Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:) (https://www.trojaner-board.de/123676-antivir-fund-boo-whistler-db-objekt-masterbootsektor-hd1-masterbootsektor-ext-hd-f.html)

mifi 07.09.2012 16:34
Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)
 
Hallo,

seit einiger Zeit meldet Antivir bei jedem Systemstart den Fund des o.g. Virus, der sich nicht entfernen lässt. Habe gestern zusätzlich noch den Bundespolizei-Virus drauf gehabt, der nach einem Malwarebyte-Durchlauf(anscheinend) entfernt wurde. Auch nach mehrmaligen Malwarebyte-Scans und anschließendem Entfernen finde ich immer noch weitere Viren. Was soll ich tun, um mein system vollständig zu desinfizieren? Eine Neuinstallation des Betriebssystems würde ich gerne verhindern.

Anbei die logs:
malwarebyte Durchlauf 1
Code:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.06.12

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
xx:: xx-PC [Administrator]

9/7/2012 12:31:35 AM
mbam-log-2012-09-07 (00-31-35).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 199538
Laufzeit: 4 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|kwlfoxhgedvlfzv (Trojan.Phex.THAGen9) -> Daten: C:\ProgramData\kwlfoxhg.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\kwlfoxhg.exe (Trojan.Phex.THAGen9) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xx\0.7485654216681638.exe (Trojan.Phex.THAGen9) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
mbam durchlauf 2

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.06.12

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
xx :: XX-PC [Administrator]

9/7/2012 1:18:47 AM
mbam-log-2012-09-07 (01-18-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 596589
Laufzeit: 4 Stunde(n), 21 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
F:\exchange semester Exeter\General\downloads\setupwavtomp3-c.exe (PUP.Installer.WH) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\XX\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
mbam durchlauf 3
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.07.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
xx :: xx-PC [Administrator]

9/7/2012 2:00:19 PM
mbam-log-2012-09-07 (14-00-19).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207244
Laufzeit: 10 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\NkH7rLHY.exe (Spyware.Zbot.DGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xx\AppData\Local\Temp\awt43abr.exe (Spyware.Zbot.DGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Eset-Scan

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a6920bed8e3a674ca42844cfcf47980e
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-07 03:00:54
# local_time=2012-09-07 05:00:54 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 15805586 15805586 0 0
# compatibility_mode=5893 16776573 100 94 774 98652636 0 0
# compatibility_mode=8192 67108863 100 0 149 149 0 0
# scanned=492525
# found=9
# cleaned=0
# scan_time=8609
C:\ProgramData\xtffwgbyekmqwbw\main.html        HTML/Ransom.B Trojaner (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\All Users\xtffwgbyekmqwbw\main.html        HTML/Ransom.B Trojaner (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\xx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\6b225264-6cfd9f2f        Variante von Win32/Kryptik.ALNT Trojaner (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\xx\Downloads\cnet2_FarCryResearchDemo_zip.exe        Variante von Win32/InstallCore.D Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\xx\Downloads\SoftonicDownloader_for_freepdf-xp.exe        Variante von Win32/SoftonicDownloader.A Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\xx\Downloads\SoftonicDownloader_fuer_fl-studio.exe        Win32/SoftonicDownloader.D Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\xx\Downloads\winamp5581_full_bundle_emusic-7plus_en-us.exe        Win32/OpenCandy Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\xx\Downloads\winamp563_full_emusic-7plus_all.exe        Win32/OpenCandy Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I
F:\Eigene Dateien-Laptop-Backup\Downloads\strun_setup.exe        Win32/StartupRun.AB Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I
Viele grüße, mifi

kann mir niemand helfen...? :(:(:(

schrauber 11.09.2012 07:59
Hi,

Sorry für die Verspätung, brauchst Du noch Hilfe?

mifi 11.09.2012 11:44
Hi, ja, die bräuchte ich noch.. den whistler krieg ich nicht runter....

schrauber 11.09.2012 11:56
hi,


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

mifi 11.09.2012 12:13
Code:
13:09:23.0671 12052  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:09:23.0762 12052  ============================================================
13:09:23.0762 12052  Current date / time: 2012/09/11 13:09:23.0762
13:09:23.0762 12052  SystemInfo:
13:09:23.0762 12052 
13:09:23.0762 12052  OS Version: 6.1.7601 ServicePack: 1.0
13:09:23.0762 12052  Product type: Workstation
13:09:23.0762 12052  ComputerName: xx-PC
13:09:23.0762 12052  UserName: xx
13:09:23.0762 12052  Windows directory: C:\Windows
13:09:23.0762 12052  System windows directory: C:\Windows
13:09:23.0762 12052  Processor architecture: Intel x86
13:09:23.0762 12052  Number of processors: 2
13:09:23.0762 12052  Page size: 0x1000
13:09:23.0762 12052  Boot type: Normal boot
13:09:23.0762 12052  ============================================================
13:09:25.0691 12052  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:09:25.0693 12052  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:09:25.0727 12052  ============================================================
13:09:25.0727 12052  \Device\Harddisk0\DR0:
13:09:25.0728 12052  MBR partitions:
13:09:25.0728 12052  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1D1C3000
13:09:25.0728 12052  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D4B1800, BlocksNum 0x1CED4800
13:09:25.0728 12052  \Device\Harddisk1\DR1:
13:09:25.0735 12052  MBR partitions:
13:09:25.0735 12052  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
13:09:25.0735 12052  ============================================================
13:09:25.0750 12052  C: <-> \Device\Harddisk0\DR0\Partition1
13:09:25.0788 12052  D: <-> \Device\Harddisk0\DR0\Partition2
13:09:25.0789 12052  F: <-> \Device\Harddisk1\DR1\Partition1
13:09:25.0824 12052  ============================================================
13:09:25.0824 12052  Initialize success
13:09:25.0824 12052  ============================================================
13:09:28.0031 9804  ============================================================
13:09:28.0031 9804  Scan started
13:09:28.0031 9804  Mode: Manual;
13:09:28.0031 9804  ============================================================
13:09:28.0989 9804  ================ Scan system memory ========================
13:09:28.0989 9804  System memory - ok
13:09:28.0989 9804  ================ Scan services =============================
13:09:29.0194 9804  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:09:29.0203 9804  1394ohci - ok
13:09:29.0236 9804  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:09:29.0246 9804  ACPI - ok
13:09:29.0279 9804  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
13:09:29.0282 9804  AcpiPmi - ok
13:09:29.0404 9804  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:09:29.0405 9804  AdobeARMservice - ok
13:09:29.0544 9804  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:09:29.0555 9804  AdobeFlashPlayerUpdateSvc - ok
13:09:29.0629 9804  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
13:09:29.0641 9804  adp94xx - ok
13:09:29.0667 9804  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
13:09:29.0677 9804  adpahci - ok
13:09:29.0687 9804  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
13:09:29.0695 9804  adpu320 - ok
13:09:29.0741 9804  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
13:09:29.0748 9804  AeLookupSvc - ok
13:09:29.0809 9804  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD            C:\Windows\system32\drivers\afd.sys
13:09:29.0812 9804  AFD - ok
13:09:29.0835 9804  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
13:09:29.0842 9804  agp440 - ok
13:09:29.0922 9804  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
13:09:29.0932 9804  aic78xx - ok
13:09:29.0986 9804  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
13:09:29.0992 9804  ALG - ok
13:09:30.0042 9804  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:09:30.0046 9804  aliide - ok
13:09:30.0105 9804  [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:09:30.0107 9804  AMD External Events Utility - ok
13:09:30.0121 9804  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:09:30.0127 9804  amdagp - ok
13:09:30.0144 9804  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:09:30.0148 9804  amdide - ok
13:09:30.0199 9804  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
13:09:30.0205 9804  AmdK8 - ok
13:09:30.0259 9804  [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD          C:\Windows\system32\DRIVERS\AmdLLD.sys
13:09:30.0264 9804  AmdLLD - ok
13:09:30.0285 9804  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:09:30.0290 9804  AmdPPM - ok
13:09:30.0348 9804  [ D320BF87125326F996D4904FE24300FC ] amdsata        C:\Windows\system32\drivers\amdsata.sys
13:09:30.0354 9804  amdsata - ok
13:09:30.0405 9804  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:09:30.0415 9804  amdsbs - ok
13:09:30.0434 9804  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
13:09:30.0440 9804  amdxata - ok
13:09:30.0480 9804  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
13:09:30.0485 9804  androidusb - ok
13:09:30.0603 9804  [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:09:30.0604 9804  AntiVirSchedulerService - ok
13:09:30.0654 9804  [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:09:30.0655 9804  AntiVirService - ok
13:09:30.0727 9804  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\Windows\system32\drivers\appid.sys
13:09:30.0754 9804  AppID - ok
13:09:30.0801 9804  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:09:30.0807 9804  AppIDSvc - ok
13:09:30.0853 9804  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\Windows\System32\appinfo.dll
13:09:30.0859 9804  Appinfo - ok
13:09:30.0927 9804  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:09:30.0929 9804  Apple Mobile Device - ok
13:09:30.0985 9804  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt        C:\Windows\System32\appmgmts.dll
13:09:30.0992 9804  AppMgmt - ok
13:09:31.0044 9804  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\DRIVERS\arc.sys
13:09:31.0050 9804  arc - ok
13:09:31.0063 9804  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:09:31.0069 9804  arcsas - ok
13:09:31.0183 9804  [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:09:31.0188 9804  aspnet_state - ok
13:09:31.0231 9804  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:09:31.0235 9804  AsyncMac - ok
13:09:31.0276 9804  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\drivers\atapi.sys
13:09:31.0277 9804  atapi - ok
13:09:31.0481 9804  [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:09:31.0815 9804  atikmdag - ok
13:09:31.0974 9804  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:09:32.0029 9804  AudioEndpointBuilder - ok
13:09:32.0109 9804  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:09:32.0112 9804  Audiosrv - ok
13:09:32.0344 9804  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
13:09:32.0369 9804  avgntflt - ok
13:09:32.0505 9804  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
13:09:32.0525 9804  avipbb - ok
13:09:32.0741 9804  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
13:09:32.0834 9804  avkmgr - ok
13:09:32.0930 9804  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:09:32.0964 9804  AxInstSV - ok
13:09:33.0109 9804  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
13:09:33.0421 9804  b06bdrv - ok
13:09:33.0681 9804  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
13:09:33.0720 9804  b57nd60x - ok
13:09:33.0862 9804  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:09:33.0882 9804  BDESVC - ok
13:09:33.0970 9804  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:09:33.0986 9804  Beep - ok
13:09:34.0163 9804  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\Windows\System32\bfe.dll
13:09:34.0238 9804  BFE - ok
13:09:34.0365 9804  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
13:09:34.0430 9804  BITS - ok
13:09:34.0495 9804  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:09:34.0515 9804  blbdrive - ok
13:09:34.0750 9804  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:09:34.0770 9804  Bonjour Service - ok
13:09:34.0865 9804  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:09:34.0918 9804  bowser - ok
13:09:34.0944 9804  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:09:34.0962 9804  BrFiltLo - ok
13:09:35.0006 9804  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:09:35.0029 9804  BrFiltUp - ok
13:09:35.0121 9804  [ C711ED965009BDCFF9AA62CEB6FF1AAD ] Brother XP spl Service C:\Windows\system32\brsvc01a.exe
13:09:35.0121 9804  Brother XP spl Service - ok
13:09:35.0202 9804  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\Windows\System32\browser.dll
13:09:35.0238 9804  Browser - ok
13:09:35.0317 9804  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
13:09:35.0364 9804  Brserid - ok
13:09:35.0396 9804  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:09:35.0477 9804  BrSerWdm - ok
13:09:35.0517 9804  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:09:35.0549 9804  BrUsbMdm - ok
13:09:35.0572 9804  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:09:35.0591 9804  BrUsbSer - ok
13:09:35.0617 9804  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:09:35.0634 9804  BTHMODEM - ok
13:09:35.0705 9804  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
13:09:35.0723 9804  bthserv - ok
13:09:35.0801 9804  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:09:35.0827 9804  cdfs - ok
13:09:35.0947 9804  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\Windows\system32\drivers\cdrom.sys
13:09:35.0975 9804  cdrom - ok
13:09:36.0072 9804  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\Windows\System32\certprop.dll
13:09:36.0089 9804  CertPropSvc - ok
13:09:36.0176 9804  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:09:36.0199 9804  circlass - ok
13:09:36.0258 9804  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
13:09:36.0274 9804  CLFS - ok
13:09:36.0361 9804  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:09:36.0390 9804  clr_optimization_v2.0.50727_32 - ok
13:09:36.0631 9804  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:09:36.0658 9804  clr_optimization_v4.0.30319_32 - ok
13:09:36.0702 9804  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:09:36.0720 9804  CmBatt - ok
13:09:36.0773 9804  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:09:36.0803 9804  cmdide - ok
13:09:36.0889 9804  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG            C:\Windows\system32\Drivers\cng.sys
13:09:36.0952 9804  CNG - ok
13:09:37.0053 9804  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:09:37.0074 9804  Compbatt - ok
13:09:37.0157 9804  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:09:37.0173 9804  CompositeBus - ok
13:09:37.0228 9804  COMSysApp - ok
13:09:37.0278 9804  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
13:09:37.0296 9804  crcdisk - ok
13:09:37.0413 9804  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:09:37.0426 9804  CryptSvc - ok
13:09:37.0539 9804  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC            C:\Windows\system32\drivers\csc.sys
13:09:37.0630 9804  CSC - ok
13:09:37.0771 9804  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
13:09:37.0779 9804  CscService - ok
13:09:37.0862 9804  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:09:37.0870 9804  DcomLaunch - ok
13:09:37.0932 9804  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
13:09:37.0991 9804  defragsvc - ok
13:09:38.0064 9804  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:09:38.0090 9804  DfsC - ok
13:09:38.0220 9804  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:09:38.0261 9804  Dhcp - ok
13:09:38.0301 9804  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
13:09:38.0301 9804  discache - ok
13:09:38.0390 9804  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:09:38.0413 9804  Disk - ok
13:09:38.0491 9804  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:09:38.0505 9804  Dnscache - ok
13:09:38.0553 9804  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\Windows\System32\dot3svc.dll
13:09:38.0584 9804  dot3svc - ok
13:09:38.0977 9804  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
13:09:39.0004 9804  Dot4 - ok
13:09:39.0158 9804  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print      C:\Windows\system32\drivers\Dot4Prt.sys
13:09:39.0184 9804  Dot4Print - ok
13:09:39.0236 9804  [ CF491FF38D62143203C065260567E2F7 ] dot4usb        C:\Windows\system32\DRIVERS\dot4usb.sys
13:09:39.0253 9804  dot4usb - ok
13:09:39.0324 9804  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\Windows\system32\dps.dll
13:09:39.0343 9804  DPS - ok
13:09:39.0412 9804  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
13:09:39.0441 9804  drmkaud - ok
13:09:39.0653 9804  [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32      C:\Windows\system32\Drivers\DrvAgent32.sys
13:09:39.0684 9804  DrvAgent32 - ok
13:09:39.0824 9804  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
13:09:40.0003 9804  DXGKrnl - ok
13:09:40.0089 9804  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
13:09:40.0114 9804  EapHost - ok
13:09:40.0599 9804  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
13:09:40.0839 9804  ebdrv - ok
13:09:40.0882 9804  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\Windows\System32\lsass.exe
13:09:40.0916 9804  EFS - ok
13:09:41.0152 9804  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
13:09:41.0271 9804  ehRecvr - ok
13:09:41.0327 9804  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
13:09:41.0353 9804  ehSched - ok
13:09:41.0467 9804  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
13:09:41.0516 9804  elxstor - ok
13:09:41.0590 9804  [ 6C74035909B31F873D85B25E00BEB984 ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
13:09:41.0619 9804  enecir - ok
13:09:41.0694 9804  [ E45E5F047AE06BF450B458660A0F1DDE ] enecirhid      C:\Windows\system32\DRIVERS\enecirhid.sys
13:09:41.0714 9804  enecirhid - ok
13:09:41.0763 9804  [ 97D41E2831AC117AF9BF8D0D9E9D027F ] enecirhidma    C:\Windows\system32\DRIVERS\enecirhidma.sys
13:09:41.0776 9804  enecirhidma - ok
13:09:41.0835 9804  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:09:41.0890 9804  ErrDev - ok
13:09:42.0041 9804  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
13:09:42.0055 9804  EventSystem - ok
13:09:42.0134 9804  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
13:09:42.0157 9804  exfat - ok
13:09:42.0192 9804  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
13:09:42.0215 9804  fastfat - ok
13:09:42.0370 9804  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\Windows\system32\fxssvc.exe
13:09:42.0429 9804  Fax - ok
13:09:42.0479 9804  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
13:09:42.0514 9804  fdc - ok
13:09:42.0566 9804  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
13:09:42.0597 9804  fdPHost - ok
13:09:42.0667 9804  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
13:09:42.0690 9804  FDResPub - ok
13:09:42.0716 9804  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:09:42.0749 9804  FileInfo - ok
13:09:42.0774 9804  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
13:09:42.0838 9804  Filetrace - ok
13:09:42.0898 9804  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:09:42.0918 9804  flpydisk - ok
13:09:42.0997 9804  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:09:43.0034 9804  FltMgr - ok
13:09:43.0153 9804  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache      C:\Windows\system32\FntCache.dll
13:09:43.0168 9804  FontCache - ok
13:09:43.0323 9804  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:09:43.0359 9804  FontCache3.0.0.0 - ok
13:09:43.0404 9804  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
13:09:43.0434 9804  FsDepends - ok
13:09:43.0490 9804  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:09:43.0505 9804  Fs_Rec - ok
13:09:43.0621 9804  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:09:43.0623 9804  fvevol - ok
13:09:43.0710 9804  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:09:43.0741 9804  gagp30kx - ok
13:09:43.0917 9804  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:09:43.0939 9804  GEARAspiWDM - ok
13:09:44.0073 9804  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\Windows\System32\gpsvc.dll
13:09:44.0109 9804  gpsvc - ok
13:09:44.0617 9804  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
13:09:44.0627 9804  gupdate - ok
13:09:45.0078 9804  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:09:45.0079 9804  gupdatem - ok
13:09:45.0176 9804  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:09:45.0209 9804  hcw85cir - ok
13:09:45.0364 9804  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:09:45.0434 9804  HdAudAddService - ok
13:09:45.0490 9804  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:09:45.0495 9804  HDAudBus - ok
13:09:45.0546 9804  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
13:09:45.0563 9804  HidBatt - ok
13:09:45.0594 9804  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:09:45.0623 9804  HidBth - ok
13:09:45.0728 9804  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
13:09:45.0744 9804  HidIr - ok
13:09:45.0795 9804  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
13:09:45.0821 9804  hidserv - ok
13:09:45.0912 9804  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:09:45.0943 9804  HidUsb - ok
13:09:45.0985 9804  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:09:46.0007 9804  hkmsvc - ok
13:09:46.0063 9804  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:09:46.0074 9804  HomeGroupListener - ok
13:09:46.0148 9804  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:09:46.0180 9804  HomeGroupProvider - ok
13:09:46.0286 9804  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:09:46.0332 9804  HpSAMD - ok
13:09:46.0615 9804  [ B7CFE93627E7796624004687125A729F ] hshld          C:\Program Files\Hotspot Shield\bin\openvpnas.exe
13:09:46.0619 9804  hshld - ok
13:09:46.0756 9804  [ 4F28652EC514FA1BA473BC1A695A5C98 ] HssDrv          C:\Windows\system32\DRIVERS\HssDrv.sys
13:09:46.0807 9804  HssDrv - ok
13:09:46.0953 9804  [ 2CFEA9C337B699ACA38487E8A7438F35 ] HssSrv          C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
13:09:46.0956 9804  HssSrv - ok
13:09:47.0069 9804  [ B3C6EEEFF5C5EA3235B7D84317C1FB3F ] HssTrayService  C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
13:09:47.0074 9804  HssTrayService - ok
13:09:47.0143 9804  HssWd - ok
13:09:47.0263 9804  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:09:47.0278 9804  HTTP - ok
13:09:47.0328 9804  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:09:47.0330 9804  hwpolicy - ok
13:09:47.0447 9804  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:09:47.0472 9804  i8042prt - ok
13:09:47.0567 9804  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
13:09:47.0634 9804  iaStorV - ok
13:09:47.0892 9804  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:09:47.0923 9804  IDriverT - ok
13:09:48.0158 9804  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:09:48.0539 9804  idsvc - ok
13:09:48.0629 9804  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
13:09:48.0649 9804  iirsp - ok
13:09:48.0800 9804  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:09:48.0895 9804  IKEEXT - ok
13:09:48.0944 9804  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:09:48.0962 9804  intelide - ok
13:09:49.0020 9804  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:09:49.0025 9804  intelppm - ok
13:09:49.0089 9804  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
13:09:49.0107 9804  IPBusEnum - ok
13:09:49.0131 9804  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:09:49.0164 9804  IpFilterDriver - ok
13:09:49.0326 9804  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:09:49.0353 9804  iphlpsvc - ok
13:09:49.0418 9804  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
13:09:49.0450 9804  IPMIDRV - ok
13:09:49.0500 9804  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
13:09:49.0527 9804  IPNAT - ok
13:09:49.0683 9804  [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:09:49.0813 9804  iPod Service - ok
13:09:49.0860 9804  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:09:49.0878 9804  IRENUM - ok
13:09:49.0898 9804  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:09:49.0932 9804  isapnp - ok
13:09:49.0990 9804  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:09:50.0023 9804  iScsiPrt - ok
13:09:50.0108 9804  [ 96C4439A37EE719769D446DD430E9A33 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
13:09:50.0135 9804  JMCR - ok
13:09:50.0389 9804  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:09:50.0412 9804  kbdclass - ok
13:09:50.0497 9804  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:09:50.0523 9804  kbdhid - ok
13:09:50.0551 9804  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
13:09:50.0552 9804  KeyIso - ok
13:09:50.0649 9804  [ C420616B42CA194D5716AE9E7423534A ] KOBCCEX        C:\Windows\system32\drivers\KOBCCEX.sys
13:09:50.0672 9804  KOBCCEX - ok
13:09:50.0707 9804  [ 74E9FFA254368B58FD934A8F127E8DBD ] KOBCCID        C:\Windows\system32\drivers\KOBCCID.sys
13:09:50.0735 9804  KOBCCID - ok
13:09:50.0815 9804  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:09:50.0847 9804  KSecDD - ok
13:09:50.0905 9804  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
13:09:50.0919 9804  KSecPkg - ok
13:09:51.0000 9804  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
13:09:51.0033 9804  KtmRm - ok
13:09:51.0082 9804  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:09:51.0124 9804  LanmanServer - ok
13:09:51.0179 9804  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:09:51.0220 9804  LanmanWorkstation - ok
13:09:51.0348 9804  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:09:51.0368 9804  lltdio - ok
13:09:51.0418 9804  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
13:09:51.0465 9804  lltdsvc - ok
13:09:51.0493 9804  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
13:09:51.0518 9804  lmhosts - ok
13:09:51.0614 9804  [ 31F74D5D47EEA83E5E89447586917774 ] LPCFilter      C:\Windows\system32\DRIVERS\LPCFilter.sys
13:09:51.0651 9804  LPCFilter - ok
13:09:51.0730 9804  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:09:51.0761 9804  LSI_FC - ok
13:09:51.0802 9804  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
13:09:51.0838 9804  LSI_SAS - ok
13:09:51.0919 9804  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:09:51.0949 9804  LSI_SAS2 - ok
13:09:52.0002 9804  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:09:52.0024 9804  LSI_SCSI - ok
13:09:52.0049 9804  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
13:09:52.0075 9804  luafv - ok
13:09:52.0133 9804  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
13:09:52.0201 9804  Mcx2Svc - ok
13:09:52.0244 9804  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
13:09:52.0269 9804  megasas - ok
13:09:52.0345 9804  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:09:52.0367 9804  MegaSR - ok
13:09:52.0702 9804  Microsoft SharePoint Workspace Audit Service - ok
13:09:52.0758 9804  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
13:09:52.0760 9804  MMCSS - ok
13:09:52.0996 9804  [ 8AEEB5397543568860C6F681E2ED6686 ] mod7700        C:\Windows\system32\Drivers\dvb7700all.sys
13:09:53.0082 9804  mod7700 - ok
13:09:53.0105 9804  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
13:09:53.0117 9804  Modem - ok
13:09:53.0210 9804  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
13:09:53.0214 9804  monitor - ok
13:09:53.0248 9804  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:09:53.0282 9804  mouclass - ok
13:09:53.0324 9804  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:09:53.0393 9804  mouhid - ok
13:09:53.0444 9804  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:09:53.0446 9804  mountmgr - ok
13:09:53.0645 9804  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:09:53.0683 9804  MozillaMaintenance - ok
13:09:53.0746 9804  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:09:53.0808 9804  mpio - ok
13:09:53.0859 9804  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:09:53.0887 9804  mpsdrv - ok
13:09:54.0065 9804  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:09:54.0159 9804  MpsSvc - ok
13:09:54.0212 9804  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:09:54.0286 9804  MRxDAV - ok
13:09:54.0362 9804  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:09:54.0391 9804  mrxsmb - ok
13:09:54.0461 9804  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:09:54.0499 9804  mrxsmb10 - ok
13:09:54.0557 9804  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:09:54.0590 9804  mrxsmb20 - ok
13:09:54.0624 9804  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
13:09:54.0649 9804  msahci - ok
13:09:54.0855 9804  [ B03E3F64B70F8031E65EB26DA23DE91A ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS32.exe
13:09:54.0857 9804  MSCamSvc - ok
13:09:54.0881 9804  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
13:09:54.0901 9804  msdsm - ok
13:09:54.0947 9804  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
13:09:54.0979 9804  MSDTC - ok
13:09:55.0072 9804  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:09:55.0092 9804  Msfs - ok
13:09:55.0113 9804  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
13:09:55.0132 9804  mshidkmdf - ok
13:09:55.0222 9804  [ 7A0F9CBDBDB135113B9A3C138E20C85D ] MSHUSBVideo    C:\Windows\system32\Drivers\nx6000.sys
13:09:55.0254 9804  MSHUSBVideo - ok
13:09:55.0308 9804  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:09:55.0326 9804  msisadrv - ok
13:09:55.0398 9804  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
13:09:55.0439 9804  MSiSCSI - ok
13:09:55.0450 9804  msiserver - ok
13:09:55.0508 9804  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
13:09:55.0538 9804  MSKSSRV - ok
13:09:55.0572 9804  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:09:55.0583 9804  MSPCLOCK - ok
13:09:55.0609 9804  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
13:09:55.0627 9804  MSPQM - ok
13:09:55.0648 9804  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
13:09:55.0676 9804  MsRPC - ok
13:09:55.0728 9804  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:09:55.0732 9804  mssmbios - ok
13:09:55.0835 9804  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
13:09:55.0856 9804  MSTEE - ok
13:09:55.0885 9804  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:09:55.0906 9804  MTConfig - ok
13:09:55.0937 9804  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
13:09:56.0031 9804  Mup - ok
13:09:56.0122 9804  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
13:09:56.0135 9804  napagent - ok
13:09:56.0266 9804  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
13:09:56.0363 9804  NativeWifiP - ok
13:09:56.0473 9804  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:09:56.0493 9804  NDIS - ok
13:09:56.0585 9804  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
13:09:56.0606 9804  NdisCap - ok
13:09:56.0664 9804  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:09:56.0685 9804  NdisTapi - ok
13:09:56.0774 9804  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
13:09:56.0794 9804  Ndisuio - ok
13:09:56.0849 9804  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
13:09:56.0882 9804  NdisWan - ok
13:09:56.0927 9804  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
13:09:56.0956 9804  NDProxy - ok
13:09:57.0039 9804  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
13:09:57.0068 9804  NetBIOS - ok
13:09:57.0123 9804  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
13:09:57.0125 9804  NetBT - ok
13:09:57.0173 9804  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
13:09:57.0175 9804  Netlogon - ok
13:09:57.0288 9804  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
13:09:57.0352 9804  Netman - ok
13:09:57.0429 9804  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
13:09:57.0562 9804  netprofm - ok
13:09:57.0622 9804  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:09:57.0659 9804  NetTcpPortSharing - ok
13:09:58.0650 9804  [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32        C:\Windows\system32\DRIVERS\NETw5s32.sys
13:09:58.0951 9804  NETw5s32 - ok
13:09:59.0612 9804  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
13:10:00.0040 9804  netw5v32 - ok
13:10:00.0154 9804  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
13:10:00.0224 9804  nfrd960 - ok
13:10:00.0469 9804  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:10:00.0597 9804  NlaSvc - ok
13:10:00.0622 9804  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:10:00.0652 9804  Npfs - ok
13:10:00.0705 9804  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
13:10:00.0727 9804  nsi - ok
13:10:00.0773 9804  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:10:00.0774 9804  nsiproxy - ok
13:10:01.0003 9804  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:10:01.0194 9804  Ntfs - ok
13:10:01.0256 9804  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
13:10:01.0270 9804  Null - ok
13:10:01.0331 9804  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:10:01.0361 9804  nvraid - ok
13:10:01.0442 9804  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:10:01.0467 9804  nvstor - ok
13:10:01.0522 9804  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:10:01.0543 9804  nv_agp - ok
13:10:01.0638 9804  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:10:01.0665 9804  ohci1394 - ok
13:10:01.0935 9804  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:10:01.0952 9804  ose - ok
13:10:02.0605 9804  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:10:03.0219 9804  osppsvc - ok
13:10:03.0301 9804  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:10:03.0312 9804  p2pimsvc - ok
13:10:03.0402 9804  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:10:03.0424 9804  p2psvc - ok
13:10:03.0469 9804  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
13:10:03.0486 9804  Parport - ok
13:10:03.0525 9804  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\Windows\system32\drivers\partmgr.sys
13:10:03.0547 9804  partmgr - ok
13:10:03.0581 9804  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
13:10:03.0630 9804  Parvdm - ok
13:10:03.0703 9804  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:10:03.0734 9804  PcaSvc - ok
13:10:03.0799 9804  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\Windows\system32\drivers\pci.sys
13:10:03.0800 9804  pci - ok
13:10:03.0835 9804  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
13:10:03.0855 9804  pciide - ok
13:10:03.0919 9804  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:10:03.0992 9804  pcmcia - ok
13:10:04.0010 9804  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
13:10:04.0027 9804  pcw - ok
13:10:04.0171 9804  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:10:04.0214 9804  PEAUTH - ok
13:10:04.0453 9804  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
13:10:04.0496 9804  PeerDistSvc - ok
13:10:04.0786 9804  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\Windows\system32\pla.dll
13:10:04.0941 9804  pla - ok
13:10:05.0051 9804  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:10:05.0073 9804  PlugPlay - ok
13:10:05.0118 9804  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
13:10:05.0136 9804  PNRPAutoReg - ok
13:10:05.0191 9804  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
13:10:05.0194 9804  PNRPsvc - ok
13:10:05.0313 9804  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
13:10:05.0348 9804  PolicyAgent - ok
13:10:05.0407 9804  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\Windows\system32\umpo.dll
13:10:05.0415 9804  Power - ok
13:10:05.0505 9804  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:10:05.0531 9804  PptpMiniport - ok
13:10:05.0587 9804  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
13:10:05.0906 9804  Processor - ok
13:10:05.0974 9804  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc        C:\Windows\system32\profsvc.dll
13:10:06.0000 9804  ProfSvc - ok
13:10:06.0030 9804  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:10:06.0032 9804  ProtectedStorage - ok
13:10:06.0102 9804  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:10:06.0103 9804  Psched - ok
13:10:06.0326 9804  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:10:06.0512 9804  ql2300 - ok
13:10:06.0531 9804  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:10:06.0551 9804  ql40xx - ok
13:10:06.0639 9804  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
13:10:06.0712 9804  QWAVE - ok
13:10:06.0751 9804  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:10:06.0776 9804  QWAVEdrv - ok
13:10:06.0799 9804  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:10:06.0817 9804  RasAcd - ok
13:10:06.0892 9804  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
13:10:06.0916 9804  RasAgileVpn - ok
13:10:06.0959 9804  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
13:10:06.0997 9804  RasAuto - ok
13:10:07.0051 9804  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
13:10:07.0084 9804  Rasl2tp - ok
13:10:07.0232 9804  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
13:10:07.0297 9804  RasMan - ok
13:10:07.0350 9804  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:10:07.0368 9804  RasPppoe - ok
13:10:07.0432 9804  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
13:10:07.0449 9804  RasSstp - ok
13:10:07.0508 9804  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
13:10:07.0586 9804  rdbss - ok
13:10:07.0627 9804  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:10:07.0652 9804  rdpbus - ok
13:10:07.0721 9804  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:10:07.0722 9804  RDPCDD - ok
13:10:07.0804 9804  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
13:10:07.0822 9804  RDPDR - ok
13:10:07.0874 9804  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:10:07.0874 9804  RDPENCDD - ok
13:10:07.0940 9804  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:10:07.0941 9804  RDPREFMP - ok
13:10:08.0005 9804  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
13:10:08.0035 9804  RDPWD - ok
13:10:08.0152 9804  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:10:08.0191 9804  rdyboost - ok
13:10:08.0248 9804  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:10:08.0314 9804  RemoteAccess - ok
13:10:08.0397 9804  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:10:08.0420 9804  RemoteRegistry - ok
13:10:08.0455 9804  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:10:08.0480 9804  RpcEptMapper - ok
13:10:08.0537 9804  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
13:10:08.0554 9804  RpcLocator - ok
13:10:08.0600 9804  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\Windows\system32\rpcss.dll
13:10:08.0604 9804  RpcSs - ok
13:10:08.0709 9804  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:10:08.0740 9804  rspndr - ok
13:10:08.0855 9804  [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167        C:\Windows\system32\DRIVERS\Rt86win7.sys
13:10:08.0868 9804  RTL8167 - ok
13:10:08.0922 9804  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap          C:\Windows\system32\drivers\vms3cap.sys
13:10:08.0979 9804  s3cap - ok
13:10:09.0008 9804  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\Windows\system32\lsass.exe
13:10:09.0010 9804  SamSs - ok
13:10:09.0091 9804  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:10:09.0119 9804  sbp2port - ok
13:10:09.0263 9804  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:10:09.0278 9804  SCardSvr - ok
13:10:09.0309 9804  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:10:09.0332 9804  scfilter - ok
13:10:09.0456 9804  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
13:10:09.0541 9804  Schedule - ok
13:10:09.0598 9804  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\Windows\System32\certprop.dll
13:10:09.0599 9804  SCPolicySvc - ok
13:10:09.0686 9804  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus          C:\Windows\system32\drivers\sdbus.sys
13:10:09.0706 9804  sdbus - ok
13:10:09.0748 9804  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:10:09.0771 9804  SDRSVC - ok
13:10:09.0866 9804  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:10:09.0913 9804  secdrv - ok
13:10:09.0970 9804  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
13:10:09.0986 9804  seclogon - ok
13:10:10.0038 9804  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
13:10:10.0058 9804  SENS - ok
13:10:10.0112 9804  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:10:10.0151 9804  SensrSvc - ok
13:10:10.0177 9804  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
13:10:10.0197 9804  Serenum - ok
13:10:10.0251 9804  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:10:10.0274 9804  Serial - ok
13:10:10.0336 9804  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:10:10.0363 9804  sermouse - ok
13:10:10.0414 9804  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:10:10.0438 9804  SessionEnv - ok
13:10:10.0490 9804  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
13:10:10.0530 9804  sffdisk - ok
13:10:10.0565 9804  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:10:10.0589 9804  sffp_mmc - ok
13:10:10.0621 9804  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
13:10:10.0645 9804  sffp_sd - ok
13:10:10.0689 9804  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
13:10:10.0708 9804  sfloppy - ok
13:10:10.0816 9804  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:10:10.0881 9804  SharedAccess - ok
13:10:11.0197 9804  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:10:11.0254 9804  ShellHWDetection - ok
13:10:11.0381 9804  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:10:11.0499 9804  sisagp - ok
13:10:11.0677 9804  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:10:11.0708 9804  SiSRaid2 - ok
13:10:11.0747 9804  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:10:11.0770 9804  SiSRaid4 - ok
13:10:11.0924 9804  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
13:10:11.0979 9804  SkypeUpdate - ok
13:10:12.0034 9804  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
13:10:12.0057 9804  Smb - ok
13:10:12.0192 9804  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:10:12.0209 9804  SNMPTRAP - ok
13:10:12.0290 9804  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
13:10:12.0326 9804  spldr - ok
13:10:12.0483 9804  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler        C:\Windows\System32\spoolsv.exe
13:10:12.0540 9804  Spooler - ok
13:10:12.0971 9804  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
13:10:13.0256 9804  sppsvc - ok
13:10:13.0315 9804  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
13:10:13.0341 9804  sppuinotify - ok
13:10:13.0421 9804  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\Windows\system32\DRIVERS\srv.sys
13:10:13.0523 9804  srv - ok
13:10:13.0608 9804  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:10:13.0661 9804  srv2 - ok
13:10:13.0709 9804  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:10:13.0733 9804  srvnet - ok
13:10:13.0864 9804  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus        C:\Windows\system32\DRIVERS\ssadbus.sys
13:10:13.0934 9804  ssadbus - ok
13:10:13.0997 9804  [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
13:10:14.0014 9804  ssadmdfl - ok
13:10:14.0088 9804  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm        C:\Windows\system32\DRIVERS\ssadmdm.sys
13:10:14.0119 9804  ssadmdm - ok
13:10:14.0168 9804  [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus        C:\Windows\system32\DRIVERS\sscdbus.sys
13:10:14.0189 9804  sscdbus - ok
13:10:14.0268 9804  [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
13:10:14.0333 9804  sscdmdfl - ok
13:10:14.0383 9804  [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm        C:\Windows\system32\DRIVERS\sscdmdm.sys
13:10:14.0406 9804  sscdmdm - ok
13:10:14.0479 9804  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
13:10:14.0489 9804  SSDPSRV - ok
13:10:14.0600 9804  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
13:10:14.0618 9804  ssmdrv - ok
13:10:14.0665 9804  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
13:10:14.0672 9804  SstpSvc - ok
13:10:14.0724 9804  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:10:14.0759 9804  stexstor - ok
13:10:14.0894 9804  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
13:10:14.0952 9804  StiSvc - ok
13:10:14.0989 9804  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
13:10:15.0070 9804  storflt - ok
13:10:15.0130 9804  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc        C:\Windows\system32\storsvc.dll
13:10:15.0149 9804  StorSvc - ok
13:10:15.0210 9804  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc        C:\Windows\system32\drivers\storvsc.sys
13:10:15.0261 9804  storvsc - ok
13:10:15.0289 9804  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:10:15.0311 9804  swenum - ok
13:10:15.0426 9804  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
13:10:15.0446 9804  swprv - ok
13:10:15.0645 9804  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\Windows\system32\sysmain.dll
13:10:15.0681 9804  SysMain - ok
13:10:15.0732 9804  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:10:15.0750 9804  TabletInputService - ok
13:10:15.0803 9804  [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
13:10:15.0822 9804  taphss - ok
13:10:15.0894 9804  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\Windows\System32\tapisrv.dll
13:10:15.0934 9804  TapiSrv - ok
13:10:15.0983 9804  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
13:10:15.0989 9804  TBS - ok
13:10:16.0200 9804  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
13:10:16.0497 9804  Tcpip - ok
13:10:16.0645 9804  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:10:16.0651 9804  TCPIP6 - ok
13:10:16.0989 9804  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:10:17.0005 9804  tcpipreg - ok
13:10:17.0044 9804  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:10:17.0068 9804  TDPIPE - ok
13:10:17.0111 9804  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
13:10:17.0139 9804  TDTCP - ok
13:10:17.0194 9804  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
13:10:17.0218 9804  tdx - ok
13:10:17.0249 9804  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:10:17.0273 9804  TermDD - ok
13:10:17.0358 9804  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\Windows\System32\termsrv.dll
13:10:17.0417 9804  TermService - ok
13:10:17.0480 9804  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
13:10:17.0502 9804  Themes - ok
13:10:17.0602 9804  [ 9528F2A39CB660A49F0592D57127F370 ] Thpdrv          C:\Windows\system32\DRIVERS\thpdrv.sys
13:10:17.0620 9804  Thpdrv - ok
13:10:17.0725 9804  [ E17DCDE74FF00CA802643B4A9A4A4A5C ] Thpevm          C:\Windows\system32\DRIVERS\Thpevm.SYS
13:10:17.0742 9804  Thpevm - ok
13:10:17.0828 9804  [ D440EE9E119D16304B9FA5D3284EE781 ] Thpsrv          C:\Windows\system32\ThpSrv.exe
13:10:17.0834 9804  Thpsrv - ok
13:10:17.0861 9804  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
13:10:17.0862 9804  THREADORDER - ok
13:10:18.0141 9804  [ 66C35016E01746715F8F606A9F081BF9 ] TosCoSrv        C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
13:10:18.0143 9804  TosCoSrv - ok
13:10:18.0338 9804  [ AC88D258F20909EEB91796F490CFBB73 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
13:10:18.0396 9804  TOSHIBA Bluetooth Service - ok
13:10:18.0492 9804  Tosrfcom - ok
13:10:18.0574 9804  [ 9EE240F7029771B21CC6200BE6516D60 ] tosrfec        C:\Windows\system32\DRIVERS\tosrfec.sys
13:10:18.0591 9804  tosrfec - ok
13:10:18.0645 9804  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
13:10:18.0678 9804  TrkWks - ok
13:10:18.0826 9804  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:10:18.0827 9804  TrustedInstaller - ok
13:10:18.0878 9804  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:10:18.0932 9804  tssecsrv - ok
13:10:19.0137 9804  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:10:19.0162 9804  TsUsbFlt - ok
13:10:19.0274 9804  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:10:19.0300 9804  tunnel - ok
13:10:19.0381 9804  [ FC24015B4052600C324C43E3A79C0664 ] TVALZ          C:\Windows\system32\DRIVERS\TVALZ_O.SYS
13:10:19.0408 9804  TVALZ - ok
13:10:19.0472 9804  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:10:19.0504 9804  uagp35 - ok
13:10:19.0530 9804  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:10:19.0569 9804  udfs - ok
13:10:19.0630 9804  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
13:10:19.0652 9804  UI0Detect - ok
13:10:19.0714 9804  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:10:19.0767 9804  uliagpkx - ok
13:10:19.0817 9804  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\Windows\system32\drivers\umbus.sys
13:10:19.0833 9804  umbus - ok
13:10:19.0879 9804  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:10:19.0904 9804  UmPass - ok
13:10:19.0974 9804  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:10:20.0016 9804  UmRdpService - ok
13:10:20.0115 9804  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
13:10:20.0136 9804  upnphost - ok
13:10:20.0220 9804  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL        C:\Windows\system32\Drivers\usbaapl.sys
13:10:20.0244 9804  USBAAPL - ok
13:10:20.0325 9804  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:10:20.0347 9804  usbaudio - ok
13:10:20.0388 9804  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
13:10:20.0392 9804  usbccgp - ok
13:10:20.0431 9804  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:10:20.0467 9804  usbcir - ok
13:10:20.0521 9804  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
13:10:20.0536 9804  usbehci - ok
13:10:20.0619 9804  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:10:20.0680 9804  usbhub - ok
13:10:20.0732 9804  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
13:10:20.0754 9804  usbohci - ok
13:10:20.0819 9804  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:10:20.0843 9804  usbprint - ok
13:10:20.0931 9804  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:10:20.0957 9804  USBSTOR - ok
13:10:21.0003 9804  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
13:10:21.0309 9804  usbuhci - ok
13:10:21.0472 9804  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:10:21.0498 9804  usbvideo - ok
13:10:21.0697 9804  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
13:10:21.0721 9804  UxSms - ok
13:10:21.0744 9804  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
13:10:21.0745 9804  VaultSvc - ok
13:10:21.0801 9804  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:10:21.0819 9804  vdrvroot - ok
13:10:21.0920 9804  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\Windows\System32\vds.exe
13:10:22.0077 9804  vds - ok
13:10:22.0153 9804  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
13:10:22.0166 9804  vga - ok
13:10:22.0186 9804  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
13:10:22.0208 9804  VgaSave - ok
13:10:22.0306 9804  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
13:10:22.0353 9804  vhdmp - ok
13:10:22.0417 9804  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:10:22.0441 9804  viaagp - ok
13:10:22.0487 9804  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
13:10:22.0502 9804  ViaC7 - ok
13:10:22.0559 9804  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
13:10:22.0579 9804  viaide - ok
13:10:22.0654 9804  [ C2F2911156FDC7817C52829C86DA494E ] vmbus          C:\Windows\system32\drivers\vmbus.sys
13:10:22.0685 9804  vmbus - ok
13:10:22.0717 9804  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:10:22.0741 9804  VMBusHID - ok
13:10:22.0769 9804  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:10:22.0794 9804  volmgr - ok
13:10:22.0869 9804  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
13:10:22.0873 9804  volmgrx - ok
13:10:22.0919 9804  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
13:10:23.0097 9804  volsnap - ok
13:10:23.0301 9804  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
13:10:23.0325 9804  vsmraid - ok
13:10:23.0643 9804  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\Windows\system32\vssvc.exe
13:10:23.0666 9804  VSS - ok
13:10:23.0742 9804  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:10:23.0761 9804  vwifibus - ok
13:10:23.0863 9804  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:10:23.0899 9804  vwififlt - ok
13:10:23.0996 9804  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
13:10:23.0999 9804  vwifimp - ok
13:10:24.0111 9804  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
13:10:24.0171 9804  W32Time - ok
13:10:24.0212 9804  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:10:24.0229 9804  WacomPen - ok
13:10:24.0346 9804  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:10:24.0406 9804  WANARP - ok
13:10:24.0409 9804  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:10:24.0411 9804  Wanarpv6 - ok
13:10:24.0661 9804  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
13:10:24.0856 9804  WatAdminSvc - ok
13:10:25.0040 9804  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
13:10:25.0214 9804  wbengine - ok
13:10:25.0277 9804  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:10:25.0301 9804  WbioSrvc - ok
13:10:25.0378 9804  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\Windows\System32\wcncsvc.dll
13:10:25.0407 9804  wcncsvc - ok
13:10:25.0447 9804  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:10:25.0463 9804  WcsPlugInService - ok
13:10:25.0503 9804  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:10:25.0520 9804  Wd - ok
13:10:25.0647 9804  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:10:25.0764 9804  Wdf01000 - ok
13:10:25.0828 9804  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:10:25.0836 9804  WdiServiceHost - ok
13:10:25.0849 9804  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
13:10:25.0852 9804  WdiSystemHost - ok
13:10:25.0949 9804  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\Windows\System32\webclnt.dll
13:10:25.0988 9804  WebClient - ok
13:10:26.0049 9804  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:10:26.0073 9804  Wecsvc - ok
13:10:26.0100 9804  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
13:10:26.0135 9804  wercplsupport - ok
13:10:26.0242 9804  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:10:26.0245 9804  WerSvc - ok
13:10:26.0361 9804  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:10:26.0408 9804  WfpLwf - ok
13:10:26.0435 9804  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:10:26.0450 9804  WIMMount - ok
13:10:26.0658 9804  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
13:10:26.0717 9804  WinDefend - ok
13:10:26.0726 9804  WinHttpAutoProxySvc - ok
13:10:26.0872 9804  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
13:10:26.0906 9804  Winmgmt - ok
13:10:27.0101 9804  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
13:10:27.0244 9804  WinRM - ok
13:10:27.0364 9804  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:10:27.0389 9804  WinUsb - ok
13:10:27.0593 9804  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
13:10:27.0672 9804  Wlansvc - ok
13:10:28.0080 9804  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:10:28.0139 9804  wlidsvc - ok
13:10:28.0188 9804  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
13:10:28.0201 9804  WmiAcpi - ok
13:10:28.0302 9804  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:10:28.0340 9804  wmiApSrv - ok
13:10:28.0647 9804  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
13:10:29.0103 9804  WMPNetworkSvc - ok
13:10:29.0191 9804  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:10:29.0227 9804  WPCSvc - ok
13:10:29.0284 9804  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:10:29.0309 9804  WPDBusEnum - ok
13:10:29.0355 9804  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
13:10:29.0389 9804  ws2ifsl - ok
13:10:29.0438 9804  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:10:29.0472 9804  wscsvc - ok
13:10:29.0481 9804  WSearch - ok
13:10:29.0763 9804  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
13:10:29.0823 9804  wuauserv - ok
13:10:29.0875 9804  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:10:29.0911 9804  WudfPf - ok
13:10:29.0974 9804  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:10:30.0019 9804  WUDFRd - ok
13:10:30.0103 9804  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
13:10:30.0129 9804  wudfsvc - ok
13:10:30.0210 9804  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
13:10:30.0296 9804  WwanSvc - ok
13:10:30.0543 9804  XDva382 - ok
13:10:30.0719 9804  XDva383 - ok
13:10:30.0772 9804  ================ Scan global ===============================
13:10:30.0823 9804  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
13:10:30.0921 9804  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
13:10:31.0016 9804  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
13:10:31.0064 9804  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:10:31.0155 9804  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:10:31.0162 9804  [Global] - ok
13:10:31.0163 9804  ================ Scan MBR ==================================
13:10:31.0189 9804  [ 4C54042F5B2569C9DDCF173120D730F9 ] \Device\Harddisk0\DR0
13:10:31.0342 9804  \Device\Harddisk0\DR0 - ok
13:10:31.0364 9804  [ 3DFBD33517922022AAB2367021B4BBEC ] \Device\Harddisk1\DR1
13:10:31.0390 9804  \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - infected
13:10:31.0390 9804  \Device\Harddisk1\DR1 - detected Rootkit.Boot.Wistler.a (0)
13:10:31.0390 9804  ================ Scan VBR ==================================
13:10:31.0428 9804  [ 9CFAEBADF382E842B38F9D983EF3E048 ] \Device\Harddisk0\DR0\Partition1
13:10:31.0526 9804  \Device\Harddisk0\DR0\Partition1 - ok
13:10:31.0554 9804  [ E40CA1D1ED09EAB052F526F196B97060 ] \Device\Harddisk0\DR0\Partition2
13:10:31.0577 9804  \Device\Harddisk0\DR0\Partition2 - ok
13:10:31.0581 9804  [ 10A63FA7D35293F8F85402D2FE087710 ] \Device\Harddisk1\DR1\Partition1
13:10:31.0582 9804  \Device\Harddisk1\DR1\Partition1 - ok
13:10:31.0582 9804  ============================================================
13:10:31.0582 9804  Scan finished
13:10:31.0582 9804  ============================================================
13:10:31.0596 10412  Detected object count: 1
13:10:31.0596 10412  Actual detected object count: 1
13:10:37.0001 10412  \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - skipped by user
13:10:37.0001 10412  \Device\Harddisk1\DR1 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
13:10:55.0264 7844  Deinitialize success

schrauber 11.09.2012 12:24
Programm noch offen? Hast Du zur Auswahl "Cure"? Wenn ja, bitte auswählen und weitermachen, wenn nicht bitte Rückmeldung!

mifi 11.09.2012 12:46
der whistler scheint entfernt zu sein! vielen dank für die hilfe. ich werde heute nacht nochmal einen komplett-scan durchlaufen lassen und mich dann noch mal melden...
mifi

schrauber 11.09.2012 13:03
Mooooooment, hab ich gesagt wir sind fertig?

mifi 11.09.2012 13:22
ok..heißt?

schrauber 11.09.2012 13:45
dass jetzt, wo das bootkit weg ist, evtl noch mehr aufgetaucht ist, also haben wir noch arbeit :)
  • Lade dir das Tool hier herunter auf den Desktop -> KLICK
Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
  • Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
    Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.
  • Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
(ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix)

mifi 12.09.2012 21:33
hallo, habe jetzt mehrmals combofix über mehrere stunden laufen lassen. Hintergrundprogramme aus, und laptop in ruhe gelassen.. leider stürzt es jedesmal während des scanvorgangs ab und ich kann den computer nur durch ein hard reset in gang bringen...

gibt es eine alternative zu diesem programm? evtl. im abgesichert modus versuchen??

Viele grüße, mifi

schrauber 12.09.2012 21:34
Ja versuch es im Abgesicherten Modus, wenn das nicht geht kurz Rückmeldung :)

mifi 13.09.2012 11:27
habs über die nacht im abgesicherten modus laufen lassen, wieder abgestürzt...

schrauber 13.09.2012 11:38
Ok,

Start > Ausführen

"%userprofile%\desktop\Combofix" /nombr

und enter. da ist ein leerzeichen zwischen Combofix" und dem /nombr.

mifi 13.09.2012 14:15
jep, so hats geklappt! hier der log:
Code:
ComboFix 12-09-12.03 - xx 09/13/2012  14:54:16.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.1.1033.18.3037.2223 [GMT 2:00]
Running from: c:\users\xx\Desktop\Combofix.exe
Command switches used :: /nombr
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20110217.txt
c:\cflog\CrashLog_20110218.txt
c:\cflog\CrashLog_20110223.txt
c:\users\xx\058.jpg
c:\users\xx\4.0
c:\users\xx\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\xx\AppData\Roaming\pudplg.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\pt
c:\windows\system32\pt\ThpProp.exe.mui
c:\windows\system32\pt\ThpSrv.exe.mui
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\system32\tmp1058.tmp
c:\windows\system32\tmp1097.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
D:\install.exe
.
.
(((((((((((((((((((((((((  Files Created from 2012-08-13 to 2012-09-13  )))))))))))))))))))))))))))))))
.
.
2012-09-13 13:03 . 2012-09-13 13:03        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-12 07:27 . 2012-08-22 17:16        712048        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-12 07:27 . 2012-07-04 19:45        33280        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 07:27 . 2012-08-22 17:16        1292144        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-12 07:27 . 2012-08-22 17:16        240496        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-12 07:27 . 2012-08-22 17:16        187760        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 07:27 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-09-11 23:43 . 2012-09-13 13:03        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F4F3636-887A-4822-A7E7-C03F73C8E4D8}\offreg.dll
2012-09-11 10:52 . 2012-08-23 07:15        7022536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F4F3636-887A-4822-A7E7-C03F73C8E4D8}\mpengine.dll
2012-09-08 13:39 . 2012-09-11 11:34        --------        d-----w-        C:\TDSSKiller_Quarantine
2012-09-07 21:57 . 2012-09-07 21:57        73696        ----a-w-        c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-07 12:34 . 2012-09-07 12:34        --------        d-----w-        c:\program files\ESET
2012-09-07 12:21 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\system32\qdvd.dll
2012-09-06 23:00 . 2012-09-07 00:28        --------        d-----w-        c:\programdata\SecTaskMan
2012-09-06 23:00 . 2012-09-06 23:00        --------        d-----w-        c:\program files\Security Task Manager
2012-09-06 22:28 . 2012-09-06 22:28        --------        d-----w-        c:\users\xx\AppData\Roaming\Malwarebytes
2012-09-06 22:28 . 2012-09-06 22:28        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-06 22:28 . 2012-09-06 22:28        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-09-06 22:28 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-06 20:07 . 2012-09-06 20:07        --------        d-----w-        C:\bd_logs
2012-09-06 12:15 . 2012-09-07 23:07        --------        d-----w-        c:\programdata\xtffwgbyekmqwbw
2012-08-21 06:52 . 2012-08-21 06:52        565616        ----a-w-        c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor14.dll
2012-08-16 05:27 . 2012-07-18 17:47        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-08-16 05:27 . 2012-05-05 07:46        400896        ----a-w-        c:\windows\system32\srcore.dll
2012-08-16 05:27 . 2012-07-04 21:14        41984        ----a-w-        c:\windows\system32\browcli.dll
2012-08-16 05:27 . 2012-07-04 21:14        102912        ----a-w-        c:\windows\system32\browser.dll
2012-08-16 05:27 . 2012-02-11 05:43        492032        ----a-w-        c:\windows\system32\win32spl.dll
2012-08-16 05:27 . 2012-02-11 05:37        317440        ----a-w-        c:\windows\system32\spoolsv.exe
2012-08-16 05:27 . 2012-05-14 04:33        769024        ----a-w-        c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 16:24 . 2012-06-14 12:56        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-08-15 16:24 . 2011-05-14 14:22        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-17 18:22 . 2011-02-06 00:48        22328        ----a-w-        c:\users\xx\AppData\Roaming\PnkBstrK.sys
2012-07-17 18:21 . 2012-02-10 10:13        103736        ----a-w-        c:\windows\system32\PnkBstrB.ex0
2012-07-12 15:03 . 2012-07-12 15:03        3262        ----a-w-        c:\windows\system32\ealregsnapshot1.reg
2012-09-07 21:57 . 2011-04-23 18:23        266720        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\xx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardManagementTool.lnk - c:\program files\KOBIL Systems\KOBIL Smart Key\Smart Key\Microsoft CSP\CMT.exe [2010-8-22 1069056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys [x]
R3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva382;XDva382;c:\windows\system32\XDva382.sys [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 16:24]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 19:25]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-24 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\wd3myjq5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKCU-Run-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
HKCU-Run-pudplg - c:\users\xx\AppData\Roaming\pudplg.dll
MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-17185805-2931279960-2750159110-1000\Software\SecuROM\License information*]
"datasecu"=hex:9e,be,b3,9e,6a,11,91,95,53,25,7e,5d,fe,6e,9b,eb,f4,a8,d9,3a,56,
  d0,25,a9,b0,bc,27,16,70,5d,90,18,f3,8f,de,dd,2b,e4,74,c7,5c,0a,db,28,d4,68,\
"rkeysecu"=hex:54,a7,5e,99,73,31,48,81,08,cb,af,ec,2b,7b,90,b1
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\ThpSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-09-13  15:10:56 - machine was rebooted
ComboFix-quarantined-files.txt  2012-09-13 13:10
.
Pre-Run: 60,863,430,656 bytes free
Post-Run: 60,773,543,936 bytes free
.
- - End Of File - - E3E84B51E8F60F5711F624C0D4F941B9


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:22 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55