Trojaner-Board
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojanermeldung "win32/coinminer" (https://www.trojaner-board.de/123688-trojanermeldung-win32-coinminer.html)

reyman 07.09.2012 19:32
Trojanermeldung "win32/coinminer"
 
Hallo,

ich bekomme seid 3 Tagen von meinem Virenscanner "Microsoft security Essentials" eine Trojanermeldung "win32/coinminer". Ich verschiebe sie in Quarantäne und lasse sie Löschen, jedoch kommt die Meldung nach jedem Neustart wieder.

Ich benutze Win 7 32 Bit version.

Falls ihr weiter Daten benötigt welche ich hier nicht genannt habe bitte ich um entschuldigen und Antworte so schnell ich kann.

Ich bin den Anweisungen laut Beitrag zur erstellung eines neuen Themas gefolgt und habe im Anhang eine Rar datei mit den 3 Dateien. Gmer,Extras und OTL.txt


Ich danke für eure Hilfe.

markusg 07.09.2012 19:42
hi
ersetze im script ... durch nutzernamen sonst gehts nicht

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
F3 - HKCU WinNT: Load - (C:\Users\...\C_1wh.exe) - C:\Users\...\C_1wh.exe ()
O4 - HKCU..\Run: [Twain Working Group] C:\Users\...\AppData\Roaming\Microsoft\twunk_16.exe ()
O4 - HKCU..\Run: [iwlfaqanbswbuyuhfhy] C:\Users\...\AppData\Roaming\iwlfaqanbswbuyuhfhy.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Flrefox] C:\Users\...\AppData\Roaming\Flrefox\Flrefox.Exe ()
PRC - [2012.09.05 22:00:34 | 000,235,520 | RHS- | M] () -- C:\Users\...\C_1wh.exe
[2012.09.05 22:03:04 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\dclogs
[2012.09.05 22:00:34 | 000,235,520 | RHS- | M] () -- C:\Users\...\C_1wh.exe
 :Files
C:\Users\...\C_1wh.exe
C:\Users\...\AppData\Roaming\Microsoft\twunk_16.exe
C:\Users\...\AppData\Roaming\iwlfaqanbswbuyuhfhy.exe
C:\Users\...\AppData\Roaming\Flrefox
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

reyman 07.09.2012 19:50
Ich kann dir gerade nicht folgen...

Welches Script ? Alle erstellten ? Durch den echten Usernamen ersetzen ?

markusg 07.09.2012 20:18
in meinem script, steht oben in der code box, ... durch den nutzernamen ersetzen bitte.

reyman 07.09.2012 20:48
Es hat alles funktioniert. Danke schonmal im voraus.

markusg 07.09.2012 20:59
wunderbar
upload ist da.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

reyman 07.09.2012 21:15
Combofix Logfile:
Code:
ComboFix 12-09-07.03 - Jeff 07.09.2012  22:06:17.1.4 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3583.2452 [GMT 2:00]
ausgeführt von:: c:\users\Jeff\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\blekkotb_031\blEKkotb_019x.dll
c:\program files\Mozilla Firefox\searchplugins\search.xml
G:\Autorun.inf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-07 bis 2012-09-07  ))))))))))))))))))))))))))))))
.
.
2012-09-07 20:11 . 2012-09-07 20:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-07 19:40 . 2012-09-07 19:46        --------        d-----w-        C:\_OTL
2012-09-07 17:57 . 2012-09-07 17:57        29904        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{403B3E48-6563-48B8-99DB-0FE22F60D56B}\MpKsl9862028b.sys
2012-09-07 17:41 . 2012-08-23 07:15        7022536        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{403B3E48-6563-48B8-99DB-0FE22F60D56B}\mpengine.dll
2012-09-06 13:33 . 2012-08-23 07:15        7022536        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-05 18:45 . 2012-09-05 20:06        --------        d-----w-        C:\Fraps
2012-09-05 18:13 . 2012-09-05 18:13        --------        d-----w-        c:\program files\HyperCam 2
2012-09-05 18:12 . 2012-09-05 18:13        --------        d-----w-        c:\programdata\SweetIM
2012-09-05 18:12 . 2012-09-05 18:13        --------        d-----w-        c:\program files\SweetIM
2012-09-05 18:10 . 2012-09-05 18:10        --------        d-----w-        c:\programdata\blekko toolbars
2012-09-05 18:10 . 2012-09-07 20:10        --------        d-----w-        c:\program files\blekkotb_031
2012-09-05 18:10 . 2012-09-05 18:10        --------        d-----w-        c:\programdata\Anti-phishing Domain Advisor
2012-09-05 14:45 . 2012-09-05 14:45        --------        d-----w-        c:\program files\Microsoft
2012-09-05 14:44 . 2012-09-05 14:44        --------        d-----w-        c:\program files\Common Files\Java
2012-09-05 14:44 . 2012-09-05 14:44        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2012-09-05 14:44 . 2012-09-05 14:44        --------        d-----w-        c:\program files\Java
2012-09-05 13:18 . 2012-09-05 13:18        --------        d-----w-        c:\program files\TeamViewer
2012-09-04 19:02 . 2004-11-23 22:22        32768        ----a-r-        c:\windows\system32\XSIChooser.exe
2012-08-30 13:46 . 2012-08-30 13:46        65536        ----a-w-        c:\windows\system32\frapsvid.dll
2012-08-29 18:04 . 2012-09-06 17:57        --------        d-----w-        C:\HammerAutosave
2012-08-28 11:23 . 2012-08-28 11:23        --------        d-----w-        c:\programdata\ATI
2012-08-28 11:23 . 2012-08-28 11:23        --------        d-----w-        c:\program files\AMD APP
2012-08-23 14:43 . 2010-06-02 02:55        74072        ----a-w-        c:\windows\system32\XAPOFX1_5.dll
2012-08-23 14:43 . 2010-06-02 02:55        527192        ----a-w-        c:\windows\system32\XAudio2_7.dll
2012-08-23 14:43 . 2010-06-02 02:55        239960        ----a-w-        c:\windows\system32\xactengine3_7.dll
2012-08-23 14:43 . 2010-05-26 09:41        2106216        ----a-w-        c:\windows\system32\D3DCompiler_43.dll
2012-08-23 14:43 . 2010-05-26 09:41        470880        ----a-w-        c:\windows\system32\d3dx10_43.dll
2012-08-23 14:43 . 2010-05-26 09:41        248672        ----a-w-        c:\windows\system32\d3dx11_43.dll
2012-08-23 14:43 . 2010-05-26 09:41        1998168        ----a-w-        c:\windows\system32\D3DX9_43.dll
2012-08-23 14:43 . 2010-05-26 09:41        1868128        ----a-w-        c:\windows\system32\d3dcsx_43.dll
2012-08-23 11:59 . 2012-09-05 19:40        --------        d-----w-        c:\program files\Common Files\Steam
2012-08-23 11:08 . 2012-08-23 11:08        --------        d-----w-        c:\program files\1-abc
2012-08-22 21:35 . 2010-02-04 08:01        74072        ----a-w-        c:\windows\system32\XAPOFX1_4.dll
2012-08-22 21:35 . 2010-02-04 08:01        528216        ----a-w-        c:\windows\system32\XAudio2_6.dll
2012-08-22 21:35 . 2010-02-04 08:01        238936        ----a-w-        c:\windows\system32\xactengine3_6.dll
2012-08-22 21:35 . 2010-02-04 08:01        22360        ----a-w-        c:\windows\system32\X3DAudio1_7.dll
2012-08-22 21:19 . 2012-08-22 21:19        --------        d-----w-        c:\program files\Disney Interactive Studios
2012-08-22 20:55 . 2012-08-22 20:55        --------        d-----w-        c:\program files\Microsoft Garage
2012-08-22 16:42 . 2012-08-22 16:43        --------        d-----w-        c:\program files\Google
2012-08-22 16:41 . 2012-08-22 16:41        --------        d-----w-        c:\program files\Common Files\Adobe
2012-08-22 13:43 . 2012-09-07 17:38        --------        d-----w-        c:\program files\Opera
2012-08-18 23:50 . 2012-08-18 23:50        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help
2012-08-16 15:17 . 2012-08-16 15:17        --------        d-----w-        c:\programdata\WEBREG
2012-08-16 15:14 . 2012-08-16 15:14        --------        d-----w-        c:\programdata\HP Product Assistant
2012-08-16 15:12 . 2012-08-16 15:12        --------        d-----w-        c:\program files\Common Files\HP
2012-08-16 15:11 . 2012-08-16 15:11        --------        d-----w-        c:\program files\Common Files\Hewlett-Packard
2012-08-16 15:10 . 2008-10-06 13:37        315392        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\hpfpp083.dll
2012-08-16 15:10 . 2008-10-29 18:56        271704        ----a-w-        c:\windows\system32\hpzids01.dll
2012-08-16 15:10 . 2008-10-06 13:38        121344        ----a-w-        c:\windows\system32\hpf3l083.dll
2012-08-16 15:10 . 2008-10-29 18:57        974848        ----a-w-        c:\windows\system32\hpost_p02b.dll
2012-08-16 15:10 . 2008-10-29 18:57        737280        ----a-w-        c:\windows\system32\hposwia_p02b.dll
2012-08-16 15:10 . 2008-10-29 18:57        307200        ----a-w-        c:\windows\system32\hposc_p02a.dll
2012-08-16 15:09 . 2012-08-16 15:15        --------        d-----w-        c:\program files\HP
2012-08-16 15:07 . 2012-08-16 15:16        --------        d-----w-        c:\programdata\HP
2012-08-16 15:07 . 2009-07-14 01:15        319488        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\hpfppw73.dll
2012-08-16 14:24 . 2009-02-27 01:42        31640        ----a-w-        c:\windows\system32\msonpmon.dll
2012-08-16 14:24 . 2006-10-26 17:56        33104        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-08-16 14:23 . 2012-08-18 23:51        --------        d-----w-        c:\program files\Microsoft Works
2012-08-16 14:22 . 2012-08-16 14:22        --------        d-----w-        c:\windows\PCHEALTH
2012-08-16 14:20 . 2012-08-16 14:20        --------        d-----w-        c:\program files\Microsoft Visual Studio 8
2012-08-16 14:19 . 2012-08-19 22:10        --------        d-----w-        c:\programdata\Microsoft Help
2012-08-16 14:19 . 2012-08-16 14:19        --------        d-----r-        C:\MSOCache
2012-08-16 01:44 . 2012-08-16 01:44        --------        d-----w-        c:\windows\system32\wbem\en-US
2012-08-16 01:07 . 2012-03-01 05:46        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-08-16 01:07 . 2012-03-01 05:29        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-08-16 01:07 . 2012-03-01 05:37        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-08-16 01:07 . 2012-03-01 05:33        159232        ----a-w-        c:\windows\system32\imagehlp.dll
2012-08-16 01:04 . 2010-02-11 07:10        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2012-08-16 01:00 . 2012-08-16 01:00        --------        d-----w-        c:\program files\MSXML 4.0
2012-08-16 00:46 . 2011-03-12 11:23        870912        ----a-w-        c:\windows\system32\XpsPrint.dll
2012-08-14 18:01 . 2012-08-14 18:01        --------        d-----w-        c:\program files\Firefox Backup Tool
2012-08-14 17:51 . 2012-08-14 18:18        215128        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2012-08-14 17:49 . 2012-08-14 18:18        139128        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2012-08-14 17:49 . 2012-08-14 18:18        215128        ----a-w-        c:\windows\system32\PnkBstrB.exe
2012-08-14 17:49 . 2012-08-14 18:16        75064        ----a-w-        c:\windows\system32\PnkBstrA.exe
2012-08-14 17:49 . 2012-08-14 18:16        2434856        ----a-w-        c:\windows\system32\pbsvc_bc2.exe
2012-08-14 17:29 . 2012-08-14 18:10        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-08-14 17:29 . 2012-08-14 18:10        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 17:29 . 2012-08-14 17:29        --------        d-----w-        c:\windows\system32\Macromed
2012-08-14 17:27 . 2012-04-05 16:03        3969336        ----a-w-        c:\windows\system32\GameMon.des
2012-08-14 17:27 . 2004-12-31 06:43        4682        ----a-w-        c:\windows\system32\npptNT2.sys
2012-08-14 17:27 . 2003-07-16 15:17        5174        ----a-w-        c:\windows\system32\nppt9x.vxd
2012-08-14 17:26 . 2012-08-14 17:26        --------        d-----w-        c:\program files\Common Files\INCA Shared
2012-08-14 17:23 . 2012-08-14 17:23        --------        d-----w-        c:\program files\Oracle
2012-08-14 17:23 . 2012-09-05 14:44        821736        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-08-14 17:23 . 2012-09-05 14:44        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2012-08-14 17:17 . 2012-08-14 17:17        --------        d-----w-        c:\program files\CCleaner
2012-08-14 17:10 . 2012-08-14 17:10        --------        dc----w-        c:\windows\system32\DRVSTORE
2012-08-14 17:10 . 2009-05-18 11:17        26600        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-14 17:10 . 2008-04-17 10:12        107368        ----a-w-        c:\windows\system32\GEARAspi.dll
2012-08-14 17:10 . 2012-08-14 17:10        --------        d-----w-        c:\program files\iPod
2012-08-14 17:10 . 2012-08-14 17:10        --------        d-----w-        c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-14 17:10 . 2012-08-14 17:10        --------        d-----w-        c:\program files\iTunes
2012-08-14 17:10 . 2012-08-14 17:10        --------        d-----w-        c:\programdata\Apple Computer
2012-08-14 17:09 . 2012-08-14 17:09        --------        d-----w-        c:\program files\Apple Software Update
2012-08-14 17:09 . 2012-08-14 17:09        --------        d-----w-        c:\program files\Bonjour
2012-08-14 17:09 . 2012-08-14 17:10        --------        d-----w-        c:\program files\Common Files\Apple
2012-08-14 17:09 . 2012-08-14 17:09        --------        d-----w-        c:\programdata\Apple
2012-08-14 16:59 . 2012-09-05 19:51        --------        d-----w-        c:\windows\Panther
2012-08-14 16:54 . 2012-08-14 16:54        --------        d-----w-        c:\program files\Common Files\Steganos
2012-08-14 16:36 . 2012-08-14 16:36        713784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAD8719A-30A1-4FA7-8718-C82075023871}\gapaengine.dll
2012-08-14 16:35 . 2012-01-31 12:44        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-08-14 16:33 . 2012-08-16 01:03        --------        d-----w-        c:\program files\Microsoft Security Client
2012-08-14 16:27 . 2012-08-14 16:27        --------        d-----w-        c:\program files\AMD AVT
2012-08-14 16:25 . 2012-08-14 16:25        --------        d-----w-        c:\programdata\LogiShrd
2012-08-14 16:23 . 2012-08-14 16:23        19720        ----a-w-        c:\windows\system32\drivers\LGBusEnum.sys
2012-08-14 16:23 . 2012-08-14 16:23        14856        ----a-w-        c:\windows\system32\drivers\LGVirHid.sys
2012-08-14 16:23 . 2012-08-14 16:23        341000        ----a-w-        c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
2012-08-14 16:23 . 2012-08-14 16:23        140808        ----a-w-        c:\windows\system32\drivers\UMDF\lgSSBW.dll
2012-08-14 16:23 . 2012-08-14 16:29        --------        d-----w-        c:\program files\Logitech Gaming Software
2012-08-14 16:19 . 2012-08-14 16:19        0        ----a-w-        c:\windows\ativpsrm.bin
2012-08-14 16:17 . 2012-08-14 16:17        --------        d-----w-        c:\program files\Common Files\ATI Technologies
2012-08-14 16:17 . 2012-08-28 11:22        --------        d-----w-        c:\programdata\AMD
2012-08-14 16:17 . 2010-02-18 07:18        37944        ----a-w-        c:\windows\system32\drivers\amdiox86.sys
2012-08-14 16:16 . 2012-08-28 11:22        --------        d-----w-        c:\program files\ATI Technologies
2012-08-14 16:16 . 2012-08-14 16:25        --------        d-----w-        C:\AMD
2012-08-14 16:15 . 2012-08-14 16:15        --------        d-----w-        c:\program files\ATI
2012-08-14 16:15 . 2012-08-14 16:15        --------        d-----w-        C:\ATI
2012-08-14 16:14 . 2012-08-14 16:14        --------        d-----w-        c:\program files\NVIDIA Corporation
2012-08-14 16:12 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\system32\rdpcore.dll
2012-08-14 16:11 . 2012-09-04 19:01        --------        d-----w-        c:\program files\Common Files\InstallShield
2012-08-14 16:11 . 2012-09-06 19:36        --------        d-sh--w-        c:\windows\Installer
2012-08-14 16:10 . 2009-04-30 04:46        704512        ----a-r-        c:\windows\system32\cohelper.dll
2012-08-14 16:10 . 2009-04-28 21:27        5940        ----a-r-        c:\windows\system32\drivers\nvphy.bin
2012-08-14 16:10 . 2009-04-30 05:06        287008        ----a-w-        c:\windows\system32\drivers\nvmf6232.sys
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 04:09 . 2012-07-28 04:09        5538984        ----a-w-        c:\windows\system32\atiumdag.dll
2012-07-28 04:06 . 2012-07-28 04:06        8758784        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43        58880        ----a-w-        c:\windows\system32\coinst_8.982.dll
2012-07-28 02:50 . 2011-04-20 02:07        20546560        ----a-w-        c:\windows\system32\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15        163840        ----a-w-        c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2011-04-20 02:09        931328        ----a-w-        c:\windows\system32\aticfx32.dll
2012-07-28 02:10 . 2012-07-28 02:10        442368        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10        469504        ----a-w-        c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09        217600        ----a-w-        c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08        163840        ----a-w-        c:\windows\system32\atitmmxx.dll
2012-07-28 02:08 . 2012-07-28 02:08        20992        ----a-w-        c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07        43520        ----a-w-        c:\windows\system32\ati2edxx.dll
2012-07-28 02:07 . 2012-06-11 17:16        6430208        ----a-w-        c:\windows\system32\atidxx32.dll
2012-07-28 01:35 . 2012-07-28 01:35        46080        ----a-w-        c:\windows\system32\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35        44032        ----a-w-        c:\windows\system32\aticalcl.dll
2012-07-28 01:32 . 2012-07-28 01:32        4751872        ----a-w-        c:\windows\system32\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30        13605888        ----a-w-        c:\windows\system32\aticaldd.dll
2012-07-28 01:15 . 2011-04-20 01:23        368640        ----a-w-        c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2011-04-20 01:22        14848        ----a-w-        c:\windows\system32\atiglpxx.dll
2012-07-28 01:14 . 2011-04-20 01:22        33280        ----a-w-        c:\windows\system32\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14        296448        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2011-04-20 01:21        109568        ----a-w-        c:\windows\system32\atiuxpag.dll
2012-07-28 01:13 . 2011-04-20 01:21        83456        ----a-w-        c:\windows\system32\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08        56832        ----a-w-        c:\windows\system32\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08        56832        ----a-w-        c:\windows\system32\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47        159232        ----a-w-        c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47        65024        ----a-w-        c:\windows\system32\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47        56320        ----a-w-        c:\windows\system32\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46        13013504        ----a-w-        c:\windows\system32\amdocl.dll
2012-06-11 11:48 . 2012-06-11 11:48        50176        ----a-w-        c:\windows\system32\OpenCL.dll
2012-07-14 00:15 . 2012-08-14 16:36        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03        1310040        ----a-r-        c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="d:\rocketdock\RocketDock.exe" [2007-09-02 495616]
"SSS12 Browser Monitor"="d:\steganos privacy suite 12\SteganosBrowserMonitor.exe" [2011-08-18 57344]
"Steam"="d:\steam\Steam.exe" [2012-08-23 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 1681408]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 5092152]
"SSS12 HotKeys"="d:\steganos privacy suite 12\SteganosHotKeyService.exe" [2011-08-18 84480]
"SSS12 File Redirection Starter"="d:\steganos privacy suite 12\fredirstarter.exe" [2011-08-18 17408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
.
c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MouseWithoutBordersSvc;Mouse without Borders Service;c:\program files\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S1 MpKsl9862028b;MpKsl9862028b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{403B3E48-6563-48B8-99DB-0FE22F60D56B}\MpKsl9862028b.sys [x]
S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\Sleen17.sys [x]
S1 STGMFEngine32;Steganos RAM Disk Engine [Driver];c:\windows\system32\drivers\STGMFEngine32.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 Steganos Volatile Disk;Steganos Volatile Disk;c:\windows\system32\STGRAMDiskHandler32.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 18:10]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-22 16:42]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-22 16:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=4C0BF23A9232A0B36F84845047959A7C&tbp=homepage
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\frknonnv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de-de.facebook.com/|hxxp://shotonline.gamescampus.eu/|hxxp://www.stayfriends.de/|hxxp://www.kicker.de/
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=4C0BF23A9232A0B36F84845047959A7C&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ipoint - c:\users\Jeff\C_1wh.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD50 rev.01.0 -> Harddisk0\DR0 -> \Device\0000005d
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2743029956-1779779573-3456650838-1000\Software\SecuROM\License information*]
"datasecu"=hex:9f,fe,00,ad,80,b3,2d,86,aa,a2,cc,d6,8e,59,dc,b8,7c,58,df,97,e5,
  8c,df,22,c4,84,7c,f8,92,fe,eb,e2,a7,c7,30,bd,02,c9,b9,3f,e8,e0,3f,77,a9,47,\
"rkeysecu"=hex:22,74,fe,96,1a,d5,3d,ec,15,2a,a9,a4,3c,0b,4d,28
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-07  22:12:58
ComboFix-quarantined-files.txt  2012-09-07 20:12
.
Vor Suchlauf: 10 Verzeichnis(se), 446.732.832.768 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 446.628.110.336 Bytes frei
.
- - End Of File - - 4C3D70B3962AB9A76D8526743089A543
--- --- ---


Muss ich jetzt noch etwas machen ?

markusg 10.09.2012 17:42
hi

malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

reyman 10.09.2012 22:24
Okay habe ich gemacht


Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.10.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jeff :: JEFF-PC [Administrator]

Schutz: Aktiviert

10.09.2012 20:59:10
mbam-log-2012-09-10 (20-59-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 514518
Laufzeit: 1 Stunde(n), 52 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\09072012_214039\C_Users\Jeff\C_1wh.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 11.09.2012 10:15
hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

reyman 11.09.2012 11:56
Liste der Anhänge anzeigen (Anzahl: 1)
Habe ich gemacht. Zu dem noch etwas anderes ich habe mir gestern einmal Secure Banking runtergeladen von euch und Installiert und heute bekomme ich die meldung das ich ein Rootkit drauf habe und den Webbrowser nicht mehr öffnen soll bis ich Vierenfrei bin. Siehe Anhang.


Code:
12:54:05.0869 4180  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:54:05.0966 4180  ============================================================
12:54:05.0966 4180  Current date / time: 2012/09/11 12:54:05.0966
12:54:05.0966 4180  SystemInfo:
12:54:05.0966 4180 
12:54:05.0966 4180  OS Version: 6.1.7601 ServicePack: 1.0
12:54:05.0966 4180  Product type: Workstation
12:54:05.0966 4180  ComputerName: JEFF-PC
12:54:05.0967 4180  UserName: Jeff
12:54:05.0967 4180  Windows directory: C:\Windows
12:54:05.0967 4180  System windows directory: C:\Windows
12:54:05.0967 4180  Processor architecture: Intel x86
12:54:05.0967 4180  Number of processors: 4
12:54:05.0967 4180  Page size: 0x1000
12:54:05.0967 4180  Boot type: Normal boot
12:54:05.0967 4180  ============================================================
12:54:07.0347 4180  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x6A75B7, SectorsPerTrack: 0x1C, TracksPerCylinder: 0x5, Type 'K0', Flags 0x00000050
12:54:07.0362 4180  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x2F50C, SectorsPerTrack: 0x2D, TracksPerCylinder: 0x70, Type 'K0', Flags 0x00000050
12:54:07.0367 4180  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:54:07.0367 4180  ============================================================
12:54:07.0367 4180  \Device\Harddisk0\DR0:
12:54:07.0368 4180  MBR partitions:
12:54:07.0368 4180  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:54:07.0368 4180  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
12:54:07.0368 4180  \Device\Harddisk1\DR1:
12:54:07.0368 4180  MBR partitions:
12:54:07.0368 4180  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
12:54:07.0368 4180  \Device\Harddisk2\DR2:
12:54:07.0368 4180  MBR partitions:
12:54:07.0368 4180  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
12:54:07.0368 4180  ============================================================
12:54:07.0387 4180  C: <-> \Device\Harddisk0\DR0\Partition2
12:54:07.0407 4180  D: <-> \Device\Harddisk1\DR1\Partition1
12:54:07.0408 4180  G: <-> \Device\Harddisk2\DR2\Partition1
12:54:07.0408 4180  ============================================================
12:54:07.0408 4180  Initialize success
12:54:07.0408 4180  ============================================================
12:54:34.0639 4784  ============================================================
12:54:34.0639 4784  Scan started
12:54:34.0639 4784  Mode: Manual; SigCheck; TDLFS;
12:54:34.0639 4784  ============================================================
12:54:36.0253 4784  ================ Scan system memory ========================
12:54:36.0253 4784  System memory - ok
12:54:36.0254 4784  ================ Scan services =============================
12:54:36.0426 4784  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:54:36.0555 4784  1394ohci - ok
12:54:36.0582 4784  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:54:36.0603 4784  ACPI - ok
12:54:36.0617 4784  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
12:54:36.0674 4784  AcpiPmi - ok
12:54:36.0791 4784  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:54:36.0811 4784  AdobeARMservice - ok
12:54:36.0855 4784  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:54:36.0874 4784  AdobeFlashPlayerUpdateSvc - ok
12:54:36.0905 4784  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
12:54:36.0928 4784  adp94xx - ok
12:54:36.0946 4784  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
12:54:36.0960 4784  adpahci - ok
12:54:36.0967 4784  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
12:54:36.0979 4784  adpu320 - ok
12:54:36.0998 4784  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
12:54:37.0136 4784  AeLookupSvc - ok
12:54:37.0176 4784  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD            C:\Windows\system32\drivers\afd.sys
12:54:37.0238 4784  AFD - ok
12:54:37.0268 4784  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:54:37.0284 4784  agp440 - ok
12:54:37.0315 4784  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
12:54:37.0332 4784  aic78xx - ok
12:54:37.0365 4784  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
12:54:37.0412 4784  ALG - ok
12:54:37.0428 4784  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:54:37.0443 4784  aliide - ok
12:54:37.0474 4784  [ 87F8E98FCD859D2F0C291DCF9F1A5543 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:54:37.0583 4784  AMD External Events Utility - ok
12:54:37.0633 4784  AMD FUEL Service - ok
12:54:37.0647 4784  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:54:37.0657 4784  amdagp - ok
12:54:37.0662 4784  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:54:37.0671 4784  amdide - ok
12:54:37.0681 4784  [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86        C:\Windows\system32\DRIVERS\amdiox86.sys
12:54:37.0696 4784  amdiox86 - ok
12:54:37.0725 4784  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
12:54:37.0750 4784  AmdK8 - ok
12:54:37.0954 4784  [ 6617FED21C91E821E3D00484741B302F ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:54:38.0355 4784  amdkmdag - ok
12:54:38.0401 4784  [ 0CD80C1ABE5507B4ADBFC8338E3698E0 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:54:38.0435 4784  amdkmdap - ok
12:54:38.0469 4784  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:54:38.0507 4784  AmdPPM - ok
12:54:38.0581 4784  [ D320BF87125326F996D4904FE24300FC ] amdsata        C:\Windows\system32\drivers\amdsata.sys
12:54:38.0608 4784  amdsata - ok
12:54:38.0648 4784  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:54:38.0667 4784  amdsbs - ok
12:54:38.0698 4784  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
12:54:38.0745 4784  amdxata - ok
12:54:38.0806 4784  [ 40C15CE1B832B78CC2A2F61807058763 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
12:54:38.0833 4784  AODDriver4.1 - ok
12:54:38.0879 4784  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\Windows\system32\drivers\appid.sys
12:54:38.0940 4784  AppID - ok
12:54:38.0985 4784  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:54:39.0033 4784  AppIDSvc - ok
12:54:39.0043 4784  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\Windows\System32\appinfo.dll
12:54:39.0077 4784  Appinfo - ok
12:54:39.0128 4784  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:54:39.0162 4784  Apple Mobile Device - ok
12:54:39.0190 4784  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\drivers\arc.sys
12:54:39.0206 4784  arc - ok
12:54:39.0230 4784  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:54:39.0248 4784  arcsas - ok
12:54:39.0273 4784  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:54:39.0388 4784  AsyncMac - ok
12:54:39.0405 4784  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\drivers\atapi.sys
12:54:39.0417 4784  atapi - ok
12:54:39.0461 4784  [ 434192D027A6A11E32E1C74C7C43E1ED ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
12:54:39.0472 4784  AtiHDAudioService - ok
12:54:39.0504 4784  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:54:39.0550 4784  AudioEndpointBuilder - ok
12:54:39.0570 4784  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:54:39.0593 4784  Audiosrv - ok
12:54:39.0617 4784  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:54:39.0652 4784  AxInstSV - ok
12:54:39.0712 4784  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\drivers\bxvbdx.sys
12:54:39.0752 4784  b06bdrv - ok
12:54:39.0773 4784  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:54:39.0813 4784  b57nd60x - ok
12:54:39.0847 4784  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:54:39.0888 4784  BDESVC - ok
12:54:39.0901 4784  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:54:39.0932 4784  Beep - ok
12:54:39.0958 4784  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\Windows\System32\bfe.dll
12:54:39.0993 4784  BFE - ok
12:54:40.0024 4784  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
12:54:40.0064 4784  BITS - ok
12:54:40.0085 4784  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:54:40.0100 4784  blbdrive - ok
12:54:40.0155 4784  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:54:40.0202 4784  Bonjour Service - ok
12:54:40.0219 4784  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:54:40.0273 4784  bowser - ok
12:54:40.0308 4784  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:54:40.0354 4784  BrFiltLo - ok
12:54:40.0364 4784  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:54:40.0421 4784  BrFiltUp - ok
12:54:40.0454 4784  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:54:40.0527 4784  BridgeMP - ok
12:54:40.0561 4784  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\Windows\System32\browser.dll
12:54:40.0620 4784  Browser - ok
12:54:40.0655 4784  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
12:54:40.0687 4784  Brserid - ok
12:54:40.0700 4784  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:54:40.0725 4784  BrSerWdm - ok
12:54:40.0732 4784  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:54:40.0751 4784  BrUsbMdm - ok
12:54:40.0757 4784  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:54:40.0777 4784  BrUsbSer - ok
12:54:40.0783 4784  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:54:40.0798 4784  BTHMODEM - ok
12:54:40.0825 4784  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
12:54:40.0846 4784  bthserv - ok
12:54:40.0967 4784  catchme - ok
12:54:41.0001 4784  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:54:41.0055 4784  cdfs - ok
12:54:41.0098 4784  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
12:54:41.0129 4784  cdrom - ok
12:54:41.0162 4784  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\Windows\System32\certprop.dll
12:54:41.0201 4784  CertPropSvc - ok
12:54:41.0208 4784  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:54:41.0221 4784  circlass - ok
12:54:41.0238 4784  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
12:54:41.0251 4784  CLFS - ok
12:54:41.0327 4784  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:54:41.0356 4784  clr_optimization_v2.0.50727_32 - ok
12:54:41.0412 4784  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:54:41.0497 4784  clr_optimization_v4.0.30319_32 - ok
12:54:41.0519 4784  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:54:41.0543 4784  CmBatt - ok
12:54:41.0551 4784  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:54:41.0567 4784  cmdide - ok
12:54:41.0597 4784  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG            C:\Windows\system32\Drivers\cng.sys
12:54:41.0619 4784  CNG - ok
12:54:41.0624 4784  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:54:41.0633 4784  Compbatt - ok
12:54:41.0655 4784  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:54:41.0671 4784  CompositeBus - ok
12:54:41.0684 4784  COMSysApp - ok
12:54:41.0721 4784  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
12:54:41.0748 4784  crcdisk - ok
12:54:41.0778 4784  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:54:41.0812 4784  CryptSvc - ok
12:54:41.0848 4784  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:54:41.0898 4784  DcomLaunch - ok
12:54:41.0917 4784  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
12:54:41.0946 4784  defragsvc - ok
12:54:41.0967 4784  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:54:41.0991 4784  DfsC - ok
12:54:42.0034 4784  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:54:42.0098 4784  Dhcp - ok
12:54:42.0114 4784  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
12:54:42.0148 4784  discache - ok
12:54:42.0167 4784  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
12:54:42.0178 4784  Disk - ok
12:54:42.0208 4784  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:54:42.0247 4784  Dnscache - ok
12:54:42.0275 4784  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\Windows\System32\dot3svc.dll
12:54:42.0299 4784  dot3svc - ok
12:54:42.0347 4784  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
12:54:42.0396 4784  Dot4 - ok
12:54:42.0417 4784  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print      C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:54:42.0452 4784  Dot4Print - ok
12:54:42.0471 4784  [ CF491FF38D62143203C065260567E2F7 ] dot4usb        C:\Windows\system32\DRIVERS\dot4usb.sys
12:54:42.0496 4784  dot4usb - ok
12:54:42.0510 4784  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\Windows\system32\dps.dll
12:54:42.0566 4784  DPS - ok
12:54:42.0601 4784  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
12:54:42.0622 4784  drmkaud - ok
12:54:42.0660 4784  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
12:54:42.0678 4784  DXGKrnl - ok
12:54:42.0721 4784  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
12:54:42.0789 4784  EapHost - ok
12:54:42.0899 4784  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\drivers\evbdx.sys
12:54:43.0020 4784  ebdrv - ok
12:54:43.0041 4784  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\Windows\System32\lsass.exe
12:54:43.0098 4784  EFS - ok
12:54:43.0160 4784  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
12:54:43.0207 4784  ehRecvr - ok
12:54:43.0211 4784  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
12:54:43.0236 4784  ehSched - ok
12:54:43.0275 4784  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\drivers\elxstor.sys
12:54:43.0293 4784  elxstor - ok
12:54:43.0312 4784  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:54:43.0328 4784  ErrDev - ok
12:54:43.0367 4784  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
12:54:43.0394 4784  EventSystem - ok
12:54:43.0412 4784  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
12:54:43.0435 4784  exfat - ok
12:54:43.0441 4784  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
12:54:43.0469 4784  fastfat - ok
12:54:43.0500 4784  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\Windows\system32\fxssvc.exe
12:54:43.0544 4784  Fax - ok
12:54:43.0555 4784  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\drivers\fdc.sys
12:54:43.0566 4784  fdc - ok
12:54:43.0582 4784  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
12:54:43.0608 4784  fdPHost - ok
12:54:43.0623 4784  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
12:54:43.0644 4784  FDResPub - ok
12:54:43.0649 4784  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:54:43.0661 4784  FileInfo - ok
12:54:43.0666 4784  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
12:54:43.0698 4784  Filetrace - ok
12:54:43.0703 4784  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:54:43.0721 4784  flpydisk - ok
12:54:43.0731 4784  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:54:43.0744 4784  FltMgr - ok
12:54:43.0769 4784  [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache      C:\Windows\system32\FntCache.dll
12:54:43.0813 4784  FontCache - ok
12:54:43.0860 4784  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:54:43.0884 4784  FontCache3.0.0.0 - ok
12:54:43.0928 4784  [ F33425DBD8CDF00C1F318BA0EDC8D048 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
12:54:43.0951 4784  ForceWare Intelligent Application Manager (IAM) - ok
12:54:43.0968 4784  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
12:54:43.0984 4784  FsDepends - ok
12:54:44.0007 4784  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:54:44.0022 4784  Fs_Rec - ok
12:54:44.0045 4784  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:54:44.0061 4784  fvevol - ok
12:54:44.0083 4784  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:54:44.0094 4784  gagp30kx - ok
12:54:44.0115 4784  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:54:44.0123 4784  GEARAspiWDM - ok
12:54:44.0150 4784  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\Windows\System32\gpsvc.dll
12:54:44.0199 4784  gpsvc - ok
12:54:44.0239 4784  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
12:54:44.0289 4784  gupdate - ok
12:54:44.0317 4784  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:54:44.0338 4784  gupdatem - ok
12:54:44.0366 4784  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:54:44.0400 4784  hcw85cir - ok
12:54:44.0442 4784  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:54:44.0472 4784  HdAudAddService - ok
12:54:44.0498 4784  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:54:44.0516 4784  HDAudBus - ok
12:54:44.0523 4784  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
12:54:44.0564 4784  HidBatt - ok
12:54:44.0571 4784  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:54:44.0631 4784  HidBth - ok
12:54:44.0640 4784  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\drivers\hidir.sys
12:54:44.0668 4784  HidIr - ok
12:54:44.0692 4784  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\System32\hidserv.dll
12:54:44.0791 4784  hidserv - ok
12:54:44.0806 4784  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:54:44.0833 4784  HidUsb - ok
12:54:44.0853 4784  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:54:44.0877 4784  hkmsvc - ok
12:54:44.0884 4784  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:54:44.0915 4784  HomeGroupListener - ok
12:54:44.0933 4784  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:54:44.0963 4784  HomeGroupProvider - ok
12:54:45.0054 4784  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:54:45.0083 4784  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
12:54:45.0083 4784  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
12:54:45.0108 4784  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:54:45.0123 4784  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
12:54:45.0123 4784  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
12:54:45.0146 4784  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:54:45.0160 4784  HpSAMD - ok
12:54:45.0185 4784  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:54:45.0218 4784  HTTP - ok
12:54:45.0231 4784  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:54:45.0241 4784  hwpolicy - ok
12:54:45.0265 4784  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:54:45.0286 4784  i8042prt - ok
12:54:45.0312 4784  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
12:54:45.0328 4784  iaStorV - ok
12:54:45.0390 4784  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:54:45.0423 4784  idsvc - ok
12:54:45.0434 4784  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
12:54:45.0444 4784  iirsp - ok
12:54:45.0483 4784  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:54:45.0557 4784  IKEEXT - ok
12:54:45.0573 4784  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:54:45.0583 4784  intelide - ok
12:54:45.0599 4784  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
12:54:45.0610 4784  intelppm - ok
12:54:45.0624 4784  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
12:54:45.0646 4784  IPBusEnum - ok
12:54:45.0652 4784  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:54:45.0687 4784  IpFilterDriver - ok
12:54:45.0744 4784  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:54:45.0779 4784  iphlpsvc - ok
12:54:45.0785 4784  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
12:54:45.0796 4784  IPMIDRV - ok
12:54:45.0802 4784  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
12:54:45.0828 4784  IPNAT - ok
12:54:45.0886 4784  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:54:45.0958 4784  iPod Service - ok
12:54:45.0995 4784  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:54:46.0015 4784  IRENUM - ok
12:54:46.0027 4784  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:54:46.0040 4784  isapnp - ok
12:54:46.0061 4784  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:54:46.0076 4784  iScsiPrt - ok
12:54:46.0083 4784  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:54:46.0093 4784  kbdclass - ok
12:54:46.0107 4784  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:54:46.0128 4784  kbdhid - ok
12:54:46.0147 4784  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
12:54:46.0157 4784  KeyIso - ok
12:54:46.0188 4784  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:54:46.0199 4784  KSecDD - ok
12:54:46.0209 4784  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
12:54:46.0222 4784  KSecPkg - ok
12:54:46.0248 4784  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
12:54:46.0274 4784  KtmRm - ok
12:54:46.0304 4784  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:54:46.0342 4784  LanmanServer - ok
12:54:46.0363 4784  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:54:46.0385 4784  LanmanWorkstation - ok
12:54:46.0413 4784  [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum      C:\Windows\system32\drivers\LGBusEnum.sys
12:54:46.0420 4784  LGBusEnum - ok
12:54:46.0449 4784  [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
12:54:46.0458 4784  LGVirHid - ok
12:54:46.0500 4784  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:54:46.0546 4784  lltdio - ok
12:54:46.0571 4784  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
12:54:46.0595 4784  lltdsvc - ok
12:54:46.0608 4784  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
12:54:46.0641 4784  lmhosts - ok
12:54:46.0671 4784  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:54:46.0683 4784  LSI_FC - ok
12:54:46.0715 4784  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
12:54:46.0726 4784  LSI_SAS - ok
12:54:46.0741 4784  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:54:46.0751 4784  LSI_SAS2 - ok
12:54:46.0771 4784  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:54:46.0782 4784  LSI_SCSI - ok
12:54:46.0788 4784  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
12:54:46.0810 4784  luafv - ok
12:54:46.0851 4784  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
12:54:46.0861 4784  MBAMProtector - ok
12:54:46.0902 4784  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler  C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:54:46.0917 4784  MBAMScheduler - ok
12:54:46.0956 4784  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:54:46.0985 4784  MBAMService - ok
12:54:47.0019 4784  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
12:54:47.0031 4784  Mcx2Svc - ok
12:54:47.0048 4784  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\drivers\megasas.sys
12:54:47.0058 4784  megasas - ok
12:54:47.0093 4784  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:54:47.0108 4784  MegaSR - ok
12:54:47.0168 4784  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:54:47.0202 4784  Microsoft Office Groove Audit Service - ok
12:54:47.0239 4784  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
12:54:47.0276 4784  MMCSS - ok
12:54:47.0292 4784  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
12:54:47.0327 4784  Modem - ok
12:54:47.0364 4784  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
12:54:47.0397 4784  monitor - ok
12:54:47.0413 4784  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:54:47.0428 4784  mouclass - ok
12:54:47.0435 4784  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:54:47.0458 4784  mouhid - ok
12:54:47.0464 4784  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:54:47.0480 4784  mountmgr - ok
12:54:47.0528 4784  [ 145C5465B8F99E9D8360AF852A17DC78 ] MouseWithoutBordersSvc C:\Program Files\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe
12:54:47.0532 4784  MouseWithoutBordersSvc ( UnsignedFile.Multi.Generic ) - warning
12:54:47.0533 4784  MouseWithoutBordersSvc - detected UnsignedFile.Multi.Generic (1)
12:54:47.0565 4784  [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
12:54:47.0578 4784  MpFilter - ok
12:54:47.0604 4784  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:54:47.0616 4784  mpio - ok
12:54:47.0739 4784  [ A69630D039C38018689190234F866D77 ] MpKslcb1861bd  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67C84619-D82C-4933-AA0E-D3365C7A3D06}\MpKslcb1861bd.sys
12:54:47.0763 4784  MpKslcb1861bd - ok
12:54:47.0780 4784  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:54:47.0812 4784  mpsdrv - ok
12:54:47.0843 4784  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:54:47.0891 4784  MpsSvc - ok
12:54:47.0905 4784  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:54:47.0925 4784  MRxDAV - ok
12:54:47.0955 4784  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:54:47.0975 4784  mrxsmb - ok
12:54:47.0995 4784  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:54:48.0016 4784  mrxsmb10 - ok
12:54:48.0034 4784  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:54:48.0072 4784  mrxsmb20 - ok
12:54:48.0094 4784  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
12:54:48.0120 4784  msahci - ok
12:54:48.0137 4784  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
12:54:48.0155 4784  msdsm - ok
12:54:48.0177 4784  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
12:54:48.0207 4784  MSDTC - ok
12:54:48.0225 4784  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:54:48.0258 4784  Msfs - ok
12:54:48.0267 4784  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
12:54:48.0299 4784  mshidkmdf - ok
12:54:48.0304 4784  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:54:48.0315 4784  msisadrv - ok
12:54:48.0334 4784  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
12:54:48.0367 4784  MSiSCSI - ok
12:54:48.0372 4784  msiserver - ok
12:54:48.0394 4784  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
12:54:48.0416 4784  MSKSSRV - ok
12:54:48.0472 4784  [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc        C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:54:48.0500 4784  MsMpSvc - ok
12:54:48.0516 4784  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:54:48.0560 4784  MSPCLOCK - ok
12:54:48.0574 4784  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
12:54:48.0605 4784  MSPQM - ok
12:54:48.0627 4784  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
12:54:48.0640 4784  MsRPC - ok
12:54:48.0649 4784  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:54:48.0658 4784  mssmbios - ok
12:54:48.0664 4784  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
12:54:48.0685 4784  MSTEE - ok
12:54:48.0718 4784  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:54:48.0734 4784  MTConfig - ok
12:54:48.0739 4784  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
12:54:48.0750 4784  Mup - ok
12:54:48.0780 4784  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
12:54:48.0805 4784  napagent - ok
12:54:48.0833 4784  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
12:54:48.0861 4784  NativeWifiP - ok
12:54:48.0885 4784  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:54:48.0908 4784  NDIS - ok
12:54:48.0917 4784  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
12:54:48.0947 4784  NdisCap - ok
12:54:48.0963 4784  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:54:48.0995 4784  NdisTapi - ok
12:54:49.0000 4784  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
12:54:49.0020 4784  Ndisuio - ok
12:54:49.0026 4784  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
12:54:49.0057 4784  NdisWan - ok
12:54:49.0062 4784  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
12:54:49.0083 4784  NDProxy - ok
12:54:49.0120 4784  [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:54:49.0125 4784  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:54:49.0125 4784  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:54:49.0131 4784  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
12:54:49.0165 4784  NetBIOS - ok
12:54:49.0171 4784  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
12:54:49.0202 4784  NetBT - ok
12:54:49.0219 4784  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
12:54:49.0229 4784  Netlogon - ok
12:54:49.0267 4784  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
12:54:49.0292 4784  Netman - ok
12:54:49.0307 4784  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
12:54:49.0337 4784  netprofm - ok
12:54:49.0356 4784  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:54:49.0367 4784  NetTcpPortSharing - ok
12:54:49.0419 4784  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
12:54:49.0429 4784  nfrd960 - ok
12:54:49.0480 4784  [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:54:49.0507 4784  NisDrv - ok
12:54:49.0543 4784  [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
12:54:49.0564 4784  NisSrv - ok
12:54:49.0604 4784  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:54:49.0647 4784  NlaSvc - ok
12:54:49.0659 4784  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:54:49.0695 4784  Npfs - ok
12:54:49.0700 4784  npggsvc - ok
12:54:49.0732 4784  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
12:54:49.0781 4784  nsi - ok
12:54:49.0787 4784  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:54:49.0809 4784  nsiproxy - ok
12:54:49.0837 4784  [ 84A1A494791DA6AC7292D82F97E40BEC ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
12:54:49.0849 4784  nSvcIp - ok
12:54:49.0908 4784  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:54:49.0973 4784  Ntfs - ok
12:54:49.0985 4784  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
12:54:50.0006 4784  Null - ok
12:54:50.0041 4784  [ B5E37E31C053BC9950455A257526514B ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x32.sys
12:54:50.0056 4784  NVENETFD - ok
12:54:50.0083 4784  [ D22E432E402499AC264A113D7168B91F ] NVNET          C:\Windows\system32\DRIVERS\nvmf6232.sys
12:54:50.0095 4784  NVNET - ok
12:54:50.0127 4784  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:54:50.0139 4784  nvraid - ok
12:54:50.0157 4784  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:54:50.0169 4784  nvstor - ok
12:54:50.0195 4784  [ 032EF66DD96692AD3A9D36160F467F67 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
12:54:50.0206 4784  nvstor32 - ok
12:54:50.0216 4784  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:54:50.0228 4784  nv_agp - ok
12:54:50.0299 4784  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:54:50.0356 4784  odserv - ok
12:54:50.0380 4784  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:54:50.0410 4784  ohci1394 - ok
12:54:50.0876 4784  [ 0636B4C097E5E388A2DC8C8D6C4A0E78 ] OpenVPNService  D:\OpenVPN\bin\openvpnserv.exe
12:54:50.0936 4784  OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
12:54:50.0937 4784  OpenVPNService - detected UnsignedFile.Multi.Generic (1)
12:54:50.0976 4784  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:54:50.0988 4784  ose - ok
12:54:51.0036 4784  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:54:51.0088 4784  p2pimsvc - ok
12:54:51.0132 4784  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:54:51.0161 4784  p2psvc - ok
12:54:51.0193 4784  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
12:54:51.0209 4784  Parport - ok
12:54:51.0232 4784  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\Windows\system32\drivers\partmgr.sys
12:54:51.0248 4784  partmgr - ok
12:54:51.0266 4784  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
12:54:51.0281 4784  Parvdm - ok
12:54:51.0293 4784  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:54:51.0316 4784  PcaSvc - ok
12:54:51.0325 4784  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\Windows\system32\drivers\pci.sys
12:54:51.0336 4784  pci - ok
12:54:51.0341 4784  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
12:54:51.0352 4784  pciide - ok
12:54:51.0372 4784  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:54:51.0385 4784  pcmcia - ok
12:54:51.0390 4784  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
12:54:51.0401 4784  pcw - ok
12:54:51.0429 4784  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:54:51.0470 4784  PEAUTH - ok
12:54:51.0527 4784  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\Windows\system32\pla.dll
12:54:51.0591 4784  pla - ok
12:54:51.0634 4784  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:54:51.0708 4784  PlugPlay - ok
12:54:51.0751 4784  [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:54:51.0762 4784  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:54:51.0762 4784  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:54:51.0795 4784  [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
12:54:51.0805 4784  PnkBstrA - ok
12:54:51.0823 4784  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
12:54:51.0845 4784  PNRPAutoReg - ok
12:54:51.0866 4784  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
12:54:51.0877 4784  PNRPsvc - ok
12:54:51.0901 4784  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
12:54:51.0932 4784  PolicyAgent - ok
12:54:51.0955 4784  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\Windows\system32\umpo.dll
12:54:51.0987 4784  Power - ok
12:54:52.0017 4784  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:54:52.0050 4784  PptpMiniport - ok
12:54:52.0059 4784  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\drivers\processr.sys
12:54:52.0080 4784  Processor - ok
12:54:52.0095 4784  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc        C:\Windows\system32\profsvc.dll
12:54:52.0153 4784  ProfSvc - ok
12:54:52.0181 4784  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:54:52.0197 4784  ProtectedStorage - ok
12:54:52.0224 4784  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:54:52.0257 4784  Psched - ok
12:54:52.0347 4784  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:54:52.0423 4784  ql2300 - ok
12:54:52.0451 4784  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:54:52.0463 4784  ql40xx - ok
12:54:52.0495 4784  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
12:54:52.0523 4784  QWAVE - ok
12:54:52.0557 4784  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:54:52.0570 4784  QWAVEdrv - ok
12:54:52.0623 4784  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:54:52.0683 4784  RasAcd - ok
12:54:52.0723 4784  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
12:54:52.0778 4784  RasAgileVpn - ok
12:54:52.0796 4784  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
12:54:52.0838 4784  RasAuto - ok
12:54:52.0855 4784  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
12:54:52.0887 4784  Rasl2tp - ok
12:54:52.0909 4784  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
12:54:52.0947 4784  RasMan - ok
12:54:52.0953 4784  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:54:52.0974 4784  RasPppoe - ok
12:54:52.0980 4784  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
12:54:53.0006 4784  RasSstp - ok
12:54:53.0021 4784  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
12:54:53.0050 4784  rdbss - ok
12:54:53.0059 4784  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
12:54:53.0071 4784  rdpbus - ok
12:54:53.0083 4784  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:54:53.0111 4784  RDPCDD - ok
12:54:53.0129 4784  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:54:53.0159 4784  RDPENCDD - ok
12:54:53.0166 4784  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:54:53.0195 4784  RDPREFMP - ok
12:54:53.0223 4784  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
12:54:53.0272 4784  RDPWD - ok
12:54:53.0313 4784  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:54:53.0342 4784  rdyboost - ok
12:54:53.0369 4784  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:54:53.0399 4784  RemoteAccess - ok
12:54:53.0421 4784  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:54:53.0445 4784  RemoteRegistry - ok
12:54:53.0455 4784  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:54:53.0489 4784  RpcEptMapper - ok
12:54:53.0512 4784  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
12:54:53.0534 4784  RpcLocator - ok
12:54:53.0551 4784  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\Windows\system32\rpcss.dll
12:54:53.0575 4784  RpcSs - ok
12:54:53.0601 4784  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:54:53.0635 4784  rspndr - ok
12:54:53.0646 4784  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\Windows\system32\lsass.exe
12:54:53.0656 4784  SamSs - ok
12:54:53.0673 4784  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:54:53.0685 4784  sbp2port - ok
12:54:53.0735 4784  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:54:53.0800 4784  SCardSvr - ok
12:54:53.0806 4784  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:54:53.0840 4784  scfilter - ok
12:54:53.0866 4784  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
12:54:53.0943 4784  Schedule - ok
12:54:53.0953 4784  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\Windows\System32\certprop.dll
12:54:53.0983 4784  SCPolicySvc - ok
12:54:53.0994 4784  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:54:54.0020 4784  SDRSVC - ok
12:54:54.0037 4784  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:54:54.0059 4784  secdrv - ok
12:54:54.0067 4784  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
12:54:54.0098 4784  seclogon - ok
12:54:54.0114 4784  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
12:54:54.0143 4784  SENS - ok
12:54:54.0161 4784  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:54:54.0179 4784  SensrSvc - ok
12:54:54.0184 4784  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
12:54:54.0195 4784  Serenum - ok
12:54:54.0210 4784  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:54:54.0235 4784  Serial - ok
12:54:54.0246 4784  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:54:54.0256 4784  sermouse - ok
12:54:54.0270 4784  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:54:54.0292 4784  SessionEnv - ok
12:54:54.0297 4784  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
12:54:54.0318 4784  sffdisk - ok
12:54:54.0323 4784  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:54:54.0335 4784  sffp_mmc - ok
12:54:54.0340 4784  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
12:54:54.0355 4784  sffp_sd - ok
12:54:54.0361 4784  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
12:54:54.0374 4784  sfloppy - ok
12:54:54.0401 4784  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:54:54.0435 4784  SharedAccess - ok
12:54:54.0453 4784  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:54:54.0488 4784  ShellHWDetection - ok
12:54:54.0494 4784  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:54:54.0504 4784  sisagp - ok
12:54:54.0535 4784  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:54:54.0545 4784  SiSRaid2 - ok
12:54:54.0562 4784  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:54:54.0574 4784  SiSRaid4 - ok
12:54:54.0592 4784  [ EACA11D07D7E74D72B913089B75B1416 ] SLEE_17_DRIVER  C:\Windows\system32\drivers\Sleen17.sys
12:54:54.0632 4784  SLEE_17_DRIVER - ok
12:54:54.0665 4784  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
12:54:54.0718 4784  Smb - ok
12:54:54.0755 4784  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:54:54.0766 4784  SNMPTRAP - ok
12:54:54.0773 4784  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
12:54:54.0783 4784  spldr - ok
12:54:54.0814 4784  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler        C:\Windows\System32\spoolsv.exe
12:54:54.0847 4784  Spooler - ok
12:54:54.0954 4784  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:54:55.0083 4784  sppsvc - ok
12:54:55.0093 4784  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
12:54:55.0115 4784  sppuinotify - ok
12:54:55.0133 4784  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\Windows\system32\DRIVERS\srv.sys
12:54:55.0172 4784  srv - ok
12:54:55.0180 4784  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:54:55.0211 4784  srv2 - ok
12:54:55.0225 4784  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:54:55.0244 4784  srvnet - ok
12:54:55.0259 4784  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
12:54:55.0284 4784  SSDPSRV - ok
12:54:55.0291 4784  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
12:54:55.0322 4784  SstpSvc - ok
12:54:55.0374 4784  Steam Client Service - ok
12:54:55.0410 4784  [ D1B2EC20D19D843A5997E6C47CE61825 ] Steganos Volatile Disk C:\Windows\system32\STGRAMDiskHandler32.exe
12:54:55.0446 4784  Steganos Volatile Disk ( UnsignedFile.Multi.Generic ) - warning
12:54:55.0446 4784  Steganos Volatile Disk - detected UnsignedFile.Multi.Generic (1)
12:54:55.0465 4784  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:54:55.0481 4784  stexstor - ok
12:54:55.0501 4784  [ E5D761276CBF76155BEBEF33A9DA0590 ] STGMFEngine32  C:\Windows\system32\drivers\STGMFEngine32.sys
12:54:55.0530 4784  STGMFEngine32 ( UnsignedFile.Multi.Generic ) - warning
12:54:55.0530 4784  STGMFEngine32 - detected UnsignedFile.Multi.Generic (1)
12:54:55.0565 4784  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:54:55.0603 4784  StiSvc - ok
12:54:55.0617 4784  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:54:55.0625 4784  swenum - ok
12:54:55.0649 4784  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
12:54:55.0686 4784  swprv - ok
12:54:55.0750 4784  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\Windows\system32\sysmain.dll
12:54:55.0815 4784  SysMain - ok
12:54:55.0832 4784  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:54:55.0854 4784  TabletInputService - ok
12:54:55.0877 4784  [ 8348170623EFA63E8E9A8D234B5D350F ] tap0901        C:\Windows\system32\DRIVERS\tap0901.sys
12:54:55.0961 4784  tap0901 - ok
12:54:55.0975 4784  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\Windows\System32\tapisrv.dll
12:54:56.0031 4784  TapiSrv - ok
12:54:56.0037 4784  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
12:54:56.0060 4784  TBS - ok
12:54:56.0127 4784  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
12:54:56.0203 4784  Tcpip - ok
12:54:56.0243 4784  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:54:56.0268 4784  TCPIP6 - ok
12:54:56.0289 4784  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:54:56.0343 4784  tcpipreg - ok
12:54:56.0360 4784  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:54:56.0392 4784  TDPIPE - ok
12:54:56.0419 4784  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
12:54:56.0431 4784  TDTCP - ok
12:54:56.0437 4784  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
12:54:56.0460 4784  tdx - ok
12:54:56.0595 4784  [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
12:54:56.0647 4784  TeamViewer7 - ok
12:54:56.0654 4784  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:54:56.0664 4784  TermDD - ok
12:54:56.0731 4784  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\Windows\System32\termsrv.dll
12:54:56.0786 4784  TermService - ok
12:54:56.0803 4784  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
12:54:56.0823 4784  Themes - ok
12:54:56.0834 4784  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
12:54:56.0856 4784  THREADORDER - ok
12:54:56.0867 4784  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
12:54:56.0896 4784  TrkWks - ok
12:54:56.0940 4784  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:54:56.0987 4784  TrustedInstaller - ok
12:54:57.0012 4784  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:54:57.0064 4784  tssecsrv - ok
12:54:57.0083 4784  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:54:57.0117 4784  TsUsbFlt - ok
12:54:57.0132 4784  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
12:54:57.0144 4784  TsUsbGD - ok
12:54:57.0159 4784  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:54:57.0182 4784  tunnel - ok
12:54:57.0187 4784  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:54:57.0198 4784  uagp35 - ok
12:54:57.0205 4784  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:54:57.0236 4784  udfs - ok
12:54:57.0268 4784  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
12:54:57.0287 4784  UI0Detect - ok
12:54:57.0312 4784  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:54:57.0389 4784  uliagpkx - ok
12:54:57.0552 4784  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
12:54:57.0696 4784  umbus - ok
12:54:57.0735 4784  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:54:57.0771 4784  UmPass - ok
12:54:57.0798 4784  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
12:54:57.0837 4784  upnphost - ok
12:54:57.0874 4784  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:54:57.0886 4784  usbaudio - ok
12:54:57.0904 4784  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
12:54:57.0923 4784  usbccgp - ok
12:54:57.0937 4784  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:54:57.0950 4784  usbcir - ok
12:54:57.0968 4784  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
12:54:57.0983 4784  usbehci - ok
12:54:58.0000 4784  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:54:58.0014 4784  usbhub - ok
12:54:58.0021 4784  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
12:54:58.0045 4784  usbohci - ok
12:54:58.0061 4784  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:54:58.0081 4784  usbprint - ok
12:54:58.0101 4784  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
12:54:58.0113 4784  usbscan - ok
12:54:58.0135 4784  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:54:58.0191 4784  USBSTOR - ok
12:54:58.0206 4784  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
12:54:58.0226 4784  usbuhci - ok
12:54:58.0243 4784  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
12:54:58.0270 4784  UxSms - ok
12:54:58.0283 4784  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
12:54:58.0293 4784  VaultSvc - ok
12:54:58.0319 4784  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:54:58.0329 4784  vdrvroot - ok
12:54:58.0350 4784  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\Windows\System32\vds.exe
12:54:58.0385 4784  vds - ok
12:54:58.0400 4784  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
12:54:58.0419 4784  vga - ok
12:54:58.0424 4784  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
12:54:58.0446 4784  VgaSave - ok
12:54:58.0453 4784  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
12:54:58.0465 4784  vhdmp - ok
12:54:58.0484 4784  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:54:58.0496 4784  viaagp - ok
12:54:58.0508 4784  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\drivers\viac7.sys
12:54:58.0532 4784  ViaC7 - ok
12:54:58.0581 4784  [ F27C1D81ED7DACA5B1A539745A4EF710 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
12:54:58.0626 4784  VIAHdAudAddService - ok
12:54:58.0640 4784  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
12:54:58.0651 4784  viaide - ok
12:54:58.0666 4784  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:54:58.0675 4784  volmgr - ok
12:54:58.0683 4784  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
12:54:58.0698 4784  volmgrx - ok
12:54:58.0730 4784  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
12:54:58.0744 4784  volsnap - ok
12:54:58.0767 4784  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
12:54:58.0780 4784  vsmraid - ok
12:54:58.0811 4784  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\Windows\system32\vssvc.exe
12:54:58.0886 4784  VSS - ok
12:54:58.0897 4784  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:54:58.0916 4784  vwifibus - ok
12:54:58.0939 4784  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
12:54:58.0970 4784  W32Time - ok
12:54:58.0989 4784  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:54:59.0079 4784  WacomPen - ok
12:54:59.0111 4784  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:54:59.0194 4784  WANARP - ok
12:54:59.0199 4784  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:54:59.0222 4784  Wanarpv6 - ok
12:54:59.0264 4784  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
12:54:59.0312 4784  wbengine - ok
12:54:59.0331 4784  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:54:59.0355 4784  WbioSrvc - ok
12:54:59.0362 4784  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\Windows\System32\wcncsvc.dll
12:54:59.0379 4784  wcncsvc - ok
12:54:59.0390 4784  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:54:59.0407 4784  WcsPlugInService - ok
12:54:59.0429 4784  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
12:54:59.0439 4784  Wd - ok
12:54:59.0461 4784  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:54:59.0479 4784  Wdf01000 - ok
12:54:59.0494 4784  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:54:59.0651 4784  WdiServiceHost - ok
12:54:59.0661 4784  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
12:54:59.0679 4784  WdiSystemHost - ok
12:54:59.0710 4784  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\Windows\System32\webclnt.dll
12:54:59.0736 4784  WebClient - ok
12:54:59.0754 4784  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:54:59.0785 4784  Wecsvc - ok
12:54:59.0791 4784  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
12:54:59.0811 4784  wercplsupport - ok
12:54:59.0845 4784  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:54:59.0914 4784  WerSvc - ok
12:54:59.0931 4784  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:54:59.0957 4784  WfpLwf - ok
12:54:59.0976 4784  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:54:59.0986 4784  WIMMount - ok
12:55:00.0041 4784  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
12:55:00.0085 4784  WinDefend - ok
12:55:00.0091 4784  WinHttpAutoProxySvc - ok
12:55:00.0135 4784  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
12:55:00.0157 4784  Winmgmt - ok
12:55:00.0194 4784  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
12:55:00.0259 4784  WinRM - ok
12:55:00.0288 4784  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
12:55:00.0308 4784  WinUSB - ok
12:55:00.0407 4784  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
12:55:00.0514 4784  Wlansvc - ok
12:55:00.0542 4784  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
12:55:00.0569 4784  WmiAcpi - ok
12:55:00.0601 4784  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:55:00.0626 4784  wmiApSrv - ok
12:55:00.0743 4784  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
12:55:00.0833 4784  WMPNetworkSvc - ok
12:55:00.0859 4784  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:55:00.0875 4784  WPCSvc - ok
12:55:00.0889 4784  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:55:00.0908 4784  WPDBusEnum - ok
12:55:00.0925 4784  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
12:55:00.0960 4784  ws2ifsl - ok
12:55:00.0972 4784  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
12:55:00.0987 4784  wscsvc - ok
12:55:00.0991 4784  WSearch - ok
12:55:01.0076 4784  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
12:55:01.0148 4784  wuauserv - ok
12:55:01.0155 4784  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:55:01.0184 4784  WudfPf - ok
12:55:01.0213 4784  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:55:01.0242 4784  WUDFRd - ok
12:55:01.0261 4784  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
12:55:01.0283 4784  wudfsvc - ok
12:55:01.0298 4784  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
12:55:01.0325 4784  WwanSvc - ok
12:55:01.0347 4784  ================ Scan global ===============================
12:55:01.0377 4784  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:55:01.0413 4784  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
12:55:01.0445 4784  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
12:55:01.0475 4784  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:55:01.0508 4784  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:55:01.0530 4784  [Global] - ok
12:55:01.0531 4784  ================ Scan MBR ==================================
12:55:01.0551 4784  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:55:01.0791 4784  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:55:01.0792 4784  \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:55:01.0800 4784  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:55:02.0296 4784  \Device\Harddisk1\DR1 - ok
12:55:02.0305 4784  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
12:55:03.0070 4784  \Device\Harddisk2\DR2 - ok
12:55:03.0071 4784  ================ Scan VBR ==================================
12:55:03.0077 4784  [ CD687E89D8F9B19FEB9F4E7A83670A58 ] \Device\Harddisk0\DR0\Partition1
12:55:03.0081 4784  \Device\Harddisk0\DR0\Partition1 - ok
12:55:03.0100 4784  [ 609CFBB2B39BFCD62B2F57BABD5CBE94 ] \Device\Harddisk0\DR0\Partition2
12:55:03.0103 4784  \Device\Harddisk0\DR0\Partition2 - ok
12:55:03.0111 4784  [ 7A1133DEB22DB18FAEA9F7FC67895DA6 ] \Device\Harddisk1\DR1\Partition1
12:55:03.0114 4784  \Device\Harddisk1\DR1\Partition1 - ok
12:55:03.0120 4784  [ F83A4C3EAAA10C6D06F9449DF528495D ] \Device\Harddisk2\DR2\Partition1
12:55:03.0121 4784  \Device\Harddisk2\DR2\Partition1 - ok
12:55:03.0123 4784  ============================================================
12:55:03.0123 4784  Scan finished
12:55:03.0123 4784  ============================================================
12:55:03.0137 5956  Detected object count: 9
12:55:03.0137 5956  Actual detected object count: 9
12:55:10.0627 5956  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0628 5956  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0632 5956  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0632 5956  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0636 5956  MouseWithoutBordersSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0636 5956  MouseWithoutBordersSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0640 5956  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0640 5956  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0644 5956  OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0644 5956  OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0646 5956  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0647 5956  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0649 5956  Steganos Volatile Disk ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0649 5956  Steganos Volatile Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0651 5956  STGMFEngine32 ( UnsignedFile.Multi.Generic ) - skipped by user
12:55:10.0651 5956  STGMFEngine32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:55:10.0654 5956  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:55:10.0654 5956  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

markusg 11.09.2012 13:33
ja, das sehe ich in dem log auch, in dem vom tdss killer
12:55:10.0654 5956 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
diesen fund, über continue entfernen lassen, dann neustarten.
danach neues tdss killer log posten.
nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtigs, wie berufliches?

reyman 11.09.2012 13:52
Ja benutze diesen Pc für alle diese dinge.

nur diesen einen Fund ? Weil er hat ja 9 gefunden.

Ich kann den log weder posten noch anhängen da er zu groß ist was mache ich da am besten ?

/edit: hab den log im Uploadchannel hochgeladen wie du mir das auf Seite 1 gesagt hattest

markusg 11.09.2012 14:13
dann das log bitte packen und hier anhängen, nciht im upload channel, und ja, nur den einen

reyman 11.09.2012 14:23
Sorry für den Fehler. Habe nun oben editiert und angehängt


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:30 Uhr.
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27