 0x0908 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:29:44.0296 0x0908 vwifibus - ok
15:29:44.0343 0x0908 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
15:29:44.0374 0x0908 W32Time - ok
15:29:44.0390 0x0908 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:29:44.0405 0x0908 WacomPen - ok
15:29:44.0421 0x0908 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:29:44.0452 0x0908 WANARP - ok
15:29:44.0468 0x0908 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:29:44.0483 0x0908 Wanarpv6 - ok
15:29:44.0546 0x0908 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
15:29:44.0608 0x0908 wbengine - ok
15:29:44.0639 0x0908 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:29:44.0655 0x0908 WbioSrvc - ok
15:29:44.0670 0x0908 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:29:44.0702 0x0908 wcncsvc - ok
15:29:44.0717 0x0908 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:29:44.0748 0x0908 WcsPlugInService - ok
15:29:44.0780 0x0908 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
15:29:44.0780 0x0908 Wd - ok
15:29:44.0811 0x0908 [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:29:44.0826 0x0908 Wdf01000 - ok
15:29:44.0858 0x0908 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:29:44.0951 0x0908 WdiServiceHost - ok
15:29:44.0967 0x0908 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:29:44.0982 0x0908 WdiSystemHost - ok
15:29:45.0029 0x0908 [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
15:29:45.0092 0x0908 WebClient - ok
15:29:45.0107 0x0908 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:29:45.0154 0x0908 Wecsvc - ok
15:29:45.0170 0x0908 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:29:45.0201 0x0908 wercplsupport - ok
15:29:45.0216 0x0908 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
15:29:45.0248 0x0908 WerSvc - ok
15:29:45.0279 0x0908 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:29:45.0341 0x0908 WfpLwf - ok
15:29:45.0357 0x0908 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:29:45.0357 0x0908 WIMMount - ok
15:29:45.0372 0x0908 WinDefend - ok
15:29:45.0372 0x0908 WinHttpAutoProxySvc - ok
15:29:45.0435 0x0908 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:29:45.0497 0x0908 Winmgmt - ok
15:29:45.0575 0x0908 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
15:29:45.0653 0x0908 WinRM - ok
15:29:45.0747 0x0908 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:29:45.0794 0x0908 Wlansvc - ok
15:29:45.0794 0x0908 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:29:45.0825 0x0908 WmiAcpi - ok
15:29:45.0856 0x0908 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:29:45.0887 0x0908 wmiApSrv - ok
15:29:45.0903 0x0908 WMPNetworkSvc - ok
15:29:45.0918 0x0908 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:29:45.0950 0x0908 WPCSvc - ok
15:29:45.0950 0x0908 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:29:45.0981 0x0908 WPDBusEnum - ok
15:29:45.0996 0x0908 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:29:46.0028 0x0908 ws2ifsl - ok
15:29:46.0043 0x0908 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
15:29:46.0059 0x0908 wscsvc - ok
15:29:46.0059 0x0908 WSearch - ok
15:29:46.0199 0x0908 [ 9DF12EDBC698B0BC353B3EF84861E430, 5777972DC6242096EE2D4DAEEFC822DE9077560322DED7B9696BB23B7C240403 ] wuauserv C:\Windows\system32\wuaueng.dll
15:29:46.0277 0x0908 wuauserv - ok
15:29:46.0308 0x0908 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:29:46.0340 0x0908 WudfPf - ok
15:29:46.0371 0x0908 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:29:46.0418 0x0908 WUDFRd - ok
15:29:46.0433 0x0908 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:29:46.0464 0x0908 wudfsvc - ok
15:29:46.0496 0x0908 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:29:46.0527 0x0908 WwanSvc - ok
15:29:46.0527 0x0908 ================ Scan global ===============================
15:29:46.0558 0x0908 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
15:29:46.0574 0x0908 [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll
15:29:46.0589 0x0908 [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll
15:29:46.0620 0x0908 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:29:46.0667 0x0908 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
15:29:46.0667 0x0908 [ Global ] - ok
15:29:46.0667 0x0908 ================ Scan MBR ==================================
15:29:46.0683 0x0908 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:29:46.0995 0x0908 \Device\Harddisk0\DR0 - ok
15:29:47.0010 0x0908 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR2
15:29:47.0198 0x0908 \Device\Harddisk1\DR2 - ok
15:29:47.0198 0x0908 ================ Scan VBR ==================================
15:29:47.0198 0x0908 [ 89D1AB1233242CFD4E0FE3FBBA9BD118 ] \Device\Harddisk0\DR0\Partition1
15:29:47.0213 0x0908 \Device\Harddisk0\DR0\Partition1 - ok
15:29:47.0213 0x0908 [ 869E5E48A1836D1DC3F649BD4C4485C6 ] \Device\Harddisk0\DR0\Partition2
15:29:47.0213 0x0908 \Device\Harddisk0\DR0\Partition2 - ok
15:29:47.0260 0x0908 [ 1B361C7270178149C181330B95D10C53 ] \Device\Harddisk0\DR0\Partition3
15:29:47.0260 0x0908 \Device\Harddisk0\DR0\Partition3 - ok
15:29:47.0276 0x0908 [ 45D471AD77DF25E105CDBD57E718F50A ] \Device\Harddisk1\DR2\Partition1
15:29:47.0276 0x0908 \Device\Harddisk1\DR2\Partition1 - ok
15:29:47.0354 0x0908 Win FW state via NFP2: enabled
15:29:49.0694 0x0908 ============================================================
15:29:49.0694 0x0908 Scan finished
15:29:49.0694 0x0908 ============================================================
15:29:49.0709 0x0a80 Detected object count: 0
15:29:49.0709 0x0a80 Actual detected object count: 0
15:30:11.0191 0x04e8 Deinitialize success
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.05.27.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
ADMIN :: ADMIN-PC [administrator]
27.05.2014 15:34:01
mbar-log-2014-05-27 (15-34-01).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 240990
Time elapsed: 6 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 8.0.7601.17514
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4274700288, free: 3449090048
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 8.0.7601.17514
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4274700288, free: 3460562944
Downloaded database version: v2014.05.27.05
Downloaded database version: v2014.05.21.01
=======================================
Initializing...
------------ Kernel report ------------
05/27/2014 15:33:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\vgapnp.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\usp10.dll
\Windows\System32\imagehlp.dll
\Windows\System32\normaliz.dll
\Windows\System32\gdi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\iertutil.dll
\Windows\System32\msctf.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imm32.dll
\Windows\System32\urlmon.dll
\Windows\System32\psapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\nsi.dll
\Windows\System32\lpk.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xfffffa80039dd640
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xfffffa80050e4720
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004722060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80044b8060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004722060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004722b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004722060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80044b8060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AECDB9E2
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 199239680
Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 199448574 Numsec = 728358914
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80039dd640, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004214b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80039dd640, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80050e4720, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7BCF32
Partition information:
Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 7744449
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 3965190144 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
|
|
28.05.2014, 11:06
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen Was genau hast Du eigentlich für probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.05.2014, 15:00
| #5 |
| | Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen Sämtliche Änderungen die ich vornehme werden beim Neustart rückgängig gemacht. Berechtigungen, die ich setze sind weg, Dienste die ich ausschalte schalten sich wieder ein. Administrative Freigaben sind aktiviert, lassen sich nicht abstellen, meine Registry-Datei ist 250mb groß, obwohl ich das System neu aufgespielt habe, darin sind die seltsamsten Einträge - Kann ich die vielleicht irgendwo hochladen, damit du dir daon ein Bild machen kannst? Achja, Remotedienste sind natürlich auch an und laut AVZ ist auch der anonyme login freigegeben - Ich wei0 nicht was ich noch machen soll! Hier die AVZ4-Log Code:
ATTFilter AVZ Antiviral Toolkit log; AVZ version is 4.43 Scanning started at 28.05.2014 14:10:22 Database loaded: signatures - 297612, NN profile(s) - 2, malware removal microprograms - 56, signature database released 28.05.2014 04:00 Heuristic microprograms loaded: 405 PVS microprograms loaded: 9 Digital signatures of system files loaded: 663640 Heuristic analyzer mode: Maximum heuristics mode Malware removal mode: enabled Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Professional" ; AVZ is run with administrator rights System Restore: enabled 1. Searching for Rootkits and other software intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Error loading driver - operation interrupted [C000036B] 1.4 Searching for masking processes and drivers Checking not performed: extended monitoring driver (AVZPM) is not installed 1.5 Checking IRP handlers Error loading driver - operation interrupted [C000036B] 2. Scanning RAM Number of processes found: 16 Number of modules loaded: 334 Scanning RAM - complete 3. Scanning disks 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) 6. Searching for opened TCP/UDP ports used by malicious software In the database 317 port descriptions Opened at this PC: 36 TCP ports and 8 UDP ports Checking - complete; no suspicious ports detected 7. Heuristic system check Checking - complete 8. Searching for vulnerabilities >> Services: potentially dangerous service allowed: TermService (Remotedesktopdienste) >> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suche) >> Services: potentially dangerous service allowed: Schedule (Aufgabenplanung) > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled >> Security: sending Remote Assistant queries is enabled Checking - complete 9. Troubleshooting wizard Checking - complete Files scanned: 1574, extracted from archives: 923, malicious software found 0, suspicions - 0 Scanning finished at 28.05.2014 14:12:16 Time of scanning: 00:01:56 If you have a suspicion on presence of viruses or questions on the suspected objects, you can address hxxp://forum.kaspersky.com/index.php?showforum=19 For automatic scanning of files from the AVZ quarantine you can use the service hxxp://virusdetector.ru/ Network diagnostics DNS & Ping Host "yandex.ru", IP="213.180.204.11,93.158.134.11,213.180.193.11", Ping=OK (0,64,213.180.204.11) Host "google.ru", IP="173.194.112.23,173.194.112.24,173.194.112.31", Ping=OK (0,13,173.194.112.23) Host "google.com", IP="173.194.112.9,173.194.112.14,173.194.112.0,173.194.112.1,173.194.112.2,173.194.112.3,173.194.112.4,173.194.112.5,173.194.112.6,173.194.112.7,173.194.112.8", Ping=OK (0,14,173.194.112.9) Host "www.kaspersky.com", IP="195.27.252.18", Ping=OK (0,18,195.27.252.18) Host "www.kaspersky.ru", IP="195.27.252.110", Ping=OK (0,21,195.27.252.110) Host "dnl-03.geo.kaspersky.com", IP="212.73.221.202", Ping=OK (0,20,212.73.221.202) Host "dnl-11.geo.kaspersky.com", IP="80.239.174.38", Ping=OK (0,24,80.239.174.38) Host "activation-v2.kaspersky.com", IP="195.27.252.50", Ping=Error (11010,0,0.0.0.0) Host "odnoklassniki.ru", IP="217.20.147.94", Ping=OK (0,68,217.20.147.94) Host "vk.com", IP="87.240.143.241,87.240.131.117,87.240.131.118", Ping=OK (0,49,87.240.143.241) Host "vkontakte.ru", IP="87.240.156.167,87.240.156.168,87.240.156.166", Ping=OK (0,53,87.240.156.167) Host "twitter.com", IP="199.16.156.230,199.16.156.6,199.16.156.102,199.16.156.198", Ping=OK (0,126,199.16.156.230) Host "facebook.com", IP="173.252.110.27", Ping=OK (0,114,173.252.110.27) Host "ru-ru.facebook.com", IP="173.252.73.52,69.171.237.20", Ping=OK (0,164,173.252.73.52) IE Setup AutoConfigURL="" AutoConfigProxy="wininet.dll" ProxyOverride="" ProxyServer="" Network TCP/IP settings System Analysis - complete Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:12:00 on 28.05.2014 OS: Windows 7 Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 29.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [x] Trusted entries [x] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [x] Non-startable services [x] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "Microsoft Corporation" - C:\Windows\system32\autochk.exe (File signed by Microsoft) [Common] -----( %SystemRoot%\Tasks )----- -----( HKCU\SOFTWARE\Classes\exefile\shell\open\command )----- -----( HKCU\SOFTWARE\Microsoft\Command Processor )----- -----( HKCU\SOFTWARE\Mirabilis\ICQ\Agent\Apps )----- -----( HKLM\SOFTWARE\Classes\exefile\shell\open\command )----- "{Default}" - ? - "%1" %* (System default value) -----( HKLM\SOFTWARE\Microsoft\Command Processor )----- -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options )----- -----( HKLM\SOFTWARE\Microsoft\Windows Script Host\Locations )----- -----( HKLM\SOFTWARE\Microsoft\Windows Scripting Host\Locations )----- -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls )----- [Control Panel Objects] -----( %SystemRoot%\system32 )----- "appwiz.cpl" - "Microsoft Corporation" - C:\Windows\system32\appwiz.cpl (File signed by Microsoft) "bthprops.cpl" - "Microsoft Corporation" - C:\Windows\system32\bthprops.cpl (File signed by Microsoft) "collab.cpl" - "Microsoft Corporation" - C:\Windows\system32\collab.cpl (File signed by Microsoft) "desk.cpl" - "Microsoft Corporation" - C:\Windows\system32\desk.cpl (File signed by Microsoft) "Firewall.cpl" - "Microsoft Corporation" - C:\Windows\system32\Firewall.cpl (File signed by Microsoft) "hdwwiz.cpl" - "Microsoft Corporation" - C:\Windows\system32\hdwwiz.cpl (File signed by Microsoft) "inetcpl.cpl" - "Microsoft Corporation" - C:\Windows\system32\inetcpl.cpl (File signed by Microsoft) "infocardcpl.cpl" - "Microsoft Corporation" - C:\Windows\system32\infocardcpl.cpl (File signed by Microsoft) "intl.cpl" - "Microsoft Corporation" - C:\Windows\system32\intl.cpl (File signed by Microsoft) "irprops.cpl" - "Microsoft Corporation" - C:\Windows\system32\irprops.cpl (File signed by Microsoft) "joy.cpl" - "Microsoft Corporation" - C:\Windows\system32\joy.cpl (File signed by Microsoft) "main.cpl" - "Microsoft Corporation" - C:\Windows\system32\main.cpl (File signed by Microsoft) "mmsys.cpl" - "Microsoft Corporation" - C:\Windows\system32\mmsys.cpl (File signed by Microsoft) "ncpa.cpl" - "Microsoft Corporation" - C:\Windows\system32\ncpa.cpl (File signed by Microsoft) "powercfg.cpl" - "Microsoft Corporation" - C:\Windows\system32\powercfg.cpl (File signed by Microsoft) "sysdm.cpl" - "Microsoft Corporation" - C:\Windows\system32\sysdm.cpl (File signed by Microsoft) "TabletPC.cpl" - "Microsoft Corporation" - C:\Windows\system32\TabletPC.cpl (File signed by Microsoft) "telephon.cpl" - "Microsoft Corporation" - C:\Windows\system32\telephon.cpl (File signed by Microsoft) "timedate.cpl" - "Microsoft Corporation" - C:\Windows\system32\timedate.cpl (File signed by Microsoft) "wscui.cpl" - "Microsoft Corporation" - C:\Windows\system32\wscui.cpl (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "1394 OHCI Compliant Host Controller" (1394ohci) - "Microsoft Corporation" - C:\Windows\system32\drivers\1394ohci.sys (File signed by Microsoft) "1394 OHCI Compliant Host Controller (Legacy)" (ohci1394) - "Microsoft Corporation" - C:\Windows\system32\drivers\ohci1394.sys (File signed by Microsoft) "@%systemroot%\system32\appidsvc.dll,-102" (AppID) - "Microsoft Corporation" - C:\Windows\system32\drivers\appid.sys (File signed by Microsoft) "@%systemroot%\system32\browser.dll,-102" (bowser) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\bowser.sys (File signed by Microsoft) "@%SystemRoot%\system32\clfs.sys,-100" (CLFS) - "Microsoft Corporation" - C:\Windows\System32\CLFS.sys (File signed by Microsoft) "@%systemroot%\system32\cscsvc.dll,-202" (CSC) - "Microsoft Corporation" - C:\Windows\System32\drivers\csc.sys (File signed by Microsoft) "@%systemroot%\system32\drivers\afd.sys,-1000" (AFD) - "Microsoft Corporation" - C:\Windows\system32\drivers\afd.sys (File signed by Microsoft) "@%systemroot%\system32\drivers\dfsc.sys,-101" (DfsC) - "Microsoft Corporation" - C:\Windows\System32\Drivers\dfsc.sys (File signed by Microsoft) "@%systemroot%\system32\drivers\discache.sys,-102" (discache) - "Microsoft Corporation" - C:\Windows\System32\drivers\discache.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\fileinfo.sys,-100" (FileInfo) - "Microsoft Corporation" - C:\Windows\System32\drivers\fileinfo.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\filetrace.sys,-10001" (Filetrace) - "Microsoft Corporation" - C:\Windows\System32\drivers\filetrace.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\fltmgr.sys,-10001" (FltMgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\fltmgr.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\fsdepends.sys,-10001" (FsDepends) - "Microsoft Corporation" - C:\Windows\System32\drivers\FsDepends.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\fvevol.sys,-100" (fvevol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fvevol.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\http.sys,-1" (HTTP) - "Microsoft Corporation" - C:\Windows\System32\drivers\HTTP.sys (File signed by Microsoft) "@%systemroot%\system32\drivers\hwpolicy.sys,-101" (hwpolicy) - "Microsoft Corporation" - C:\Windows\System32\drivers\hwpolicy.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\irenum.sys,-100" (IRENUM) - "Microsoft Corporation" - C:\Windows\System32\drivers\irenum.sys (File signed by Microsoft) "@%systemroot%\system32\drivers\luafv.sys,-100" (luafv) - "Microsoft Corporation" - C:\Windows\system32\drivers\luafv.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\mountmgr.sys,-100" (mountmgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\mountmgr.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100" (mshidkmdf) - "Microsoft Corporation" - C:\Windows\System32\drivers\mshidkmdf.sys (File signed by Microsoft) "@%systemroot%\system32\drivers\mup.sys,-101" (Mup) - "Microsoft Corporation" - C:\Windows\System32\Drivers\mup.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\ndis.sys,-200" (NDIS) - "Microsoft Corporation" - C:\Windows\System32\drivers\ndis.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\netbt.sys,-2" (NetBT) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\netbt.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\nsiproxy.sys,-2" (nsiproxy) - "Microsoft Corporation" - C:\Windows\System32\drivers\nsiproxy.sys (File signed by Microsoft) "@%SystemRoot%\System32\drivers\pacer.sys,-101" (Psched) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\pacer.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\partmgr.sys,-100" (partmgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\partmgr.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\qwavedrv.sys,-1" (QWAVEdrv) - "Microsoft Corporation" - C:\Windows\system32\drivers\qwavedrv.sys (File signed by Microsoft) "@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100" (RDPCDD) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\RDPCDD.sys (File signed by Microsoft) "@%systemroot%\system32\drivers\RDPENCDD.sys,-101" (RDPENCDD) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdpencdd.sys (File signed by Microsoft) "@%systemroot%\system32\drivers\RdpRefMp.sys,-101" (RDPREFMP) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdprefmp.sys (File signed by Microsoft) "@%SystemRoot%\System32\drivers\scfilter.sys,-11" (scfilter) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\scfilter.sys (File signed by Microsoft) "@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101" (tssecsrv) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tssecsrv.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\tsusbflt.sys,-1000" (TsUsbFlt) - "Microsoft Corporation" - C:\Windows\System32\drivers\tsusbflt.sys (File signed by Microsoft) "@%SystemRoot%\system32\drivers\volmgrx.sys,-100" (volmgrx) - "Microsoft Corporation" - C:\Windows\System32\drivers\volmgrx.sys (File signed by Microsoft) "@%systemroot%\System32\drivers\ws2ifsl.sys,-1000" (ws2ifsl) - "Microsoft Corporation" - C:\Windows\system32\drivers\ws2ifsl.sys (File signed by Microsoft) "@%SystemRoot%\system32\FirewallAPI.dll,-23092" (mpsdrv) - "Microsoft Corporation" - C:\Windows\System32\drivers\mpsdrv.sys (File signed by Microsoft) "@%systemroot%\system32\rascfg.dll,-32000" (AsyncMac) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\asyncmac.sys (File signed by Microsoft) "@%systemroot%\system32\rascfg.dll,-32001" (NdisTapi) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndistapi.sys (File signed by Microsoft) "@%systemroot%\system32\rascfg.dll,-32002" (NdisWan) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndiswan.sys (File signed by Microsoft) "@%systemroot%\system32\rascfg.dll,-32005" (Rasl2tp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rasl2tp.sys (File signed by Microsoft) "@%systemroot%\system32\rascfg.dll,-32006" (PptpMiniport) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\raspptp.sys (File signed by Microsoft) "@%systemroot%\system32\rascfg.dll,-32007" (RasPppoe) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\raspppoe.sys (File signed by Microsoft) "@%systemroot%\system32\rascfg.dll,-32011" (WANARP) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wanarp.sys (File signed by Microsoft) "@%systemroot%\system32\rascfg.dll,-32012" (Wanarpv6) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wanarp.sys (File signed by Microsoft) "@%systemroot%\system32\rascfg.dll,-32013" (IpFilterDriver) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ipfltdrv.sys (File signed by Microsoft) "@%systemroot%\system32\srvsvc.dll,-102" (srv) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\srv.sys (File signed by Microsoft) "@%systemroot%\system32\srvsvc.dll,-104" (srv2) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\srv2.sys (File signed by Microsoft) "@%systemroot%\system32\sstpsvc.dll,-202" (RasSstp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rassstp.sys (File signed by Microsoft) "@%SystemRoot%\system32\tcpipcfg.dll,-50003" (Tcpip) - "Microsoft Corporation" - C:\Windows\System32\drivers\tcpip.sys (File signed by Microsoft) "@%SystemRoot%\system32\tcpipcfg.dll,-50004" (tdx) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tdx.sys (File signed by Microsoft) "@%SystemRoot%\system32\tcpipcfg.dll,-50005" (Smb) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\smb.sys (File signed by Microsoft) "@%SystemRoot%\system32\vmstorfltres.dll,-1000" (storflt) - "Microsoft Corporation" - C:\Windows\System32\drivers\vmstorfl.sys (File signed by Microsoft) "@%systemroot%\system32\webclnt.dll,-104" (MRxDAV) - "Microsoft Corporation" - C:\Windows\system32\drivers\mrxdav.sys (File signed by Microsoft) "@%systemroot%\system32\wkssvc.dll,-1000" (rdbss) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rdbss.sys (File signed by Microsoft) "@%systemroot%\system32\wkssvc.dll,-1002" (mrxsmb) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mrxsmb.sys (File signed by Microsoft) "@%systemroot%\system32\wkssvc.dll,-1004" (mrxsmb10) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mrxsmb10.sys (File signed by Microsoft) "@%systemroot%\system32\wkssvc.dll,-1006" (mrxsmb20) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mrxsmb20.sys (File signed by Microsoft) "ACPI Power Meter Driver" (AcpiPmi) - "Microsoft Corporation" - C:\Windows\system32\drivers\acpipmi.sys (File signed by Microsoft) "adp94xx" (adp94xx) - "Adaptec, Inc." - C:\Windows\system32\drivers\adp94xx.sys (File signed by Microsoft) "adpahci" (adpahci) - "Adaptec, Inc." - C:\Windows\system32\drivers\adpahci.sys (File signed by Microsoft) "adpu320" (adpu320) - "Adaptec, Inc." - C:\Windows\system32\drivers\adpu320.sys (File signed by Microsoft) "aliide" (aliide) - "Acer Laboratories Inc." - C:\Windows\system32\drivers\aliide.sys (File signed by Microsoft) "AMD K8 Processor Driver" (AmdK8) - "Microsoft Corporation" - C:\Windows\system32\drivers\amdk8.sys (File signed by Microsoft) "AMD Processor Driver" (AmdPPM) - "Microsoft Corporation" - C:\Windows\system32\drivers\amdppm.sys (File signed by Microsoft) "amdide" (amdide) - "Microsoft Corporation" - C:\Windows\system32\drivers\amdide.sys (File signed by Microsoft) "amdsata" (amdsata) - "Advanced Micro Devices" - C:\Windows\system32\drivers\amdsata.sys (File signed by Microsoft) "amdsbs" (amdsbs) - "AMD Technologies Inc." - C:\Windows\system32\drivers\amdsbs.sys (File signed by Microsoft) "amdxata" (amdxata) - "Advanced Micro Devices" - C:\Windows\System32\drivers\amdxata.sys (File signed by Microsoft) "arc" (arc) - "Adaptec, Inc." - C:\Windows\system32\drivers\arc.sys (File signed by Microsoft) "arcsas" (arcsas) - "Adaptec, Inc." - C:\Windows\system32\drivers\arcsas.sys (File signed by Microsoft) "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr2.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "aswStm" (aswStm) - "AVAST Software" - C:\Windows\system32\drivers\aswStm.sys "avast! HardwareID" (aswHwid) - ? - C:\Windows\system32\drivers\aswHwid.sys "avast! Revert" (aswRvrt) - ? - C:\Windows\system32\drivers\aswRvrt.sys "avast! VM Monitor" (aswVmm) - ? - C:\Windows\system32\drivers\aswVmm.sys "AVZ-RK Kernel Driver" (uzmynzgy) - ? - C:\Windows\system32\Drivers\uzmynzgy.sys (File not found) "Beep" (Beep) - "Microsoft Corporation" - C:\Windows\system32\drivers\Beep.sys (File signed by Microsoft) "blbdrive" (blbdrive) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\blbdrive.sys (File signed by Microsoft) "Bluetooth Serial Communications Driver" (BTHMODEM) - "Microsoft Corporation" - C:\Windows\system32\drivers\bthmodem.sys (File signed by Microsoft) "Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0" (b57nd60a) - "Broadcom Corporation" - C:\Windows\System32\DRIVERS\b57nd60a.sys (File signed by Microsoft) "Broadcom NetXtreme II 10 GigE VBD" (ebdrv) - "Broadcom Corporation" - C:\Windows\system32\drivers\evbda.sys (File signed by Microsoft) "Broadcom NetXtreme II VBD" (b06bdrv) - "Broadcom Corporation" - C:\Windows\system32\drivers\bxvbda.sys (File signed by Microsoft) "Brother MFC Serial Port Interface Driver (WDM)" (Brserid) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\Brserid.sys (File signed by Microsoft) "Brother MFC USB Fax Only Modem" (BrUsbMdm) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\BrUsbMdm.sys (File signed by Microsoft) "Brother MFC USB Serial WDM Driver" (BrUsbSer) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\BrUsbSer.sys (File signed by Microsoft) "Brother USB Mass-Storage Lower Filter Driver" (BrFiltLo) - "Brother Industries, Ltd." - C:\Windows\system32\drivers\BrFiltLo.sys (File signed by Microsoft) "Brother USB Mass-Storage Upper Filter Driver" (BrFiltUp) - "Brother Industries, Ltd." - C:\Windows\system32\drivers\BrFiltUp.sys (File signed by Microsoft) "Brother WDM Serial driver" (BrSerWdm) - "Brother Industries Ltd." - C:\Windows\System32\Drivers\BrSerWdm.sys (File signed by Microsoft) "BTHORM" (BTHORM) - "Toolwiz.com" - C:\Windows\System32\Drivers\BTHORM.sys "Busenumeratortreiber für Verbundgeräte" (CompositeBus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\CompositeBus.sys (File signed by Microsoft) "CD-ROM-Laufwerktreiber" (cdrom) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\cdrom.sys (File signed by Microsoft) "CD/DVD File System Reader" (cdfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\cdfs.sys (File signed by Microsoft) "cmdide" (cmdide) - "CMD Technology, Inc." - C:\Windows\system32\drivers\cmdide.sys (File signed by Microsoft) "CNG" (CNG) - "Microsoft Corporation" - C:\Windows\System32\Drivers\cng.sys (File signed by Microsoft) "Consumer IR Devices" (circlass) - "Microsoft Corporation" - C:\Windows\system32\drivers\circlass.sys (File signed by Microsoft) "Crcdisk Filter Driver" (crcdisk) - "Microsoft Corporation" - C:\Windows\system32\drivers\crcdisk.sys (File signed by Microsoft) "dmvsc" (dmvsc) - "Microsoft Corporation" - C:\Windows\system32\drivers\dmvsc.sys (File signed by Microsoft) "eHome Infrared Receiver (USBCIR)" (usbcir) - "Microsoft Corporation" - C:\Windows\system32\drivers\usbcir.sys (File signed by Microsoft) "elxstor" (elxstor) - "Emulex" - C:\Windows\system32\drivers\elxstor.sys (File signed by Microsoft) "Enumerator-Treiber für Microsoft Virtual Drive" (vdrvroot) - "Microsoft Corporation" - C:\Windows\System32\drivers\vdrvroot.sys (File signed by Microsoft) "exFAT File System Driver" (exfat) - "Microsoft Corporation" - C:\Windows\system32\drivers\exfat.sys (File signed by Microsoft) "FAT12/16/32 File System Driver" (fastfat) - "Microsoft Corporation" - C:\Windows\system32\drivers\fastfat.sys (File signed by Microsoft) "Floppy Disk Controller Driver" (fdc) - "Microsoft Corporation" - C:\Windows\system32\drivers\fdc.sys (File signed by Microsoft) "Floppy Disk Driver" (flpydisk) - "Microsoft Corporation" - C:\Windows\system32\drivers\flpydisk.sys (File signed by Microsoft) "Fs_Rec" (Fs_Rec) - "Microsoft Corporation" - C:\Windows\system32\drivers\Fs_Rec.sys (File signed by Microsoft) "Hauppauge Consumer Infrared Receiver" (hcw85cir) - "Hauppauge Computer Works, Inc." - C:\Windows\system32\drivers\hcw85cir.sys (File signed by Microsoft) "HID UPS Battery Driver" (HidBatt) - "Microsoft Corporation" - C:\Windows\system32\drivers\HidBatt.sys (File signed by Microsoft) "High-Capacity Floppy Disk Drive" (sfloppy) - "Microsoft Corporation" - C:\Windows\system32\drivers\sfloppy.sys (File signed by Microsoft) "HpSAMD" (HpSAMD) - "Hewlett-Packard Company" - C:\Windows\system32\drivers\HpSAMD.sys (File signed by Microsoft) "i8042-Tastatur- und PS/2-Mausanschluss-Treiber" (i8042prt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\i8042prt.sys (File signed by Microsoft) "iaStorV" (iaStorV) - "Intel Corporation" - C:\Windows\system32\drivers\iaStorV.sys (File signed by Microsoft) "IDE-Kanal" (atapi) - "Microsoft Corporation" - C:\Windows\System32\drivers\atapi.sys (File signed by Microsoft) "iirsp" (iirsp) - "Intel Corp./ICP vortex GmbH" - C:\Windows\system32\drivers\iirsp.sys (File signed by Microsoft) "Intel AGP Bus Filter" (agp440) - "Microsoft Corporation" - C:\Windows\system32\drivers\agp440.sys (File signed by Microsoft) "Intel AHCI Controller" (iaStor) - "Intel Corporation" - C:\Windows\System32\DRIVERS\iaStor.sys (File signed by Microsoft) "Intel(R) Management Engine Interface" (MEIx64) - "Intel Corporation" - C:\Windows\System32\DRIVERS\HECIx64.sys (File signed by Microsoft) "Intel-Prozessortreiber" (intelppm) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\intelppm.sys (File signed by Microsoft) "intelide" (intelide) - "Microsoft Corporation" - C:\Windows\system32\drivers\intelide.sys (File signed by Microsoft) "Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter" (AMPPAL) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\AMPPAL.sys (File signed by Microsoft) "IP Network Address Translator" (IPNAT) - "Microsoft Corporation" - C:\Windows\System32\drivers\ipnat.sys (File signed by Microsoft) "IPMIDRV" (IPMIDRV) - "Microsoft Corporation" - C:\Windows\system32\drivers\IPMIDrv.sys (File signed by Microsoft) "isapnp" (isapnp) - "Microsoft Corporation" - C:\Windows\system32\drivers\isapnp.sys (File signed by Microsoft) "iScsiPort Driver" (iScsiPrt) - "Microsoft Corporation" - C:\Windows\system32\drivers\msiscsi.sys (File signed by Microsoft) "Kernel Mode Driver Frameworks service" (Wdf01000) - "Microsoft Corporation" - C:\Windows\System32\drivers\Wdf01000.sys (File signed by Microsoft) "Kernel Streaming Thunks" (ksthunk) - "Microsoft Corporation" - C:\Windows\system32\drivers\ksthunk.sys (File signed by Microsoft) "KSecDD" (KSecDD) - "Microsoft Corporation" - C:\Windows\System32\Drivers\ksecdd.sys (File signed by Microsoft) "KSecPkg" (KSecPkg) - "Microsoft Corporation" - C:\Windows\System32\Drivers\ksecpkg.sys (File signed by Microsoft) "Laufwerktreiber" (Disk) - "Microsoft Corporation" - C:\Windows\System32\drivers\disk.sys (File signed by Microsoft) "LDDM Graphics Subsystem" (DXGKrnl) - "Microsoft Corporation" - C:\Windows\System32\drivers\dxgkrnl.sys (File signed by Microsoft) "Link-Layer Topology Discovery Mapper I/O Driver" (lltdio) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\lltdio.sys (File signed by Microsoft) "Link-Layer Topology Discovery Responder" (rspndr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rspndr.sys (File signed by Microsoft) "LSI_FC" (LSI_FC) - "LSI Corporation" - C:\Windows\system32\drivers\lsi_fc.sys (File signed by Microsoft) "LSI_SAS" (LSI_SAS) - "LSI Corporation" - C:\Windows\system32\drivers\lsi_sas.sys (File signed by Microsoft) "LSI_SAS2" (LSI_SAS2) - "LSI Corporation" - C:\Windows\system32\drivers\lsi_sas2.sys (File signed by Microsoft) "LSI_SCSI" (LSI_SCSI) - "LSI Corporation" - C:\Windows\system32\drivers\lsi_scsi.sys (File signed by Microsoft) "Maus-HID-Treiber" (mouhid) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mouhid.sys (File signed by Microsoft) "Mausklassentreiber" (mouclass) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mouclass.sys (File signed by Microsoft) "megasas" (megasas) - "LSI Corporation" - C:\Windows\system32\drivers\megasas.sys (File signed by Microsoft) "MegaSR" (MegaSR) - "LSI Corporation, Inc." - C:\Windows\system32\drivers\MegaSR.sys (File signed by Microsoft) "Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst" (HdAudAddService) - "Microsoft Corporation" - C:\Windows\System32\drivers\HdAudio.sys (File signed by Microsoft) "Microsoft ACPI-Treiber" (ACPI) - "Microsoft Corporation" - C:\Windows\System32\drivers\ACPI.sys (File signed by Microsoft) "Microsoft AGPv3.5 Filter" (uagp35) - "Microsoft Corporation" - C:\Windows\system32\drivers\uagp35.sys (File signed by Microsoft) "Microsoft Bluetooth HID Miniport" (HidBth) - "Microsoft Corporation" - C:\Windows\system32\drivers\hidbth.sys (File signed by Microsoft) "Microsoft Composite Battery-Treiber" (Compbatt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\compbatt.sys (File signed by Microsoft) "Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms" (gagp30kx) - "Microsoft Corporation" - C:\Windows\system32\drivers\gagp30kx.sys (File signed by Microsoft) "Microsoft Hardware Error Device Driver" (ErrDev) - "Microsoft Corporation" - C:\Windows\system32\drivers\errdev.sys (File signed by Microsoft) "Microsoft HID Class-Treiber" (HidUsb) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\hidusb.sys (File signed by Microsoft) "Microsoft Infrared HID Driver" (HidIr) - "Microsoft Corporation" - C:\Windows\system32\drivers\hidir.sys (File signed by Microsoft) "Microsoft Input Configuration Driver" (MTConfig) - "Microsoft Corporation" - C:\Windows\system32\drivers\MTConfig.sys (File signed by Microsoft) "Microsoft IPv6 Protocol Driver" (TCPIP6) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tcpip.sys (File signed by Microsoft) "Microsoft Monitor-Klassenfunktionstreiber-Dienst" (monitor) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\monitor.sys (File signed by Microsoft) "Microsoft Proxy für Streaming Clock" (MSPCLOCK) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSPCLOCK.sys (File signed by Microsoft) "Microsoft Proxy für Streaming Quality Manager" (MSPQM) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSPQM.sys (File signed by Microsoft) "Microsoft Standard-USB-Haupttreiber" (usbccgp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbccgp.sys (File signed by Microsoft) "Microsoft Streaming Service Proxy" (MSKSSRV) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSKSSRV.sys (File signed by Microsoft) "Microsoft Streaming Tee/Sink-to-Sink-Konvertierung" (MSTEE) - "Microsoft Corporation" - C:\Windows\System32\drivers\MSTEE.sys (File signed by Microsoft) "Microsoft Trusted Audio Drivers" (drmkaud) - "Microsoft Corporation" - C:\Windows\System32\drivers\drmkaud.sys (File signed by Microsoft) "Microsoft UMPass Driver" (UmPass) - "Microsoft Corporation" - C:\Windows\system32\drivers\umpass.sys (File signed by Microsoft) "Microsoft USB Open Host Controller Miniport Driver" (usbohci) - "Microsoft Corporation" - C:\Windows\system32\drivers\usbohci.sys (File signed by Microsoft) "Microsoft USB PRINTER Class" (usbprint) - "Microsoft Corporation" - C:\Windows\system32\drivers\usbprint.sys (File signed by Microsoft) "Microsoft USB Universal Host Controller Miniport Driver" (usbuhci) - "Microsoft Corporation" - C:\Windows\system32\drivers\usbuhci.sys (File signed by Microsoft) "Microsoft USB-Standardhubtreiber" (usbhub) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbhub.sys (File signed by Microsoft) "Microsoft Virtual WiFi Miniport Service" (vwifimp) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\vwifimp.sys (File signed by Microsoft) "Microsoft Windows Management Interface for ACPI" (WmiAcpi) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wmiacpi.sys (File signed by Microsoft) "Microsoft-Systemverwaltungs-BIOS-Treiber" (mssmbios) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\mssmbios.sys (File signed by Microsoft) "Microsoft-Tunnelminiport-Adaptertreiber" (tunnel) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\tunnel.sys (File signed by Microsoft) "Microsoft-UAA-Bustreiber für High Definition Audio" (HDAudBus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\HDAudBus.sys (File signed by Microsoft) "Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller" (usbehci) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\usbehci.sys (File signed by Microsoft) "Modem" (Modem) - "Microsoft Corporation" - C:\Windows\System32\drivers\modem.sys (File signed by Microsoft) "mpio" (mpio) - "Microsoft Corporation" - C:\Windows\system32\drivers\mpio.sys (File signed by Microsoft) "msahci" (msahci) - "Microsoft Corporation" - C:\Windows\System32\drivers\msahci.sys (File signed by Microsoft) "msdsm" (msdsm) - "Microsoft Corporation" - C:\Windows\system32\drivers\msdsm.sys (File signed by Microsoft) "Msfs" (Msfs) - "Microsoft Corporation" - C:\Windows\system32\drivers\Msfs.sys (File signed by Microsoft) "msisadrv" (msisadrv) - "Microsoft Corporation" - C:\Windows\System32\drivers\msisadrv.sys (File signed by Microsoft) "MsRPC" (MsRPC) - "Microsoft Corporation" - C:\Windows\system32\drivers\MsRPC.sys (File signed by Microsoft) "NativeWiFi Filter" (NativeWifiP) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\nwifi.sys (File signed by Microsoft) "NDIS Capture LightWeight Filter" (NdisCap) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndiscap.sys (File signed by Microsoft) "NDIS Usermode I/O Protocol" (Ndisuio) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\ndisuio.sys (File signed by Microsoft) "NDProxy" (NDProxy) - "Microsoft Corporation" - C:\Windows\system32\drivers\NDProxy.sys (File signed by Microsoft) "NetBIOS Interface" (NetBIOS) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\netbios.sys (File signed by Microsoft) "nfrd960" (nfrd960) - "IBM Corporation" - C:\Windows\system32\drivers\nfrd960.sys (File signed by Microsoft) "Npfs" (Npfs) - "Microsoft Corporation" - C:\Windows\system32\drivers\Npfs.sys (File signed by Microsoft) "Ntfs" (Ntfs) - "Microsoft Corporation" - C:\Windows\system32\drivers\Ntfs.sys (File signed by Microsoft) "Null" (Null) - "Microsoft Corporation" - C:\Windows\system32\drivers\Null.sys (File signed by Microsoft) "NVIDIA nForce AGP Bus Filter" (nv_agp) - "Microsoft Corporation" - C:\Windows\system32\drivers\nv_agp.sys (File signed by Microsoft) "nvraid" (nvraid) - "NVIDIA Corporation" - C:\Windows\system32\drivers\nvraid.sys (File signed by Microsoft) "nvstor" (nvstor) - "NVIDIA Corporation" - C:\Windows\system32\drivers\nvstor.sys (File signed by Microsoft) "Parallel port driver" (Parport) - "Microsoft Corporation" - C:\Windows\system32\drivers\parport.sys (File signed by Microsoft) "PCI-Bus-Treiber" (pci) - "Microsoft Corporation" - C:\Windows\System32\drivers\pci.sys (File signed by Microsoft) "pciide" (pciide) - "Microsoft Corporation" - C:\Windows\system32\drivers\pciide.sys (File signed by Microsoft) "pcmcia" (pcmcia) - "Microsoft Corporation" - C:\Windows\system32\drivers\pcmcia.sys (File signed by Microsoft) "PEAUTH" (PEAUTH) - "Microsoft Corporation" - C:\Windows\System32\drivers\peauth.sys (File signed by Microsoft) "Performance Counters for Windows Driver" (pcw) - "Microsoft Corporation" - C:\Windows\System32\drivers\pcw.sys (File signed by Microsoft) "Processor Driver" (Processor) - "Microsoft Corporation" - C:\Windows\system32\drivers\processr.sys (File signed by Microsoft) "PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf_amd64.sys "ql2300" (ql2300) - "QLogic Corporation" - C:\Windows\system32\drivers\ql2300.sys (File signed by Microsoft) "ql40xx" (ql40xx) - "QLogic Corporation" - C:\Windows\system32\drivers\ql40xx.sys (File signed by Microsoft) "Qualcomm Atheros Extensible Wireless LAN device driver" (athr) - "Qualcomm Atheros Communications, Inc." - C:\Windows\System32\DRIVERS\athrx.sys (File signed by Microsoft) "RDP Winstation Driver" (RDPWD) - "Microsoft Corporation" - C:\Windows\system32\drivers\RDPWD.sys (File signed by Microsoft) "ReadyBoost" (rdyboost) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdyboost.sys (File signed by Microsoft) "Realtek 8167 NT Driver" (RTL8167) - "Realtek " - C:\Windows\System32\DRIVERS\Rt64win7.sys (File signed by Microsoft) "Remote Access Auto Connection Driver" (RasAcd) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rasacd.sys (File signed by Microsoft) "Remote Desktop Device Redirector Bus Driver" (rdpbus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\rdpbus.sys (File signed by Microsoft) "Remote Desktop Generic USB Device" (TsUsbGD) - "Microsoft Corporation" - C:\Windows\system32\drivers\TsUsbGD.sys (File signed by Microsoft) "s3cap" (s3cap) - "Microsoft Corporation" - C:\Windows\system32\drivers\vms3cap.sys (File signed by Microsoft) "sbp2port" (sbp2port) - "Microsoft Corporation" - C:\Windows\system32\drivers\sbp2port.sys (File signed by Microsoft) "Security Driver" (secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\Windows\system32\drivers\secdrv.sys (File signed by Microsoft) "Security Processor Loader Driver" (spldr) - "Microsoft Corporation" - C:\Windows\system32\drivers\spldr.sys (File signed by Microsoft) "Serenum Filter Driver" (Serenum) - "Microsoft Corporation" - C:\Windows\system32\drivers\serenum.sys (File signed by Microsoft) "Serial" (Serial) - "Microsoft Corporation" - C:\Windows\system32\drivers\serial.sys (File signed by Microsoft) "Serial Mouse Driver" (sermouse) - "Microsoft Corporation" - C:\Windows\system32\drivers\sermouse.sys (File signed by Microsoft) "Service for NVIDIA High Definition Audio Driver" (NVHDA) - "NVIDIA Corporation" - C:\Windows\System32\drivers\nvhda64v.sys (File signed by Microsoft) "SFF Storage Class Driver" (sffdisk) - "Microsoft Corporation" - C:\Windows\system32\drivers\sffdisk.sys (File signed by Microsoft) "SFF Storage Protocol Driver for MMC" (sffp_mmc) - "Microsoft Corporation" - C:\Windows\system32\drivers\sffp_mmc.sys (File signed by Microsoft) "SFF Storage Protocol Driver for SDBus" (sffp_sd) - "Microsoft Corporation" - C:\Windows\system32\drivers\sffp_sd.sys (File signed by Microsoft) "SiSRaid2" (SiSRaid2) - "Silicon Integrated Systems Corp." - C:\Windows\system32\drivers\SiSRaid2.sys (File signed by Microsoft) "SiSRaid4" (SiSRaid4) - "Silicon Integrated Systems" - C:\Windows\system32\drivers\sisraid4.sys (File signed by Microsoft) "Software-Bus-Treiber" (swenum) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\swenum.sys (File signed by Microsoft) "Speichervolumes" (volsnap) - "Microsoft Corporation" - C:\Windows\System32\drivers\volsnap.sys (File signed by Microsoft) "srvnet" (srvnet) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\srvnet.sys (File signed by Microsoft) "stexstor" (stexstor) - "Promise Technology" - C:\Windows\system32\drivers\stexstor.sys (File signed by Microsoft) "storvsc" (storvsc) - "Microsoft Corporation" - C:\Windows\system32\drivers\storvsc.sys (File signed by Microsoft) "Tastatur-HID-Treiber" (kbdhid) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\kbdhid.sys (File signed by Microsoft) "Tastaturklassentreiber" (kbdclass) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\kbdclass.sys (File signed by Microsoft) "TCP/IP Registry Compatibility" (tcpipreg) - "Microsoft Corporation" - C:\Windows\System32\drivers\tcpipreg.sys (File signed by Microsoft) "TDPIPE" (TDPIPE) - "Microsoft Corporation" - C:\Windows\System32\drivers\tdpipe.sys (File signed by Microsoft) "TDTCP" (TDTCP) - "Microsoft Corporation" - C:\Windows\System32\drivers\tdtcp.sys (File signed by Microsoft) "Terminal Server Device Redirector Driver" (RDPDR) - "Microsoft Corporation" - C:\Windows\System32\drivers\rdpdr.sys (File signed by Microsoft) "Terminal-Gerätetreiber" (TermDD) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\termdd.sys (File signed by Microsoft) "Treiber für Microsoft-ACPI-Kontrollmethodenkompatiblen Akku" (CmBatt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\CmBatt.sys (File signed by Microsoft) "Treiber für Volume-Manager" (volmgr) - "Microsoft Corporation" - C:\Windows\System32\drivers\volmgr.sys (File signed by Microsoft) "udfs" (udfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\udfs.sys (File signed by Microsoft) "Uli AGP Bus Filter" (uliagpkx) - "Microsoft Corporation" - C:\Windows\system32\drivers\uliagpkx.sys (File signed by Microsoft) "UMBusenumerator-Treiber" (umbus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\umbus.sys (File signed by Microsoft) "USB-Massenspeichertreiber" (USBSTOR) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\USBSTOR.SYS (File signed by Microsoft) "USB-Videogerät (WDM)" (usbvideo) - "Microsoft Corporation" - C:\Windows\System32\Drivers\usbvideo.sys (File signed by Microsoft) "User Mode Driver Frameworks Platform Driver" (WudfPf) - "Microsoft Corporation" - C:\Windows\System32\drivers\WudfPf.sys (File signed by Microsoft) "vga" (vga) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\vgapnp.sys (File signed by Microsoft) "VgaSave" (VgaSave) - "Microsoft Corporation" - C:\Windows\System32\drivers\vga.sys (File signed by Microsoft) "vhdmp" (vhdmp) - "Microsoft Corporation" - C:\Windows\system32\drivers\vhdmp.sys (File signed by Microsoft) "viaide" (viaide) - "VIA Technologies, Inc." - C:\Windows\system32\drivers\viaide.sys (File signed by Microsoft) "Virtual WiFi Filter Driver" (VWiFiFlt) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\vwififlt.sys (File signed by Microsoft) "Virtueller WiFi-Bustreiber" (vwifibus) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\vwifibus.sys (File signed by Microsoft) "vmbus" (vmbus) - "Microsoft Corporation" - C:\Windows\system32\drivers\vmbus.sys (File signed by Microsoft) "VMBusHID" (VMBusHID) - "Microsoft Corporation" - C:\Windows\system32\drivers\VMBusHID.sys (File signed by Microsoft) "vsmraid" (vsmraid) - "VIA Technologies Inc.,Ltd" - C:\Windows\system32\drivers\vsmraid.sys (File signed by Microsoft) "Wacom Serial Pen HID Driver" (WacomPen) - "Microsoft Corporation" - C:\Windows\system32\drivers\wacompen.sys (File signed by Microsoft) "WAN Miniport (IKEv2)" (RasAgileVpn) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\AgileVpn.sys (File signed by Microsoft) "Wd" (Wd) - "Microsoft Corporation" - C:\Windows\system32\drivers\wd.sys (File signed by Microsoft) "WFP Lightweight Filter" (WfpLwf) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wfplwf.sys (File signed by Microsoft) "WIMMount" (WIMMount) - "Microsoft Corporation" - C:\Windows\System32\drivers\wimmount.sys (File signed by Microsoft) "WUDFRd" (WUDFRd) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\WUDFRd.sys (File signed by Microsoft) [Explorer] -----( HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components )----- -----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )----- -----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )----- -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- -----( HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- >{60B49E34-C7CC-11D0-8953-00A0C90347FF} "Browser Customizations" - "Microsoft Corporation" - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP (File signed by Microsoft) >{26923b43-4d38-484f-9b9e-de460746276c} "Internet Explorer" - "Microsoft Corporation" - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig (File signed by Microsoft) {44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Windows" - "Microsoft Corporation" - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE (File signed by Microsoft) >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - %SystemRoot%\system32\unregmp2.exe /ShowWMP (File signed by Microsoft) {6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI (File signed by Microsoft) {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install (File signed by Microsoft) {2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll (File signed by Microsoft) {89820200-ECBD-11cf-8B85-00AA005B4383} "Web Platform Customizations" - "Microsoft Corporation" - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings (File signed by Microsoft) {89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll (File signed by Microsoft) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- -----( HKLM\Software\Classes\Protocols\Filter )----- {8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll (File signed by Microsoft) {8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll (File signed by Microsoft) {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\Windows\system32\mscoree.dll (File signed by Microsoft) {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\Windows\system32\mscoree.dll (File signed by Microsoft) {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\Windows\system32\mscoree.dll (File signed by Microsoft) -----( HKLM\Software\Classes\Protocols\Handler )----- {3dd53d40-7b8b-11D0-b013-00aa0059ce02} "CDL: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll (File signed by Microsoft) {12D51199-0DB5-46FE-A120-47A3D7D937CC} "DVD: Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\msvidctl.dll (File signed by Microsoft) {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll (File signed by Microsoft) {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll (File signed by Microsoft) {79eac9e3-baf9-11ce-8c82-00aa004ba90b} "ftp: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll (File signed by Microsoft) {79eac9e2-baf9-11ce-8c82-00aa004ba90b} "http: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll (File signed by Microsoft) {79eac9e5-baf9-11ce-8c82-00aa004ba90b} "https: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll (File signed by Microsoft) {05300401-BCBC-11d0-85E3-00C04FD85AB4} "MHTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\inetcomm.dll (File signed by Microsoft) {3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\mshtml.dll (File signed by Microsoft) {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\mshtml.dll (File signed by Microsoft) {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\mshtml.dll (File signed by Microsoft) {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\mshtml.dll (File signed by Microsoft) {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\mshtml.dll (File signed by Microsoft) {9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\Windows\System32\itss.dll (File signed by Microsoft) {9D148291-B9C8-11D0-A4CC-0000F80149F6} "Microsoft InfoTech Protocols for IE 4.0" - "Microsoft Corporation" - C:\Windows\System32\itss.dll (File signed by Microsoft) {79eac9e6-baf9-11ce-8c82-00aa004ba90b} "mk: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\SysWOW64\urlmon.dll (File signed by Microsoft) {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "TV: Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\SysWOW64\msvidctl.dll (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )----- -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll {00C6D95F-329C-409a-81D7-C46C66EA7F33} "DefaultLocation" - "Microsoft Corporation" - C:\Windows\System32\shdocvw.dll (File signed by Microsoft) {80009818-f38f-4af1-87b5-eadab9433e58} "MF ADTS Property Handler" - "Microsoft Corporation" - C:\Windows\System32\mf.dll (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\Windows\SysWOW64\ieframe.dll (File signed by Microsoft) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )----- -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- [Known DLLs] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )----- "advapi32" - "Microsoft Corporation" - C:\Windows\system32\advapi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "clbcatq" - "Microsoft Corporation" - C:\Windows\system32\clbcatq.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "COMDLG32" - "Microsoft Corporation" - C:\Windows\system32\COMDLG32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "DifxApi" - "Microsoft Corporation" - C:\Windows\system32\difxapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "gdi32" - "Microsoft Corporation" - C:\Windows\system32\gdi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IERTUTIL" - "Microsoft Corporation" - C:\Windows\system32\IERTUTIL.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMAGEHLP" - "Microsoft Corporation" - C:\Windows\system32\IMAGEHLP.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMM32" - "Microsoft Corporation" - C:\Windows\system32\IMM32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "kernel32" - "Microsoft Corporation" - C:\Windows\system32\kernel32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "LPK" - "Microsoft Corporation" - C:\Windows\system32\LPK.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSCTF" - "Microsoft Corporation" - C:\Windows\system32\MSCTF.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSVCRT" - "Microsoft Corporation" - C:\Windows\system32\MSVCRT.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NORMALIZ" - "Microsoft Corporation" - C:\Windows\system32\NORMALIZ.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NSI" - "Microsoft Corporation" - C:\Windows\system32\NSI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "OLEAUT32" - "Microsoft Corporation" - C:\Windows\system32\OLEAUT32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "PSAPI" - "Microsoft Corporation" - C:\Windows\system32\PSAPI.DLL (Hidden registry entry, rootkit activity | File signed by Microsoft) "rpcrt4" - "Microsoft Corporation" - C:\Windows\system32\rpcrt4.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "sechost" - "Microsoft Corporation" - C:\Windows\system32\sechost.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "Setupapi" - "Microsoft Corporation" - C:\Windows\system32\Setupapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHELL32" - "Microsoft Corporation" - C:\Windows\system32\SHELL32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHLWAPI" - "Microsoft Corporation" - C:\Windows\system32\SHLWAPI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "USP10" - "Microsoft Corporation" - C:\Windows\system32\USP10.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WLDAP32" - "Microsoft Corporation" - C:\Windows\system32\WLDAP32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WS2_32" - "Microsoft Corporation" - C:\Windows\system32\WS2_32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Authentication packages" - "Microsoft Corporation" - C:\Windows\system32\msv1_0.dll (File signed by Microsoft) "Notification packages" - "Microsoft Corporation" - C:\Windows\system32\scecli.dll (File signed by Microsoft) "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\kerberos.dll (File signed by Microsoft) "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\msv1_0.dll (File signed by Microsoft) "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\schannel.dll (File signed by Microsoft) "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\wdigest.dll (File signed by Microsoft) "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\tspkg.dll (File signed by Microsoft) "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\pku2u.dll (File signed by Microsoft) -----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )----- "SecurityProviders" - "Microsoft Corporation" - C:\Windows\system32\credssp.dll (File signed by Microsoft) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run )----- -----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce )----- -----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx )----- -----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows )----- -----( HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run )----- -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System )----- -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "WinPatrol" - "BillP Studios" - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )----- -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices )----- -----( HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logoff )----- -----( HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logon )----- -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run )----- -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce )----- -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx )----- -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "Shell" - "Microsoft Corporation" - C:\Windows\explorer.exe (File signed by Microsoft) "Userinit" - "Microsoft Corporation" - C:\Windows\system32\userinit.exe (File signed by Microsoft) -----( HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run )----- -----( HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System )----- -----( HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown )----- -----( HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup )----- -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - "Microsoft Corporation" - C:\Windows\system32\rdpclip.exe (File signed by Microsoft) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AvastUI.exe" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui "IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe "THGuard" - "Mischel Internet Security" - "C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe" "TrojanScanner" - "Simply Super Software" - C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx )----- -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices )----- -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce )----- [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Microsoft Terminal Services" - "Microsoft Corporation" - C:\Windows\System32\drprov.dll (File signed by Microsoft) "Microsoft Windows Network" - "Microsoft Corporation" - C:\Windows\System32\ntlanman.dll (File signed by Microsoft) "Web Client Network" - "Microsoft Corporation" - C:\Windows\System32\davclnt.dll (File signed by Microsoft) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "WSD Port" - "Microsoft Corporation" - C:\Windows\system32\WSDMon.dll (File signed by Microsoft) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "@%SystemRoot%\ehome\ehrecvr.exe,-101" (ehRecvr) - "Microsoft Corporation" - C:\Windows\ehome\ehRecvr.exe (File signed by Microsoft) "@%SystemRoot%\ehome\ehres.dll,-15501" (Mcx2Svc) - "Microsoft Corporation" - C:\Windows\system32\Mcx2Svc.dll (File signed by Microsoft) "@%SystemRoot%\ehome\ehsched.exe,-101" (ehSched) - "Microsoft Corporation" - C:\Windows\ehome\ehsched.exe (File signed by Microsoft) "@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193" (idsvc) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (File signed by Microsoft) "@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201" (NetTcpPortSharing) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (File signed by Microsoft) "@%SystemRoot%\servicing\TrustedInstaller.exe,-100" (TrustedInstaller) - "Microsoft Corporation" - C:\Windows\servicing\TrustedInstaller.exe (File signed by Microsoft) "@%SystemRoot%\system32\aelupsvc.dll,-1" (AeLookupSvc) - "Microsoft Corporation" - C:\Windows\System32\aelupsvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\Alg.exe,-112" (ALG) - "Microsoft Corporation" - C:\Windows\System32\alg.exe (File signed by Microsoft) "@%systemroot%\system32\appidsvc.dll,-100" (AppIDSvc) - "Microsoft Corporation" - C:\Windows\System32\appidsvc.dll (File signed by Microsoft) "@%systemroot%\system32\appinfo.dll,-100" (Appinfo) - "Microsoft Corporation" - C:\Windows\System32\appinfo.dll (File signed by Microsoft) "@%SystemRoot%\system32\audiosrv.dll,-200" (AudioSrv) - "Microsoft Corporation" - C:\Windows\System32\Audiosrv.dll (File signed by Microsoft) "@%SystemRoot%\system32\audiosrv.dll,-204" (AudioEndpointBuilder) - "Microsoft Corporation" - C:\Windows\System32\Audiosrv.dll (File signed by Microsoft) "@%SystemRoot%\system32\AxInstSV.dll,-103" (AxInstSV) - "Microsoft Corporation" - C:\Windows\System32\AxInstSV.dll (File signed by Microsoft) "@%SystemRoot%\system32\bdesvc.dll,-100" (BDESVC) - "Microsoft Corporation" - C:\Windows\System32\bdesvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\bfe.dll,-1001" (BFE) - "Microsoft Corporation" - C:\Windows\System32\bfe.dll (File signed by Microsoft) "@%systemroot%\system32\browser.dll,-100" (Browser) - "Microsoft Corporation" - C:\Windows\System32\browser.dll (File signed by Microsoft) "@%SystemRoot%\System32\bthserv.dll,-101" (bthserv) - "Microsoft Corporation" - C:\Windows\system32\bthserv.dll (File signed by Microsoft) "@%SystemRoot%\System32\certprop.dll,-11" (CertPropSvc) - "Microsoft Corporation" - C:\Windows\System32\certprop.dll (File signed by Microsoft) "@%SystemRoot%\System32\certprop.dll,-13" (SCPolicySvc) - "Microsoft Corporation" - C:\Windows\System32\certprop.dll (File signed by Microsoft) "@%SystemRoot%\system32\cryptsvc.dll,-1001" (CryptSvc) - "Microsoft Corporation" - C:\Windows\system32\cryptsvc.dll (File signed by Microsoft) "@%systemroot%\system32\cscsvc.dll,-200" (CscService) - "Microsoft Corporation" - C:\Windows\System32\cscsvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\defragsvc.dll,-101" (defragsvc) - "Microsoft Corporation" - C:\Windows\System32\defragsvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\dhcpcore.dll,-100" (Dhcp) - "Microsoft Corporation" - C:\Windows\system32\dhcpcore.dll (File signed by Microsoft) "@%SystemRoot%\System32\dnsapi.dll,-101" (Dnscache) - "Microsoft Corporation" - C:\Windows\System32\dnsrslvr.dll (File signed by Microsoft) "@%systemroot%\system32\dot3svc.dll,-1102" (dot3svc) - "Microsoft Corporation" - C:\Windows\System32\dot3svc.dll (File signed by Microsoft) "@%systemroot%\system32\dps.dll,-500" (DPS) - "Microsoft Corporation" - C:\Windows\system32\dps.dll (File signed by Microsoft) "@%SystemRoot%\system32\dwm.exe,-2000" (UxSms) - "Microsoft Corporation" - C:\Windows\System32\uxsms.dll (File signed by Microsoft) "@%systemroot%\system32\eapsvc.dll,-1" (EapHost) - "Microsoft Corporation" - C:\Windows\System32\eapsvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\efssvc.dll,-100" (EFS) - "Microsoft Corporation" - C:\Windows\System32\lsass.exe (File signed by Microsoft) "@%systemroot%\system32\fdPHost.dll,-100" (fdPHost) - "Microsoft Corporation" - C:\Windows\system32\fdPHost.dll (File signed by Microsoft) "@%systemroot%\system32\fdrespub.dll,-100" (FDResPub) - "Microsoft Corporation" - C:\Windows\system32\fdrespub.dll (File signed by Microsoft) "@%SystemRoot%\system32\FirewallAPI.dll,-23090" (MpsSvc) - "Microsoft Corporation" - C:\Windows\system32\mpssvc.dll (File signed by Microsoft) "@%systemroot%\system32\FntCache.dll,-100" (FontCache) - "Microsoft Corporation" - C:\Windows\system32\FntCache.dll (File signed by Microsoft) "@%systemroot%\system32\fxsresm.dll,-118" (Fax) - "Microsoft Corporation" - C:\Windows\system32\fxssvc.exe (File signed by Microsoft) "@%SystemRoot%\System32\hidserv.dll,-101" (hidserv) - "Microsoft Corporation" - C:\Windows\system32\hidserv.dll (File signed by Microsoft) "@%SystemRoot%\system32\ikeext.dll,-501" (IKEEXT) - "Microsoft Corporation" - C:\Windows\System32\ikeext.dll (File signed by Microsoft) "@%systemroot%\system32\IPBusEnum.dll,-102" (IPBusEnum) - "Microsoft Corporation" - C:\Windows\system32\ipbusenum.dll (File signed by Microsoft) "@%SystemRoot%\system32\iphlpsvc.dll,-500" (iphlpsvc) - "Microsoft Corporation" - C:\Windows\System32\iphlpsvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\ipnathlp.dll,-106" (SharedAccess) - "Microsoft Corporation" - C:\Windows\System32\ipnathlp.dll (File signed by Microsoft) "@%SystemRoot%\system32\iscsidsc.dll,-5000" (MSiSCSI) - "Microsoft Corporation" - C:\Windows\system32\iscsiexe.dll (File signed by Microsoft) "@%SystemRoot%\system32\kmsvc.dll,-6" (hkmsvc) - "Microsoft Corporation" - C:\Windows\system32\kmsvc.dll (File signed by Microsoft) "@%SystemRoot%\System32\ListSvc.dll,-100" (HomeGroupListener) - "Microsoft Corporation" - C:\Windows\system32\ListSvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\lltdres.dll,-1" (lltdsvc) - "Microsoft Corporation" - C:\Windows\System32\lltdsvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\lmhsvc.dll,-101" (lmhosts) - "Microsoft Corporation" - C:\Windows\System32\lmhsvc.dll (File signed by Microsoft) "@%systemroot%\system32\Locator.exe,-2" (RpcLocator) - "Microsoft Corporation" - C:\Windows\system32\locator.exe (File signed by Microsoft) "@%systemroot%\system32\mmcss.dll,-100" (MMCSS) - "Microsoft Corporation" - C:\Windows\system32\mmcss.dll (File signed by Microsoft) "@%systemroot%\system32\mmcss.dll,-102" (THREADORDER) - "Microsoft Corporation" - C:\Windows\system32\mmcss.dll (File signed by Microsoft) "@%Systemroot%\system32\mprdim.dll,-200" (RemoteAccess) - "Microsoft Corporation" - C:\Windows\System32\mprdim.dll (File signed by Microsoft) "@%SystemRoot%\system32\msimsg.dll,-27" (msiserver) - "Microsoft Corporation" - C:\Windows\system32\msiexec.exe (File signed by Microsoft) "@%SystemRoot%\System32\netlogon.dll,-102" (Netlogon) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe (File signed by Microsoft) "@%SystemRoot%\system32\netman.dll,-109" (Netman) - "Microsoft Corporation" - C:\Windows\System32\netman.dll (File signed by Microsoft) "@%SystemRoot%\system32\netprofm.dll,-202" (netprofm) - "Microsoft Corporation" - C:\Windows\System32\netprofm.dll (File signed by Microsoft) "@%SystemRoot%\System32\nlasvc.dll,-1" (NlaSvc) - "Microsoft Corporation" - C:\Windows\System32\nlasvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\nsisvc.dll,-200" (nsi) - "Microsoft Corporation" - C:\Windows\system32\nsisvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\p2psvc.dll,-8006" (p2psvc) - "Microsoft Corporation" - C:\Windows\system32\p2psvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\pcasvc.dll,-1" (PcaSvc) - "Microsoft Corporation" - C:\Windows\System32\pcasvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\peerdistsvc.dll,-9000" (PeerDistSvc) - "Microsoft Corporation" - C:\Windows\system32\peerdistsvc.dll (File signed by Microsoft) "@%systemroot%\system32\pla.dll,-500" (pla) - "Microsoft Corporation" - C:\Windows\system32\pla.dll (File signed by Microsoft) "@%SystemRoot%\system32\pnrpauto.dll,-8002" (PNRPAutoReg) - "Microsoft Corporation" - C:\Windows\system32\pnrpauto.dll (File signed by Microsoft) "@%SystemRoot%\system32\pnrpsvc.dll,-8000" (PNRPsvc) - "Microsoft Corporation" - C:\Windows\system32\pnrpsvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\pnrpsvc.dll,-8004" (p2pimsvc) - "Microsoft Corporation" - C:\Windows\system32\pnrpsvc.dll (File signed by Microsoft) "@%SystemRoot%\System32\polstore.dll,-5010" (PolicyAgent) - "Microsoft Corporation" - C:\Windows\System32\ipsecsvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\PresentationHost.exe,-3309" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (File signed by Microsoft) "@%systemroot%\system32\profsvc.dll,-300" (ProfSvc) - "Microsoft Corporation" - C:\Windows\system32\profsvc.dll (File signed by Microsoft) "@%SystemRoot%\System32\provsvc.dll,-100" (HomeGroupProvider) - "Microsoft Corporation" - C:\Windows\system32\provsvc.dll (File signed by Microsoft) "@%systemroot%\system32\psbase.dll,-300" (ProtectedStorage) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe (File signed by Microsoft) "@%SystemRoot%\system32\qagentrt.dll,-6" (napagent) - "Microsoft Corporation" - C:\Windows\system32\qagentRT.dll (File signed by Microsoft) "@%SystemRoot%\system32\qmgr.dll,-1000" (BITS) - "Microsoft Corporation" - C:\Windows\System32\qmgr.dll (File signed by Microsoft) "@%SystemRoot%\system32\qwave.dll,-1" (QWAVE) - "Microsoft Corporation" - C:\Windows\system32\qwave.dll (File signed by Microsoft) "@%Systemroot%\system32\rasauto.dll,-200" (RasAuto) - "Microsoft Corporation" - C:\Windows\System32\rasauto.dll (File signed by Microsoft) "@%Systemroot%\system32\rasmans.dll,-200" (RasMan) - "Microsoft Corporation" - C:\Windows\System32\rasmans.dll (File signed by Microsoft) "@%SystemRoot%\system32\samsrv.dll,-1" (SamSs) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe (File signed by Microsoft) "@%SystemRoot%\System32\SCardSvr.dll,-1" (SCardSvr) - "Microsoft Corporation" - C:\Windows\System32\SCardSvr.dll (File signed by Microsoft) "@%SystemRoot%\system32\schedsvc.dll,-100" (Schedule) - "Microsoft Corporation" - C:\Windows\system32\schedsvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\sdrsvc.dll,-107" (SDRSVC) - "Microsoft Corporation" - C:\Windows\System32\SDRSVC.dll (File signed by Microsoft) "@%systemroot%\system32\SearchIndexer.exe,-103" (WSearch) - "Microsoft Corporation" - C:\Windows\system32\SearchIndexer.exe (File signed by Microsoft) "@%SystemRoot%\system32\seclogon.dll,-7001" (seclogon) - "Microsoft Corporation" - C:\Windows\system32\seclogon.dll (File signed by Microsoft) "@%SystemRoot%\system32\Sens.dll,-200" (SENS) - "Microsoft Corporation" - C:\Windows\System32\sens.dll (File signed by Microsoft) "@%SystemRoot%\System32\sensrsvc.dll,-1000" (SensrSvc) - "Microsoft Corporation" - C:\Windows\system32\sensrsvc.dll (File signed by Microsoft) "@%SystemRoot%\System32\SessEnv.dll,-1026" (SessionEnv) - "Microsoft Corporation" - C:\Windows\system32\sessenv.dll (File signed by Microsoft) "@%SystemRoot%\System32\shsvcs.dll,-12288" (ShellHWDetection) - "Microsoft Corporation" - C:\Windows\System32\shsvcs.dll (File signed by Microsoft) "@%SystemRoot%\system32\snmptrap.exe,-3" (SNMPTRAP) - "Microsoft Corporation" - C:\Windows\System32\snmptrap.exe (File signed by Microsoft) "@%systemroot%\system32\spoolsv.exe,-1" (Spooler) - "Microsoft Corporation" - C:\Windows\System32\spoolsv.exe (File signed by Microsoft) "@%SystemRoot%\system32\sppsvc.exe,-101" (sppsvc) - "Microsoft Corporation" - C:\Windows\system32\sppsvc.exe (File signed by Microsoft) "@%SystemRoot%\system32\sppuinotify.dll,-103" (sppuinotify) - "Microsoft Corporation" - C:\Windows\system32\sppuinotify.dll (File signed by Microsoft) "@%systemroot%\system32\srvsvc.dll,-100" (LanmanServer) - "Microsoft Corporation" - C:\Windows\system32\srvsvc.dll (File signed by Microsoft) "@%systemroot%\system32\ssdpsrv.dll,-100" (SSDPSRV) - "Microsoft Corporation" - C:\Windows\System32\ssdpsrv.dll (File signed by Microsoft) "@%SystemRoot%\system32\sstpsvc.dll,-200" (SstpSvc) - "Microsoft Corporation" - C:\Windows\system32\sstpsvc.dll (File signed by Microsoft) "@%SystemRoot%\System32\StorSvc.dll,-100" (StorSvc) - "Microsoft Corporation" - C:\Windows\system32\storsvc.dll (File signed by Microsoft) "@%SystemRoot%\System32\swprv.dll,-103" (swprv) - "Microsoft Corporation" - C:\Windows\System32\swprv.dll (File signed by Microsoft) "@%SystemRoot%\system32\sysmain.dll,-1000" (SysMain) - "Microsoft Corporation" - C:\Windows\system32\sysmain.dll (File signed by Microsoft) "@%SystemRoot%\system32\TabSvc.dll,-100" (TabletInputService) - "Microsoft Corporation" - C:\Windows\System32\TabSvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\tapisrv.dll,-10100" (TapiSrv) - "Microsoft Corporation" - C:\Windows\System32\tapisrv.dll (File signed by Microsoft) "@%SystemRoot%\system32\tbssvc.dll,-100" (TBS) - "Microsoft Corporation" - C:\Windows\System32\tbssvc.dll (File signed by Microsoft) "@%SystemRoot%\System32\termsrv.dll,-268" (TermService) - "Microsoft Corporation" - C:\Windows\System32\termsrv.dll (File signed by Microsoft) "@%SystemRoot%\System32\themeservice.dll,-8192" (Themes) - "Microsoft Corporation" - C:\Windows\system32\themeservice.dll (File signed by Microsoft) "@%SystemRoot%\system32\trkwks.dll,-1" (TrkWks) - "Microsoft Corporation" - C:\Windows\System32\trkwks.dll (File signed by Microsoft) "@%SystemRoot%\system32\ui0detect.exe,-101" (UI0Detect) - "Microsoft Corporation" - C:\Windows\system32\UI0Detect.exe (File signed by Microsoft) "@%SystemRoot%\system32\umpnpmgr.dll,-100" (PlugPlay) - "Microsoft Corporation" - C:\Windows\system32\umpnpmgr.dll (File signed by Microsoft) "@%SystemRoot%\system32\umpo.dll,-100" (Power) - "Microsoft Corporation" - C:\Windows\system32\umpo.dll (File signed by Microsoft) "@%SystemRoot%\system32\umrdp.dll,-1000" (UmRdpService) - "Microsoft Corporation" - C:\Windows\System32\umrdp.dll (File signed by Microsoft) "@%systemroot%\system32\upnphost.dll,-213" (upnphost) - "Microsoft Corporation" - C:\Windows\System32\upnphost.dll (File signed by Microsoft) "@%SystemRoot%\system32\vaultsvc.dll,-1003" (VaultSvc) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe (File signed by Microsoft) "@%SystemRoot%\system32\vds.exe,-100" (vds) - "Microsoft Corporation" - C:\Windows\System32\vds.exe (File signed by Microsoft) "@%systemroot%\system32\vssvc.exe,-102" (VSS) - "Microsoft Corporation" - C:\Windows\system32\vssvc.exe (File signed by Microsoft) "@%SystemRoot%\system32\w32time.dll,-200" (W32Time) - "Microsoft Corporation" - C:\Windows\system32\w32time.dll (File signed by Microsoft) "@%Systemroot%\system32\wbem\wmiapsrv.exe,-110" (wmiApSrv) - "Microsoft Corporation" - C:\Windows\system32\wbem\WmiApSrv.exe (File signed by Microsoft) "@%Systemroot%\system32\wbem\wmisvc.dll,-205" (Winmgmt) - "Microsoft Corporation" - C:\Windows\system32\wbem\WMIsvc.dll (File signed by Microsoft) "@%systemroot%\system32\wbengine.exe,-104" (wbengine) - "Microsoft Corporation" - C:\Windows\system32\wbengine.exe (File signed by Microsoft) "@%systemroot%\system32\wbiosrvc.dll,-100" (WbioSrvc) - "Microsoft Corporation" - C:\Windows\System32\wbiosrvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\wcncsvc.dll,-3" (wcncsvc) - "Microsoft Corporation" - C:\Windows\System32\wcncsvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\WcsPlugInService.dll,-200" (WcsPlugInService) - "Microsoft Corporation" - C:\Windows\System32\WcsPlugInService.dll (File signed by Microsoft) "@%systemroot%\system32\wdi.dll,-500" (WdiSystemHost) - "Microsoft Corporation" - C:\Windows\system32\wdi.dll (File signed by Microsoft) "@%systemroot%\system32\wdi.dll,-502" (WdiServiceHost) - "Microsoft Corporation" - C:\Windows\system32\wdi.dll (File signed by Microsoft) "@%systemroot%\system32\webclnt.dll,-100" (WebClient) - "Microsoft Corporation" - C:\Windows\System32\webclnt.dll (File signed by Microsoft) "@%SystemRoot%\system32\wecsvc.dll,-200" (Wecsvc) - "Microsoft Corporation" - C:\Windows\system32\wecsvc.dll (File signed by Microsoft) "@%SystemRoot%\System32\wercplsupport.dll,-101" (wercplsupport) - "Microsoft Corporation" - C:\Windows\System32\wercplsupport.dll (File signed by Microsoft) "@%SystemRoot%\System32\wersvc.dll,-100" (WerSvc) - "Microsoft Corporation" - C:\Windows\System32\WerSvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\wevtsvc.dll,-200" (eventlog) - "Microsoft Corporation" - C:\Windows\System32\svchost.exe (File signed by Microsoft) "@%SystemRoot%\system32\wiaservc.dll,-9" (stisvc) - "Microsoft Corporation" - C:\Windows\System32\wiaservc.dll (File signed by Microsoft) "@%SystemRoot%\system32\winhttp.dll,-100" (WinHttpAutoProxySvc) - "Microsoft Corporation" - C:\Windows\system32\winhttp.dll (File signed by Microsoft) "@%systemroot%\system32\wkssvc.dll,-100" (LanmanWorkstation) - "Microsoft Corporation" - C:\Windows\System32\wkssvc.dll (File signed by Microsoft) "@%SystemRoot%\System32\wlansvc.dll,-257" (Wlansvc) - "Microsoft Corporation" - C:\Windows\System32\wlansvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\wpcsvc.dll,-100" (WPCSvc) - "Microsoft Corporation" - C:\Windows\System32\wpcsvc.dll (File signed by Microsoft) "@%SystemRoot%\system32\wpdbusenum.dll,-100" (WPDBusEnum) - "Microsoft Corporation" - C:\Windows\system32\wpdbusenum.dll (File signed by Microsoft) "@%SystemRoot%\System32\wscsvc.dll,-200" (wscsvc) - "Microsoft Corporation" - C:\Windows\System32\wscsvc.dll (File signed by Microsoft) "@%Systemroot%\system32\wsmsvc.dll,-101" (WinRM) - "Microsoft Corporation" - C:\Windows\system32\WsmSvc.dll (File signed by Microsoft) "@%systemroot%\system32\wuaueng.dll,-105" (wuauserv) - "Microsoft Corporation" - C:\Windows\system32\wuaueng.dll (File signed by Microsoft) "@%SystemRoot%\system32\wudfsvc.dll,-1000" (wudfsvc) - "Microsoft Corporation" - C:\Windows\System32\WUDFSvc.dll (File signed by Microsoft) "@%SystemRoot%\System32\wwansvc.dll,-257" (WwanSvc) - "Microsoft Corporation" - C:\Windows\System32\wwansvc.dll (File signed by Microsoft) "@%systemroot%\sysWow64\perfhost.exe,-2" (PerfHost) - "Microsoft Corporation" - C:\Windows\SysWow64\perfhost.exe (File signed by Microsoft) "@%windir%\system32\RpcEpMap.dll,-1001" (RpcEptMapper) - "Microsoft Corporation" - C:\Windows\System32\RpcEpMap.dll (File signed by Microsoft) "@appmgmts.dll,-3250" (AppMgmt) - "Microsoft Corporation" - C:\Windows\System32\appmgmts.dll (File signed by Microsoft) "@comres.dll,-2450" (EventSystem) - "Microsoft Corporation" - C:\Windows\system32\es.dll (File signed by Microsoft) "@comres.dll,-2797" (MSDTC) - "Microsoft Corporation" - C:\Windows\System32\msdtc.exe (File signed by Microsoft) "@comres.dll,-2946" (KtmRm) - "Microsoft Corporation" - C:\Windows\system32\msdtckrm.dll (File signed by Microsoft) "@comres.dll,-947" (COMSysApp) - "Microsoft Corporation" - C:\Windows\system32\dllhost.exe (File signed by Microsoft) "@gpapi.dll,-112" (gpsvc) - "Microsoft Corporation" - C:\Windows\System32\gpsvc.dll (File signed by Microsoft) "@keyiso.dll,-100" (KeyIso) - "Microsoft Corporation" - C:\Windows\system32\lsass.exe (File signed by Microsoft) "@oleres.dll,-5010" (RpcSs) - "Microsoft Corporation" - C:\Windows\system32\rpcss.dll (File signed by Microsoft) "@oleres.dll,-5012" (DcomLaunch) - "Microsoft Corporation" - C:\Windows\system32\rpcss.dll (File signed by Microsoft) "@regsvc.dll,-1" (RemoteRegistry) - "Microsoft Corporation" - C:\Windows\system32\regsvc.dll (File signed by Microsoft) "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "Microsoft .NET Framework NGEN v2.0.50727_X64" (clr_optimization_v2.0.50727_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (File signed by Microsoft) "Microsoft .NET Framework NGEN v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (File signed by Microsoft) "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\PSIA.exe "Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\sua.exe "ZAtheros Wlan Agent" (ZAtheros Wlan Agent) - "Atheros" - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- -----( HKCU\Control Panel\IOProcs )----- -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "VmApplet" - "Microsoft Corporation" - C:\Windows\system32\SystemPropertiesPerformance.exe (File signed by Microsoft) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" - "Microsoft Corporation" - C:\Windows\system32\dot3gpclnt.dll (File signed by Microsoft) {fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f} "CP" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll (File signed by Microsoft) {8A28E2C5-8D06-49A4-A08C-632DAA493E17} "Deployed Printer Connections" - "Microsoft Corporation" - C:\Windows\system32\gpprnext.dll (File signed by Microsoft) {FB2CA36D-0B40-4307-821B-A13B252DE56C} "Enterprise QoS" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll (File signed by Microsoft) {25537BA6-77A8-11D2-9B6C-0000F8080861} "Folder Redirection" - "Microsoft Corporation" - C:\Windows\system32\fdeploy.dll (File signed by Microsoft) {F9C77450-3A41-477E-9310-9ACD617BD9E3} "Group Policy Applications" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {728EE579-943C-4519-9EF7-AB56765798ED} "Group Policy Data Sources" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {1A6364EB-776B-4120-ADE1-B63A406A76B5} "Group Policy Device Settings" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {5794DAFD-BE60-433f-88A2-1A31939AC01F} "Group Policy Drive Maps" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {0E28E245-9368-4853-AD84-6DA3BA35BB75} "Group Policy Environment" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {7150F9BF-48AD-4da4-A49C-29EF4A8369BA} "Group Policy Files" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {A3F3E39B-5D83-4940-B954-28315B82F0A8} "Group Policy Folder Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {6232C319-91AC-4931-9385-E70C2B099F0E} "Group Policy Folders" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {74EE6C03-5363-4554-B161-627540339CAB} "Group Policy Ini Files" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {E47248BA-94CC-49c4-BBB5-9EB7F05183D0} "Group Policy Internet Settings" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {17D89FEC-5C44-4972-B12D-241CAEF74509} "Group Policy Local Users and Groups" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {3A0DBA37-F8B2-4356-83DE-3E90BD5C261F} "Group Policy Network Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {6A4C88C6-C502-4f74-8F60-2CB23EDC24E2} "Group Policy Network Shares" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {E62688F0-25FD-4c90-BFF5-F508B9D2E31F} "Group Policy Power Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {BC75B1ED-5833-4858-9BB8-CBF0B166DF9D} "Group Policy Printers" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {E5094040-C46C-4115-B030-04FB2E545B00} "Group Policy Regional Options" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {B087BE9D-ED37-454f-AF9C-04291E351182} "Group Policy Registry" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {AADCED64-746C-4633-A97C-D61349046527} "Group Policy Scheduled Tasks" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {91FBB303-0CD5-4055-BF42-E512A681B325} "Group Policy Services" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7} "Group Policy Shortcuts" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {E4F48E54-F38D-4884-BFB9-D4D2E5729C18} "Group Policy Start Menu Settings" - "Microsoft Corporation" - C:\Windows\system32\gpprefcl.dll (File signed by Microsoft) {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer Branding" - "Microsoft Corporation" - C:\Windows\SysWOW64\iedkcs32.dll (File signed by Microsoft) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} "Internet Explorer Machine Accelerators" - "Microsoft Corporation" - C:\Windows\SysWOW64\iedkcs32.dll (File signed by Microsoft) {7B849a69-220F-451E-B3FE-2CB811AF94AE} "Internet Explorer User Accelerators" - "Microsoft Corporation" - C:\Windows\SysWOW64\iedkcs32.dll (File signed by Microsoft) {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer Zonemapping" - "Microsoft Corporation" - C:\Windows\SysWOW64\iedkcs32.dll (File signed by Microsoft) {e437bc1c-aa7d-11d2-a382-00c04f991e27} "IP Security" - "Microsoft Corporation" - C:\Windows\System32\polstore.dll (File signed by Microsoft) {3610eda5-77ef-11d2-8dc5-00c04fa31a66} "Microsoft Disk Quota" - "Microsoft Corporation" - C:\Windows\System32\dskquota.dll (File signed by Microsoft) {C631DF4C-088F-4156-B058-4375F0853CD8} "Microsoft Offline Files" - "Microsoft Corporation" - C:\Windows\System32\cscobj.dll (File signed by Microsoft) {426031c0-0b47-4852-b0ca-ac3d37bfcb39} "QoS Packet Scheduler" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll (File signed by Microsoft) {42B5FAAE-6536-11d2-AE5A-0000F87571E3} "Scripts" - "Microsoft Corporation" - C:\Windows\system32\gpscript.dll (File signed by Microsoft) {827D319E-6EAC-11D2-A4EA-00C04F79F83A} "Security" - "Microsoft Corporation" - C:\Windows\system32\scecli.dll (File signed by Microsoft) {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Software Installation" - "Microsoft Corporation" - C:\Windows\system32\appmgmts.dll (File signed by Microsoft) {cdeafc3d-948d-49dd-ab12-e578ba4af7aa} "TCPIP" - "Microsoft Corporation" - C:\Windows\system32\gptext.dll (File signed by Microsoft) {7933F41E-56F8-41d6-A31C-4148A711EE93} "Windows Search Group Policy Extension" - "Microsoft Corporation" - C:\Windows\System32\srchadmin.dll (File signed by Microsoft) {0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} "Wireless Group Policy" - "Microsoft Corporation" - C:\Windows\system32\wlgpclnt.dll (File signed by Microsoft) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- -----( HKLM\System\CurrentControlSet\Control\BootVerificationProgram )----- [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "@%SystemRoot%\system32\napinsp.dll,-1000" - "Microsoft Corporation" - C:\Windows\system32\napinsp.dll (File signed by Microsoft) "@%SystemRoot%\system32\nlasvc.dll,-1000" - "Microsoft Corporation" - C:\Windows\system32\NLAapi.dll (File signed by Microsoft) "@%SystemRoot%\system32\pnrpnsp.dll,-1000" - "Microsoft Corporation" - C:\Windows\system32\pnrpnsp.dll (File signed by Microsoft) "@%SystemRoot%\system32\pnrpnsp.dll,-1001" - "Microsoft Corporation" - C:\Windows\system32\pnrpnsp.dll (File signed by Microsoft) "@%SystemRoot%\system32\wshtcpip.dll,-60103" - "Microsoft Corporation" - C:\Windows\System32\mswsock.dll (File signed by Microsoft) "NTDS" - "Microsoft Corporation" - C:\Windows\System32\winrnr.dll (File signed by Microsoft) -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "@%SystemRoot%\System32\wship6.dll,-60100" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll (File signed by Microsoft) "@%SystemRoot%\System32\wship6.dll,-60101" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll (File signed by Microsoft) "@%SystemRoot%\System32\wship6.dll,-60102" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll (File signed by Microsoft) "@%SystemRoot%\System32\wshqos.dll,-100" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll (File signed by Microsoft) "@%SystemRoot%\System32\wshqos.dll,-101" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll (File signed by Microsoft) "@%SystemRoot%\System32\wshqos.dll,-102" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll (File signed by Microsoft) "@%SystemRoot%\System32\wshqos.dll,-103" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll (File signed by Microsoft) "@%SystemRoot%\System32\wshtcpip.dll,-60100" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll (File signed by Microsoft) "@%SystemRoot%\System32\wshtcpip.dll,-60101" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll (File signed by Microsoft) "@%SystemRoot%\System32\wshtcpip.dll,-60102" - "Microsoft Corporation" - C:\Windows\system32\mswsock.dll (File signed by Microsoft) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Mir ist auch aufgefallen, dass die Scans von Malwarebytes z. B. einfach durchlaufen ohne, dass wirklich was gescannt wird. So als ob die Malware dem Programm sagt, dass es die nfizierten Dateien überspringen soll. |
|
29.05.2014, 13:55
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen und das Problem hast Du auf 2 Geräten? Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ --> Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen |
|
30.05.2014, 09:33
| #7 |
| | Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen hier der scan, p.s. mir ist eingefallen,dass ich kurz bevor die probleme angefangen haben meinen usb-stick ins notebook einer kommilitonin getan hab. jetzt halt dich fest, sie hat noch zu mir gemeint, dass es ja der selbe ist den sie hat :O also doch eine bios infektion möglich? habe die ganze nacht nicht geschlafen, habe verschiedene linux-distros ausprobiert, aber beide sind verseucht mit IRGENDWAS ssh-ebury + sonstwas - ich bin fix und alle! BITTE HILFE MIR! [/CODE] FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by SYSTEM on MININT-U6GNBK4 on 30-05-2014 10:12:38
Running from F:\scans
Platform: WIN_7 Service Pack 1 (X64) OS Language: German Standard
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.
==================== Registry (Whitelisted) ==================
ATTENTION: Software hive is missing.
==================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
==================== One Month Modified Files and Folders =======
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 4075.55 MB
Available physical RAM: 3538.27 MB
Total Pagefile: 4073.75 MB
Available Pagefile: 3521.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Drives ================================
Drive d: (Daten) (Fixed) (Total:340.31 GB) (Free:212.62 GB) NTFS
Drive e: (GRMCPRXVOL_DE_DVD) (CDROM) (Total:2.91 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:3.69 GB) (Free:1.23 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:95 GB) (Free:69.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AECDB9E2)
Partition 1: (Active) - (Size=95 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=347 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 007BCF32)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
==================== End Of Log ============================
|
|
31.05.2014, 10:27
| #8 | |
| /// the machine /// TB-Ausbilder | Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmenZitat:
FRST Scan bitte nochmal, die Registry konnte nicht geladen werden. Was ist mit meiner Frage wegen den beiden Rechnern?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.06.2014, 16:08
| #9 |
| | Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen Hallo, musste die Windows Partition nochmal formatieren, weil ich dummerweise selbst versucht habe etwas zu unternehmen, was dem System wohl geschadet hat. Zu deiner Frage, ja habe auf beiden Rechnern das Problem, auf meinem PC habe ich jetzt Linux am Laufen, meine Windows CD wird gar nicht mehr erkannt, auch andere CDs zum Beispiel die Ultimate Boot CD wird übergangen Kann ich dagegen irgendwas tun? - Habe mich zum Thema Rootkit eingelesen und habe jetzt die Frage, ob man bei einem Kernel-Rootkit überhaupt etwas machen kann? Ob das Schadprogramm, das sich unter Windows eingenistet hat etwas mit meinen Laufwerken machen kann? Zum Beispiel listet /dev/log/ logs auf die zum Teil 12GB groß sind!! udev.log ist 12.000 Zeilen lang - Die FRST-Log werde ich heute Abend posten - Ist es möglich einen Rookit zu entfernen, der sich so tief in den PC eingefressen hat? Danke für deine Mühe soweit. |
|
03.06.2014, 10:21
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen Vielleicht ist einfach das Laufwerk für die Tonne? Es gibt nix was nen Formatieren überlebt, wenn es korrekt gemacht wurde.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.06.2014, 16:59
| #11 |
| | Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen hier die log FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 (ATTENTION: ====> FRST version is 9 days old and could be outdated) Ran by SYSTEM on MININT-63G3J2Q on 03-06-2014 18:57:46 Running from G:\scan Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-06-03] (AVAST Software) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd) ==================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-03] (AVAST Software) S2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1889616 2014-05-25] (SurfRight B.V.) S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-03] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-03] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-03] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-03] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-03] (AVAST Software) S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-06-03] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-06-03] () S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () S2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-06-03] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-03 17:41 - 2014-06-03 17:43 - 00001043 ____H () C:\Windows\EPMBatch.ept 2014-06-03 17:36 - 2014-06-03 17:36 - 00001394 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 9.3.0.lnk 2014-06-03 17:36 - 2013-10-09 14:34 - 03381832 _____ () C:\Windows\System32\BootMan.exe 2014-06-03 17:36 - 2013-10-09 14:24 - 02499656 _____ () C:\Windows\SysWOW64\BootMan.exe 2014-06-03 17:36 - 2013-03-07 08:49 - 00100936 _____ () C:\Windows\System32\setupempdrvx64.exe 2014-06-03 17:36 - 2013-03-07 08:49 - 00087112 _____ () C:\Windows\SysWOW64\setupempdrv03.exe 2014-06-03 17:36 - 2013-03-07 08:49 - 00019840 _____ () C:\Windows\SysWOW64\EuEpmGdi.dll 2014-06-03 17:36 - 2013-03-07 08:49 - 00017480 _____ () C:\Windows\System32\epmntdrv.sys 2014-06-03 17:36 - 2013-03-07 08:49 - 00016256 _____ () C:\Windows\System32\EuEpmGdi.dll 2014-06-03 17:36 - 2013-03-07 08:49 - 00013896 _____ () C:\Windows\SysWOW64\epmntdrv.sys 2014-06-03 17:36 - 2013-03-07 08:49 - 00009800 _____ () C:\Windows\System32\EuGdiDrv.sys 2014-06-03 17:36 - 2013-03-07 08:49 - 00009160 _____ () C:\Windows\SysWOW64\EuGdiDrv.sys 2014-06-03 17:35 - 2014-06-03 17:35 - 00000000 ____D () C:\Program Files (x86)\EaseUS 2014-06-03 17:29 - 2014-06-03 17:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-06-03 17:29 - 2014-06-03 17:29 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-03 17:29 - 2014-06-03 17:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-03 17:29 - 2014-06-03 17:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-03 17:29 - 2014-05-12 06:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2014-06-03 17:29 - 2014-05-12 06:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2014-06-03 17:29 - 2014-05-12 06:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2014-06-03 17:28 - 2014-06-03 17:28 - 00000000 ____D () C:\Program Files (x86)\The Bat! 2014-06-03 17:22 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2014-06-03 17:22 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2014-06-03 17:22 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2014-06-03 17:22 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll 2014-06-03 17:22 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll 2014-06-03 17:22 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2014-06-03 17:22 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2014-06-03 17:22 - 2012-06-02 14:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2014-06-03 17:22 - 2012-06-02 14:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2014-06-03 17:21 - 2014-06-03 17:21 - 00000000 ____D () C:\Program Files\7-Zip 2014-06-03 17:13 - 2014-06-03 17:36 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert 2014-06-03 17:13 - 2014-06-03 17:13 - 00548424 _____ (SurfRight) C:\Windows\System32\hmpalert.dll 2014-06-03 17:13 - 2014-06-03 17:13 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll 2014-06-03 17:13 - 2014-06-03 17:13 - 00093144 _____ () C:\Windows\System32\Drivers\hmpalert.sys 2014-06-03 17:13 - 2014-06-03 17:13 - 00000000 ____D () C:\Windows\CryptoGuard 2014-06-03 17:13 - 2014-06-03 17:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert 2014-06-03 17:12 - 2014-06-03 17:12 - 02209056 _____ () C:\Users\CD\Downloads\avira-eu-cleaner_de.exe 2014-06-03 17:12 - 2014-06-03 17:12 - 00001981 _____ () C:\Users\CD\Desktop\Entfernen des Avira EU-Cleaners.lnk 2014-06-03 17:12 - 2014-06-03 17:12 - 00001925 _____ () C:\Users\CD\Desktop\Avira EU-Cleaner.lnk 2014-06-03 17:10 - 2014-06-03 17:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-06-03 17:10 - 2014-06-03 17:10 - 01039096 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2014-06-03 17:10 - 2014-06-03 17:10 - 00423240 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2014-06-03 17:10 - 2014-06-03 17:10 - 00334648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe 2014-06-03 17:10 - 2014-06-03 17:10 - 00208928 _____ () C:\Windows\System32\Drivers\aswVmm.sys 2014-06-03 17:10 - 2014-06-03 17:10 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2014-06-03 17:10 - 2014-06-03 17:10 - 00084816 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys 2014-06-03 17:10 - 2014-06-03 17:10 - 00079184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2014-06-03 17:10 - 2014-06-03 17:10 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys 2014-06-03 17:10 - 2014-06-03 17:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-03 17:10 - 2014-06-03 17:10 - 00001969 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-06-03 17:10 - 2014-06-03 17:10 - 00000000 ____D () C:\Users\CD\AppData\Roaming\AVAST Software 2014-06-03 17:09 - 2014-06-03 17:09 - 00057560 _____ () C:\Users\CD\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____D () C:\Program Files\AVAST Software 2014-06-03 17:05 - 2014-06-03 17:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-03 17:05 - 2014-06-03 17:05 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-06-03 17:05 - 2011-01-26 20:35 - 00425064 _____ (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys 2014-06-03 17:05 - 2011-01-26 20:35 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst64.dll 2014-06-03 17:05 - 2011-01-26 20:35 - 00074272 _____ () C:\Windows\System32\RtNicProp64.dll 2014-06-03 17:01 - 2014-06-03 17:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-03 17:01 - 2014-06-03 17:02 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Mozilla 2014-06-03 17:01 - 2014-06-03 17:02 - 00000000 ____D () C:\Users\CD\AppData\Local\Mozilla 2014-06-03 17:01 - 2014-06-03 17:01 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-03 17:01 - 2014-06-03 17:01 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-03 17:01 - 2014-06-03 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-03 16:11 - 2014-06-03 18:57 - 00000000 ____D () C:\FRST 2014-06-03 16:09 - 2014-06-03 16:09 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-06-03 16:08 - 2014-06-03 16:09 - 00000000 ____D () C:\users\CD 2014-06-03 16:08 - 2014-06-03 16:08 - 00000020 ___SH () C:\Users\CD\ntuser.ini 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Vorlagen 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Startmenü 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Netzwerkumgebung 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Lokale Einstellungen 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Eigene Dateien 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Druckumgebung 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Musik 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Bilder 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Verlauf 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Anwendungsdaten 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Anwendungsdaten 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Startmenü 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Favoriten 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Dokumente 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 ____D () C:\Users\CD\AppData\Local\VirtualStore 2014-06-03 05:23 - 2014-06-03 16:08 - 00000000 ____D () C:\Windows\Panther 2014-06-03 05:23 - 2014-06-03 05:23 - 00008192 __RSH () C:\BOOTSECT.BAK 2014-06-03 05:04 - 2014-06-03 05:04 - 00000000 ____D () C:\Windows.old 2014-06-03 04:27 - 2014-06-03 17:55 - 01300441 _____ () C:\Windows\WindowsUpdate.log 2014-06-03 04:27 - 2014-06-03 04:27 - 00001355 _____ () C:\Windows\TSSysprep.log 2014-06-01 01:12 - 2014-06-01 01:23 - 00000229 _____ () C:\mbr.log 2014-06-01 01:06 - 2014-05-26 21:26 - 00788728 _____ (Emsisoft GmbH) C:\mbrmastr.exe 2014-06-01 00:58 - 2014-06-01 00:58 - 00003248 _____ () C:\blitzblank.log 2014-06-01 00:35 - 2014-06-01 00:36 - 00000000 ____D () C:\AdwCleaner 2014-05-31 23:34 - 2014-06-03 16:08 - 00000000 ____D () C:\Recovery 2014-05-31 23:34 - 2014-05-31 23:34 - 00000000 _SHDL () C:\Programme 2014-05-31 23:34 - 2014-05-31 23:34 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2014-05-30 13:27 - 2010-11-21 04:23 - 00383786 __RSH () C:\bootmgr ==================== One Month Modified Files and Folders ======= 2014-06-03 18:57 - 2014-06-03 16:11 - 00000000 ____D () C:\FRST 2014-06-03 17:55 - 2014-06-03 04:27 - 01300441 _____ () C:\Windows\WindowsUpdate.log 2014-06-03 17:55 - 2009-07-14 05:45 - 00016864 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-03 17:55 - 2009-07-14 05:45 - 00016864 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-03 17:52 - 2014-06-03 17:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-06-03 17:50 - 2010-11-21 07:21 - 00643866 _____ () C:\Windows\System32\perfh007.dat 2014-06-03 17:50 - 2010-11-21 07:21 - 00126394 _____ () C:\Windows\System32\perfc007.dat 2014-06-03 17:50 - 2009-07-14 06:13 - 01472002 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-06-03 17:47 - 2014-06-03 17:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-06-03 17:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-03 17:45 - 2009-07-14 05:51 - 00022504 _____ () C:\Windows\setupact.log 2014-06-03 17:43 - 2014-06-03 17:41 - 00001043 ____H () C:\Windows\EPMBatch.ept 2014-06-03 17:36 - 2014-06-03 17:36 - 00001394 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 9.3.0.lnk 2014-06-03 17:36 - 2014-06-03 17:13 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert 2014-06-03 17:35 - 2014-06-03 17:35 - 00000000 ____D () C:\Program Files (x86)\EaseUS 2014-06-03 17:29 - 2014-06-03 17:29 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-03 17:29 - 2014-06-03 17:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-03 17:29 - 2014-06-03 17:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-03 17:28 - 2014-06-03 17:28 - 00000000 ____D () C:\Program Files (x86)\The Bat! 2014-06-03 17:21 - 2014-06-03 17:21 - 00000000 ____D () C:\Program Files\7-Zip 2014-06-03 17:21 - 2014-06-03 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-03 17:13 - 2014-06-03 17:13 - 00548424 _____ (SurfRight) C:\Windows\System32\hmpalert.dll 2014-06-03 17:13 - 2014-06-03 17:13 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll 2014-06-03 17:13 - 2014-06-03 17:13 - 00093144 _____ () C:\Windows\System32\Drivers\hmpalert.sys 2014-06-03 17:13 - 2014-06-03 17:13 - 00000000 ____D () C:\Windows\CryptoGuard 2014-06-03 17:13 - 2014-06-03 17:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert 2014-06-03 17:12 - 2014-06-03 17:12 - 02209056 _____ () C:\Users\CD\Downloads\avira-eu-cleaner_de.exe 2014-06-03 17:12 - 2014-06-03 17:12 - 00001981 _____ () C:\Users\CD\Desktop\Entfernen des Avira EU-Cleaners.lnk 2014-06-03 17:12 - 2014-06-03 17:12 - 00001925 _____ () C:\Users\CD\Desktop\Avira EU-Cleaner.lnk 2014-06-03 17:10 - 2014-06-03 17:10 - 01039096 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2014-06-03 17:10 - 2014-06-03 17:10 - 00423240 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2014-06-03 17:10 - 2014-06-03 17:10 - 00334648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe 2014-06-03 17:10 - 2014-06-03 17:10 - 00208928 _____ () C:\Windows\System32\Drivers\aswVmm.sys 2014-06-03 17:10 - 2014-06-03 17:10 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2014-06-03 17:10 - 2014-06-03 17:10 - 00084816 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys 2014-06-03 17:10 - 2014-06-03 17:10 - 00079184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2014-06-03 17:10 - 2014-06-03 17:10 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys 2014-06-03 17:10 - 2014-06-03 17:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-03 17:10 - 2014-06-03 17:10 - 00001969 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-06-03 17:10 - 2014-06-03 17:10 - 00000000 ____D () C:\Users\CD\AppData\Roaming\AVAST Software 2014-06-03 17:09 - 2014-06-03 17:09 - 00057560 _____ () C:\Users\CD\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____D () C:\Program Files\AVAST Software 2014-06-03 17:05 - 2014-06-03 17:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-03 17:05 - 2014-06-03 17:05 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-06-03 17:05 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\System32\restore 2014-06-03 17:02 - 2014-06-03 17:01 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Mozilla 2014-06-03 17:02 - 2014-06-03 17:01 - 00000000 ____D () C:\Users\CD\AppData\Local\Mozilla 2014-06-03 17:01 - 2014-06-03 17:01 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-03 17:01 - 2014-06-03 17:01 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-03 17:01 - 2014-06-03 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-03 16:09 - 2014-06-03 16:09 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-06-03 16:09 - 2014-06-03 16:08 - 00000000 ____D () C:\users\CD 2014-06-03 16:08 - 2014-06-03 16:08 - 00000020 ___SH () C:\Users\CD\ntuser.ini 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Vorlagen 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Startmenü 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Netzwerkumgebung 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Lokale Einstellungen 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Eigene Dateien 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Druckumgebung 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Musik 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Bilder 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Verlauf 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Anwendungsdaten 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Users\CD\Anwendungsdaten 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Startmenü 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Favoriten 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Dokumente 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2014-06-03 16:08 - 2014-06-03 16:08 - 00000000 ____D () C:\Users\CD\AppData\Local\VirtualStore 2014-06-03 16:08 - 2014-06-03 05:23 - 00000000 ____D () C:\Windows\Panther 2014-06-03 16:08 - 2014-05-31 23:34 - 00000000 ____D () C:\Recovery 2014-06-03 16:08 - 2009-07-14 04:20 - 00000000 __RHD () C:\users\Default 2014-06-03 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\Recovery 2014-06-03 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-06-03 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT 2014-06-03 05:23 - 2014-06-03 05:23 - 00008192 __RSH () C:\BOOTSECT.BAK 2014-06-03 05:23 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\System32\config\BCD-Template.LOG 2014-06-03 05:23 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\System32\config\BCD-Template 2014-06-03 05:04 - 2014-06-03 05:04 - 00000000 ____D () C:\Windows.old 2014-06-03 04:33 - 2009-07-14 05:45 - 00274464 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-06-03 04:27 - 2014-06-03 04:27 - 00001355 _____ () C:\Windows\TSSysprep.log 2014-06-03 04:27 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log 2014-06-03 04:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\sysprep 2014-06-03 04:24 - 2010-11-21 07:27 - 00000000 ____D () C:\Windows\CSC 2014-06-01 01:23 - 2014-06-01 01:12 - 00000229 _____ () C:\mbr.log 2014-06-01 00:58 - 2014-06-01 00:58 - 00003248 _____ () C:\blitzblank.log 2014-06-01 00:36 - 2014-06-01 00:35 - 00000000 ____D () C:\AdwCleaner 2014-05-31 23:34 - 2014-05-31 23:34 - 00000000 _SHDL () C:\Programme 2014-05-31 23:34 - 2014-05-31 23:34 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2014-05-26 21:26 - 2014-06-01 01:06 - 00788728 _____ (Emsisoft GmbH) C:\mbrmastr.exe 2014-05-12 06:26 - 2014-06-03 17:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2014-05-12 06:26 - 2014-06-03 17:29 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2014-05-12 06:25 - 2014-06-03 17:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\CD\AppData\Local\Temp\hmpalert_update.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2014-06-01 08:54:27 Restore point made on: 2014-06-03 17:05:36 Restore point made on: 2014-06-03 17:09:44 Restore point made on: 2014-06-03 17:15:26 Restore point made on: 2014-06-03 17:22:08 Restore point made on: 2014-06-03 17:27:45 ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 4075.55 MB Available physical RAM: 3538.39 MB Total Pagefile: 4073.75 MB Available Pagefile: 3529.78 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (lol) (Fixed) (Total:95 GB) (Free:70.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Daten) (Fixed) (Total:370.66 GB) (Free:242.79 GB) NTFS Drive e: () (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT32 Drive g: () (Removable) (Total:3.69 GB) (Free:2.07 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AECDB9E2) Partition 1: (Not Active) - (Size=100 MB) - (Type=0B) Partition 2: (Active) - (Size=95 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=371 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 007BCF32) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2014-06-03 04:24 ==================== End Of Log ============================ --- --- --- [/CODE] > The current controlset is ControlSet001 davon gibt es verschiedene, evtl. das problem? |
|
04.06.2014, 12:36
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen Nein, das ist normal. Bitte FRST vom Desktop aus laufen lassen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.06.2014, 19:35
| #13 |
| | Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen Habe mittels knoppix ein Systemcheck gemacht, könntest du mal speziell über die geladenen Module, Treiber und Speicher schauen? gparted hat auch eine versteckte primäre Partition gefunden, die ich bisher noch gar nicht gesehen habe Code:
ATTFilter Computer
Summary
Computer
Processor 2x Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Memory 3617MB (224MB used)
Operating System Debian GNU/Linux 7.1
User Name knoppix (Knoppix User)
Date/Time Mi 04 Jun 2014 16:14:26 CEST
Display
Resolution 1366x768 pixels
OpenGL Renderer Gallium 0.4 on NVD9
X11 Vendor The X.Org Foundation
Multimedia
Audio Adapter HDA-Intel - HDA Intel PCH
Audio Adapter HDA-Intel - HDA NVidia
Input Devices
Lid Switch
Power Button
Sleep Button
Power Button
Video Bus
AT Translated Set 2 keyboard
Microsoft Microsoft® Nano Transceiver v2.0
Microsoft Microsoft® Nano Transceiver v2.0
Microsoft Microsoft® Nano Transceiver v2.0
ETPS/2 Elantech Touchpad
WebCam SCB-0385N
Printers
No printers found
SCSI Disks
ATA Hitachi HTS54505
TSSTcorp CDDVDW TS-L633J
Operating System
Version
Kernel Linux 3.9.6 (i686)
Compiled #25 SMP PREEMPT Sat Jun 15 15:27:01 CEST 2013
C Library Unknown
Default C Compiler GNU C Compiler version 4.7.2 (Debian 4.7.2-5)
Distribution Debian GNU/Linux 7.1
Current Session
Computer Name Microknoppix
User Name knoppix (Knoppix User)
Home Directory /home/knoppix
Desktop Environment Unknown (Window Manager: compiz)
Misc
Uptime 5 minutes
Load Average 0,00, 0,00, 0,00
Kernel Modules
Loaded Modules
parport_pc PC-style parallel port driver
ppdev
lp
parport
ipv6 IPv6 protocol stack for Linux
coretemp Intel Core temperature monitor
kvm_intel
kvm
uvcvideo USB Video Class driver
videobuf2_vmalloc vmalloc memory handling routines for videobuf2
videobuf2_memops common memory handling routines for videobuf2
videobuf2_core Driver helper framework for Video for Linux 2
samsung_laptop Samsung Backlight driver
videodev Device registrar for Video4Linux drivers v2
media Device node registration for media drivers
crc32_pclmul
arc4 ARC4 Cipher Algorithm
ath9k Support for Atheros 802.11n wireless LAN cards.
ath9k_common Shared library for Atheros wireless 802.11n LAN cards.
ath9k_hw Support for Atheros 802.11n wireless LAN cards.
ath Shared library for Atheros wireless LAN cards.
mac80211 IEEE 802.11 subsystem
cfg80211 wireless configuration support
r8169 RealTek RTL-8169 Gigabit Ethernet driver
snd_hda_codec_hdmi HDMI HD-audio codec
mii MII hardware support library
lpc_ich LPC interface for Intel ICH
snd_hda_codec_realtek Realtek HD-audio codec
i2c_i801 I801 SMBus driver
joydev Joystick device interfaces
snd_hda_intel Intel HDA driver
snd_hda_codec HDA codec core
nouveau nVidia Riva/TNT/GeForce/Quadro/Tesla
mxm_wmi MXM WMI Driver
wmi ACPI-WMI Mapping Driver
ttm TTM memory manager subsystem (for DRM device)
drm_kms_helper DRM KMS helper
Boots
Boots
Wed Jun 4 16:09 3.9.6|-
Languages
Available Languages
be_BY Belarusian locale for Belarus
be_BY.cp1251 Belarusian locale for Belarus
be_BY.utf8 Belarusian locale for Belarus
bg_BG Bulgarian locale for Bulgaria
bg_BG.cp1251 Bulgarian locale for Bulgaria
bg_BG.utf8 Bulgarian locale for Bulgaria
cs_CZ Czech locale for the Czech Republic
cs_CZ.iso88592 Czech locale for the Czech Republic
cs_CZ.utf8 Czech locale for the Czech Republic
czech Czech locale for the Czech Republic
da_DK Danish locale for Denmark
da_DK.iso88591 Danish locale for Denmark
da_DK.utf8 Danish locale for Denmark
danish Danish locale for Denmark
dansk Danish locale for Denmark
de_AT@euro German locale for Austria with Euro
de_AT.iso885915 German locale for Austria with Euro
de_AT.utf8 German locale for Austria
de_CH German locale for Switzerland
de_CH.iso88591 German locale for Switzerland
de_CH.utf8 German locale for Switzerland
de_DE German locale for Germany
de_DE@euro German locale for Germany with Euro
de_DE.iso88591 German locale for Germany
de_DE.iso885915 German locale for Germany with Euro
de_DE.utf8 German locale for Germany
deutsch German locale for Germany
en_GB English locale for Britain
en_GB.iso88591 English locale for Britain
en_GB.iso885915 English locale for Britain
en_GB.utf8 English locale for Britain
en_IE@euro English locale for Ireland with Euro
en_IE.iso885915 English locale for Ireland with Euro
en_IE.utf8 English locale for Ireland
en_US English locale for the USA
en_US.iso88591 English locale for the USA
en_US.iso885915 English locale for the USA
en_US.utf8 English locale for the USA
es_ES@euro Spanish locale for Spain with Euro
es_ES.iso885915 Spanish locale for Spain with Euro
es_ES.utf8 Spanish locale for Spain
fi_FI@euro Finnish locale for Finland with Euro
fi_FI.iso885915 Finnish locale for Finland with Euro
fi_FI.utf8 Finnish locale for Finland
fr_FR@euro French locale for France with Euro
fr_FR.iso885915 French locale for France with Euro
fr_FR.utf8 French locale for France
german German locale for Germany
hebrew Hebrew locale for Israel
he_IL Hebrew locale for Israel
he_IL.iso88598 Hebrew locale for Israel
he_IL.utf8 Hebrew locale for Israel
hi_IN Hindi language locale for India
hi_IN.utf8 Hindi language locale for India
hu_HU Hungarian locale for Hungary
hu_HU.iso88592 Hungarian locale for Hungary
hu_HU.utf8 Hungarian locale for Hungary
hungarian Hungarian locale for Hungary
it_IT@euro Italian locale for Italy with Euro
it_IT.iso885915 Italian locale for Italy with Euro
it_IT.utf8 Italian locale for Italy
ja_JP.utf8 Japanese language locale for Japan
nl_NL@euro Dutch locale for the Netherlands with Euro
nl_NL.iso885915 Dutch locale for the Netherlands with Euro
nl_NL.utf8 Dutch locale for the Netherlands
pl_PL Polish locale for Poland
pl_PL.iso88592 Polish locale for Poland
pl_PL.utf8 Polish locale for Poland
polish Polish locale for Poland
ru_RU.koi8r Russian locale for Russia
ru_RU.utf8 Russian locale for Russia
russian Russian locale for Russia
sk_SK Slovak locale for Slovak
sk_SK.iso88592 Slovak locale for Slovak
sk_SK.utf8 Slovak locale for Slovak
slovak Slovak locale for Slovak
slovene Slovenian locale for Slovenia
slovenian Slovenian locale for Slovenia
sl_SI Slovenian locale for Slovenia
sl_SI.iso88592 Slovenian locale for Slovenia
sl_SI.utf8 Slovenian locale for Slovenia
tr_TR Turkish locale for Turkey
tr_TR.iso88599 Turkish locale for Turkey
tr_TR.utf8 Turkish locale for Turkey
turkish Turkish locale for Turkey
zh_CN.utf8 Chinese locale for Peoples Republic of China
zh_TW.utf8 Chinese locale for Taiwan R.O.C.
Filesystems
Mounted File Systems
/dev/sr0 /mnt-system 100,00 % (0,0 B of 700,9 MiB)
tmpfs /ramdisk 0,05 % (2,8 GiB of 2,8 GiB)
/dev/cloop /KNOPPIX 100,00 % (0,0 B of 1,9 GiB)
unionfs /UNIONFS 0,05 % (2,8 GiB of 2,8 GiB)
unionfs /usr 0,05 % (2,8 GiB of 2,8 GiB)
unionfs /home 0,05 % (2,8 GiB of 2,8 GiB)
tmpfs /run 13,79 % (17,2 MiB of 20,0 MiB)
tmpfs /UNIONFS/var/run 13,79 % (17,2 MiB of 20,0 MiB)
tmpfs /UNIONFS/var/lock 0,00 % (10,0 MiB of 10,0 MiB)
tmpfs /UNIONFS/var/log 0,06 % (99,9 MiB of 100,0 MiB)
tmpfs /tmp 0,00 % (2,0 GiB of 2,0 GiB)
udev /dev 0,02 % (20,0 MiB of 20,0 MiB)
tmpfs /dev/shm 0,00 % (2,0 GiB of 2,0 GiB)
Display
Display
Resolution 1366x768 pixels
Vendor The X.Org Foundation
Version 1.12.4
Monitors
Monitor 0 1366x768 pixels
Extensions
BIG-REQUESTS
Composite
DAMAGE
DOUBLE-BUFFER
DPMS
DRI2
GLX
Generic Event Extension
MIT-SCREEN-SAVER
MIT-SHM
RANDR
RECORD
RENDER
SECURITY
SGI-GLX
SHAPE
SYNC
X-Resource
XC-MISC
XFIXES
XFree86-DGA
XFree86-VidModeExtension
XINERAMA
XInputExtension
XKEYBOARD
XTEST
XVideo
XVideo-MotionCompensation
OpenGL
Vendor nouveau
Renderer Gallium 0.4 on NVD9
Version 3.0 Mesa 9.1.3
Direct Rendering Yes
Environment Variables
Environment Variables
SSH_AGENT_PID 2941
SAL_USE_VCLPLUGIN gtk
SPEECHD_ADDRESS unix_socket:/var/run/speech-dispatcher/speechd.sock
XDG_MENU_PREFIX lxde-
TERM linux
SHELL /bin/bash
XDG_SESSION_COOKIE 7f2fcb52ce34afe36e290df148665669-1401891042.825290-1760436476
LC_ALL de_DE.UTF-8
USER knoppix
SSH_AUTH_SOCK /tmp/ssh-7nhNEhcu3XsY/agent.2831
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
MAIL /var/mail/knoppix
LC_MESSAGES de_DE.UTF-8
COUNTRY DE
PWD /home/knoppix
LANG de_DE.UTF-8.UTF-8
HOME /home/knoppix
SHLVL 1
XDG_CONFIG_HOME /home/knoppix/.config
LANGUAGE de
GNOME_DESKTOP_SESSION_ID LXDE
LOGNAME knoppix
G_FILENAME_ENCODING @locale
XDG_DATA_DIRS /usr/local/share/:/usr/share/:/usr/share/gdm/:/var/lib/menu-xdg/
DBUS_SESSION_BUS_ADDRESS unix:abstract=/tmp/dbus-Fl0u1CrfCM,guid=0229bcb028d2e5c7a6eeaa5a538f28e2
WINDOWPATH 5
DISPLAY :0
STARTUP /usr/bin/ssh-agent /usr/bin/ck-launch-session /usr/bin/dbus-launch --exit-with-session startlxde
XAUTHORITY /home/knoppix/.Xauthority
_LXSESSION_PID 2946
DESKTOP_SESSION LXDE
XDG_CURRENT_DESKTOP LXDE
Users
Users
root root
daemon daemon
bin bin
sys sys
sync sync
games games
man man
lp lp
mail mail
news news
uucp uucp
proxy proxy
www-data www-data
backup backup
list Mailing List Manager
irc ircd
gnats Gnats Bug-Reporting System (admin)
nobody nobody
libuuid
messagebus
knoppix Knoppix User
speech-dispatcher Speech Dispatcher
polkituser PolicyKit
festival
saned
statd
partimag Partimage Server
sshd
tftp tftp daemon
hplip HPLIP system user
avahi Avahi mDNS daemon
mysql MySQL Server
postgres PostgreSQL administrator
privoxy
debian-tor
vde2-net
timidity TiMidity++ MIDI sequencer service
usbmux usbmux daemon
ntop
libvirt-qemu Libvirt Qemu
colord colord colour management daemon
nx
syslog
klog
haldaemon Hardware abstraction layer
distccd
Devices
Processor
Processors
Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz 2714,00MHz
Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz 2691,00MHz
Memory
Memory
Total Memory 3617536 kB
Free Memory 3167052 kB
Buffers 74516 kB
Cached 226064 kB
Cached Swap 0 kB
Active 138412 kB
Inactive 237616 kB
Active(anon) 78976 kB
Inactive(anon) 2048 kB
Active(file) 59436 kB
Inactive(file) 235568 kB
Unevictable 0 kB
Mlocked 0 kB
High Memory 2748360 kB
Free High Memory 2419568 kB
Low Memory 869176 kB
Free Low Memory 747484 kB
Virtual Memory 2713148 kB
Free Virtual Memory 2713148 kB
Dirty 0 kB
Writeback 0 kB
AnonPages 75448 kB
Mapped 40264 kB
Shmem 5576 kB
Slab 42416 kB
SReclaimable 19656 kB
SUnreclaim 22760 kB
KernelStack 1696 kB
PageTables 1868 kB
NFS_Unstable 0 kB
Bounce 0 kB
WritebackTmp 0 kB
CommitLimit 4521916 kB
Committed_AS 418556 kB
VmallocTotal 122880 kB
VmallocUsed 63432 kB
VmallocChunk 50864 kB
HardwareCorrupted 0 kB
HugePages_Total 0
HugePages_Free 0
HugePages_Rsvd 0
HugePages_Surp 0
Hugepagesize 4096 kB
DirectMap4k 16376 kB
DirectMap4M 892928 kB
PCI Devices
PCI Devices
Host bridge Intel Corporation 2nd Generation Core Processor Family DRAM Controller
PCI bridge Intel Corporation Xeon E3-1200/2nd Generation Core Processor Family PCI Express Root Port
Communication controller Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1
USB controller Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2
Audio device Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller
PCI bridge Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 1
PCI bridge Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 4
USB controller Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1
ISA bridge Intel Corporation HM65 Express Chipset Family LPC Controller
IDE interface Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller
SMBus Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller
IDE interface Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller
VGA compatible controller NVIDIA Corporation GF119 [GeForce GT 520M]
Audio device NVIDIA Corporation GF119 HDMI Audio Controller
Network controller Atheros Communications Inc. AR9285 Wireless Network Adapter
Ethernet controller Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller
USB Devices
Printers
Printers
No printers found
Battery
Battery: BAT1
State discharging (load: 1804 mA)
Capacity 2232 mAh / 4400 mAh (50,73%)
Battery Technology rechargeable (LION)
Model Number
Serial Number
Sensors
Input Devices
Input Devices
Lid Switch
Power Button
Sleep Button
Power Button
Video Bus
AT Translated Set 2 keyboard
Microsoft Microsoft® Nano Transceiver v2.0
Microsoft Microsoft® Nano Transceiver v2.0
Microsoft Microsoft® Nano Transceiver v2.0
ETPS/2 Elantech Touchpad
WebCam SCB-0385N
Storage
SCSI Disks
ATA Hitachi HTS54505
TSSTcorp CDDVDW TS-L633J
DMI
BIOS
Date 11/21/2012
Vendor Phoenix Technologies Ltd. (www.phoenix.com)
Version 07PQ
Board
Name RV420/RV520/RV720/E3530/S3530/E3420/E3520
Vendor SAMSUNG ELECTRONICS CO., LTD. (www.samsung.com)
Resources
I/O Ports
0000-0cf7 PCI Bus 0000:00
0000-001f dma1
0020-0021 pic1
0040-0043 timer0
0050-0053 timer1
0060-0060 keyboard
0062-0062 EC data
0064-0064 keyboard
0066-0066 EC cmd
0070-0077 rtc0
0080-008f dma page reg
00a0-00a1 pic2
00c0-00df dma2
00f0-00ff fpu
0170-0177 pata_legacy
01f0-01f7 pata_legacy
0376-0376 pata_legacy
03c0-03df vga+
03f6-03f6 pata_legacy
0400-0453 pnp 00:04
0400-0403 ACPI PM1a_EVT_BLK
0404-0405 ACPI PM1a_CNT_BLK
0408-040b ACPI PM_TMR
0410-0415 ACPI CPU throttle
0420-042f ACPI GPE0_BLK
0430-0433 iTCO_wdt
0450-0450 ACPI PM2_CNT_BLK
0454-0457 pnp 00:06
0458-047f pnp 00:04
0460-047f iTCO_wdt
0500-057f pnp 00:04
0680-069f pnp 00:04
0a00-0a0f pnp 00:04
0cf8-0cff PCI conf1
0d00-ffff PCI Bus 0000:00
1000-100f pnp 00:04
164e-164f pnp 00:04
2000-2fff PCI Bus 0000:03
2000-20ff Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller
2000-20ff RealTek RTL-8169 Gigabit Ethernet driver
3000-3fff PCI Bus 0000:01
3000-307f NVIDIA Corporation GF119 [GeForce GT 520M]
4020-402f Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller
4020-402f ata_piix
4030-403f Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller
4030-403f ata_piix
4040-404f Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller
4040-404f ata_piix
4050-405f Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller
4050-405f ata_piix
4060-4067 Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller
4060-4067 ata_piix
4068-406f Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller
4068-406f ata_piix
4070-4077 Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller
4070-4077 ata_piix
4078-407f Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller
4078-407f ata_piix
4080-4083 Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller
4080-4083 ata_piix
4084-4087 Intel Corporation 6 Series/C200 Series Chipset Family 2 port SATA IDE Controller
4084-4087 ata_piix
4088-408b Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller
4088-408b ata_piix
408c-408f Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller
408c-408f ata_piix
5000-5003 pnp 00:04
efa0-efbf Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller
ffff-ffff pnp 00:04
Memory
00000000-00000fff reserved
00001000-0009d7ff System RAM
0009d800-0009ffff reserved
000a0000-000bffff PCI Bus 0000:00
000a0000-000bffff Video RAM area
000c0000-000c7fff Video ROM
000e0000-000fffff reserved
000f0000-000fffff System ROM
00100000-df3eefff System RAM
01000000-016614ee Kernel code
016614ef-0191a0ff Kernel data
019b5000-01a16fff Kernel bss
df3ef000-df6eefff reserved
df6ef000-df79efff ACPI Non-volatile Storage
df79f000-df7fefff ACPI Tables
df7ff000-df7fffff System RAM
df800000-dfffffff reserved
e0000000-feafffff PCI Bus 0000:00
e0000000-f1ffffff PCI Bus 0000:01
e0000000-efffffff NVIDIA Corporation GF119 [GeForce GT 520M]
f0000000-f1ffffff NVIDIA Corporation GF119 [GeForce GT 520M]
f2000000-f30fffff PCI Bus 0000:01
f2000000-f2ffffff NVIDIA Corporation GF119 [GeForce GT 520M]
f3000000-f3003fff NVIDIA Corporation GF119 HDMI Audio Controller
f3000000-f3003fff ICH HD audio
f3080000-f30fffff NVIDIA Corporation GF119 [GeForce GT 520M]
f3100000-f31fffff PCI Bus 0000:03
f3100000-f3103fff Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller
f3100000-f3103fff RealTek RTL-8169 Gigabit Ethernet driver
f3104000-f3104fff Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller
f3104000-f3104fff RealTek RTL-8169 Gigabit Ethernet driver
f3200000-f32fffff PCI Bus 0000:02
f3200000-f320ffff Atheros Communications Inc. AR9285 Wireless Network Adapter
f3200000-f320ffff Support for Atheros 802.11n wireless LAN cards.
f3300000-f3303fff Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller
f3300000-f3303fff ICH HD audio
f3304000-f33040ff Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller
f3305000-f330500f Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1
f3308000-f33083ff Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1
f3308000-f33083ff ehci_hcd
f3309000-f33093ff Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2
f3309000-f33093ff ehci_hcd
f8000000-fbffffff PCI MMCONFIG 0000 [bus 00-3f]
f8000000-fbffffff reserved
f8000000-fbffffff pnp 00:09
fec00000-fec00fff reserved
fec00000-fec003ff IOAPIC 0
fed00000-fed003ff HPET 0
fed08000-fed08fff reserved
fed10000-fed19fff reserved
fed10000-fed17fff pnp 00:09
fed18000-fed18fff pnp 00:09
fed19000-fed19fff pnp 00:09
fed1c000-fed1ffff reserved
fed1c000-fed1ffff pnp 00:09
fed1f410-fed1f414 iTCO_wdt
fed20000-fed3ffff pnp 00:09
fed40000-fed44fff PCI Bus 0000:00
fed45000-fed8ffff pnp 00:09
fed90000-fed93fff pnp 00:09
fee00000-fee00fff Local APIC
fee00000-fee00fff reserved
ff001000-ff7fffff goldfish_pdev_bus
ff001000-ff7fffff goldfish
ffd80000-ffffffff reserved
DMA
4 cascade
Network
Interfaces
Network Interfaces
wlan0 0,00MiB 0,00MiB
lo 0,00MiB 0,00MiB 127.0.0.1
eth0 0,00MiB 0,00MiB
IP Connections
Connections
127.0.0.1:631 LISTEN 0.0.0.0:* tcp
::1:631 LISTEN :::* tcp6
0.0.0.0:631 0.0.0.0:* udp
Routing Table
IP routing table
ARP Table
ARP Table
DNS Servers
Name servers
Statistics
IP
4 Requests sent out
0 Incoming packets discarded
0 Incoming packets discarded
4 Requests sent out
4 Requests sent out
ICMP
0 ICMP messages failed
0 ICMP messages failed
0 ICMP messages failed
0 ICMP messages failed
TCP
3 Resets sent
0 Bad segments received.
3 Resets sent
0 Bad segments received.
0 Bad segments received.
6 Segments send out
6 Segments send out
0 Bad segments received.
0 Bad segments received.
3 Resets sent
UDP
0 Packets sent
0 Packets sent
0 Packets sent
0 Packets sent
UDPLITE
TCPEXT
0 Packet headers predicted
IPEXT
Shared Directories
SAMBA
NFS
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-06-04 14:47:40 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC66G 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\CD\AppData\Local\Temp\pgldqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Windows\system32\services.exe[548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007790fab0 5 bytes JMP 0000000175308cf0 .text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007790fb48 5 bytes JMP 0000000175308ea0 .text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910028 5 bytes JMP 0000000175308d80 .text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000765ba322 1 byte [62] .text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778c1465 2 bytes [8C, 77] .text C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778c14bb 2 bytes [8C, 77] .text ... * 2 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077761490 5 bytes JMP 00000000778c0010 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777614f0 5 bytes JMP 00000000778c0028 .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077761810 5 bytes JMP 00000000778c0040 .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077761490 5 bytes JMP 00000000778c0010 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777614f0 5 bytes JMP 00000000778c0028 .text C:\Windows\System32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077761810 5 bytes JMP 00000000778c0040 .text C:\Windows\System32\svchost.exe[916] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077761490 5 bytes JMP 00000000778c0010 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777614f0 5 bytes JMP 00000000778c0028 .text C:\Windows\System32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077761810 5 bytes JMP 00000000778c0040 .text C:\Windows\System32\svchost.exe[968] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077761490 5 bytes JMP 00000000778c0010 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777614f0 5 bytes JMP 00000000778c0028 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077761810 5 bytes JMP 00000000778c0040 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[340] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077761490 5 bytes JMP 00000000778c0010 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777614f0 5 bytes JMP 00000000778c0028 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077761810 5 bytes JMP 00000000778c0040 .text C:\Windows\system32\svchost.exe[372] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077761490 5 bytes JMP 00000000778c0010 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777614f0 5 bytes JMP 00000000778c0028 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077761810 5 bytes JMP 00000000778c0040 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077761490 5 bytes JMP 00000000778c0010 .text C:\Windows\System32\spoolsv.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777614f0 5 bytes JMP 00000000778c0028 .text C:\Windows\System32\spoolsv.exe[1392] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077761810 5 bytes JMP 00000000778c0040 .text C:\Windows\System32\spoolsv.exe[1392] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077761490 5 bytes JMP 00000000778c0010 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777614f0 5 bytes JMP 00000000778c0028 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077761810 5 bytes JMP 00000000778c0040 .text C:\Windows\system32\svchost.exe[1420] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007790fab0 5 bytes JMP 0000000175308cf0 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007790fb48 5 bytes JMP 0000000175308ea0 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1576] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910028 5 bytes JMP 0000000175308d80 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1576] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000765ba322 1 byte [62] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778c1465 2 bytes [8C, 77] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778c14bb 2 bytes [8C, 77] .text ... * 2 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007790fab0 5 bytes JMP 0000000175308cf0 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007790fb48 5 bytes JMP 0000000175308ea0 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910028 5 bytes JMP 0000000175308d80 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1680] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000765ba322 1 byte [62] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778c1465 2 bytes [8C, 77] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778c14bb 2 bytes [8C, 77] .text ... * 2 .text C:\Windows\system32\svchost.exe[1760] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077761490 5 bytes JMP 00000000778c0010 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777614f0 5 bytes JMP 00000000778c0028 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077761810 5 bytes JMP 00000000778c0040 .text C:\Windows\system32\taskhost.exe[1952] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[1984] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Windows\Explorer.EXE[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077761490 5 bytes JMP 00000000778c0010 .text C:\Windows\Explorer.EXE[1276] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777614f0 5 bytes JMP 00000000778c0028 .text C:\Windows\Explorer.EXE[1276] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077761810 5 bytes JMP 00000000778c0040 .text C:\Windows\Explorer.EXE[1276] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007790fab0 5 bytes JMP 0000000175308cf0 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007790fb48 5 bytes JMP 0000000175308ea0 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910028 5 bytes JMP 0000000175308d80 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1584] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000765ba322 1 byte [62] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778c1465 2 bytes [8C, 77] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778c14bb 2 bytes [8C, 77] .text ... * 2 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077761490 5 bytes JMP 00000000778c0010 .text C:\Windows\system32\SearchIndexer.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000777614f0 5 bytes JMP 00000000778c0028 .text C:\Windows\system32\SearchIndexer.exe[2712] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077761810 5 bytes JMP 00000000778c0040 .text C:\Windows\system32\SearchIndexer.exe[2712] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007764eecd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007790fab0 5 bytes JMP 0000000175308cf0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007790fb48 5 bytes JMP 0000000175308ea0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910028 5 bytes JMP 0000000175308d80 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2824] C:\Windows\syswow64\KERNEL32.dll!SetUnhandledExceptionFilter 00000000765987c9 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2824] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000765ba322 1 byte [62] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007790fab0 5 bytes JMP 0000000175308cf0 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007790fb48 5 bytes JMP 0000000175308ea0 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe[2732] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910028 5 bytes JMP 0000000175308d80 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe[2732] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000765ba322 1 byte [62] .text D:\!Sicherheit\Gmer-19357.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007790fab0 5 bytes JMP 0000000175308cf0 .text D:\!Sicherheit\Gmer-19357.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007790fb48 5 bytes JMP 0000000175308ea0 .text D:\!Sicherheit\Gmer-19357.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077910028 5 bytes JMP 0000000175308d80 .text D:\!Sicherheit\Gmer-19357.exe[1660] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000765ba322 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\SearchIndexer.exe [2712:2600] 000007feff310168 Thread C:\Windows\system32\SearchIndexer.exe [2712:948] 000007fef49e5170 Thread C:\Windows\system32\SearchIndexer.exe [2712:2652] 000007fef61c69ac Thread C:\Windows\system32\SearchIndexer.exe [2712:2632] 000007fef5d63dac Thread C:\Windows\system32\SearchIndexer.exe [2712:2624] 000007fef5d61710 Thread C:\Windows\system32\SearchIndexer.exe [2712:2288] 000007fef5d8c4dc Thread C:\Windows\system32\SearchIndexer.exe [2712:2900] 000007fef5d8b278 ---- EOF - GMER 2.1 ---- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 (ATTENTION: ====> FRST version is 11 days old and could be outdated) Ran by CD (administrator) on CD-PC on 05-06-2014 00:33:18 Running from H:\scan Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\wbengine.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-06-03] (AVAST Software) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd) HKU\S-1-5-21-1778027116-683302701-3316222676-1000\...\MountPoints2: {8357a3ca-eace-11e3-a23b-806e6f6e6963} - G:\autostart.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Tcpip\Parameters: [DhcpNameServer] 192.168.140.1 FireFox: ======== FF ProfilePath: C:\Users\CD\AppData\Roaming\Mozilla\Firefox\Profiles\3nc3miz1.default FF NetworkProxy: "type", 0 FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-03] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-03] (AVAST Software) R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1889616 2014-05-25] (SurfRight B.V.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-03] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-03] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-03] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-03] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-03] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-06-03] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-06-03] () S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-06-03] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-04 14:30 - 2014-06-05 00:31 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-04 14:30 - 2014-06-04 14:30 - 00000630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-03 18:41 - 2014-06-03 18:43 - 00001043 ____H () C:\Windows\EPMBatch.ept 2014-06-03 18:36 - 2014-06-03 18:36 - 00001394 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 9.3.0.lnk 2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.3.0 2014-06-03 18:36 - 2013-10-09 15:34 - 03381832 _____ () C:\Windows\system32\BootMan.exe 2014-06-03 18:36 - 2013-10-09 15:24 - 02499656 _____ () C:\Windows\SysWOW64\BootMan.exe 2014-06-03 18:36 - 2013-03-07 09:49 - 00100936 _____ () C:\Windows\system32\setupempdrvx64.exe 2014-06-03 18:36 - 2013-03-07 09:49 - 00087112 _____ () C:\Windows\SysWOW64\setupempdrv03.exe 2014-06-03 18:36 - 2013-03-07 09:49 - 00019840 _____ () C:\Windows\SysWOW64\EuEpmGdi.dll 2014-06-03 18:36 - 2013-03-07 09:49 - 00017480 _____ () C:\Windows\system32\epmntdrv.sys 2014-06-03 18:36 - 2013-03-07 09:49 - 00016256 _____ () C:\Windows\system32\EuEpmGdi.dll 2014-06-03 18:36 - 2013-03-07 09:49 - 00013896 _____ () C:\Windows\SysWOW64\epmntdrv.sys 2014-06-03 18:36 - 2013-03-07 09:49 - 00009800 _____ () C:\Windows\system32\EuGdiDrv.sys 2014-06-03 18:36 - 2013-03-07 09:49 - 00009160 _____ () C:\Windows\SysWOW64\EuGdiDrv.sys 2014-06-03 18:35 - 2014-06-03 18:35 - 00000000 ____D () C:\Program Files (x86)\EaseUS 2014-06-03 18:29 - 2014-06-05 00:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-03 18:29 - 2014-06-03 18:29 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-03 18:29 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-03 18:29 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-03 18:29 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-03 18:28 - 2014-06-03 18:28 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Bat! E-Mail 2014-06-03 18:28 - 2014-06-03 18:28 - 00000000 ____D () C:\Program Files (x86)\The Bat! 2014-06-03 18:22 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-06-03 18:22 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-06-03 18:22 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-06-03 18:22 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-06-03 18:22 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-06-03 18:22 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-06-03 18:22 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-06-03 18:22 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-06-03 18:22 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-06-03 18:21 - 2014-06-03 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-06-03 18:21 - 2014-06-03 18:21 - 00000000 ____D () C:\Program Files\7-Zip 2014-06-03 18:13 - 2014-06-03 18:36 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert 2014-06-03 18:13 - 2014-06-03 18:13 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll 2014-06-03 18:13 - 2014-06-03 18:13 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll 2014-06-03 18:13 - 2014-06-03 18:13 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys 2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\Windows\CryptoGuard 2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert 2014-06-03 18:12 - 2014-06-03 18:12 - 02209056 _____ () C:\Users\CD\Downloads\avira-eu-cleaner_de.exe 2014-06-03 18:12 - 2014-06-03 18:12 - 00001981 _____ () C:\Users\CD\Desktop\Entfernen des Avira EU-Cleaners.lnk 2014-06-03 18:12 - 2014-06-03 18:12 - 00001925 _____ () C:\Users\CD\Desktop\Avira EU-Cleaner.lnk 2014-06-03 18:10 - 2014-06-03 18:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-06-03 18:10 - 2014-06-03 18:10 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-06-03 18:10 - 2014-06-03 18:10 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-06-03 18:10 - 2014-06-03 18:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-06-03 18:10 - 2014-06-03 18:10 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-06-03 18:10 - 2014-06-03 18:10 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-06-03 18:10 - 2014-06-03 18:10 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-06-03 18:10 - 2014-06-03 18:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-06-03 18:10 - 2014-06-03 18:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-06-03 18:10 - 2014-06-03 18:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-03 18:10 - 2014-06-03 18:10 - 00001969 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-06-03 18:10 - 2014-06-03 18:10 - 00000000 ____D () C:\Users\CD\AppData\Roaming\AVAST Software 2014-06-03 18:10 - 2014-06-03 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-06-03 18:09 - 2014-06-03 18:09 - 00057560 _____ () C:\Users\CD\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-03 18:09 - 2014-06-03 18:09 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-06-03 18:09 - 2014-06-03 18:09 - 00000000 ____D () C:\Program Files\AVAST Software 2014-06-03 18:05 - 2014-06-03 18:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-03 18:05 - 2014-06-03 18:05 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-06-03 18:05 - 2011-01-26 21:35 - 00425064 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys 2014-06-03 18:05 - 2011-01-26 21:35 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll 2014-06-03 18:05 - 2011-01-26 21:35 - 00074272 _____ () C:\Windows\system32\RtNicProp64.dll 2014-06-03 18:01 - 2014-06-03 18:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-03 18:01 - 2014-06-03 18:02 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Mozilla 2014-06-03 18:01 - 2014-06-03 18:02 - 00000000 ____D () C:\Users\CD\AppData\Local\Mozilla 2014-06-03 18:01 - 2014-06-03 18:01 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-03 18:01 - 2014-06-03 18:01 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-03 18:01 - 2014-06-03 18:01 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-03 18:01 - 2014-06-03 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-03 17:11 - 2014-06-05 00:33 - 00000000 ____D () C:\FRST 2014-06-03 17:09 - 2014-06-03 17:09 - 00001442 _____ () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-03 17:09 - 2014-06-03 17:09 - 00001408 _____ () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-06-03 17:08 - 2014-06-05 00:32 - 00000000 ____D () C:\Users\CD 2014-06-03 17:08 - 2014-06-03 17:08 - 00000020 ___SH () C:\Users\CD\ntuser.ini 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Vorlagen 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Startmenü 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Netzwerkumgebung 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Lokale Einstellungen 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Eigene Dateien 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Druckumgebung 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Musik 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Bilder 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Verlauf 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Anwendungsdaten 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Anwendungsdaten 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Startmenü 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Favoriten 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Dokumente 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 ____D () C:\Users\CD\AppData\Local\VirtualStore 2014-06-03 17:08 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-06-03 17:08 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-06-03 06:23 - 2014-06-03 17:08 - 00000000 ____D () C:\Windows\Panther 2014-06-03 06:23 - 2014-06-03 06:23 - 00008192 __RSH () C:\BOOTSECT.BAK 2014-06-03 06:04 - 2014-06-03 06:04 - 00000000 ____D () C:\Windows.old 2014-06-03 05:28 - 2014-06-03 05:28 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2014-06-03 05:28 - 2014-06-03 05:28 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2014-06-03 05:27 - 2014-06-04 14:34 - 01445451 _____ () C:\Windows\WindowsUpdate.log 2014-06-03 05:27 - 2014-06-03 05:27 - 00001355 _____ () C:\Windows\TSSysprep.log 2014-06-01 02:12 - 2014-06-01 02:23 - 00000229 _____ () C:\mbr.log 2014-06-01 02:06 - 2014-05-26 22:26 - 00788728 _____ (Emsisoft GmbH) C:\mbrmastr.exe 2014-06-01 01:58 - 2014-06-01 01:58 - 00003248 _____ () C:\blitzblank.log 2014-06-01 01:35 - 2014-06-01 01:36 - 00000000 ____D () C:\AdwCleaner 2014-06-01 00:34 - 2014-06-03 17:08 - 00000000 ____D () C:\Recovery 2014-06-01 00:34 - 2014-06-01 00:34 - 00000000 _SHDL () C:\Programme 2014-06-01 00:34 - 2014-06-01 00:34 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2014-05-30 14:27 - 2010-11-21 05:23 - 00383786 __RSH () C:\bootmgr ==================== One Month Modified Files and Folders ======= 2014-06-05 01:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-06-05 00:33 - 2014-06-03 17:11 - 00000000 ____D () C:\FRST 2014-06-05 00:32 - 2014-06-03 18:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-05 00:32 - 2014-06-03 17:08 - 00000000 ____D () C:\Users\CD 2014-06-05 00:31 - 2014-06-04 14:30 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-05 00:31 - 2009-07-14 06:51 - 00022616 _____ () C:\Windows\setupact.log 2014-06-04 14:34 - 2014-06-03 05:27 - 01445451 _____ () C:\Windows\WindowsUpdate.log 2014-06-04 14:30 - 2014-06-04 14:30 - 00000630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-03 18:55 - 2009-07-14 06:45 - 00016864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-03 18:55 - 2009-07-14 06:45 - 00016864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-03 18:52 - 2014-06-03 18:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-06-03 18:50 - 2010-11-21 08:21 - 00643866 _____ () C:\Windows\system32\perfh007.dat 2014-06-03 18:50 - 2010-11-21 08:21 - 00126394 _____ () C:\Windows\system32\perfc007.dat 2014-06-03 18:50 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-03 18:43 - 2014-06-03 18:41 - 00001043 ____H () C:\Windows\EPMBatch.ept 2014-06-03 18:36 - 2014-06-03 18:36 - 00001394 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 9.3.0.lnk 2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.3.0 2014-06-03 18:36 - 2014-06-03 18:13 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert 2014-06-03 18:35 - 2014-06-03 18:35 - 00000000 ____D () C:\Program Files (x86)\EaseUS 2014-06-03 18:29 - 2014-06-03 18:29 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-03 18:29 - 2014-06-03 18:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-03 18:28 - 2014-06-03 18:28 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Bat! E-Mail 2014-06-03 18:28 - 2014-06-03 18:28 - 00000000 ____D () C:\Program Files (x86)\The Bat! 2014-06-03 18:21 - 2014-06-03 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-06-03 18:21 - 2014-06-03 18:21 - 00000000 ____D () C:\Program Files\7-Zip 2014-06-03 18:21 - 2014-06-03 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-03 18:13 - 2014-06-03 18:13 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll 2014-06-03 18:13 - 2014-06-03 18:13 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll 2014-06-03 18:13 - 2014-06-03 18:13 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys 2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\Windows\CryptoGuard 2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2014-06-03 18:13 - 2014-06-03 18:13 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert 2014-06-03 18:12 - 2014-06-03 18:12 - 02209056 _____ () C:\Users\CD\Downloads\avira-eu-cleaner_de.exe 2014-06-03 18:12 - 2014-06-03 18:12 - 00001981 _____ () C:\Users\CD\Desktop\Entfernen des Avira EU-Cleaners.lnk 2014-06-03 18:12 - 2014-06-03 18:12 - 00001925 _____ () C:\Users\CD\Desktop\Avira EU-Cleaner.lnk 2014-06-03 18:10 - 2014-06-03 18:10 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-06-03 18:10 - 2014-06-03 18:10 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-06-03 18:10 - 2014-06-03 18:10 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-06-03 18:10 - 2014-06-03 18:10 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-06-03 18:10 - 2014-06-03 18:10 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-06-03 18:10 - 2014-06-03 18:10 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-06-03 18:10 - 2014-06-03 18:10 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-06-03 18:10 - 2014-06-03 18:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-06-03 18:10 - 2014-06-03 18:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-03 18:10 - 2014-06-03 18:10 - 00001969 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-06-03 18:10 - 2014-06-03 18:10 - 00000000 ____D () C:\Users\CD\AppData\Roaming\AVAST Software 2014-06-03 18:10 - 2014-06-03 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-06-03 18:09 - 2014-06-03 18:09 - 00057560 _____ () C:\Users\CD\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-03 18:09 - 2014-06-03 18:09 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-06-03 18:09 - 2014-06-03 18:09 - 00000000 ____D () C:\Program Files\AVAST Software 2014-06-03 18:05 - 2014-06-03 18:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-03 18:05 - 2014-06-03 18:05 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-06-03 18:05 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore 2014-06-03 18:02 - 2014-06-03 18:01 - 00000000 ____D () C:\Users\CD\AppData\Roaming\Mozilla 2014-06-03 18:02 - 2014-06-03 18:01 - 00000000 ____D () C:\Users\CD\AppData\Local\Mozilla 2014-06-03 18:01 - 2014-06-03 18:01 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-03 18:01 - 2014-06-03 18:01 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-03 18:01 - 2014-06-03 18:01 - 00000000 ____D () C:\ProgramData\Mozilla 2014-06-03 18:01 - 2014-06-03 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-03 17:09 - 2014-06-03 17:09 - 00001442 _____ () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-03 17:09 - 2014-06-03 17:09 - 00001408 _____ () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ___RD () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-06-03 17:09 - 2014-06-03 17:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-06-03 17:08 - 2014-06-03 17:08 - 00000020 ___SH () C:\Users\CD\ntuser.ini 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Vorlagen 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Startmenü 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Netzwerkumgebung 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Lokale Einstellungen 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Eigene Dateien 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Druckumgebung 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Musik 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Documents\Eigene Bilder 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Verlauf 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\AppData\Local\Anwendungsdaten 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Users\CD\Anwendungsdaten 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Startmenü 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Favoriten 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Dokumente 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2014-06-03 17:08 - 2014-06-03 17:08 - 00000000 ____D () C:\Users\CD\AppData\Local\VirtualStore 2014-06-03 17:08 - 2014-06-03 06:23 - 00000000 ____D () C:\Windows\Panther 2014-06-03 17:08 - 2014-06-01 00:34 - 00000000 ____D () C:\Recovery 2014-06-03 17:08 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-06-03 17:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery 2014-06-03 17:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-06-03 17:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT 2014-06-03 06:23 - 2014-06-03 06:23 - 00008192 __RSH () C:\BOOTSECT.BAK 2014-06-03 06:23 - 2009-07-14 07:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG 2014-06-03 06:23 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template 2014-06-03 06:04 - 2014-06-03 06:04 - 00000000 ____D () C:\Windows.old 2014-06-03 05:33 - 2009-07-14 06:45 - 00274464 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-03 05:28 - 2014-06-03 05:28 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2014-06-03 05:28 - 2014-06-03 05:28 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2014-06-03 05:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-06-03 05:27 - 2014-06-03 05:27 - 00001355 _____ () C:\Windows\TSSysprep.log 2014-06-03 05:27 - 2009-07-14 06:46 - 00002790 _____ () C:\Windows\DtcInstall.log 2014-06-03 05:27 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-06-03 05:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep 2014-06-03 05:24 - 2010-11-21 08:27 - 00000000 ____D () C:\Windows\CSC 2014-06-01 02:23 - 2014-06-01 02:12 - 00000229 _____ () C:\mbr.log 2014-06-01 01:58 - 2014-06-01 01:58 - 00003248 _____ () C:\blitzblank.log 2014-06-01 01:36 - 2014-06-01 01:35 - 00000000 ____D () C:\AdwCleaner 2014-06-01 00:34 - 2014-06-01 00:34 - 00000000 _SHDL () C:\Programme 2014-06-01 00:34 - 2014-06-01 00:34 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2014-05-26 22:26 - 2014-06-01 02:06 - 00788728 _____ (Emsisoft GmbH) C:\mbrmastr.exe 2014-05-12 07:26 - 2014-06-03 18:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-06-03 18:29 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-06-03 18:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\CD\AppData\Local\Temp\hmpalert_update.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-03 05:24 ==================== End Of Log ============================ --- --- --- |
|
05.06.2014, 19:14
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen hi, Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen |
| .dll, administrator, association, avg, avira, defender, download, explorer, explorer.exe, harddisk, iexplore.exe, kaspersky, laptop, malware, microsoft, problem, registry, security, services.exe, svchost.exe, system, system32, treiber, win32, windows, winlogon.exe |
Linear-Darstellung
