Trojaner nach malwarescan

NoeKat · 11.03.2013, 09:41

Hallo,
ich schätze ich habe ein änliches Problem wie andere, die eine verseuchte groupon Email geöffnet haben.

Jetzt habe ich 4 befunde von Trojanern, allerding habe ich leider keine Ahnung wie ich diese entfernen kann. Da ich total blutiger Anfänger in der Materie bin, waren für mich änliche Anleitungen zur Entfernung noch nicht so ganz zu durchschauen.

Ich habe jetzt einen Malewarescan durchgeführt und folgenden Report bekommen:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.11.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Katha :: KATHAS [Administrator]

11.03.2013 09:18:08
mbam-log-2013-03-11 (09-18-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206993
Laufzeit: 5 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Katha\AppData\Roaming\Vuenyq\kyys.exe (Trojan.Agent.MU) -> 3624 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Zuylu (Trojan.Agent.MU) -> Daten: C:\Users\Katha\AppData\Roaming\Vuenyq\kyys.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00843628.exe (Trojan.Agent.KBGen) -> Daten: "C:\Users\Katha\AppData\Roaming\KB00843628.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Katha\AppData\Roaming\Vuenyq\kyys.exe (Trojan.Agent.MU) -> Löschen bei Neustart.

(Ende)

Ich würde mich sehr freuen und wäre sehr dankbar, wenn mir jemand weiterhelfen könnte, da ich mich mit dem weiteren Vorgehen nicht auskenne. Falls eine Anleitung schon besteht, der ich genau folgen kann wäre dies vielleicht auch schonmal hilfreich.
Vielen Dank schon im Vorraus für die Mühen!

Viele Grüße.
Katharina

Chris4You · 11.03.2013, 11:21

Hallo,

MAM updaten und FULLSCAN laufen lassen, Log posten...

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten...

chris
Ps: Bin morgen leider den ganzen Tag unterwegs....

NoeKat · 12.03.2013, 09:45

Hallo,

vielen Dank für deine Antwort und deine Hilfe!
Ich habe den Fullscan von Malwarebytes durchgeführt und es wurde aber nichts mehr gefunden. Ist der Virus dann schon entfernt?
Ich habe die anderen Schritt auch durchgeführt und alle logs sind im Anhang. der Report von TSSDKiller ist folgender:

09:34:50.0799 1912 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:34:50.0988 1912 ============================================================
09:34:50.0988 1912 Current date / time: 2013/03/12 09:34:50.0988
09:34:50.0988 1912 SystemInfo:
09:34:50.0988 1912
09:34:50.0988 1912 OS Version: 6.1.7601 ServicePack: 1.0
09:34:50.0988 1912 Product type: Workstation
09:34:50.0989 1912 ComputerName: KATHAS
09:34:50.0989 1912 UserName: Katha
09:34:50.0989 1912 Windows directory: C:\Windows
09:34:50.0989 1912 System windows directory: C:\Windows
09:34:50.0989 1912 Running under WOW64
09:34:50.0989 1912 Processor architecture: Intel x64
09:34:50.0989 1912 Number of processors: 2
09:34:50.0989 1912 Page size: 0x1000
09:34:50.0989 1912 Boot type: Normal boot
09:34:50.0989 1912 ============================================================
09:34:51.0967 1912 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:34:51.0979 1912 ============================================================
09:34:51.0979 1912 \Device\Harddisk0\DR0:
09:34:51.0979 1912 MBR partitions:
09:34:51.0979 1912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:34:51.0979 1912 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
09:34:51.0979 1912 ============================================================
09:34:52.0006 1912 C: <-> \Device\Harddisk0\DR0\Partition2
09:34:52.0006 1912 ============================================================
09:34:52.0006 1912 Initialize success
09:34:52.0006 1912 ============================================================
09:35:37.0076 1760 ============================================================
09:35:37.0076 1760 Scan started
09:35:37.0076 1760 Mode: Manual; SigCheck; TDLFS;
09:35:37.0076 1760 ============================================================
09:35:37.0628 1760 ================ Scan services =============================
09:35:37.0791 1760 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
09:35:37.0898 1760 1394ohci - ok
09:35:37.0929 1760 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:35:37.0950 1760 ACPI - ok
09:35:37.0976 1760 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:35:38.0049 1760 AcpiPmi - ok
09:35:38.0119 1760 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
09:35:38.0148 1760 acsock - ok
09:35:38.0259 1760 [ D22791FCF6AD10A5591C719C37457A24 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
09:35:38.0306 1760 Ad-Aware Service - ok
09:35:38.0419 1760 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:35:38.0439 1760 AdobeARMservice - ok
09:35:38.0493 1760 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:35:38.0523 1760 adp94xx - ok
09:35:38.0558 1760 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:35:38.0578 1760 adpahci - ok
09:35:38.0603 1760 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:35:38.0619 1760 adpu320 - ok
09:35:38.0650 1760 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:35:38.0806 1760 AeLookupSvc - ok
09:35:38.0938 1760 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
09:35:38.0998 1760 AESTFilters - ok
09:35:39.0073 1760 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:35:39.0136 1760 AFD - ok
09:35:39.0178 1760 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:35:39.0196 1760 agp440 - ok
09:35:39.0228 1760 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:35:39.0263 1760 ALG - ok
09:35:39.0291 1760 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:35:39.0305 1760 aliide - ok
09:35:39.0360 1760 [ 9A5495EDEBE7D6B3F7E9A86EBE5EA248 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:35:39.0436 1760 AMD External Events Utility - ok
09:35:39.0452 1760 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:35:39.0469 1760 amdide - ok
09:35:39.0502 1760 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:35:39.0536 1760 AmdK8 - ok
09:35:39.0552 1760 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
09:35:39.0597 1760 AmdPPM - ok
09:35:39.0621 1760 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:35:39.0636 1760 amdsata - ok
09:35:39.0664 1760 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:35:39.0680 1760 amdsbs - ok
09:35:39.0696 1760 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:35:39.0710 1760 amdxata - ok
09:35:39.0797 1760 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
09:35:39.0819 1760 AntiVirSchedulerService - ok
09:35:39.0830 1760 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
09:35:39.0849 1760 AntiVirService - ok
09:35:39.0881 1760 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:35:40.0066 1760 AppID - ok
09:35:40.0096 1760 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:35:40.0162 1760 AppIDSvc - ok
09:35:40.0184 1760 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:35:40.0252 1760 Appinfo - ok
09:35:40.0318 1760 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:35:40.0330 1760 Apple Mobile Device - ok
09:35:40.0352 1760 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:35:40.0382 1760 AppMgmt - ok
09:35:40.0432 1760 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
09:35:40.0455 1760 arc - ok
09:35:40.0478 1760 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:35:40.0496 1760 arcsas - ok
09:35:40.0532 1760 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:35:40.0588 1760 AsyncMac - ok
09:35:40.0602 1760 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:35:40.0615 1760 atapi - ok
09:35:40.0687 1760 [ 96ABF88241F90FF647E55C934C55C2F1 ] athr C:\Windows\system32\DRIVERS\athrx.sys
09:35:40.0805 1760 athr ( UnsignedFile.Multi.Generic ) - warning
09:35:40.0805 1760 athr - detected UnsignedFile.Multi.Generic (1)
09:35:40.0860 1760 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
09:35:40.0872 1760 AtiHdmiService - ok
09:35:41.0053 1760 [ A08339AE90972E268B9622C668F450E8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:35:41.0270 1760 atikmdag - ok
09:35:41.0325 1760 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:35:41.0389 1760 AudioEndpointBuilder - ok
09:35:41.0411 1760 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:35:41.0456 1760 AudioSrv - ok
09:35:41.0480 1760 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
09:35:41.0493 1760 avgntflt - ok
09:35:41.0520 1760 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
09:35:41.0533 1760 avipbb - ok
09:35:41.0549 1760 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
09:35:41.0560 1760 avkmgr - ok
09:35:41.0588 1760 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:35:41.0661 1760 AxInstSV - ok
09:35:41.0709 1760 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:35:41.0758 1760 b06bdrv - ok
09:35:41.0802 1760 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:35:41.0839 1760 b57nd60a - ok
09:35:41.0862 1760 BCM42RLY - ok
09:35:41.0976 1760 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
09:35:42.0084 1760 BCM43XX - ok
09:35:42.0126 1760 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:35:42.0153 1760 BDESVC - ok
09:35:42.0174 1760 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:35:42.0213 1760 Beep - ok
09:35:42.0267 1760 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:35:42.0358 1760 BFE - ok
09:35:42.0409 1760 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:35:42.0501 1760 BITS - ok
09:35:42.0535 1760 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:35:42.0567 1760 blbdrive - ok
09:35:42.0661 1760 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:35:42.0688 1760 Bonjour Service - ok
09:35:42.0714 1760 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:35:42.0743 1760 bowser - ok
09:35:42.0775 1760 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:35:42.0799 1760 BrFiltLo - ok
09:35:42.0813 1760 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:35:42.0830 1760 BrFiltUp - ok
09:35:42.0873 1760 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:35:42.0889 1760 Browser - ok
09:35:42.0913 1760 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:35:42.0956 1760 Brserid - ok
09:35:42.0970 1760 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:35:42.0998 1760 BrSerWdm - ok
09:35:43.0032 1760 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:35:43.0055 1760 BrUsbMdm - ok
09:35:43.0061 1760 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:35:43.0089 1760 BrUsbSer - ok
09:35:43.0109 1760 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:35:43.0138 1760 BTHMODEM - ok
09:35:43.0183 1760 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:35:43.0232 1760 bthserv - ok
09:35:43.0246 1760 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:35:43.0297 1760 cdfs - ok
09:35:43.0354 1760 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:35:43.0381 1760 cdrom - ok
09:35:43.0404 1760 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:35:43.0464 1760 CertPropSvc - ok
09:35:43.0486 1760 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
09:35:43.0519 1760 circlass - ok
09:35:43.0548 1760 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:35:43.0569 1760 CLFS - ok
09:35:43.0668 1760 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:35:43.0691 1760 clr_optimization_v2.0.50727_32 - ok
09:35:43.0732 1760 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:35:43.0752 1760 clr_optimization_v2.0.50727_64 - ok
09:35:43.0808 1760 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:35:43.0830 1760 clr_optimization_v4.0.30319_32 - ok
09:35:43.0872 1760 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:35:43.0885 1760 clr_optimization_v4.0.30319_64 - ok
09:35:43.0924 1760 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:35:43.0954 1760 CmBatt - ok
09:35:43.0976 1760 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:35:43.0990 1760 cmdide - ok
09:35:44.0029 1760 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:35:44.0058 1760 CNG - ok
09:35:44.0078 1760 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:35:44.0091 1760 Compbatt - ok
09:35:44.0128 1760 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:35:44.0162 1760 CompositeBus - ok
09:35:44.0175 1760 COMSysApp - ok
09:35:44.0188 1760 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:35:44.0202 1760 crcdisk - ok
09:35:44.0246 1760 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:35:44.0284 1760 CryptSvc - ok
09:35:44.0314 1760 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
09:35:44.0361 1760 CSC - ok
09:35:44.0393 1760 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
09:35:44.0448 1760 CscService - ok
09:35:44.0483 1760 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:35:44.0553 1760 DcomLaunch - ok
09:35:44.0597 1760 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:35:44.0650 1760 defragsvc - ok
09:35:44.0676 1760 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:35:44.0723 1760 DfsC - ok
09:35:44.0758 1760 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:35:44.0802 1760 Dhcp - ok
09:35:44.0822 1760 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:35:44.0869 1760 discache - ok
09:35:44.0893 1760 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
09:35:44.0907 1760 Disk - ok
09:35:44.0921 1760 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
09:35:44.0962 1760 dmvsc - ok
09:35:44.0986 1760 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:35:45.0020 1760 Dnscache - ok
09:35:45.0042 1760 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:35:45.0091 1760 dot3svc - ok
09:35:45.0116 1760 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:35:45.0171 1760 DPS - ok
09:35:45.0199 1760 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:35:45.0231 1760 drmkaud - ok
09:35:45.0285 1760 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:35:45.0347 1760 DXGKrnl - ok
09:35:45.0373 1760 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:35:45.0423 1760 EapHost - ok
09:35:45.0533 1760 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:35:45.0669 1760 ebdrv - ok
09:35:45.0714 1760 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:35:45.0753 1760 EFS - ok
09:35:45.0822 1760 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:35:45.0871 1760 ehRecvr - ok
09:35:45.0894 1760 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:35:45.0918 1760 ehSched - ok
09:35:45.0979 1760 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:35:46.0020 1760 elxstor - ok
09:35:46.0033 1760 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:35:46.0060 1760 ErrDev - ok
09:35:46.0112 1760 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:35:46.0176 1760 EventSystem - ok
09:35:46.0191 1760 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:35:46.0232 1760 exfat - ok
09:35:46.0257 1760 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:35:46.0312 1760 fastfat - ok
09:35:46.0347 1760 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:35:46.0390 1760 Fax - ok
09:35:46.0408 1760 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
09:35:46.0435 1760 fdc - ok
09:35:46.0454 1760 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:35:46.0493 1760 fdPHost - ok
09:35:46.0506 1760 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:35:46.0562 1760 FDResPub - ok
09:35:46.0604 1760 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:35:46.0618 1760 FileInfo - ok
09:35:46.0641 1760 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:35:46.0696 1760 Filetrace - ok
09:35:46.0763 1760 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:35:46.0805 1760 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
09:35:46.0805 1760 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
09:35:46.0825 1760 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:35:46.0842 1760 flpydisk - ok
09:35:46.0865 1760 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:35:46.0883 1760 FltMgr - ok
09:35:46.0957 1760 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
09:35:47.0022 1760 FontCache - ok
09:35:47.0067 1760 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:35:47.0078 1760 FontCache3.0.0.0 - ok
09:35:47.0110 1760 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:35:47.0124 1760 FsDepends - ok
09:35:47.0167 1760 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:35:47.0190 1760 Fs_Rec - ok
09:35:47.0223 1760 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:35:47.0245 1760 fvevol - ok
09:35:47.0277 1760 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:35:47.0291 1760 gagp30kx - ok
09:35:47.0333 1760 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:35:47.0343 1760 GEARAspiWDM - ok
09:35:47.0400 1760 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\Windows\system32\drivers\gfibto.sys
09:35:47.0417 1760 gfibto - ok
09:35:47.0492 1760 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:35:47.0571 1760 gpsvc - ok
09:35:47.0664 1760 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:35:47.0684 1760 gupdate - ok
09:35:47.0691 1760 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:35:47.0708 1760 gupdatem - ok
09:35:47.0740 1760 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:35:47.0770 1760 hcw85cir - ok
09:35:47.0800 1760 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:35:47.0836 1760 HdAudAddService - ok
09:35:47.0861 1760 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:35:47.0890 1760 HDAudBus - ok
09:35:47.0908 1760 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:35:47.0930 1760 HidBatt - ok
09:35:47.0944 1760 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:35:47.0968 1760 HidBth - ok
09:35:47.0992 1760 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
09:35:48.0010 1760 HidIr - ok
09:35:48.0042 1760 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:35:48.0097 1760 hidserv - ok
09:35:48.0115 1760 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:35:48.0130 1760 HidUsb - ok
09:35:48.0144 1760 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:35:48.0197 1760 hkmsvc - ok
09:35:48.0213 1760 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:35:48.0231 1760 HomeGroupListener - ok
09:35:48.0264 1760 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:35:48.0295 1760 HomeGroupProvider - ok
09:35:48.0333 1760 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:35:48.0348 1760 HpSAMD - ok
09:35:48.0385 1760 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:35:48.0458 1760 HTTP - ok
09:35:48.0474 1760 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:35:48.0488 1760 hwpolicy - ok
09:35:48.0515 1760 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:35:48.0531 1760 i8042prt - ok
09:35:48.0557 1760 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:35:48.0578 1760 iaStorV - ok
09:35:48.0633 1760 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:35:48.0670 1760 idsvc - ok
09:35:48.0867 1760 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:35:49.0092 1760 igfx - ok
09:35:49.0110 1760 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:35:49.0124 1760 iirsp - ok
09:35:49.0168 1760 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:35:49.0240 1760 IKEEXT - ok
09:35:49.0265 1760 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:35:49.0278 1760 intelide - ok
09:35:49.0302 1760 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:35:49.0325 1760 intelppm - ok
09:35:49.0346 1760 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:35:49.0399 1760 IPBusEnum - ok
09:35:49.0414 1760 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:35:49.0452 1760 IpFilterDriver - ok
09:35:49.0495 1760 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:35:49.0556 1760 iphlpsvc - ok
09:35:49.0575 1760 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:35:49.0599 1760 IPMIDRV - ok
09:35:49.0616 1760 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:35:49.0671 1760 IPNAT - ok
09:35:49.0737 1760 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:35:49.0795 1760 iPod Service - ok
09:35:49.0814 1760 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:35:49.0849 1760 IRENUM - ok
09:35:49.0864 1760 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:35:49.0878 1760 isapnp - ok
09:35:49.0900 1760 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:35:49.0919 1760 iScsiPrt - ok
09:35:49.0972 1760 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
09:35:50.0001 1760 k57nd60a - ok
09:35:50.0034 1760 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:35:50.0048 1760 kbdclass - ok
09:35:50.0078 1760 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:35:50.0106 1760 kbdhid - ok
09:35:50.0118 1760 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:35:50.0133 1760 KeyIso - ok
09:35:50.0174 1760 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:35:50.0188 1760 KSecDD - ok
09:35:50.0205 1760 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:35:50.0220 1760 KSecPkg - ok
09:35:50.0233 1760 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:35:50.0282 1760 ksthunk - ok
09:35:50.0313 1760 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:35:50.0372 1760 KtmRm - ok
09:35:50.0403 1760 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:35:50.0481 1760 LanmanServer - ok
09:35:50.0502 1760 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:35:50.0552 1760 LanmanWorkstation - ok
09:35:50.0585 1760 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:35:50.0637 1760 lltdio - ok
09:35:50.0669 1760 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:35:50.0720 1760 lltdsvc - ok
09:35:50.0750 1760 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:35:50.0798 1760 lmhosts - ok
09:35:50.0837 1760 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:35:50.0852 1760 LSI_FC - ok
09:35:50.0870 1760 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:35:50.0885 1760 LSI_SAS - ok
09:35:50.0899 1760 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:35:50.0914 1760 LSI_SAS2 - ok
09:35:50.0934 1760 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:35:50.0950 1760 LSI_SCSI - ok
09:35:50.0965 1760 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:35:51.0017 1760 luafv - ok
09:35:51.0035 1760 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:35:51.0067 1760 Mcx2Svc - ok
09:35:51.0080 1760 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
09:35:51.0095 1760 megasas - ok
09:35:51.0113 1760 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:35:51.0132 1760 MegaSR - ok
09:35:51.0205 1760 Microsoft SharePoint Workspace Audit Service - ok
09:35:51.0227 1760 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:35:51.0285 1760 MMCSS - ok
09:35:51.0310 1760 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:35:51.0365 1760 Modem - ok
09:35:51.0424 1760 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:35:51.0452 1760 monitor - ok
09:35:51.0493 1760 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:35:51.0507 1760 mouclass - ok
09:35:51.0550 1760 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:35:51.0582 1760 mouhid - ok
09:35:51.0596 1760 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:35:51.0613 1760 mountmgr - ok
09:35:51.0636 1760 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:35:51.0653 1760 mpio - ok
09:35:51.0675 1760 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:35:51.0714 1760 mpsdrv - ok
09:35:51.0757 1760 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:35:51.0816 1760 MpsSvc - ok
09:35:51.0836 1760 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:35:51.0864 1760 MRxDAV - ok
09:35:51.0884 1760 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:35:51.0921 1760 mrxsmb - ok
09:35:51.0944 1760 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:35:51.0977 1760 mrxsmb10 - ok
09:35:51.0992 1760 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:35:52.0006 1760 mrxsmb20 - ok
09:35:52.0015 1760 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:35:52.0032 1760 msahci - ok
09:35:52.0052 1760 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:35:52.0067 1760 msdsm - ok
09:35:52.0088 1760 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:35:52.0114 1760 MSDTC - ok
09:35:52.0144 1760 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:35:52.0183 1760 Msfs - ok
09:35:52.0208 1760 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:35:52.0261 1760 mshidkmdf - ok
09:35:52.0280 1760 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:35:52.0294 1760 msisadrv - ok
09:35:52.0330 1760 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:35:52.0370 1760 MSiSCSI - ok
09:35:52.0376 1760 msiserver - ok
09:35:52.0411 1760 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:35:52.0457 1760 MSKSSRV - ok
09:35:52.0465 1760 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:35:52.0514 1760 MSPCLOCK - ok
09:35:52.0520 1760 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:35:52.0572 1760 MSPQM - ok
09:35:52.0594 1760 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:35:52.0614 1760 MsRPC - ok
09:35:52.0636 1760 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:35:52.0650 1760 mssmbios - ok
09:35:52.0666 1760 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:35:52.0711 1760 MSTEE - ok
09:35:52.0716 1760 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:35:52.0732 1760 MTConfig - ok
09:35:52.0754 1760 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:35:52.0768 1760 Mup - ok
09:35:52.0802 1760 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:35:52.0860 1760 napagent - ok
09:35:52.0918 1760 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:35:52.0966 1760 NativeWifiP - ok
09:35:53.0026 1760 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:35:53.0087 1760 NDIS - ok
09:35:53.0107 1760 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:35:53.0146 1760 NdisCap - ok
09:35:53.0184 1760 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:35:53.0223 1760 NdisTapi - ok
09:35:53.0244 1760 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:35:53.0291 1760 Ndisuio - ok
09:35:53.0313 1760 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:35:53.0362 1760 NdisWan - ok
09:35:53.0381 1760 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:35:53.0420 1760 NDProxy - ok
09:35:53.0441 1760 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:35:53.0492 1760 NetBIOS - ok
09:35:53.0512 1760 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:35:53.0554 1760 NetBT - ok
09:35:53.0564 1760 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:35:53.0579 1760 Netlogon - ok
09:35:53.0623 1760 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:35:53.0683 1760 Netman - ok
09:35:53.0715 1760 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:35:53.0774 1760 netprofm - ok
09:35:53.0802 1760 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:35:53.0824 1760 NetTcpPortSharing - ok
09:35:53.0862 1760 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:35:53.0876 1760 nfrd960 - ok
09:35:53.0916 1760 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:35:53.0963 1760 NlaSvc - ok
09:35:53.0990 1760 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:35:54.0029 1760 Npfs - ok
09:35:54.0058 1760 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:35:54.0096 1760 nsi - ok
09:35:54.0106 1760 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:35:54.0155 1760 nsiproxy - ok
09:35:54.0240 1760 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:35:54.0322 1760 Ntfs - ok
09:35:54.0336 1760 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:35:54.0389 1760 Null - ok
09:35:54.0425 1760 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:35:54.0441 1760 nvraid - ok
09:35:54.0464 1760 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:35:54.0480 1760 nvstor - ok
09:35:54.0510 1760 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:35:54.0525 1760 nv_agp - ok
09:35:54.0547 1760 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:35:54.0575 1760 ohci1394 - ok
09:35:54.0632 1760 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:35:54.0645 1760 ose64 - ok
09:35:54.0824 1760 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:35:54.0997 1760 osppsvc - ok
09:35:55.0108 1760 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:35:55.0151 1760 p2pimsvc - ok
09:35:55.0188 1760 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:35:55.0232 1760 p2psvc - ok
09:35:55.0267 1760 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
09:35:55.0298 1760 Parport - ok
09:35:55.0336 1760 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:35:55.0350 1760 partmgr - ok
09:35:55.0366 1760 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:35:55.0406 1760 PcaSvc - ok
09:35:55.0433 1760 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:35:55.0450 1760 pci - ok
09:35:55.0465 1760 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:35:55.0479 1760 pciide - ok
09:35:55.0496 1760 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:35:55.0512 1760 pcmcia - ok
09:35:55.0533 1760 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:35:55.0547 1760 pcw - ok
09:35:55.0572 1760 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:35:55.0636 1760 PEAUTH - ok
09:35:55.0685 1760 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:35:55.0746 1760 PeerDistSvc - ok
09:35:55.0827 1760 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:35:55.0865 1760 PerfHost - ok
09:35:55.0927 1760 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:35:56.0019 1760 pla - ok
09:35:56.0062 1760 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:35:56.0093 1760 PlugPlay - ok
09:35:56.0104 1760 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:35:56.0132 1760 PNRPAutoReg - ok
09:35:56.0153 1760 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:35:56.0171 1760 PNRPsvc - ok
09:35:56.0207 1760 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:35:56.0263 1760 PolicyAgent - ok
09:35:56.0284 1760 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:35:56.0338 1760 Power - ok
09:35:56.0373 1760 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:35:56.0422 1760 PptpMiniport - ok
09:35:56.0444 1760 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
09:35:56.0473 1760 Processor - ok
09:35:56.0517 1760 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:35:56.0551 1760 ProfSvc - ok
09:35:56.0566 1760 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:35:56.0581 1760 ProtectedStorage - ok
09:35:56.0606 1760 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:35:56.0660 1760 Psched - ok
09:35:56.0727 1760 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
09:35:56.0738 1760 PxHlpa64 - ok
09:35:56.0807 1760 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:35:56.0868 1760 ql2300 - ok
09:35:56.0894 1760 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:35:56.0909 1760 ql40xx - ok
09:35:56.0950 1760 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:35:56.0974 1760 QWAVE - ok
09:35:56.0988 1760 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:35:57.0021 1760 QWAVEdrv - ok
09:35:57.0032 1760 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:35:57.0071 1760 RasAcd - ok
09:35:57.0098 1760 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:35:57.0137 1760 RasAgileVpn - ok
09:35:57.0152 1760 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:35:57.0201 1760 RasAuto - ok
09:35:57.0218 1760 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:35:57.0271 1760 Rasl2tp - ok
09:35:57.0296 1760 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:35:57.0340 1760 RasMan - ok
09:35:57.0362 1760 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:35:57.0411 1760 RasPppoe - ok
09:35:57.0433 1760 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:35:57.0490 1760 RasSstp - ok
09:35:57.0512 1760 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:35:57.0569 1760 rdbss - ok
09:35:57.0600 1760 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:35:57.0641 1760 rdpbus - ok
09:35:57.0664 1760 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:35:57.0716 1760 RDPCDD - ok
09:35:57.0738 1760 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:35:57.0754 1760 RDPDR - ok
09:35:57.0774 1760 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:35:57.0829 1760 RDPENCDD - ok
09:35:57.0846 1760 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:35:57.0885 1760 RDPREFMP - ok
09:35:57.0922 1760 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:35:57.0960 1760 RdpVideoMiniport - ok
09:35:58.0010 1760 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:35:58.0053 1760 RDPWD - ok
09:35:58.0086 1760 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:35:58.0114 1760 rdyboost - ok
09:35:58.0140 1760 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:35:58.0181 1760 RemoteAccess - ok
09:35:58.0208 1760 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:35:58.0263 1760 RemoteRegistry - ok
09:35:58.0307 1760 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
09:35:58.0338 1760 rimmptsk - ok
09:35:58.0369 1760 [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
09:35:58.0409 1760 rimsptsk - ok
09:35:58.0467 1760 [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
09:35:58.0492 1760 rismxdp - ok
09:35:58.0528 1760 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:35:58.0583 1760 RpcEptMapper - ok
09:35:58.0612 1760 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:35:58.0640 1760 RpcLocator - ok
09:35:58.0670 1760 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:35:58.0714 1760 RpcSs - ok
09:35:58.0751 1760 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:35:58.0796 1760 rspndr - ok
09:35:58.0809 1760 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:35:58.0837 1760 s3cap - ok
09:35:58.0856 1760 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:35:58.0871 1760 SamSs - ok
09:35:59.0017 1760 [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
09:35:59.0151 1760 SBAMSvc - ok
09:35:59.0185 1760 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:35:59.0200 1760 sbp2port - ok
09:35:59.0235 1760 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:35:59.0277 1760 SCardSvr - ok
09:35:59.0306 1760 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:35:59.0367 1760 scfilter - ok
09:35:59.0403 1760 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:35:59.0487 1760 Schedule - ok
09:35:59.0525 1760 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:35:59.0574 1760 SCPolicySvc - ok
09:35:59.0612 1760 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
09:35:59.0637 1760 sdbus - ok
09:35:59.0653 1760 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:35:59.0682 1760 SDRSVC - ok
09:35:59.0707 1760 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:35:59.0758 1760 secdrv - ok
09:35:59.0778 1760 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:35:59.0817 1760 seclogon - ok
09:35:59.0830 1760 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:35:59.0871 1760 SENS - ok
09:35:59.0885 1760 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:35:59.0913 1760 SensrSvc - ok
09:35:59.0943 1760 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
09:35:59.0975 1760 Serenum - ok
09:36:00.0005 1760 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
09:36:00.0038 1760 Serial - ok
09:36:00.0057 1760 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:36:00.0084 1760 sermouse - ok
09:36:00.0126 1760 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:36:00.0181 1760 SessionEnv - ok
09:36:00.0194 1760 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
09:36:00.0213 1760 sffdisk - ok
09:36:00.0227 1760 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:36:00.0250 1760 sffp_mmc - ok
09:36:00.0269 1760 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
09:36:00.0292 1760 sffp_sd - ok
09:36:00.0297 1760 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:36:00.0325 1760 sfloppy - ok
09:36:00.0359 1760 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:36:00.0413 1760 SharedAccess - ok
09:36:00.0447 1760 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:36:00.0507 1760 ShellHWDetection - ok
09:36:00.0542 1760 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:36:00.0556 1760 SiSRaid2 - ok
09:36:00.0565 1760 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:36:00.0579 1760 SiSRaid4 - ok
09:36:00.0648 1760 [ 0A0A0183711EFB04F9BCC32BB44471F2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:36:00.0661 1760 SkypeUpdate - ok
09:36:00.0689 1760 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:36:00.0740 1760 Smb - ok
09:36:00.0783 1760 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:36:00.0809 1760 SNMPTRAP - ok
09:36:00.0828 1760 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:36:00.0842 1760 spldr - ok
09:36:00.0894 1760 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:36:00.0916 1760 Spooler - ok
09:36:01.0020 1760 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:36:01.0162 1760 sppsvc - ok
09:36:01.0178 1760 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:36:01.0220 1760 sppuinotify - ok
09:36:01.0250 1760 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:36:01.0293 1760 srv - ok
09:36:01.0326 1760 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:36:01.0362 1760 srv2 - ok
09:36:01.0378 1760 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:36:01.0395 1760 srvnet - ok
09:36:01.0439 1760 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
09:36:01.0466 1760 ssadbus - ok
09:36:01.0508 1760 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
09:36:01.0522 1760 ssadmdfl - ok
09:36:01.0554 1760 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
09:36:01.0579 1760 ssadmdm - ok
09:36:01.0608 1760 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
09:36:01.0620 1760 sscdbus - ok
09:36:01.0675 1760 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
09:36:01.0692 1760 sscdmdfl - ok
09:36:01.0735 1760 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
09:36:01.0756 1760 sscdmdm - ok
09:36:01.0806 1760 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:36:01.0859 1760 SSDPSRV - ok
09:36:01.0876 1760 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:36:01.0917 1760 SstpSvc - ok
09:36:02.0032 1760 [ DA7702025DFD169B909C4DA3126762CC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
09:36:02.0068 1760 STacSV - ok
09:36:02.0087 1760 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:36:02.0101 1760 stexstor - ok
09:36:02.0154 1760 [ CAF5A9708671B14B9670260735B22C4E ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
09:36:02.0189 1760 STHDA - ok
09:36:02.0227 1760 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:36:02.0281 1760 stisvc - ok
09:36:02.0311 1760 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:36:02.0326 1760 storflt - ok
09:36:02.0361 1760 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:36:02.0375 1760 storvsc - ok
09:36:02.0386 1760 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:36:02.0400 1760 swenum - ok
09:36:02.0519 1760 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
09:36:02.0573 1760 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
09:36:02.0573 1760 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
09:36:02.0619 1760 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:36:02.0695 1760 swprv - ok
09:36:02.0715 1760 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
09:36:02.0731 1760 Synth3dVsc - ok
09:36:02.0799 1760 [ 639B57DC871BE4B86283027FAF1F4E30 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:36:02.0824 1760 SynTP - ok
09:36:02.0879 1760 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:36:02.0958 1760 SysMain - ok
09:36:02.0978 1760 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:36:03.0012 1760 TabletInputService - ok
09:36:03.0041 1760 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:36:03.0092 1760 TapiSrv - ok
09:36:03.0114 1760 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:36:03.0155 1760 TBS - ok
09:36:03.0239 1760 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:36:03.0329 1760 Tcpip - ok
09:36:03.0392 1760 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:36:03.0435 1760 TCPIP6 - ok
09:36:03.0486 1760 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:36:03.0510 1760 tcpipreg - ok
09:36:03.0536 1760 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:36:03.0563 1760 TDPIPE - ok
09:36:03.0599 1760 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:36:03.0635 1760 TDTCP - ok
09:36:03.0655 1760 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:36:03.0704 1760 tdx - ok
09:36:03.0715 1760 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:36:03.0733 1760 TermDD - ok
09:36:03.0751 1760 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
09:36:03.0779 1760 terminpt - ok
09:36:03.0822 1760 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:36:03.0890 1760 TermService - ok
09:36:03.0912 1760 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:36:03.0934 1760 Themes - ok
09:36:03.0957 1760 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:36:03.0997 1760 THREADORDER - ok
09:36:04.0007 1760 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:36:04.0058 1760 TrkWks - ok
09:36:04.0110 1760 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:36:04.0149 1760 TrustedInstaller - ok
09:36:04.0170 1760 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:36:04.0217 1760 tssecsrv - ok
09:36:04.0272 1760 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:36:04.0288 1760 TsUsbFlt - ok
09:36:04.0313 1760 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:36:04.0346 1760 TsUsbGD - ok
09:36:04.0369 1760 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
09:36:04.0393 1760 tsusbhub - ok
09:36:04.0424 1760 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:36:04.0479 1760 tunnel - ok
09:36:04.0496 1760 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:36:04.0511 1760 uagp35 - ok
09:36:04.0538 1760 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:36:04.0594 1760 udfs - ok
09:36:04.0636 1760 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:36:04.0668 1760 UI0Detect - ok
09:36:04.0704 1760 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:36:04.0718 1760 uliagpkx - ok
09:36:04.0748 1760 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:36:04.0771 1760 umbus - ok
09:36:04.0797 1760 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
09:36:04.0825 1760 UmPass - ok
09:36:04.0848 1760 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
09:36:04.0873 1760 UmRdpService - ok
09:36:04.0903 1760 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:36:04.0959 1760 upnphost - ok
09:36:05.0005 1760 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
09:36:05.0018 1760 USBAAPL64 - ok
09:36:05.0041 1760 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:36:05.0068 1760 usbccgp - ok
09:36:05.0075 1760 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:36:05.0093 1760 usbcir - ok
09:36:05.0110 1760 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:36:05.0137 1760 usbehci - ok
09:36:05.0163 1760 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:36:05.0194 1760 usbhub - ok
09:36:05.0206 1760 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:36:05.0225 1760 usbohci - ok
09:36:05.0245 1760 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
09:36:05.0272 1760 usbprint - ok
09:36:05.0292 1760 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:36:05.0321 1760 USBSTOR - ok
09:36:05.0340 1760 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:36:05.0365 1760 usbuhci - ok
09:36:05.0399 1760 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
09:36:05.0434 1760 usbvideo - ok
09:36:05.0462 1760 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:36:05.0510 1760 UxSms - ok
09:36:05.0538 1760 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:36:05.0552 1760 VaultSvc - ok
09:36:05.0567 1760 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:36:05.0582 1760 vdrvroot - ok
09:36:05.0615 1760 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:36:05.0685 1760 vds - ok
09:36:05.0723 1760 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:36:05.0741 1760 vga - ok
09:36:05.0757 1760 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:36:05.0802 1760 VgaSave - ok
09:36:05.0807 1760 VGPU - ok
09:36:05.0831 1760 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:36:05.0848 1760 vhdmp - ok
09:36:05.0866 1760 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:36:05.0880 1760 viaide - ok
09:36:05.0906 1760 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:36:05.0922 1760 vmbus - ok
09:36:05.0928 1760 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:36:05.0953 1760 VMBusHID - ok
09:36:05.0973 1760 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:36:05.0988 1760 volmgr - ok
09:36:06.0011 1760 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:36:06.0032 1760 volmgrx - ok
09:36:06.0054 1760 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:36:06.0073 1760 volsnap - ok
09:36:06.0151 1760 [ 18507BDC6C15BD464DE9AB18B6AF1C23 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
09:36:06.0168 1760 vpnagent - ok
09:36:06.0208 1760 [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
09:36:06.0220 1760 vpnva - ok
09:36:06.0254 1760 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:36:06.0270 1760 vsmraid - ok
09:36:06.0342 1760 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:36:06.0442 1760 VSS - ok
09:36:06.0458 1760 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:36:06.0487 1760 vwifibus - ok
09:36:06.0522 1760 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:36:06.0555 1760 vwififlt - ok
09:36:06.0566 1760 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:36:06.0612 1760 W32Time - ok
09:36:06.0632 1760 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:36:06.0662 1760 WacomPen - ok
09:36:06.0691 1760 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:36:06.0735 1760 WANARP - ok
09:36:06.0756 1760 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:36:06.0795 1760 Wanarpv6 - ok
09:36:06.0862 1760 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:36:06.0951 1760 wbengine - ok
09:36:06.0968 1760 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:36:06.0992 1760 WbioSrvc - ok
09:36:07.0019 1760 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:36:07.0059 1760 wcncsvc - ok
09:36:07.0075 1760 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:36:07.0099 1760 WcsPlugInService - ok
09:36:07.0115 1760 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
09:36:07.0128 1760 Wd - ok
09:36:07.0187 1760 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:36:07.0243 1760 Wdf01000 - ok
09:36:07.0259 1760 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:36:07.0291 1760 WdiServiceHost - ok
09:36:07.0296 1760 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:36:07.0318 1760 WdiSystemHost - ok
09:36:07.0337 1760 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:36:07.0370 1760 WebClient - ok
09:36:07.0394 1760 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:36:07.0453 1760 Wecsvc - ok
09:36:07.0469 1760 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:36:07.0520 1760 wercplsupport - ok
09:36:07.0542 1760 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:36:07.0582 1760 WerSvc - ok
09:36:07.0615 1760 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:36:07.0654 1760 WfpLwf - ok
09:36:07.0673 1760 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:36:07.0687 1760 WIMMount - ok
09:36:07.0704 1760 WinDefend - ok
09:36:07.0711 1760 WinHttpAutoProxySvc - ok
09:36:07.0785 1760 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:36:07.0827 1760 Winmgmt - ok
09:36:07.0898 1760 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:36:08.0029 1760 WinRM - ok
09:36:08.0090 1760 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:36:08.0126 1760 WinUsb - ok
09:36:08.0169 1760 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:36:08.0258 1760 Wlansvc - ok
09:36:08.0441 1760 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:36:08.0533 1760 wlidsvc - ok
09:36:08.0568 1760 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:36:08.0589 1760 WmiAcpi - ok
09:36:08.0618 1760 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:36:08.0653 1760 wmiApSrv - ok
09:36:08.0685 1760 WMPNetworkSvc - ok
09:36:08.0716 1760 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:36:08.0731 1760 WPCSvc - ok
09:36:08.0749 1760 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:36:08.0788 1760 WPDBusEnum - ok
09:36:08.0804 1760 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:36:08.0844 1760 ws2ifsl - ok
09:36:08.0866 1760 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:36:08.0896 1760 wscsvc - ok
09:36:08.0901 1760 WSearch - ok
09:36:09.0005 1760 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:36:09.0112 1760 wuauserv - ok
09:36:09.0144 1760 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:36:09.0175 1760 WudfPf - ok
09:36:09.0217 1760 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:36:09.0248 1760 WUDFRd - ok
09:36:09.0291 1760 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:36:09.0315 1760 wudfsvc - ok
09:36:09.0342 1760 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:36:09.0386 1760 WwanSvc - ok
09:36:09.0413 1760 ================ Scan global ===============================
09:36:09.0436 1760 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:36:09.0478 1760 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:36:09.0487 1760 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:36:09.0516 1760 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:36:09.0552 1760 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:36:09.0559 1760 [Global] - ok
09:36:09.0560 1760 ================ Scan MBR ==================================
09:36:09.0572 1760 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:36:10.0003 1760 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:36:10.0003 1760 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:36:10.0004 1760 ================ Scan VBR ==================================
09:36:10.0008 1760 [ 3AC610DCB179BA9AE5734063D9EEFDC6 ] \Device\Harddisk0\DR0\Partition1
09:36:10.0010 1760 \Device\Harddisk0\DR0\Partition1 - ok
09:36:10.0037 1760 [ 0964EE37676CE37F4CACABF531F35FDF ] \Device\Harddisk0\DR0\Partition2
09:36:10.0038 1760 \Device\Harddisk0\DR0\Partition2 - ok
09:36:10.0039 1760 ============================================================
09:36:10.0039 1760 Scan finished
09:36:10.0039 1760 ============================================================
09:36:10.0053 2788 Detected object count: 4
09:36:10.0053 2788 Actual detected object count: 4
09:36:52.0440 2788 athr ( UnsignedFile.Multi.Generic ) - skipped by user
09:36:52.0440 2788 athr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:36:52.0444 2788 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:36:52.0444 2788 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:36:52.0446 2788 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
09:36:52.0446 2788 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:36:52.0449 2788 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:36:52.0449 2788 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Beste Grüße,
Katharina

Chris4You · 13.03.2013, 11:50

Hi,

nicht gut, hattest Du eine TDSS-Infektion in der Vergangenheit (Rootkit)?
Das Dateisystem ist noch da... Falls Du keine Infektion hattest, die Bereinigt wurde, dann ist es eine neu, unbekannte Version (da der infizierte Treiber nicht gefunden wurde!

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [ywkylzlr] C:\Users\Katha\AppData\Local\Temp\Pkaltd\qojelzlr.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2013.03.08 13:32:16 | 000,000,000 | ---D | C] -- C:\Users\Katha\AppData\Roaming\Unco
[2013.03.08 13:32:16 | 000,000,000 | ---D | C] -- C:\Users\Katha\AppData\Roaming\Ubepb
[2013.03.08 13:32:16 | 000,000,000 | ---D | C] -- C:\Users\Katha\AppData\Roaming\Piaxe
[2013.03.08 08:11:51 | 000,000,000 | -H-D | C] -- C:\Users\Katha\AppData\Roaming\621CB58A
[2013.03.07 23:51:35 | 000,000,000 | ---D | C] -- C:\Users\Katha\AppData\Roaming\Vuenyq
[2013.03.07 23:51:35 | 000,000,000 | ---D | C] -- C:\Users\Katha\AppData\Roaming\Noxi
[2013.03.07 23:51:35 | 000,000,000 | ---D | C] -- C:\Users\Katha\AppData\Roaming\Naenm
@Alternate Data Stream - 1143 bytes -> C:\Users\Katha\AppData\Local\ckQz64BbBFcG:Kam4wEAlG7Kd8tiUgloXbAc
@Alternate Data Stream - 1092 bytes -> C:\Users\Katha\AppData\Local\gB5OPCaI5yDYRx:lLuIprsKpkUrXmYSgAY0AO
@Alternate Data Stream - 1040 bytes -> C:\Users\Katha\AppData\Local\Temp:Skqi1cx4rfPDKDXF8wPcl07G9w
@Alternate Data Stream - 1021 bytes -> C:\Users\Katha\AppData\Local\jOzFzhViTquZch8:7EqAPH5TTDFsaplg0S2OG

:Commands
[emptytemp]
[resethosts]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Der Rechner hat einiges an Spuren von Malware...

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Users\Katha\AppData\Roaming\logondx.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

So, und dann noch was:
Dieser Eintrag:

Zitat:

C:\Windows\tasks\AutoKMS.job

weisst nach, dass Du eine Raubkopie von Office einsetzt!

Daher müssen wir gemäß den Forumsregeln den Support einstellen (http://www.trojaner-board.de/95394-c...-software.html)...

chris

Trojaner nach malwarescan

Plagegeister aller Art und deren Bekämpfung: Trojaner nach malwarescan