| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Viren Rescue CDs starten nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.12.2012, 10:58
| #1 |
 |  Viren Rescue CDs starten nicht Moin moin, ich habe einen Rechner auf dem ich eine Infektion vermute. Nun habe ich mit zahlreichen Virenscan CDs (erstellt auf einem sauberen Rechner) versucht diesen Rechner zu untersuchen. Doch leider ohne Erfolg. Folgende Fehler treten beim Scan auf: - Antivir Rescue CD - Startet und bleibt dann nach der Initialisierung im schwarzen Bildschirm hängen - Bitdefender - Startet und bleibt im Logo Bildschirm hängen. Also bevor die Interaktion möglich wäre. - AVG Antivir - startet und ein Scan ist möglich, sogar mit Virendatenbank Update (kein Befund), aber wenn ich die Programmdaten (11/2012) update und danach einen Scan starte, bricht der Rechner in die Konsole ab. - Trinity Rescue Kit - Auch ohne Erfolg Ich habe auch zahlreiche Versuche mit bootfähigen USB-Virenscans probiert, sowie den Rechner mit und ohne Internetverbindung gestartet. Somit kann kein Virus/ Rootkit gefunden werden. Diese blockierten Virenscans stimmen mich wirklich kritisch. Nun hab ich einen GMER Logfile nach Anleitung erstellt: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-20 09:08:26
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001
Running: ghc242ukp.exe; Driver: C:\Users\dennis\AppData\Local\Temp\pgloqpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x9554C004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x9554C0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9554BD76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9554BE1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9554BEBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9554BF56]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A3FA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A794D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1357 82A8078C 8 Bytes [04, C0, 54, 95, D4, C0, 54, ...] {ADD AL, 0xc0; PUSH ESP; XCHG EBP, EAX; AAM 0xc0; PUSH ESP; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82A807D4 4 Bytes [76, BD, 54, 95] {JBE 0xffffffffffffffbf; PUSH ESP; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82A80AA4 8 Bytes [1E, BE, 54, 95, BA, BE, 54, ...] {PUSH DS; MOV ESI, 0xbeba9554; PUSH ESP; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82A80B18 4 Bytes [56, BF, 54, 95]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B2C5C000 154 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 502B B2C5C09B 135 Bytes [8B, FF, 55, 8B, EC, E8, 31, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B2C5C123 629 Bytes [75, C5, B2, FE, 05, 34, 75, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 B2C5C399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F B2C5C3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\msiexec.exe[3840] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74ADFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[3840] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74ADFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[3840] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74ADFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[3840] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74ADFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[3840] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74ADFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume11 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
---- Files - GMER 1.0.15 ----
File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 524288 bytes
---- EOF - GMER 1.0.15 ----
Vielen Dank für die Hilfe. Ergänzend habe ich noch ein SysInternals Rootkit Revealer Test laufen lassen, leider ist das Log nicht kopierbar: WSMan - Registry - Security Mismatch (mehrfach) RmMetadaten - Hidden to API $UsnJrnl - Hidden to API 108.000 Dateien - visible in API, not shown in MFT or Directory (mit und ohne NTFS Erkennung eingestellt) |
|
20.12.2012, 11:40
| #2 | |
| /// TB-Ausbilder  | Viren Rescue CDs starten nichtZitat:
__________________ |
|
20.12.2012, 12:56
| #3 |
| | Viren Rescue CDs starten nicht Der Chef hatte eine Mail erhalten, die von Ihm selber geschickt wurde. Diese hatte er angeklickt und daraufhin hat eine Verknüpfung auf dem Desktop auf Ebay, aber mit einer ungewöhnlichen Umleitung. Leider ist das alles in meinem Urlaub passiert, somit kann man es nicht mehr so recht nachvollziehen.
__________________Fakt ist, dass unsere Büro-Email Mailer-Deamons erhält von angeschriebenen Emails, die wir nicht angeschrieben haben. Nun wollte ich sicherstellen, dass der Rechner nicht gekarpert wurde und als Mailbot agiert. Also fing ich an nach Viren und Rootkits zu suchen und stieß auf die oben beschriebenen Probleme. |
|
20.12.2012, 13:00
| #4 |
| /// TB-Ausbilder | Viren Rescue CDs starten nicht Verstehe, es ist nur so, dass wir gewerblich genutzte Rechner nicht bereinigen. Das macht eure IT-Abteilung bzw der Admin bei euch.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.12.2012, 13:04
| #5 |
| | Viren Rescue CDs starten nicht Wir sind nur 2 Mann, der Admin bin ich, und ich bin überfordert mit dem ganzen Rootkit auslesen usw.  |
|
20.12.2012, 15:34
| #6 | |
| /// TB-Ausbilder | Viren Rescue CDs starten nichtAlles klar? 
__________________ --> Viren Rescue CDs starten nicht |
|
21.12.2012, 11:38
| #7 |
| | Viren Rescue CDs starten nicht Dat hab' ich verstanden |
|
21.12.2012, 12:54
| #8 | |
| /// TB-Ausbilder | Viren Rescue CDs starten nicht Dann los!  Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: Scan mit aswMBR Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Schritt 4: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.12.2012, 14:16
| #9 |
| | Viren Rescue CDs starten nichtCode:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:55 on 21/12/2012 (dennis)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-21 13:59:12
-----------------------------
13:59:12.669 OS Version: Windows 6.1.7601 Service Pack 1
13:59:12.669 Number of processors: 4 586 0x2A07
13:59:12.669 ComputerName: BERND-PC UserName: dennis
13:59:13.434 Initialize success
14:01:08.040 AVAST engine defs: 12122100
14:01:16.091 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:01:16.107 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
14:01:16.123 Disk 0 MBR read successfully
14:01:16.123 Disk 0 MBR scan
14:01:16.138 Disk 0 Windows 7 default MBR code
14:01:16.138 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:01:16.154 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
14:01:16.169 Disk 0 scanning sectors +1953521664
14:01:16.247 Disk 0 scanning C:\Windows\system32\drivers
14:01:24.752 Service scanning
14:01:37.796 Modules scanning
14:01:41.073 Disk 0 trace - called modules:
14:01:41.104 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
14:01:41.604 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d74388]
14:01:41.604 3 CLASSPNP.SYS[8adb059e] -> nt!IofCallDriver -> [0x85843918]
14:01:41.604 5 ACPI.sys[8aad43d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84f57908]
14:01:42.322 AVAST engine scan C:\Windows
14:01:43.866 AVAST engine scan C:\Windows\system32
14:03:39.803 AVAST engine scan C:\Windows\system32\drivers
14:03:49.710 AVAST engine scan C:\Users\dennis
14:04:39.884 AVAST engine scan C:\ProgramData
14:05:38.654 Scan finished successfully
14:08:24.931 Disk 0 MBR has been saved successfully to "C:\Users\dennis\Desktop\MBR.dat"
14:08:24.931 The log file has been saved successfully to "C:\Users\dennis\Desktop\aswMBR.txt"
Code:
ATTFilter 14:08:48.0514 5800 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:08:49.0263 5800 ============================================================
14:08:49.0263 5800 Current date / time: 2012/12/21 14:08:49.0263
14:08:49.0263 5800 SystemInfo:
14:08:49.0263 5800
14:08:49.0263 5800 OS Version: 6.1.7601 ServicePack: 1.0
14:08:49.0263 5800 Product type: Workstation
14:08:49.0263 5800 ComputerName: BERND-PC
14:08:49.0263 5800 UserName: dennis
14:08:49.0263 5800 Windows directory: C:\Windows
14:08:49.0263 5800 System windows directory: C:\Windows
14:08:49.0263 5800 Processor architecture: Intel x86
14:08:49.0263 5800 Number of processors: 4
14:08:49.0263 5800 Page size: 0x1000
14:08:49.0263 5800 Boot type: Normal boot
14:08:49.0263 5800 ============================================================
14:08:50.0261 5800 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:08:50.0277 5800 ============================================================
14:08:50.0277 5800 \Device\Harddisk0\DR0:
14:08:50.0292 5800 MBR partitions:
14:08:50.0292 5800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:08:50.0292 5800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
14:08:50.0292 5800 ============================================================
14:08:50.0324 5800 C: <-> \Device\Harddisk0\DR0\Partition2
14:08:50.0324 5800 ============================================================
14:08:50.0324 5800 Initialize success
14:08:50.0324 5800 ============================================================
14:09:23.0570 5464 ============================================================
14:09:23.0570 5464 Scan started
14:09:23.0570 5464 Mode: Manual; TDLFS;
14:09:23.0570 5464 ============================================================
14:09:24.0069 5464 ================ Scan system memory ========================
14:09:24.0069 5464 System memory - ok
14:09:24.0069 5464 ================ Scan services =============================
14:09:24.0194 5464 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:09:24.0209 5464 1394ohci - ok
14:09:24.0209 5464 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:09:24.0209 5464 ACPI - ok
14:09:24.0225 5464 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:09:24.0225 5464 AcpiPmi - ok
14:09:24.0287 5464 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:09:24.0287 5464 AdobeARMservice - ok
14:09:24.0334 5464 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:09:24.0334 5464 AdobeFlashPlayerUpdateSvc - ok
14:09:24.0365 5464 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:09:24.0365 5464 adp94xx - ok
14:09:24.0381 5464 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:09:24.0381 5464 adpahci - ok
14:09:24.0396 5464 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:09:24.0396 5464 adpu320 - ok
14:09:24.0428 5464 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:09:24.0428 5464 AeLookupSvc - ok
14:09:24.0459 5464 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
14:09:24.0459 5464 AFD - ok
14:09:24.0474 5464 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
14:09:24.0474 5464 agp440 - ok
14:09:24.0506 5464 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:09:24.0506 5464 aic78xx - ok
14:09:24.0552 5464 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
14:09:24.0552 5464 ALG - ok
14:09:24.0568 5464 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
14:09:24.0568 5464 aliide - ok
14:09:24.0584 5464 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:09:24.0599 5464 amdagp - ok
14:09:24.0599 5464 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
14:09:24.0599 5464 amdide - ok
14:09:24.0615 5464 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:09:24.0615 5464 AmdK8 - ok
14:09:24.0615 5464 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:09:24.0615 5464 AmdPPM - ok
14:09:24.0646 5464 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:09:24.0646 5464 amdsata - ok
14:09:24.0662 5464 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:09:24.0662 5464 amdsbs - ok
14:09:24.0677 5464 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:09:24.0677 5464 amdxata - ok
14:09:24.0693 5464 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
14:09:24.0693 5464 AppID - ok
14:09:24.0708 5464 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:09:24.0708 5464 AppIDSvc - ok
14:09:24.0724 5464 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
14:09:24.0724 5464 Appinfo - ok
14:09:24.0755 5464 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
14:09:24.0771 5464 AppMgmt - ok
14:09:24.0771 5464 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
14:09:24.0786 5464 arc - ok
14:09:24.0786 5464 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:09:24.0786 5464 arcsas - ok
14:09:24.0864 5464 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:09:24.0880 5464 aspnet_state - ok
14:09:24.0896 5464 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:09:24.0896 5464 AsyncMac - ok
14:09:24.0911 5464 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
14:09:24.0911 5464 atapi - ok
14:09:24.0942 5464 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:09:24.0958 5464 AudioEndpointBuilder - ok
14:09:24.0958 5464 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:09:24.0974 5464 Audiosrv - ok
14:09:25.0005 5464 [ EA2D28BBE98256654397CD1F6EAEBDD8 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
14:09:25.0005 5464 Autodesk Licensing Service - ok
14:09:25.0052 5464 [ C46BA2C177DF0B84F9C0BFC1E4574DC7 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6x.sys
14:09:25.0052 5464 Avgfwfd - ok
14:09:25.0130 5464 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe
14:09:25.0161 5464 avgfws - ok
14:09:25.0254 5464 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
14:09:25.0270 5464 AVGIDSAgent - ok
14:09:25.0301 5464 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
14:09:25.0301 5464 AVGIDSDriver - ok
14:09:25.0301 5464 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
14:09:25.0301 5464 AVGIDSFilter - ok
14:09:25.0317 5464 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
14:09:25.0317 5464 AVGIDSHX - ok
14:09:25.0317 5464 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
14:09:25.0317 5464 AVGIDSShim - ok
14:09:25.0348 5464 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
14:09:25.0348 5464 Avgldx86 - ok
14:09:25.0348 5464 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
14:09:25.0348 5464 Avgmfx86 - ok
14:09:25.0379 5464 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
14:09:25.0379 5464 Avgrkx86 - ok
14:09:25.0395 5464 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
14:09:25.0395 5464 Avgtdix - ok
14:09:25.0410 5464 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
14:09:25.0410 5464 avgtp - ok
14:09:25.0442 5464 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
14:09:25.0442 5464 avgwd - ok
14:09:25.0457 5464 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:09:25.0473 5464 AxInstSV - ok
14:09:25.0488 5464 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
14:09:25.0488 5464 b06bdrv - ok
14:09:25.0504 5464 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:09:25.0504 5464 b57nd60x - ok
14:09:25.0551 5464 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
14:09:25.0551 5464 BDESVC - ok
14:09:25.0566 5464 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
14:09:25.0566 5464 Beep - ok
14:09:25.0598 5464 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
14:09:25.0613 5464 BFE - ok
14:09:25.0629 5464 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
14:09:25.0645 5464 BITS - ok
14:09:25.0660 5464 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:09:25.0660 5464 blbdrive - ok
14:09:25.0691 5464 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:09:25.0691 5464 bowser - ok
14:09:25.0691 5464 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:09:25.0707 5464 BrFiltLo - ok
14:09:25.0707 5464 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:09:25.0707 5464 BrFiltUp - ok
14:09:25.0738 5464 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
14:09:25.0738 5464 Browser - ok
14:09:25.0754 5464 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:09:25.0754 5464 Brserid - ok
14:09:25.0754 5464 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:09:25.0754 5464 BrSerWdm - ok
14:09:25.0769 5464 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:09:25.0769 5464 BrUsbMdm - ok
14:09:25.0769 5464 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:09:25.0769 5464 BrUsbSer - ok
14:09:25.0785 5464 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:09:25.0785 5464 BTHMODEM - ok
14:09:25.0816 5464 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
14:09:25.0832 5464 bthserv - ok
14:09:25.0832 5464 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:09:25.0847 5464 cdfs - ok
14:09:25.0879 5464 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:09:25.0879 5464 cdrom - ok
14:09:25.0894 5464 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
14:09:25.0894 5464 CertPropSvc - ok
14:09:25.0910 5464 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
14:09:25.0910 5464 circlass - ok
14:09:25.0941 5464 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
14:09:25.0957 5464 CLFS - ok
14:09:26.0003 5464 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:09:26.0003 5464 clr_optimization_v2.0.50727_32 - ok
14:09:26.0035 5464 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:09:26.0066 5464 clr_optimization_v4.0.30319_32 - ok
14:09:26.0081 5464 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:09:26.0081 5464 CmBatt - ok
14:09:26.0097 5464 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:09:26.0097 5464 cmdide - ok
14:09:26.0128 5464 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
14:09:26.0128 5464 CNG - ok
14:09:26.0144 5464 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:09:26.0144 5464 Compbatt - ok
14:09:26.0175 5464 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:09:26.0175 5464 CompositeBus - ok
14:09:26.0175 5464 COMSysApp - ok
14:09:26.0206 5464 [ 085D4E5714BC641286C43239E8CB267F ] cphs C:\Windows\system32\IntelCpHeciSvc.exe
14:09:26.0206 5464 cphs - ok
14:09:26.0222 5464 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:09:26.0222 5464 crcdisk - ok
14:09:26.0269 5464 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:09:26.0269 5464 CryptSvc - ok
14:09:26.0300 5464 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
14:09:26.0300 5464 CSC - ok
14:09:26.0315 5464 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
14:09:26.0315 5464 CscService - ok
14:09:26.0347 5464 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
14:09:26.0347 5464 DcomLaunch - ok
14:09:26.0378 5464 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
14:09:26.0378 5464 defragsvc - ok
14:09:26.0409 5464 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:09:26.0409 5464 DfsC - ok
14:09:26.0440 5464 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:09:26.0440 5464 Dhcp - ok
14:09:26.0456 5464 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
14:09:26.0456 5464 discache - ok
14:09:26.0471 5464 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
14:09:26.0471 5464 Disk - ok
14:09:26.0487 5464 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
14:09:26.0503 5464 dmvsc - ok
14:09:26.0518 5464 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:09:26.0518 5464 Dnscache - ok
14:09:26.0549 5464 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
14:09:26.0549 5464 dot3svc - ok
14:09:26.0549 5464 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
14:09:26.0549 5464 DPS - ok
14:09:26.0581 5464 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:09:26.0581 5464 drmkaud - ok
14:09:26.0596 5464 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:09:26.0612 5464 DXGKrnl - ok
14:09:26.0612 5464 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
14:09:26.0612 5464 EapHost - ok
14:09:26.0674 5464 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
14:09:26.0690 5464 ebdrv - ok
14:09:26.0721 5464 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
14:09:26.0721 5464 EFS - ok
14:09:26.0768 5464 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:09:26.0783 5464 ehRecvr - ok
14:09:26.0783 5464 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
14:09:26.0783 5464 ehSched - ok
14:09:26.0815 5464 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:09:26.0815 5464 elxstor - ok
14:09:26.0846 5464 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:09:26.0846 5464 ErrDev - ok
14:09:26.0877 5464 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
14:09:26.0877 5464 EventSystem - ok
14:09:26.0893 5464 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
14:09:26.0893 5464 exfat - ok
14:09:26.0908 5464 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:09:26.0908 5464 fastfat - ok
14:09:26.0955 5464 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
14:09:26.0971 5464 Fax - ok
14:09:26.0986 5464 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
14:09:26.0986 5464 fdc - ok
14:09:26.0986 5464 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
14:09:26.0986 5464 fdPHost - ok
14:09:27.0002 5464 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
14:09:27.0002 5464 FDResPub - ok
14:09:27.0017 5464 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:09:27.0017 5464 FileInfo - ok
14:09:27.0033 5464 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:09:27.0033 5464 Filetrace - ok
14:09:27.0033 5464 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:09:27.0049 5464 flpydisk - ok
14:09:27.0049 5464 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:09:27.0049 5464 FltMgr - ok
14:09:27.0095 5464 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
14:09:27.0095 5464 FontCache - ok
14:09:27.0158 5464 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:09:27.0158 5464 FontCache3.0.0.0 - ok
14:09:27.0173 5464 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:09:27.0173 5464 FsDepends - ok
14:09:27.0220 5464 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:09:27.0220 5464 Fs_Rec - ok
14:09:27.0220 5464 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:09:27.0220 5464 fvevol - ok
14:09:27.0236 5464 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:09:27.0236 5464 gagp30kx - ok
14:09:27.0376 5464 [ 19DEC13182CCE1A3BE243F8830F89276 ] GE C:\Users\dennis\AppData\Local\Temp\GE.exe
14:09:27.0376 5464 GE - ok
14:09:27.0407 5464 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
14:09:27.0407 5464 gpsvc - ok
14:09:27.0439 5464 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:09:27.0439 5464 hcw85cir - ok
14:09:27.0470 5464 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:09:27.0470 5464 HdAudAddService - ok
14:09:27.0485 5464 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:09:27.0485 5464 HDAudBus - ok
14:09:27.0501 5464 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:09:27.0501 5464 HidBatt - ok
14:09:27.0532 5464 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:09:27.0532 5464 HidBth - ok
14:09:27.0548 5464 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:09:27.0548 5464 HidIr - ok
14:09:27.0563 5464 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
14:09:27.0563 5464 hidserv - ok
14:09:27.0579 5464 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:09:27.0579 5464 HidUsb - ok
14:09:27.0595 5464 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:09:27.0595 5464 hkmsvc - ok
14:09:27.0610 5464 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:09:27.0626 5464 HomeGroupListener - ok
14:09:27.0641 5464 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:09:27.0657 5464 HomeGroupProvider - ok
14:09:27.0673 5464 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:09:27.0673 5464 HpSAMD - ok
14:09:27.0688 5464 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:09:27.0688 5464 HTTP - ok
14:09:27.0704 5464 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:09:27.0704 5464 hwpolicy - ok
14:09:27.0719 5464 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:09:27.0719 5464 i8042prt - ok
14:09:27.0735 5464 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:09:27.0735 5464 iaStorV - ok
14:09:27.0766 5464 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:09:27.0782 5464 idsvc - ok
14:09:27.0969 5464 [ 0FEB90F92A8AB77A7E5E6BA052138351 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
14:09:28.0016 5464 igfx - ok
14:09:28.0047 5464 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:09:28.0047 5464 iirsp - ok
14:09:28.0078 5464 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
14:09:28.0094 5464 IKEEXT - ok
14:09:28.0094 5464 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
14:09:28.0109 5464 intelide - ok
14:09:28.0125 5464 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:09:28.0125 5464 intelppm - ok
14:09:28.0141 5464 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:09:28.0141 5464 IPBusEnum - ok
14:09:28.0141 5464 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:09:28.0141 5464 IpFilterDriver - ok
14:09:28.0172 5464 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:09:28.0172 5464 iphlpsvc - ok
14:09:28.0203 5464 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:09:28.0203 5464 IPMIDRV - ok
14:09:28.0219 5464 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:09:28.0219 5464 IPNAT - ok
14:09:28.0250 5464 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:09:28.0250 5464 IRENUM - ok
14:09:28.0265 5464 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:09:28.0265 5464 isapnp - ok
14:09:28.0297 5464 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:09:28.0297 5464 iScsiPrt - ok
14:09:28.0328 5464 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:09:28.0328 5464 kbdclass - ok
14:09:28.0343 5464 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:09:28.0343 5464 kbdhid - ok
14:09:28.0359 5464 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
14:09:28.0359 5464 KeyIso - ok
14:09:28.0390 5464 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:09:28.0390 5464 KSecDD - ok
14:09:28.0421 5464 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:09:28.0421 5464 KSecPkg - ok
14:09:28.0453 5464 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
14:09:28.0453 5464 KtmRm - ok
14:09:28.0500 5464 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
14:09:28.0500 5464 LanmanServer - ok
14:09:28.0515 5464 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:09:28.0531 5464 LanmanWorkstation - ok
14:09:28.0562 5464 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:09:28.0562 5464 lltdio - ok
14:09:28.0578 5464 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:09:28.0593 5464 lltdsvc - ok
14:09:28.0609 5464 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
14:09:28.0609 5464 lmhosts - ok
14:09:28.0624 5464 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:09:28.0624 5464 LSI_FC - ok
14:09:28.0640 5464 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:09:28.0640 5464 LSI_SAS - ok
14:09:28.0656 5464 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:09:28.0656 5464 LSI_SAS2 - ok
14:09:28.0671 5464 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:09:28.0671 5464 LSI_SCSI - ok
14:09:28.0671 5464 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
14:09:28.0671 5464 luafv - ok
14:09:28.0687 5464 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:09:28.0702 5464 Mcx2Svc - ok
14:09:28.0702 5464 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
14:09:28.0702 5464 megasas - ok
14:09:28.0718 5464 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:09:28.0718 5464 MegaSR - ok
14:09:28.0734 5464 [ D86AC00883B9C98B570E7643AAF8E554 ] MEI C:\Windows\system32\DRIVERS\HECI.sys
14:09:28.0749 5464 MEI - ok
14:09:28.0765 5464 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
14:09:28.0765 5464 MMCSS - ok
14:09:28.0780 5464 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
14:09:28.0780 5464 Modem - ok
14:09:28.0796 5464 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:09:28.0796 5464 monitor - ok
14:09:28.0812 5464 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:09:28.0812 5464 mouclass - ok
14:09:28.0827 5464 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:09:28.0827 5464 mouhid - ok
14:09:28.0843 5464 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:09:28.0843 5464 mountmgr - ok
14:09:28.0905 5464 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:09:28.0905 5464 MozillaMaintenance - ok
14:09:28.0921 5464 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
14:09:28.0921 5464 mpio - ok
14:09:28.0936 5464 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:09:28.0936 5464 mpsdrv - ok
14:09:28.0952 5464 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:09:28.0968 5464 MpsSvc - ok
14:09:28.0968 5464 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:09:28.0983 5464 MRxDAV - ok
14:09:29.0014 5464 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:09:29.0014 5464 mrxsmb - ok
14:09:29.0030 5464 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:09:29.0030 5464 mrxsmb10 - ok
14:09:29.0030 5464 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:09:29.0046 5464 mrxsmb20 - ok
14:09:29.0061 5464 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
14:09:29.0077 5464 msahci - ok
14:09:29.0092 5464 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:09:29.0092 5464 msdsm - ok
14:09:29.0108 5464 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
14:09:29.0108 5464 MSDTC - ok
14:09:29.0124 5464 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:09:29.0124 5464 Msfs - ok
14:09:29.0139 5464 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:09:29.0139 5464 mshidkmdf - ok
14:09:29.0155 5464 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:09:29.0155 5464 msisadrv - ok
14:09:29.0170 5464 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:09:29.0170 5464 MSiSCSI - ok
14:09:29.0186 5464 msiserver - ok
14:09:29.0202 5464 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:09:29.0202 5464 MSKSSRV - ok
14:09:29.0217 5464 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:09:29.0217 5464 MSPCLOCK - ok
14:09:29.0217 5464 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:09:29.0217 5464 MSPQM - ok
14:09:29.0233 5464 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:09:29.0233 5464 MsRPC - ok
14:09:29.0248 5464 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:09:29.0248 5464 mssmbios - ok
14:09:29.0264 5464 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:09:29.0264 5464 MSTEE - ok
14:09:29.0264 5464 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:09:29.0264 5464 MTConfig - ok
14:09:29.0280 5464 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
14:09:29.0280 5464 Mup - ok
14:09:29.0311 5464 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
14:09:29.0326 5464 napagent - ok
14:09:29.0342 5464 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:09:29.0342 5464 NativeWifiP - ok
14:09:29.0389 5464 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:09:29.0404 5464 NDIS - ok
14:09:29.0420 5464 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:09:29.0420 5464 NdisCap - ok
14:09:29.0436 5464 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:09:29.0436 5464 NdisTapi - ok
14:09:29.0451 5464 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:09:29.0451 5464 Ndisuio - ok
14:09:29.0467 5464 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:09:29.0467 5464 NdisWan - ok
14:09:29.0482 5464 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:09:29.0482 5464 NDProxy - ok
14:09:29.0498 5464 [ 284432E671F1AF6B09B81DA24D3ABCAE ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:09:29.0498 5464 Net Driver HPZ12 - ok
14:09:29.0514 5464 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:09:29.0514 5464 NetBIOS - ok
14:09:29.0529 5464 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:09:29.0529 5464 NetBT - ok
14:09:29.0545 5464 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
14:09:29.0545 5464 Netlogon - ok
14:09:29.0592 5464 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
14:09:29.0592 5464 Netman - ok
14:09:29.0623 5464 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:09:29.0623 5464 NetMsmqActivator - ok
14:09:29.0638 5464 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:09:29.0638 5464 NetPipeActivator - ok
14:09:29.0654 5464 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
14:09:29.0654 5464 netprofm - ok
14:09:29.0670 5464 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:09:29.0670 5464 NetTcpActivator - ok
14:09:29.0670 5464 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:09:29.0670 5464 NetTcpPortSharing - ok
14:09:29.0701 5464 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:09:29.0701 5464 nfrd960 - ok
14:09:29.0716 5464 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
14:09:29.0732 5464 NlaSvc - ok
14:09:29.0748 5464 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:09:29.0748 5464 Npfs - ok
14:09:29.0763 5464 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
14:09:29.0763 5464 nsi - ok
14:09:29.0763 5464 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:09:29.0763 5464 nsiproxy - ok
14:09:29.0826 5464 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:09:29.0826 5464 Ntfs - ok
14:09:29.0841 5464 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
14:09:29.0841 5464 Null - ok
14:09:29.0872 5464 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:09:29.0872 5464 nvraid - ok
14:09:29.0888 5464 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:09:29.0888 5464 nvstor - ok
14:09:29.0904 5464 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:09:29.0904 5464 nv_agp - ok
14:09:29.0950 5464 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:09:29.0966 5464 odserv - ok
14:09:29.0966 5464 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:09:29.0966 5464 ohci1394 - ok
14:09:30.0013 5464 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:09:30.0013 5464 ose - ok
14:09:30.0044 5464 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:09:30.0044 5464 p2pimsvc - ok
14:09:30.0075 5464 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
14:09:30.0075 5464 p2psvc - ok
14:09:30.0091 5464 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:09:30.0091 5464 Parport - ok
14:09:30.0106 5464 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:09:30.0122 5464 partmgr - ok
14:09:30.0122 5464 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
14:09:30.0122 5464 Parvdm - ok
14:09:30.0138 5464 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:09:30.0138 5464 PcaSvc - ok
14:09:30.0153 5464 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
14:09:30.0153 5464 pci - ok
14:09:30.0169 5464 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
14:09:30.0169 5464 pciide - ok
14:09:30.0200 5464 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:09:30.0200 5464 pcmcia - ok
14:09:30.0216 5464 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
14:09:30.0216 5464 pcw - ok
14:09:30.0231 5464 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:09:30.0231 5464 PEAUTH - ok
14:09:30.0278 5464 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:09:30.0294 5464 PeerDistSvc - ok
14:09:30.0340 5464 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
14:09:30.0356 5464 pla - ok
14:09:30.0387 5464 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:09:30.0403 5464 PlugPlay - ok
14:09:30.0418 5464 [ 4153912765F7F2DE2A5C9A241ABB03FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:09:30.0418 5464 Pml Driver HPZ12 - ok
14:09:30.0418 5464 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:09:30.0418 5464 PNRPAutoReg - ok
14:09:30.0434 5464 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:09:30.0434 5464 PNRPsvc - ok
14:09:30.0481 5464 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:09:30.0481 5464 PolicyAgent - ok
14:09:30.0512 5464 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
14:09:30.0512 5464 Power - ok
14:09:30.0528 5464 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:09:30.0528 5464 PptpMiniport - ok
14:09:30.0543 5464 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
14:09:30.0543 5464 Processor - ok
14:09:30.0559 5464 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
14:09:30.0559 5464 ProfSvc - ok
14:09:30.0574 5464 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:09:30.0574 5464 ProtectedStorage - ok
14:09:30.0606 5464 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:09:30.0606 5464 Psched - ok
14:09:30.0637 5464 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:09:30.0652 5464 ql2300 - ok
14:09:30.0668 5464 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:09:30.0668 5464 ql40xx - ok
14:09:30.0684 5464 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
14:09:30.0684 5464 QWAVE - ok
14:09:30.0699 5464 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:09:30.0699 5464 QWAVEdrv - ok
14:09:30.0699 5464 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:09:30.0699 5464 RasAcd - ok
14:09:30.0715 5464 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:09:30.0715 5464 RasAgileVpn - ok
14:09:30.0730 5464 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
14:09:30.0730 5464 RasAuto - ok
14:09:30.0746 5464 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:09:30.0746 5464 Rasl2tp - ok
14:09:30.0762 5464 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
14:09:30.0762 5464 RasMan - ok
14:09:30.0777 5464 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:09:30.0777 5464 RasPppoe - ok
14:09:30.0793 5464 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:09:30.0793 5464 RasSstp - ok
14:09:30.0808 5464 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:09:30.0808 5464 rdbss - ok
14:09:30.0824 5464 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:09:30.0824 5464 rdpbus - ok
14:09:30.0824 5464 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:09:30.0824 5464 RDPCDD - ok
14:09:30.0840 5464 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:09:30.0855 5464 RDPDR - ok
14:09:30.0871 5464 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:09:30.0871 5464 RDPENCDD - ok
14:09:30.0886 5464 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:09:30.0886 5464 RDPREFMP - ok
14:09:30.0918 5464 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:09:30.0918 5464 RdpVideoMiniport - ok
14:09:30.0933 5464 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:09:30.0933 5464 RDPWD - ok
14:09:30.0949 5464 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:09:30.0949 5464 rdyboost - ok
14:09:30.0964 5464 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
14:09:30.0964 5464 RemoteAccess - ok
14:09:30.0980 5464 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:09:30.0996 5464 RemoteRegistry - ok
14:09:30.0996 5464 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:09:30.0996 5464 RpcEptMapper - ok
14:09:31.0011 5464 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
14:09:31.0011 5464 RpcLocator - ok
14:09:31.0027 5464 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
14:09:31.0027 5464 RpcSs - ok
14:09:31.0058 5464 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:09:31.0058 5464 rspndr - ok
14:09:31.0089 5464 [ 48E68E7BB2B1E8A294490FA3249A2A7D ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
14:09:31.0089 5464 RTL8167 - ok
14:09:31.0120 5464 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:09:31.0120 5464 s3cap - ok
14:09:31.0120 5464 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
14:09:31.0120 5464 SamSs - ok
14:09:31.0136 5464 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:09:31.0136 5464 sbp2port - ok
14:09:31.0152 5464 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:09:31.0152 5464 SCardSvr - ok
14:09:31.0167 5464 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:09:31.0167 5464 scfilter - ok
14:09:31.0198 5464 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
14:09:31.0214 5464 Schedule - ok
14:09:31.0230 5464 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:09:31.0230 5464 SCPolicySvc - ok
14:09:31.0230 5464 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:09:31.0245 5464 SDRSVC - ok
14:09:31.0245 5464 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:09:31.0245 5464 secdrv - ok
14:09:31.0261 5464 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
14:09:31.0261 5464 seclogon - ok
14:09:31.0292 5464 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
14:09:31.0292 5464 SENS - ok
14:09:31.0323 5464 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:09:31.0323 5464 SensrSvc - ok
14:09:31.0339 5464 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:09:31.0339 5464 Serenum - ok
14:09:31.0339 5464 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:09:31.0339 5464 Serial - ok
14:09:31.0370 5464 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:09:31.0370 5464 sermouse - ok
14:09:31.0386 5464 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
14:09:31.0386 5464 SessionEnv - ok
14:09:31.0401 5464 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:09:31.0401 5464 sffdisk - ok
14:09:31.0417 5464 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:09:31.0417 5464 sffp_mmc - ok
14:09:31.0417 5464 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:09:31.0417 5464 sffp_sd - ok
14:09:31.0433 5464 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:09:31.0433 5464 sfloppy - ok
14:09:31.0464 5464 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:09:31.0479 5464 SharedAccess - ok
14:09:31.0495 5464 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:09:31.0495 5464 ShellHWDetection - ok
14:09:31.0511 5464 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:09:31.0511 5464 sisagp - ok
14:09:31.0526 5464 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:09:31.0526 5464 SiSRaid2 - ok
14:09:31.0542 5464 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:09:31.0542 5464 SiSRaid4 - ok
14:09:31.0573 5464 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:09:31.0573 5464 Smb - ok
14:09:31.0589 5464 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:09:31.0604 5464 SNMPTRAP - ok
14:09:31.0604 5464 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
14:09:31.0604 5464 spldr - ok
14:09:31.0635 5464 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
14:09:31.0635 5464 Spooler - ok
14:09:31.0698 5464 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
14:09:31.0729 5464 sppsvc - ok
14:09:31.0760 5464 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:09:31.0760 5464 sppuinotify - ok
14:09:31.0791 5464 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:09:31.0791 5464 srv - ok
14:09:31.0807 5464 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:09:31.0807 5464 srv2 - ok
14:09:31.0823 5464 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:09:31.0823 5464 srvnet - ok
14:09:31.0854 5464 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:09:31.0854 5464 SSDPSRV - ok
14:09:31.0854 5464 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:09:31.0854 5464 SstpSvc - ok
14:09:31.0869 5464 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:09:31.0869 5464 stexstor - ok
14:09:31.0901 5464 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
14:09:31.0916 5464 StiSvc - ok
14:09:31.0932 5464 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:09:31.0932 5464 storflt - ok
14:09:31.0947 5464 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
14:09:31.0947 5464 StorSvc - ok
14:09:31.0963 5464 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:09:31.0963 5464 storvsc - ok
14:09:31.0994 5464 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:09:31.0994 5464 swenum - ok
14:09:32.0010 5464 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
14:09:32.0010 5464 swprv - ok
14:09:32.0041 5464 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
14:09:32.0057 5464 SysMain - ok
14:09:32.0072 5464 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:09:32.0072 5464 TabletInputService - ok
14:09:32.0088 5464 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
14:09:32.0088 5464 TapiSrv - ok
14:09:32.0103 5464 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
14:09:32.0103 5464 TBS - ok
14:09:32.0135 5464 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:09:32.0135 5464 Tcpip - ok
14:09:32.0150 5464 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:09:32.0150 5464 TCPIP6 - ok
14:09:32.0166 5464 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:09:32.0166 5464 tcpipreg - ok
14:09:32.0181 5464 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:09:32.0181 5464 TDPIPE - ok
14:09:32.0197 5464 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:09:32.0197 5464 TDTCP - ok
14:09:32.0213 5464 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:09:32.0213 5464 tdx - ok
14:09:32.0213 5464 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:09:32.0213 5464 TermDD - ok
14:09:32.0244 5464 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
14:09:32.0244 5464 TermService - ok
14:09:32.0259 5464 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
14:09:32.0259 5464 Themes - ok
14:09:32.0259 5464 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
14:09:32.0259 5464 THREADORDER - ok
14:09:32.0275 5464 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
14:09:32.0275 5464 TrkWks - ok
14:09:32.0306 5464 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:09:32.0306 5464 TrustedInstaller - ok
14:09:32.0322 5464 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:09:32.0322 5464 tssecsrv - ok
14:09:32.0337 5464 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:09:32.0337 5464 TsUsbFlt - ok
14:09:32.0369 5464 [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:09:32.0369 5464 TsUsbGD - ok
14:09:32.0415 5464 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:09:32.0415 5464 tunnel - ok
14:09:32.0431 5464 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:09:32.0431 5464 uagp35 - ok
14:09:32.0447 5464 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:09:32.0447 5464 udfs - ok
14:09:32.0462 5464 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:09:32.0462 5464 UI0Detect - ok
14:09:32.0478 5464 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:09:32.0478 5464 uliagpkx - ok
14:09:32.0493 5464 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:09:32.0493 5464 umbus - ok
14:09:32.0525 5464 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
14:09:32.0525 5464 UmPass - ok
14:09:32.0540 5464 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
14:09:32.0540 5464 UmRdpService - ok
14:09:32.0556 5464 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
14:09:32.0571 5464 upnphost - ok
14:09:32.0603 5464 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:09:32.0603 5464 usbccgp - ok
14:09:32.0618 5464 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:09:32.0618 5464 usbcir - ok
14:09:32.0634 5464 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:09:32.0634 5464 usbehci - ok
14:09:32.0649 5464 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:09:32.0649 5464 usbhub - ok
14:09:32.0665 5464 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:09:32.0665 5464 usbohci - ok
14:09:32.0665 5464 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:09:32.0681 5464 usbprint - ok
14:09:32.0681 5464 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:09:32.0681 5464 USBSTOR - ok
14:09:32.0696 5464 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:09:32.0696 5464 usbuhci - ok
14:09:32.0696 5464 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
14:09:32.0712 5464 UxSms - ok
14:09:32.0712 5464 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
14:09:32.0712 5464 VaultSvc - ok
14:09:32.0712 5464 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:09:32.0712 5464 vdrvroot - ok
14:09:32.0727 5464 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
14:09:32.0743 5464 vds - ok
14:09:32.0759 5464 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:09:32.0759 5464 vga - ok
14:09:32.0774 5464 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:09:32.0774 5464 VgaSave - ok
14:09:32.0790 5464 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:09:32.0790 5464 vhdmp - ok
14:09:32.0805 5464 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:09:32.0805 5464 viaagp - ok
14:09:32.0805 5464 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:09:32.0805 5464 ViaC7 - ok
14:09:32.0821 5464 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
14:09:32.0821 5464 viaide - ok
14:09:32.0852 5464 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:09:32.0852 5464 vmbus - ok
14:09:32.0868 5464 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:09:32.0868 5464 VMBusHID - ok
14:09:32.0883 5464 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:09:32.0899 5464 volmgr - ok
14:09:32.0915 5464 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:09:32.0915 5464 volmgrx - ok
14:09:32.0915 5464 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:09:32.0930 5464 volsnap - ok
14:09:32.0930 5464 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:09:32.0946 5464 vsmraid - ok
14:09:32.0977 5464 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
14:09:32.0993 5464 VSS - ok
14:09:33.0071 5464 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
14:09:33.0086 5464 vToolbarUpdater13.2.0 - ok
14:09:33.0102 5464 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:09:33.0102 5464 vwifibus - ok
14:09:33.0133 5464 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
14:09:33.0133 5464 W32Time - ok
14:09:33.0164 5464 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:09:33.0164 5464 WacomPen - ok
14:09:33.0195 5464 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:09:33.0195 5464 WANARP - ok
14:09:33.0195 5464 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:09:33.0195 5464 Wanarpv6 - ok
14:09:33.0227 5464 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
14:09:33.0242 5464 wbengine - ok
14:09:33.0273 5464 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:09:33.0273 5464 WbioSrvc - ok
14:09:33.0289 5464 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:09:33.0289 5464 wcncsvc - ok
14:09:33.0305 5464 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:09:33.0305 5464 WcsPlugInService - ok
14:09:33.0320 5464 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
14:09:33.0320 5464 Wd - ok
14:09:33.0336 5464 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:09:33.0336 5464 Wdf01000 - ok
14:09:33.0351 5464 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:09:33.0351 5464 WdiServiceHost - ok
14:09:33.0351 5464 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:09:33.0351 5464 WdiSystemHost - ok
14:09:33.0383 5464 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
14:09:33.0383 5464 WebClient - ok
14:09:33.0383 5464 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:09:33.0398 5464 Wecsvc - ok
14:09:33.0398 5464 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:09:33.0398 5464 wercplsupport - ok
14:09:33.0429 5464 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
14:09:33.0429 5464 WerSvc - ok
14:09:33.0445 5464 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:09:33.0445 5464 WfpLwf - ok
14:09:33.0461 5464 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:09:33.0461 5464 WIMMount - ok
14:09:33.0507 5464 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:09:33.0523 5464 WinDefend - ok
14:09:33.0523 5464 WinHttpAutoProxySvc - ok
14:09:33.0570 5464 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:09:33.0570 5464 Winmgmt - ok
14:09:33.0617 5464 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
14:09:33.0632 5464 WinRM - ok
14:09:33.0679 5464 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:09:33.0679 5464 WinUsb - ok
14:09:33.0710 5464 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:09:33.0710 5464 Wlansvc - ok
14:09:33.0710 5464 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:09:33.0726 5464 WmiAcpi - ok
14:09:33.0726 5464 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:09:33.0726 5464 wmiApSrv - ok
14:09:33.0757 5464 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:09:33.0773 5464 WMPNetworkSvc - ok
14:09:33.0773 5464 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:09:33.0788 5464 WPCSvc - ok
14:09:33.0788 5464 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:09:33.0804 5464 WPDBusEnum - ok
14:09:33.0804 5464 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:09:33.0804 5464 ws2ifsl - ok
14:09:33.0819 5464 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
14:09:33.0819 5464 wscsvc - ok
14:09:33.0819 5464 WSearch - ok
14:09:33.0866 5464 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:09:33.0882 5464 wuauserv - ok
14:09:33.0897 5464 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:09:33.0897 5464 WudfPf - ok
14:09:33.0913 5464 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:09:33.0913 5464 WUDFRd - ok
14:09:33.0944 5464 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:09:33.0960 5464 wudfsvc - ok
14:09:33.0960 5464 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:09:33.0975 5464 WwanSvc - ok
14:09:33.0991 5464 ================ Scan global ===============================
14:09:34.0007 5464 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
14:09:34.0038 5464 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
14:09:34.0053 5464 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
14:09:34.0085 5464 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:09:34.0116 5464 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:09:34.0131 5464 [Global] - ok
14:09:34.0131 5464 ================ Scan MBR ==================================
14:09:34.0131 5464 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:09:34.0303 5464 \Device\Harddisk0\DR0 - ok
14:09:34.0303 5464 ================ Scan VBR ==================================
14:09:34.0303 5464 [ 76E22815DFF5CAD8E5EC7B952B8B4B67 ] \Device\Harddisk0\DR0\Partition1
14:09:34.0303 5464 \Device\Harddisk0\DR0\Partition1 - ok
14:09:34.0319 5464 [ A5AF4A40D8EB9826479369E910265E5E ] \Device\Harddisk0\DR0\Partition2
14:09:34.0319 5464 \Device\Harddisk0\DR0\Partition2 - ok
14:09:34.0319 5464 ============================================================
14:09:34.0319 5464 Scan finished
14:09:34.0319 5464 ============================================================
14:09:34.0319 2880 Detected object count: 0
14:09:34.0319 2880 Actual detected object count: 0
14:10:14.0036 5880 Deinitialize success
DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by dennis at 14:12:14 on 2012-12-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2986.1939 [GMT 1:00]
.
AV: AVG Anti-Virus Business Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Business Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Anti-Virus Business Edition 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://companyweb
uDefault_Page_URL = hxxp://companyweb
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
uRun: [Google Update] "c:\users\admin\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
StartupFolder: c:\users\dennis\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\dennis\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: RunStartupScriptSync = dword:1
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.3
TCP: Interfaces\{5D3C4825-9DA9-4B0C-95D4-B14267806D3B} : DHCPNameServer = 192.168.2.3
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dennis\appdata\roaming\mozilla\firefox\profiles\p2cqdlyb.default\
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B66d283b7-5dd6-414d-8985-971b212cfe14%7D&mid=92b6aa012ba047d0bdecd16d67da52b8-8613a99b651cb6bf1e9a9a2f99e53dba618ff9af&ds=AVG&v=12.2.0.5&lang=de&pr=pr&d=2012-09-03%2010%3A36%3A06&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\users\admin\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-11-29 11:23; FFPDFArchitectConverter@pdfarchitect.com; c:\program files\pdf architect\FFPDFArchitectExt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 26984]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-9 711112]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-8-31 552080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 GE;GE;c:\users\dennis\appdata\local\temp\GE.exe [2012-12-20 383872]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-25 14848]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-25 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-10-25 27136]
.
=============== Created Last 30 ================
.
2012-12-21 12:51:14 -------- d-----w- c:\users\dennis\appdata\local\AVG Secure Search
2012-12-21 12:50:35 -------- d-----w- c:\users\dennis\appdata\local\Adobe
2012-12-21 12:50:14 -------- d-----w- c:\users\dennis\appdata\local\VirtualStore
2012-12-12 12:08:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 12:07:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-12 12:07:37 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-06 09:52:12 18944 ----a-w- c:\windows\system32\netevent.dll
2012-12-06 09:52:11 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-12-06 09:52:11 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-12-06 09:52:10 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-12-06 09:52:10 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-12-06 09:52:10 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-12-06 09:52:10 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-12-06 09:52:10 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-12-06 09:52:02 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-06 09:52:02 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-06 09:52:02 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-06 09:51:51 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-06 09:51:51 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-06 09:51:51 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-06 09:51:51 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-06 09:51:51 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-06 09:51:51 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-06 09:51:51 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-06 09:51:32 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-12-06 09:51:32 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-23 11:00:02 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-11-23 11:00:02 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-11-23 11:00:02 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
.
==================== Find3M ====================
.
2012-12-12 10:29:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 10:29:34 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 08:24:00 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-09-25 22:47:43 78336 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 22:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 14:12:20,22 ===============
--- --- --- Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 31.08.2012 16:52:20
System Uptime: 21.12.2012 13:47:55 (1 hours ago)
.
Motherboard: MSI | | H61M-E33 (MS-7680)
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz | SOCKET 0 | 3100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 894,431 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
H: is Removable
I: is Removable
Z: is NetworkDisk (NTFS) - 808 GiB total, 427,595 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: SM-Bus-Controller
Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_76801462&REV_05\3&11583659&0&FB
Manufacturer:
Name: SM-Bus-Controller
PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_76801462&REV_05\3&11583659&0&FB
Service:
.
==== System Restore Points ===================
.
RP34: 23.10.2012 10:35:51 - Windows Update
RP35: 25.10.2012 18:24:47 - Windows Update
RP36: 31.10.2012 16:35:49 - Installed Java 7 Update 9
RP37: 08.11.2012 09:51:30 - Geplanter Prüfpunkt
RP38: 14.11.2012 16:55:46 - Windows Update
RP39: 23.11.2012 11:20:09 - Geplanter Prüfpunkt
RP40: 06.12.2012 10:50:58 - Windows Update
RP41: 12.12.2012 13:07:07 - Windows Update
RP42: 20.12.2012 10:25:25 - Geplanter Prüfpunkt
.
==== Installed Programs ======================
.
2007 Microsoft Office system
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4) - Deutsch
AutoCAD Architecture 2008 - Deutsch
Autodesk DWF Viewer 7
AVG 2012
AVG Security Toolbar
BDE
Dropbox
FastStone Image Viewer 4.6
Google Chrome
Java 7 Update 9
Java Auto Updater
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 17.0 (x86 en-US)
Mozilla Maintenance Service
Paint.NET v3.5.10
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
VBA (2627.01)
VBA (2701.01)
Windows Small Business Server 2011 Standard ClientAgent
Windows Small Business Server 2011 Standard WMI Provider
.
==== End Of File ===========================
|
|
21.12.2012, 14:17
| #10 | ||
| /// TB-Ausbilder | Viren Rescue CDs starten nicht Das sieht prizipiell erstmal gut aus .... wir schauen tiefer: Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.12.2012, 14:53
| #11 |
| | Viren Rescue CDs starten nicht So, hat etwas Länger gedauert. Der Scan selber war in 5 min durch. Danach hat sich folgendes abgespielt: - Reg Fehler, wie von dir beschrieben. - Neustart - Explorer absturz nach Anmeldung -> Desktop Hintergrund ohne Icons, Leiste, etc. - Per Strg-Alt-Entf versucht in den Taskmanager zu kommen - Fehlermeldung als Windows Fenster: Fehler beim Anzeigen der Sicherheits- und Herunterfahroptionen - Per Strg-Alt-Entf konnte ich dann doch zu den Optionen Taskmanager, Herunterfahren, etc. , aber beim mouseover kam direkt wieder die vorherige Fehlermeldung - Einzige Option per Knopf den rechner auszustellen. - Nun scheint alles wieder zu laufen. Code:
ATTFilter ComboFix 12-12-20.02 - dennis 21.12.2012 14:34:45.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2986.1986 [GMT 1:00]
ausgeführt von:: c:\users\dennis\Desktop\ComboFix.exe
AV: AVG Anti-Virus Business Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Anti-Virus Business Edition 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Anti-Virus Business Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-21 bis 2012-12-21 ))))))))))))))))))))))))))))))
.
.
2012-12-21 13:37 . 2012-12-21 13:37 -------- d-----w- c:\users\Marc\AppData\Local\temp
2012-12-21 13:30 . 2012-12-21 13:30 -------- d-----w- c:\users\dennis\AppData\Local\Mozilla
2012-12-21 13:11 . 2012-12-21 13:11 -------- d-----w- c:\users\Admin
2012-12-21 12:51 . 2012-12-21 12:51 -------- d-----w- c:\users\dennis\AppData\Local\AVG Secure Search
2012-12-21 12:50 . 2012-12-21 12:50 -------- d-----w- c:\users\dennis\AppData\Local\Adobe
2012-12-21 12:50 . 2012-12-21 12:50 -------- d-----w- c:\users\dennis\AppData\Local\VirtualStore
2012-12-20 07:55 . 2012-12-20 07:55 -------- d-----w- c:\users\bernd.WERKUNDSTADT\Pavark
2012-12-12 12:07 . 2012-11-05 20:32 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 12:07 . 2012-11-05 20:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-06 09:52 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-12-06 09:52 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-12-06 09:52 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-12-06 09:52 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-12-06 09:52 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-12-06 09:52 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-12-06 09:52 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-12-06 09:52 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-12-06 09:52 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-06 09:52 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-06 09:52 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-06 09:51 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-06 09:51 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-06 09:51 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-06 09:51 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-06 09:51 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-06 09:51 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-06 09:51 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-06 09:51 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-12-06 09:51 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-23 11:00 . 2012-11-20 06:17 262112 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-11-23 11:00 . 2012-11-20 06:17 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-11-23 11:00 . 2012-11-20 06:17 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 10:29 . 2012-09-03 08:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 10:29 . 2012-09-03 08:42 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-09 08:24 . 2012-09-03 08:50 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-16 07:39 . 2012-12-06 09:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-25 22:47 . 2012-11-14 15:56 78336 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 22:16 . 2012-10-31 15:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-20 06:17 . 2012-11-23 11:00 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 08:24 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 144664]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 180504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 187672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-09 997320]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-09-03 1020512]
.
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 29425864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 GE;GE;c:\users\dennis\AppData\Local\Temp\GE.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 49019598
*NewlyCreated* - ASWMBR
*Deregistered* - 49019598
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 10:29]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3442277792-212687190-552775382-1155Core1cd94282ac7c202.job
- c:\users\bernd.WERKUNDSTADT\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 14:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://companyweb
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.3
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\p2cqdlyb.default\
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B66d283b7-5dd6-414d-8985-971b212cfe14%7D&mid=92b6aa012ba047d0bdecd16d67da52b8-8613a99b651cb6bf1e9a9a2f99e53dba618ff9af&ds=AVG&v=12.2.0.5&lang=de&pr=pr&d=2012-09-03%2010%3A36%3A06&sap=ku&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Dropbox - c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
AddRemove-Google Chrome - c:\users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.97\Installer\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-21 14:38:48
ComboFix-quarantined-files.txt 2012-12-21 13:38
.
Vor Suchlauf: 6 Verzeichnis(se), 960.296.292.352 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 960.760.422.400 Bytes frei
.
- - End Of File - - C28AC79F357E010DE452B74974D28791
|
|
21.12.2012, 15:07
| #12 | |
| /// TB-Ausbilder | Viren Rescue CDs starten nicht So, da haben wir auch schon was verdächtiges Zitat:
Bitte nichts selbst unternehmen!
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.12.2012, 15:11
| #13 |
| | Viren Rescue CDs starten nicht Ist mir nicht bekannt und kann gelöscht werden. Ist es möglich, dass diese Datei auch im Temp Ordner anderer Profile gespeichert ist? Bin ja derzeit auf Bernd's Rechner mit meinem Profil eingeloggt. Als Info: Auf meinem Rechner ist diese Datei nicht abgelegt, nur als Info. Geändert von xxnorritt (21.12.2012 um 15:17 Uhr) |
|
21.12.2012, 15:15
| #14 | ||
| /// TB-Ausbilder | Viren Rescue CDs starten nicht Die machen wir eh gleich platt  Also dann ... Schritt 1: Combofix-Skript
Schritt 2: Upload zur Analyse bei Trojaner-Board
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.12.2012, 15:38
| #15 |
| | Viren Rescue CDs starten nicht Nun scheint die GE.exe beseitigt zu sein. Super. Beim Ausführen vom ComboFix gab es einen automatischen Neustart, danach hat ComboFix zu Ende gewerkelt. Darauf kam beim starten des Browers wieder eine Fehlermeldung bezüglich der Registrierung. Code:
ATTFilter ComboFix 12-12-20.02 - dennis 21.12.2012 15:25:59.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2986.2062 [GMT 1:00]
ausgeführt von:: c:\users\dennis\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\dennis\Desktop\CFScript.txt
AV: AVG Anti-Virus Business Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Anti-Virus Business Edition 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Anti-Virus Business Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\dennis\AppData\Local\Temp\GE.exe"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_GE
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-21 bis 2012-12-21 ))))))))))))))))))))))))))))))
.
.
2012-12-21 14:28 . 2012-12-21 14:28 -------- d-----w- c:\users\Marc\AppData\Local\temp
2012-12-21 14:28 . 2012-12-21 14:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-21 14:28 . 2012-12-21 14:28 -------- d-----w- c:\users\bernd\AppData\Local\temp
2012-12-21 14:28 . 2012-12-21 14:28 -------- d-----w- c:\users\bernd.WERKUNDSTADT\AppData\Local\temp
2012-12-21 13:30 . 2012-12-21 13:30 -------- d-----w- c:\users\dennis\AppData\Local\Mozilla
2012-12-21 13:11 . 2012-12-21 13:11 -------- d-----w- c:\users\Admin
2012-12-21 12:51 . 2012-12-21 12:51 -------- d-----w- c:\users\dennis\AppData\Local\AVG Secure Search
2012-12-21 12:50 . 2012-12-21 12:50 -------- d-----w- c:\users\dennis\AppData\Local\Adobe
2012-12-21 12:50 . 2012-12-21 12:50 -------- d-----w- c:\users\dennis\AppData\Local\VirtualStore
2012-12-20 07:55 . 2012-12-20 07:55 -------- d-----w- c:\users\bernd.WERKUNDSTADT\Pavark
2012-12-12 12:07 . 2012-11-05 20:32 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 12:07 . 2012-11-05 20:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-06 09:52 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-12-06 09:52 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-12-06 09:52 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-12-06 09:52 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-12-06 09:52 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-12-06 09:52 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-12-06 09:52 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-12-06 09:52 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-12-06 09:52 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-06 09:52 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-06 09:52 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-06 09:51 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-06 09:51 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-06 09:51 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-06 09:51 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-06 09:51 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-06 09:51 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-06 09:51 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-06 09:51 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-12-06 09:51 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-23 11:00 . 2012-11-20 06:17 262112 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-11-23 11:00 . 2012-11-20 06:17 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-11-23 11:00 . 2012-11-20 06:17 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 10:29 . 2012-09-03 08:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 10:29 . 2012-09-03 08:42 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-09 08:24 . 2012-09-03 08:50 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-16 07:39 . 2012-12-06 09:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-25 22:47 . 2012-11-14 15:56 78336 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 22:16 . 2012-10-31 15:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-20 06:17 . 2012-11-23 11:00 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 08:24 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 144664]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 180504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 187672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-09 997320]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-09-03 1020512]
.
c:\users\dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 29425864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 10:29]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3442277792-212687190-552775382-1155Core1cd94282ac7c202.job
- c:\users\bernd.WERKUNDSTADT\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 14:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://companyweb
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.3
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\p2cqdlyb.default\
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B66d283b7-5dd6-414d-8985-971b212cfe14%7D&mid=92b6aa012ba047d0bdecd16d67da52b8-8613a99b651cb6bf1e9a9a2f99e53dba618ff9af&ds=AVG&v=12.2.0.5&lang=de&pr=pr&d=2012-09-03%2010%3A36%3A06&sap=ku&q=
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-21 15:31:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-21 14:31
ComboFix2.txt 2012-12-21 13:38
.
Vor Suchlauf: 10 Verzeichnis(se), 960.610.476.032 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 960.434.151.424 Bytes frei
.
- - End Of File - - 935DCEC35E9DDB2EBC81D8566BFE4881
|
|
| Themen zu Viren Rescue CDs starten nicht |
| .dll, antivir, avg, bildschirm, bitdefender, defender, driver./avg, fehler, folge, gmer, harddisk, logfile, monitor, msiexec.exe, rescue cd, rootkit, scan, starten, starten nicht, stimmen, system, system32, tcp, temp, udp, update, verbindung, viren |
