| |
| |||||||
Log-Analyse und Auswertung: TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
02.07.2012, 07:07
| #1 |
 |  TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky) Guten Morgen hier im Trojaner Board, nach einiger Recherche bin ich hier bei euch im Board gelandet, auf der Suche nach Hilfe bei einer Infizierung mit dem Trojaner "TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)". Der Trojaner hat sich bei mir durch die Benutzung des SRWare Iron auf einer Webseite eingenistet, wurde jedoch halb von meiner Firewall Comodo Internet Security (Firewall only) geblockt, jedoch verschwanden sowohl die Desktop-Symbole und Windows war nur eingeschränkt nutzbar. Aus diesem Grund habe ich nach einer Anleitung im WWW die Kaspersky Rescure CD geladen und den Windows Unlocker angewendet. Anschließend habe ich Windows wieder normal benutzen können. Meldung von Comodo: hxxp://cima.security.comodo.com/report/0379271cb45da687b683b794eede768d91b79f99.htm Antivir hat nur ein Ergebnis geliefert und in Quarantäne eingeliefert: Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Sonntag, 1. Juli 2012 21:57 Es wird nach 3821153 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Professional Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : FENRISWOLF-PC Versionsinformationen: BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00 AVSCAN.EXE : 12.3.0.15 466896 Bytes 09.05.2012 05:57:10 AVSCAN.DLL : 12.3.0.15 66256 Bytes 09.05.2012 05:57:10 LUKE.DLL : 12.3.0.15 68304 Bytes 09.05.2012 05:57:10 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 05:57:10 AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 11:09:29 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 02:16:59 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:13:01 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:00:14 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 19:43:37 VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 19:43:37 VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 19:43:38 VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 19:43:38 VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 19:43:38 VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 19:43:38 VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 19:43:38 VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 19:43:38 VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 19:43:38 VBASE014.VDF : 7.11.34.125 2048 Bytes 29.06.2012 19:43:38 VBASE015.VDF : 7.11.34.126 2048 Bytes 29.06.2012 19:43:38 VBASE016.VDF : 7.11.34.127 2048 Bytes 29.06.2012 19:43:38 VBASE017.VDF : 7.11.34.128 2048 Bytes 29.06.2012 19:43:38 VBASE018.VDF : 7.11.34.129 2048 Bytes 29.06.2012 19:43:38 VBASE019.VDF : 7.11.34.130 2048 Bytes 29.06.2012 19:43:38 VBASE020.VDF : 7.11.34.131 2048 Bytes 29.06.2012 19:43:38 VBASE021.VDF : 7.11.34.132 2048 Bytes 29.06.2012 19:43:38 VBASE022.VDF : 7.11.34.133 2048 Bytes 29.06.2012 19:43:38 VBASE023.VDF : 7.11.34.134 2048 Bytes 29.06.2012 19:43:38 VBASE024.VDF : 7.11.34.135 2048 Bytes 29.06.2012 19:43:38 VBASE025.VDF : 7.11.34.136 2048 Bytes 29.06.2012 19:43:38 VBASE026.VDF : 7.11.34.137 2048 Bytes 29.06.2012 19:43:38 VBASE027.VDF : 7.11.34.138 2048 Bytes 29.06.2012 19:43:38 VBASE028.VDF : 7.11.34.139 2048 Bytes 29.06.2012 19:43:38 VBASE029.VDF : 7.11.34.140 2048 Bytes 29.06.2012 19:43:38 VBASE030.VDF : 7.11.34.141 2048 Bytes 29.06.2012 19:43:38 VBASE031.VDF : 7.11.34.176 84992 Bytes 01.07.2012 19:43:38 Engineversion : 8.2.10.102 AEVDF.DLL : 8.1.2.8 106867 Bytes 02.06.2012 04:15:40 AESCRIPT.DLL : 8.1.4.28 455035 Bytes 24.06.2012 18:55:11 AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 14:13:04 AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 07:22:17 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06 AEPACK.DLL : 8.2.16.22 807288 Bytes 24.06.2012 18:55:11 AEOFFICE.DLL : 8.1.2.40 201082 Bytes 01.07.2012 19:43:41 AEHEUR.DLL : 8.1.4.58 4993399 Bytes 01.07.2012 19:43:41 AEHELP.DLL : 8.1.23.2 258422 Bytes 01.07.2012 19:43:39 AEGEN.DLL : 8.1.5.30 422261 Bytes 15.06.2012 07:22:11 AEEXP.DLL : 8.1.0.58 82292 Bytes 01.07.2012 19:43:41 AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01 AECORE.DLL : 8.1.25.10 201080 Bytes 31.05.2012 21:18:24 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01 AVWINLL.DLL : 12.3.0.15 27344 Bytes 09.05.2012 05:57:10 AVPREF.DLL : 12.3.0.15 51920 Bytes 09.05.2012 05:57:10 AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 05:57:10 AVARKT.DLL : 12.3.0.15 211408 Bytes 09.05.2012 05:57:10 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 09.05.2012 05:57:10 SQLITE3.DLL : 3.7.0.1 398288 Bytes 09.05.2012 05:57:10 AVSMTP.DLL : 12.3.0.15 63440 Bytes 09.05.2012 05:57:10 NETNT.DLL : 12.3.0.15 17104 Bytes 09.05.2012 05:57:10 RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 09.05.2012 05:57:10 RCTEXT.DLL : 12.3.0.15 98512 Bytes 09.05.2012 05:57:10 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4ff0a73a\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Abweichende Gefahrenkategorien........: +JOKE,+PFS,+SPR, Beginn des Suchlaufs: Sonntag, 1. Juli 2012 21:57 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'LCDMedia.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'tv_w32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmplayer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'MaxMenuMgrBasics.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'MagicPvt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TeamViewer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'qip.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Skype.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMIndexStoreSvr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMIndexingService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TBPANEL.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMBgMonitor.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'M4-Capture.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'MagicTuneEngine.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'M4-Service.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'XSrvSetup.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SyncServicesBasics.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'vpnagent.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\Fenriswolf\AppData\Roaming\w6j6rt45jtuhdre5.exe' C:\Users\Fenriswolf\AppData\Roaming\w6j6rt45jtuhdre5.exe [FUND] Ist das Trojanische Pferd TR/Ransom.294912 Beginne mit der Desinfektion: C:\Users\Fenriswolf\AppData\Roaming\w6j6rt45jtuhdre5.exe [FUND] Ist das Trojanische Pferd TR/Ransom.294912 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55600125.qua' verschoben! Ende des Suchlaufs: Sonntag, 1. Juli 2012 22:09 Benötigte Zeit: 00:01 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 771 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 770 Dateien ohne Befall 1 Archive wurden durchsucht 0 Warnungen 1 Hinweise Die Suchergebnisse werden an den Guard übermittelt. Der TDSS Killer von Kaspersky hat keine Bedrohung gefunden: Code:
ATTFilter 22:07:33.0974 5108 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
22:07:35.0975 5108 ============================================================
22:07:35.0975 5108 Current date / time: 2012/07/01 22:07:35.0975
22:07:35.0975 5108 SystemInfo:
22:07:35.0975 5108
22:07:35.0975 5108 OS Version: 6.1.7601 ServicePack: 1.0
22:07:35.0975 5108 Product type: Workstation
22:07:35.0975 5108 ComputerName: FENRISWOLF-PC
22:07:35.0976 5108 UserName: Fenriswolf
22:07:35.0976 5108 Windows directory: C:\Windows
22:07:35.0976 5108 System windows directory: C:\Windows
22:07:35.0976 5108 Running under WOW64
22:07:35.0976 5108 Processor architecture: Intel x64
22:07:35.0976 5108 Number of processors: 4
22:07:35.0976 5108 Page size: 0x1000
22:07:35.0976 5108 Boot type: Normal boot
22:07:35.0976 5108 ============================================================
22:07:38.0855 5108 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:07:38.0867 5108 ============================================================
22:07:38.0867 5108 \Device\Harddisk0\DR0:
22:07:38.0873 5108 MBR partitions:
22:07:38.0873 5108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:07:38.0873 5108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C5800
22:07:38.0873 5108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F8000, BlocksNum 0x51C98000
22:07:38.0873 5108 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x64190000, BlocksNum 0x10576000
22:07:38.0873 5108 ============================================================
22:07:38.0995 5108 C: <-> \Device\Harddisk0\DR0\Partition1
22:07:39.0193 5108 D: <-> \Device\Harddisk0\DR0\Partition2
22:07:39.0340 5108 F: <-> \Device\Harddisk0\DR0\Partition3
22:07:39.0340 5108 ============================================================
22:07:39.0340 5108 Initialize success
22:07:39.0340 5108 ============================================================
22:07:55.0746 2708 ============================================================
22:07:55.0746 2708 Scan started
22:07:55.0746 2708 Mode: Manual;
22:07:55.0746 2708 ============================================================
22:08:02.0680 2708 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:08:02.0682 2708 1394ohci - ok
22:08:02.0739 2708 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:08:02.0741 2708 ACPI - ok
22:08:02.0793 2708 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:08:02.0796 2708 AcpiPmi - ok
22:08:02.0951 2708 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:08:02.0952 2708 AdobeFlashPlayerUpdateSvc - ok
22:08:03.0082 2708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:08:03.0093 2708 adp94xx - ok
22:08:03.0199 2708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:08:03.0382 2708 adpahci - ok
22:08:03.0567 2708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:08:03.0579 2708 adpu320 - ok
22:08:03.0683 2708 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:08:03.0684 2708 AeLookupSvc - ok
22:08:03.0794 2708 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:08:03.0797 2708 AFD - ok
22:08:03.0824 2708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:08:03.0828 2708 agp440 - ok
22:08:03.0848 2708 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:08:03.0909 2708 ALG - ok
22:08:03.0967 2708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:08:03.0970 2708 aliide - ok
22:08:04.0264 2708 ALSysIO - ok
22:08:04.0328 2708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:08:04.0331 2708 amdide - ok
22:08:04.0402 2708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:08:04.0407 2708 AmdK8 - ok
22:08:04.0429 2708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:08:04.0430 2708 AmdPPM - ok
22:08:04.0517 2708 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
22:08:04.0522 2708 amdsata - ok
22:08:04.0542 2708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:08:04.0547 2708 amdsbs - ok
22:08:04.0558 2708 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
22:08:04.0562 2708 amdxata - ok
22:08:04.0611 2708 amd_sata (bb4fe7889db9cbbe61a308e99697f53c) C:\Windows\system32\DRIVERS\amd_sata.sys
22:08:04.0612 2708 amd_sata - ok
22:08:04.0623 2708 amd_xata (5631cba53f1cbea3f9e88348e6723391) C:\Windows\system32\DRIVERS\amd_xata.sys
22:08:04.0627 2708 amd_xata - ok
22:08:04.0807 2708 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:08:04.0807 2708 AntiVirSchedulerService - ok
22:08:04.0863 2708 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:08:04.0864 2708 AntiVirService - ok
22:08:04.0953 2708 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:08:04.0974 2708 AppID - ok
22:08:05.0034 2708 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:08:05.0038 2708 AppIDSvc - ok
22:08:05.0081 2708 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:08:05.0081 2708 Appinfo - ok
22:08:05.0474 2708 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:08:05.0482 2708 AppMgmt - ok
22:08:05.0566 2708 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:08:05.0571 2708 arc - ok
22:08:05.0592 2708 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:08:05.0597 2708 arcsas - ok
22:08:05.0612 2708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:08:05.0615 2708 AsyncMac - ok
22:08:05.0659 2708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:08:05.0663 2708 atapi - ok
22:08:05.0724 2708 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
22:08:05.0726 2708 AtiPcie - ok
22:08:05.0827 2708 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:08:05.0832 2708 AudioEndpointBuilder - ok
22:08:05.0838 2708 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:08:05.0841 2708 AudioSrv - ok
22:08:05.0884 2708 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
22:08:05.0890 2708 avgntflt - ok
22:08:05.0953 2708 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
22:08:05.0959 2708 avipbb - ok
22:08:05.0975 2708 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:08:05.0999 2708 avkmgr - ok
22:08:06.0078 2708 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:08:06.0139 2708 AxInstSV - ok
22:08:06.0293 2708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:08:06.0301 2708 b06bdrv - ok
22:08:06.0451 2708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:08:06.0548 2708 b57nd60a - ok
22:08:06.0829 2708 Basics Service (55fed228fe147ecb9c47a1c55388896e) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
22:08:06.0830 2708 Basics Service - ok
22:08:06.0912 2708 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:08:06.0917 2708 BDESVC - ok
22:08:06.0947 2708 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:08:06.0949 2708 Beep - ok
22:08:07.0153 2708 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:08:07.0165 2708 BFE - ok
22:08:07.0290 2708 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
22:08:07.0569 2708 BITS - ok
22:08:07.0937 2708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:08:07.0942 2708 blbdrive - ok
22:08:08.0159 2708 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:08:08.0217 2708 Bonjour Service - ok
22:08:08.0359 2708 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:08:08.0365 2708 bowser - ok
22:08:08.0473 2708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:08:08.0475 2708 BrFiltLo - ok
22:08:08.0478 2708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:08:08.0480 2708 BrFiltUp - ok
22:08:08.0517 2708 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:08:08.0523 2708 Browser - ok
22:08:08.0682 2708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:08:08.0699 2708 Brserid - ok
22:08:08.0711 2708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:08:08.0715 2708 BrSerWdm - ok
22:08:08.0773 2708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:08:08.0775 2708 BrUsbMdm - ok
22:08:08.0780 2708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:08:08.0783 2708 BrUsbSer - ok
22:08:08.0818 2708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:08:08.0823 2708 BTHMODEM - ok
22:08:08.0861 2708 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:08:08.0866 2708 bthserv - ok
22:08:08.0926 2708 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:08:08.0932 2708 cdfs - ok
22:08:08.0984 2708 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:08:08.0991 2708 cdrom - ok
22:08:09.0091 2708 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:08:09.0096 2708 CertPropSvc - ok
22:08:09.0114 2708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:08:09.0118 2708 circlass - ok
22:08:10.0263 2708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:08:10.0278 2708 CLFS - ok
22:08:10.0581 2708 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:08:10.0657 2708 clr_optimization_v2.0.50727_32 - ok
22:08:11.0066 2708 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:08:11.0073 2708 clr_optimization_v2.0.50727_64 - ok
22:08:11.0798 2708 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:08:11.0799 2708 clr_optimization_v4.0.30319_32 - ok
22:08:12.0488 2708 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:08:12.0489 2708 clr_optimization_v4.0.30319_64 - ok
22:08:12.0511 2708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:08:12.0513 2708 CmBatt - ok
22:08:12.0886 2708 cmdagent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
22:08:12.0952 2708 cmdagent - ok
22:08:16.0092 2708 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
22:08:16.0094 2708 cmdGuard - ok
22:08:16.0161 2708 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
22:08:16.0161 2708 cmdHlp - ok
22:08:16.0222 2708 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:08:16.0225 2708 cmdide - ok
22:08:16.0495 2708 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:08:16.0535 2708 CNG - ok
22:08:16.0682 2708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:08:16.0686 2708 Compbatt - ok
22:08:16.0815 2708 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:08:16.0820 2708 CompositeBus - ok
22:08:16.0859 2708 COMSysApp - ok
22:08:16.0962 2708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:08:16.0966 2708 crcdisk - ok
22:08:17.0624 2708 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:08:17.0631 2708 CryptSvc - ok
22:08:19.0286 2708 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:08:22.0338 2708 CSC - ok
22:08:23.0859 2708 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
22:08:23.0884 2708 CscService - ok
22:08:25.0717 2708 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:08:25.0744 2708 DcomLaunch - ok
22:08:25.0888 2708 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:08:25.0897 2708 defragsvc - ok
22:08:26.0053 2708 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:08:26.0059 2708 DfsC - ok
22:08:26.0247 2708 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:08:26.0265 2708 Dhcp - ok
22:08:26.0309 2708 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:08:26.0310 2708 discache - ok
22:08:26.0413 2708 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:08:26.0419 2708 Disk - ok
22:08:26.0537 2708 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:08:26.0544 2708 Dnscache - ok
22:08:26.0666 2708 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:08:26.0686 2708 dot3svc - ok
22:08:26.0789 2708 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:08:26.0791 2708 DPS - ok
22:08:26.0856 2708 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:08:26.0858 2708 drmkaud - ok
22:08:27.0944 2708 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:08:28.0083 2708 DXGKrnl - ok
22:08:28.0121 2708 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:08:28.0148 2708 EapHost - ok
22:08:28.0832 2708 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:08:28.0925 2708 ebdrv - ok
22:08:29.0270 2708 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:08:29.0271 2708 EFS - ok
22:08:30.0624 2708 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:08:30.0830 2708 ehRecvr - ok
22:08:31.0361 2708 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:08:31.0404 2708 ehSched - ok
22:08:33.0498 2708 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:08:34.0157 2708 elxstor - ok
22:08:34.0285 2708 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:08:34.0288 2708 ErrDev - ok
22:08:35.0450 2708 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:08:35.0476 2708 EventSystem - ok
22:08:36.0333 2708 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:08:36.0455 2708 exfat - ok
22:08:37.0298 2708 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:08:37.0506 2708 fastfat - ok
22:08:38.0623 2708 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:08:38.0638 2708 Fax - ok
22:08:38.0663 2708 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:08:38.0666 2708 fdc - ok
22:08:38.0721 2708 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:08:38.0724 2708 fdPHost - ok
22:08:38.0736 2708 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:08:38.0741 2708 FDResPub - ok
22:08:38.0761 2708 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:08:38.0766 2708 FileInfo - ok
22:08:38.0805 2708 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:08:38.0808 2708 Filetrace - ok
22:08:38.0823 2708 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:08:38.0827 2708 flpydisk - ok
22:08:38.0868 2708 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:08:38.0877 2708 FltMgr - ok
22:08:39.0068 2708 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
22:08:39.0077 2708 FontCache - ok
22:08:39.0152 2708 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:08:39.0177 2708 FontCache3.0.0.0 - ok
22:08:39.0411 2708 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:08:39.0438 2708 FsDepends - ok
22:08:39.0480 2708 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:08:39.0484 2708 Fs_Rec - ok
22:08:39.0610 2708 Futuremark SystemInfo Service (e231333acee7c9713ace10a7e0be89d2) C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
22:08:39.0631 2708 Futuremark SystemInfo Service - ok
22:08:40.0312 2708 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:08:40.0313 2708 fvevol - ok
22:08:40.0491 2708 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:08:40.0495 2708 gagp30kx - ok
22:08:42.0452 2708 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:08:42.0480 2708 gpsvc - ok
22:08:42.0999 2708 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:08:43.0000 2708 gupdate - ok
22:08:43.0166 2708 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:08:43.0167 2708 gupdatem - ok
22:08:44.0120 2708 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:08:44.0186 2708 gusvc - ok
22:08:44.0293 2708 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:08:44.0298 2708 hcw85cir - ok
22:08:45.0063 2708 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:08:45.0166 2708 HdAudAddService - ok
22:08:46.0038 2708 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:08:46.0039 2708 HDAudBus - ok
22:08:46.0059 2708 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:08:46.0062 2708 HidBatt - ok
22:08:46.0078 2708 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:08:46.0086 2708 HidBth - ok
22:08:46.0104 2708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:08:46.0107 2708 HidIr - ok
22:08:46.0185 2708 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:08:46.0186 2708 hidserv - ok
22:08:46.0307 2708 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:08:46.0311 2708 HidUsb - ok
22:08:46.0343 2708 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:08:46.0344 2708 hkmsvc - ok
22:08:46.0450 2708 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:08:46.0461 2708 HomeGroupListener - ok
22:08:46.0497 2708 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:08:46.0499 2708 HomeGroupProvider - ok
22:08:46.0539 2708 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:08:46.0544 2708 HpSAMD - ok
22:08:46.0630 2708 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:08:46.0635 2708 HTTP - ok
22:08:46.0667 2708 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:08:46.0668 2708 hwpolicy - ok
22:08:46.0717 2708 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:08:46.0722 2708 i8042prt - ok
22:08:46.0781 2708 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
22:08:46.0809 2708 iaStorV - ok
22:08:47.0006 2708 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:08:47.0025 2708 idsvc - ok
22:08:47.0056 2708 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:08:47.0082 2708 iirsp - ok
22:08:47.0136 2708 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:08:47.0148 2708 IKEEXT - ok
22:08:47.0836 2708 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
22:08:47.0837 2708 inspect - ok
22:08:52.0588 2708 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
22:08:52.0803 2708 IntcAzAudAddService - ok
22:08:53.0852 2708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:08:53.0856 2708 intelide - ok
22:08:53.0893 2708 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:08:53.0897 2708 intelppm - ok
22:08:53.0925 2708 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:08:53.0931 2708 IPBusEnum - ok
22:08:53.0954 2708 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:08:53.0958 2708 IpFilterDriver - ok
22:08:54.0016 2708 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:08:54.0020 2708 iphlpsvc - ok
22:08:54.0075 2708 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:08:54.0079 2708 IPMIDRV - ok
22:08:54.0163 2708 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:08:54.0168 2708 IPNAT - ok
22:08:54.0191 2708 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:08:54.0193 2708 IRENUM - ok
22:08:54.0218 2708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:08:54.0222 2708 isapnp - ok
22:08:54.0299 2708 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:08:54.0307 2708 iScsiPrt - ok
22:08:54.0390 2708 JMB36X (0d2da1c6d8ed85f51e3758eae22455f2) C:\Windows\SysWOW64\XSrvSetup.exe
22:08:54.0392 2708 JMB36X - ok
22:08:54.0421 2708 JRAID (50de7dd7edb1b512b13666588aefbf6f) C:\Windows\system32\DRIVERS\jraid.sys
22:08:54.0426 2708 JRAID - ok
22:08:54.0492 2708 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:08:54.0497 2708 kbdclass - ok
22:08:54.0648 2708 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:08:54.0652 2708 kbdhid - ok
22:08:54.0807 2708 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:08:54.0808 2708 KeyIso - ok
22:08:55.0071 2708 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:08:55.0076 2708 KSecDD - ok
22:08:56.0258 2708 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:08:56.0304 2708 KSecPkg - ok
22:08:56.0434 2708 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:08:56.0437 2708 ksthunk - ok
22:08:57.0382 2708 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:08:57.0404 2708 KtmRm - ok
22:08:57.0491 2708 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:08:57.0494 2708 LanmanServer - ok
22:08:57.0538 2708 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:08:57.0545 2708 LanmanWorkstation - ok
22:08:57.0602 2708 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
22:08:57.0607 2708 LGBusEnum - ok
22:08:57.0684 2708 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
22:08:57.0696 2708 LGVirHid - ok
22:08:59.0636 2708 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:09:00.0361 2708 lltdio - ok
22:09:00.0933 2708 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:09:00.0941 2708 lltdsvc - ok
22:09:00.0952 2708 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:09:00.0976 2708 lmhosts - ok
22:09:01.0012 2708 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:09:01.0018 2708 LSI_FC - ok
22:09:01.0242 2708 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:09:01.0330 2708 LSI_SAS - ok
22:09:01.0554 2708 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:09:01.0578 2708 LSI_SAS2 - ok
22:09:01.0776 2708 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:09:01.0794 2708 LSI_SCSI - ok
22:09:02.0071 2708 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:09:02.0082 2708 luafv - ok
22:09:04.0207 2708 M4-Service (24029b00cd4fed07ca70a0c76219c619) C:\Users\Fenriswolf\Downloads\Portable\M4-Service.exe
22:09:04.0211 2708 M4-Service - ok
22:09:04.0260 2708 magicpvt - ok
22:09:04.0488 2708 MagicTuneEngine (86504fe0759d4dce38e997921062df6b) C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
22:09:04.0489 2708 MagicTuneEngine - ok
22:09:04.0574 2708 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:09:04.0579 2708 Mcx2Svc - ok
22:09:05.0142 2708 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:09:05.0146 2708 megasas - ok
22:09:05.0451 2708 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:09:05.0480 2708 MegaSR - ok
22:09:06.0034 2708 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:09:06.0315 2708 Microsoft Office Groove Audit Service - ok
22:09:06.0574 2708 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:09:06.0578 2708 MMCSS - ok
22:09:06.0718 2708 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:09:06.0722 2708 Modem - ok
22:09:06.0911 2708 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:09:06.0911 2708 monitor - ok
22:09:07.0150 2708 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:09:07.0155 2708 mouclass - ok
22:09:07.0454 2708 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:09:07.0458 2708 mouhid - ok
22:09:07.0844 2708 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:09:07.0845 2708 mountmgr - ok
22:09:08.0008 2708 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:09:08.0015 2708 MozillaMaintenance - ok
22:09:08.0202 2708 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:09:08.0209 2708 mpio - ok
22:09:08.0277 2708 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:09:08.0281 2708 mpsdrv - ok
22:09:08.0467 2708 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:09:08.0515 2708 MpsSvc - ok
22:09:08.0556 2708 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:09:08.0562 2708 MRxDAV - ok
22:09:08.0596 2708 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:09:08.0601 2708 mrxsmb - ok
22:09:08.0644 2708 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:09:08.0651 2708 mrxsmb10 - ok
22:09:08.0672 2708 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:09:08.0677 2708 mrxsmb20 - ok
22:09:08.0707 2708 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:09:08.0710 2708 msahci - ok
22:09:08.0736 2708 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:09:08.0742 2708 msdsm - ok
22:09:08.0760 2708 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:09:08.0767 2708 MSDTC - ok
22:09:08.0821 2708 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:09:08.0839 2708 Msfs - ok
22:09:08.0849 2708 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:09:08.0852 2708 mshidkmdf - ok
22:09:08.0879 2708 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:09:08.0882 2708 msisadrv - ok
22:09:08.0910 2708 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:09:08.0916 2708 MSiSCSI - ok
22:09:08.0918 2708 msiserver - ok
22:09:08.0966 2708 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:09:08.0968 2708 MSKSSRV - ok
22:09:08.0985 2708 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:09:08.0987 2708 MSPCLOCK - ok
22:09:08.0997 2708 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:09:08.0999 2708 MSPQM - ok
22:09:09.0081 2708 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:09:09.0088 2708 MsRPC - ok
22:09:09.0114 2708 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:09:09.0115 2708 mssmbios - ok
22:09:09.0155 2708 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:09:09.0157 2708 MSTEE - ok
22:09:09.0293 2708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:09:09.0297 2708 MTConfig - ok
22:09:09.0388 2708 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:09:09.0427 2708 Mup - ok
22:09:09.0496 2708 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:09:09.0500 2708 napagent - ok
22:09:09.0550 2708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:09:09.0558 2708 NativeWifiP - ok
22:09:10.0080 2708 NBService (5e8edd6a52e897c19ec6e149fe6c7a8e) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
22:09:10.0304 2708 NBService - ok
22:09:12.0300 2708 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:09:12.0329 2708 NDIS - ok
22:09:12.0410 2708 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:09:12.0414 2708 NdisCap - ok
22:09:12.0451 2708 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:09:12.0455 2708 NdisTapi - ok
22:09:12.0541 2708 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:09:12.0545 2708 Ndisuio - ok
22:09:12.0742 2708 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:09:12.0748 2708 NdisWan - ok
22:09:12.0855 2708 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:09:12.0859 2708 NDProxy - ok
22:09:13.0001 2708 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:09:13.0006 2708 NetBIOS - ok
22:09:13.0763 2708 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:09:13.0765 2708 NetBT - ok
22:09:13.0913 2708 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:09:13.0915 2708 Netlogon - ok
22:09:14.0356 2708 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:09:14.0359 2708 Netman - ok
22:09:14.0956 2708 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:09:14.0959 2708 netprofm - ok
22:09:15.0095 2708 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:09:15.0196 2708 NetTcpPortSharing - ok
22:09:15.0474 2708 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:09:15.0478 2708 nfrd960 - ok
22:09:15.0941 2708 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:09:15.0949 2708 NlaSvc - ok
22:09:16.0058 2708 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
22:09:16.0059 2708 NMIndexingService - ok
22:09:16.0072 2708 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:09:16.0077 2708 Npfs - ok
22:09:16.0107 2708 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:09:16.0112 2708 nsi - ok
22:09:16.0129 2708 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:09:16.0129 2708 nsiproxy - ok
22:09:16.0716 2708 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
22:09:16.0986 2708 Ntfs - ok
22:09:17.0152 2708 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:09:17.0154 2708 Null - ok
22:09:17.0426 2708 nusb3hub (b227e75ad10a142dd326b4cc8d73a6d9) C:\Windows\system32\DRIVERS\nusb3hub.sys
22:09:17.0438 2708 nusb3hub - ok
22:09:17.0767 2708 nusb3xhc (55959db860e4e484681586824d09e52c) C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:09:17.0827 2708 nusb3xhc - ok
22:09:18.0354 2708 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
22:09:18.0363 2708 NVHDA - ok
22:09:25.0054 2708 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:09:25.0243 2708 nvlddmkm - ok
22:09:26.0802 2708 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
22:09:26.0808 2708 nvraid - ok
22:09:26.0914 2708 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
22:09:26.0991 2708 nvstor - ok
22:09:27.0462 2708 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
22:09:27.0497 2708 nvsvc - ok
22:09:28.0812 2708 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:09:28.0823 2708 nvUpdatusService - ok
22:09:28.0927 2708 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:09:28.0934 2708 nv_agp - ok
22:09:29.0150 2708 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:09:29.0719 2708 odserv - ok
22:09:29.0833 2708 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:09:29.0839 2708 ohci1394 - ok
22:09:29.0914 2708 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:09:29.0954 2708 ose - ok
22:09:29.0999 2708 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:09:30.0002 2708 p2pimsvc - ok
22:09:30.0056 2708 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:09:30.0120 2708 p2psvc - ok
22:09:30.0153 2708 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:09:30.0159 2708 Parport - ok
22:09:30.0196 2708 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:09:30.0201 2708 partmgr - ok
22:09:30.0233 2708 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:09:30.0242 2708 PcaSvc - ok
22:09:30.0321 2708 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:09:30.0385 2708 pci - ok
22:09:30.0417 2708 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:09:30.0421 2708 pciide - ok
22:09:30.0455 2708 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:09:30.0464 2708 pcmcia - ok
22:09:30.0488 2708 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:09:30.0493 2708 pcw - ok
22:09:30.0613 2708 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:09:30.0665 2708 PEAUTH - ok
22:09:30.0816 2708 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:09:30.0868 2708 PeerDistSvc - ok
22:09:31.0590 2708 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:09:31.0612 2708 PerfHost - ok
22:09:31.0879 2708 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:09:31.0898 2708 pla - ok
22:09:32.0036 2708 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:09:32.0040 2708 PlugPlay - ok
22:09:32.0131 2708 PnkBstrA - ok
22:09:32.0188 2708 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:09:32.0193 2708 PNRPAutoReg - ok
22:09:32.0232 2708 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:09:32.0234 2708 PNRPsvc - ok
22:09:32.0363 2708 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
22:09:32.0367 2708 Point64 - ok
22:09:32.0490 2708 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:09:32.0500 2708 PolicyAgent - ok
22:09:32.0548 2708 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:09:32.0550 2708 Power - ok
22:09:32.0591 2708 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:09:32.0596 2708 PptpMiniport - ok
22:09:32.0615 2708 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:09:32.0620 2708 Processor - ok
22:09:32.0846 2708 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:09:32.0874 2708 ProfSvc - ok
22:09:32.0927 2708 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:09:32.0928 2708 ProtectedStorage - ok
22:09:33.0047 2708 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:09:33.0048 2708 Psched - ok
22:09:33.0746 2708 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:09:33.0954 2708 ql2300 - ok
22:09:34.0208 2708 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:09:34.0269 2708 ql40xx - ok
22:09:34.0443 2708 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:09:34.0472 2708 QWAVE - ok
22:09:34.0493 2708 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:09:34.0523 2708 QWAVEdrv - ok
22:09:34.0749 2708 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
22:09:34.0767 2708 RapiMgr - ok
22:09:34.0787 2708 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:09:34.0790 2708 RasAcd - ok
22:09:34.0868 2708 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:09:34.0873 2708 RasAgileVpn - ok
22:09:34.0968 2708 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:09:34.0974 2708 RasAuto - ok
22:09:35.0075 2708 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:09:35.0082 2708 Rasl2tp - ok
22:09:35.0192 2708 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:09:35.0212 2708 RasMan - ok
22:09:35.0277 2708 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:09:35.0282 2708 RasPppoe - ok
22:09:35.0592 2708 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:09:35.0649 2708 RasSstp - ok
22:09:35.0732 2708 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:09:35.0740 2708 rdbss - ok
22:09:35.0771 2708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:09:35.0774 2708 rdpbus - ok
22:09:35.0796 2708 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:09:35.0797 2708 RDPCDD - ok
22:09:35.0864 2708 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:09:35.0870 2708 RDPDR - ok
22:09:35.0922 2708 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:09:35.0922 2708 RDPENCDD - ok
22:09:35.0952 2708 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:09:35.0952 2708 RDPREFMP - ok
22:09:36.0005 2708 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
22:09:36.0011 2708 RDPWD - ok
22:09:36.0107 2708 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:09:36.0115 2708 rdyboost - ok
22:09:36.0162 2708 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:09:36.0168 2708 RemoteAccess - ok
22:09:36.0435 2708 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:09:36.0481 2708 RemoteRegistry - ok
22:09:36.0580 2708 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:09:36.0585 2708 RpcEptMapper - ok
22:09:36.0629 2708 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:09:36.0632 2708 RpcLocator - ok
22:09:36.0837 2708 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:09:36.0840 2708 RpcSs - ok
22:09:36.0894 2708 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:09:36.0899 2708 rspndr - ok
22:09:36.0985 2708 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:09:36.0998 2708 RTL8167 - ok
22:09:37.0054 2708 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:09:37.0058 2708 s3cap - ok
22:09:37.0094 2708 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:09:37.0095 2708 SamSs - ok
22:09:37.0819 2708 SbieDrv (495588414f5c62c333f1a69e17e5fb9f) C:\Program Files\Sandboxie\SbieDrv.sys
22:09:37.0826 2708 SbieDrv - ok
22:09:37.0935 2708 SbieSvc (099007b7a80e1917ffa110ce7785a3c9) C:\Program Files\Sandboxie\SbieSvc.exe
22:09:37.0936 2708 SbieSvc - ok
22:09:37.0976 2708 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:09:37.0981 2708 sbp2port - ok
22:09:38.0055 2708 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:09:38.0062 2708 SCardSvr - ok
22:09:38.0098 2708 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:09:38.0102 2708 scfilter - ok
22:09:38.0391 2708 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:09:38.0415 2708 Schedule - ok
22:09:38.0453 2708 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:09:38.0454 2708 SCPolicySvc - ok
22:09:38.0538 2708 ScreamBAudioSvc (490b0b68bb938d5c628ec4a67277be75) C:\Windows\system32\drivers\ScreamingBAudio64.sys
22:09:38.0542 2708 ScreamBAudioSvc - ok
22:09:38.0583 2708 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:09:38.0585 2708 SDRSVC - ok
22:09:38.0645 2708 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:09:38.0648 2708 secdrv - ok
22:09:38.0670 2708 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:09:38.0671 2708 seclogon - ok
22:09:38.0709 2708 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:09:38.0710 2708 SENS - ok
22:09:38.0733 2708 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:09:38.0737 2708 SensrSvc - ok
22:09:38.0788 2708 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:09:38.0791 2708 Serenum - ok
22:09:38.0810 2708 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:09:38.0814 2708 Serial - ok
22:09:38.0843 2708 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:09:38.0847 2708 sermouse - ok
22:09:38.0977 2708 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:09:38.0979 2708 SessionEnv - ok
22:09:39.0025 2708 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:09:39.0028 2708 sffdisk - ok
22:09:39.0057 2708 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:09:39.0060 2708 sffp_mmc - ok
22:09:39.0073 2708 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:09:39.0076 2708 sffp_sd - ok
22:09:39.0119 2708 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:09:39.0122 2708 sfloppy - ok
22:09:39.0719 2708 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:09:39.0765 2708 SharedAccess - ok
22:09:39.0928 2708 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:09:39.0936 2708 ShellHWDetection - ok
22:09:39.0973 2708 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:09:39.0977 2708 SiSRaid2 - ok
22:09:40.0028 2708 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:09:40.0032 2708 SiSRaid4 - ok
22:09:40.0316 2708 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:09:40.0317 2708 SkypeUpdate - ok
22:09:40.0384 2708 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:09:40.0389 2708 Smb - ok
22:09:40.0456 2708 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:09:40.0460 2708 SNMPTRAP - ok
22:09:40.0475 2708 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:09:40.0479 2708 spldr - ok
22:09:40.0616 2708 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:09:40.0621 2708 Spooler - ok
22:09:41.0663 2708 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:09:41.0678 2708 sppsvc - ok
22:09:41.0998 2708 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:09:42.0003 2708 sppuinotify - ok
22:09:42.0115 2708 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:09:42.0124 2708 srv - ok
22:09:42.0300 2708 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:09:42.0310 2708 srv2 - ok
22:09:42.0339 2708 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:09:42.0344 2708 srvnet - ok
22:09:42.0377 2708 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:09:42.0379 2708 SSDPSRV - ok
22:09:42.0404 2708 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:09:42.0410 2708 SstpSvc - ok
22:09:42.0607 2708 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:09:42.0609 2708 Stereo Service - ok
22:09:42.0651 2708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:09:42.0655 2708 stexstor - ok
22:09:42.0753 2708 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:09:42.0765 2708 stisvc - ok
22:09:42.0815 2708 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:09:42.0819 2708 storflt - ok
22:09:42.0858 2708 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
22:09:42.0862 2708 StorSvc - ok
22:09:42.0894 2708 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:09:42.0897 2708 storvsc - ok
22:09:42.0926 2708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:09:42.0929 2708 swenum - ok
22:09:43.0048 2708 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:09:43.0052 2708 swprv - ok
22:09:43.0516 2708 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:09:43.0561 2708 SysMain - ok
22:09:43.0727 2708 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:09:43.0728 2708 TabletInputService - ok
22:09:43.0777 2708 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
22:09:43.0780 2708 taphss - ok
22:09:43.0893 2708 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:09:44.0057 2708 TapiSrv - ok
22:09:44.0144 2708 TBPanel - ok
22:09:44.0228 2708 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:09:44.0229 2708 TBS - ok
22:09:44.0393 2708 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:09:44.0418 2708 Tcpip - ok
22:09:46.0020 2708 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:09:46.0029 2708 TCPIP6 - ok
22:09:46.0234 2708 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:09:46.0259 2708 tcpipreg - ok
22:09:46.0385 2708 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:09:46.0409 2708 TDPIPE - ok
22:09:46.0533 2708 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:09:46.0555 2708 TDTCP - ok
22:09:48.0435 2708 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:09:48.0440 2708 tdx - ok
22:09:50.0650 2708 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:09:50.0662 2708 TeamViewer7 - ok
22:09:50.0762 2708 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:09:50.0766 2708 TermDD - ok
22:09:50.0813 2708 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:09:50.0818 2708 TermService - ok
22:09:50.0841 2708 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:09:50.0845 2708 Themes - ok
22:09:50.0864 2708 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:09:50.0865 2708 THREADORDER - ok
22:09:50.0891 2708 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:09:50.0893 2708 TrkWks - ok
22:09:50.0935 2708 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:09:50.0936 2708 TrustedInstaller - ok
22:09:50.0963 2708 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:09:50.0966 2708 tssecsrv - ok
22:09:51.0005 2708 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:09:51.0009 2708 TsUsbFlt - ok
22:09:51.0064 2708 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:09:51.0069 2708 tunnel - ok
22:09:51.0087 2708 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:09:51.0092 2708 uagp35 - ok
22:09:51.0136 2708 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:09:51.0142 2708 udfs - ok
22:09:51.0174 2708 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:09:51.0179 2708 UI0Detect - ok
22:09:51.0205 2708 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:09:51.0209 2708 uliagpkx - ok
22:09:51.0245 2708 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:09:51.0249 2708 umbus - ok
22:09:51.0273 2708 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:09:51.0276 2708 UmPass - ok
22:09:51.0309 2708 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:09:51.0311 2708 UmRdpService - ok
22:09:51.0331 2708 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:09:51.0334 2708 upnphost - ok
22:09:51.0375 2708 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:09:51.0380 2708 usbaudio - ok
22:09:51.0405 2708 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
22:09:51.0409 2708 usbccgp - ok
22:09:51.0444 2708 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:09:51.0450 2708 usbcir - ok
22:09:51.0466 2708 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
22:09:51.0470 2708 usbehci - ok
22:09:51.0502 2708 usbfilter (b7037444dc5138fc7d3d3968b4de5c4b) C:\Windows\system32\DRIVERS\usbfilter.sys
22:09:51.0506 2708 usbfilter - ok
22:09:51.0538 2708 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
22:09:51.0546 2708 usbhub - ok
22:09:51.0566 2708 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
22:09:51.0569 2708 usbohci - ok
22:09:51.0597 2708 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:09:51.0600 2708 usbprint - ok
22:09:51.0634 2708 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:09:51.0637 2708 usbscan - ok
22:09:51.0649 2708 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:09:51.0654 2708 USBSTOR - ok
22:09:51.0679 2708 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
22:09:51.0682 2708 usbuhci - ok
22:09:51.0699 2708 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:09:51.0704 2708 UxSms - ok
22:09:51.0727 2708 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:09:51.0728 2708 VaultSvc - ok
22:09:51.0768 2708 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:09:51.0772 2708 vdrvroot - ok
22:09:51.0835 2708 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:09:51.0850 2708 vds - ok
22:09:51.0872 2708 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:09:51.0875 2708 vga - ok
22:09:51.0894 2708 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:09:51.0897 2708 VgaSave - ok
22:09:51.0919 2708 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:09:51.0926 2708 vhdmp - ok
22:09:51.0941 2708 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:09:51.0945 2708 viaide - ok
22:09:51.0967 2708 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:09:52.0026 2708 vmbus - ok
22:09:52.0052 2708 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:09:52.0055 2708 VMBusHID - ok
22:09:52.0097 2708 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:09:52.0102 2708 volmgr - ok
22:09:52.0146 2708 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:09:52.0148 2708 volmgrx - ok
22:09:52.0551 2708 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:09:52.0569 2708 volsnap - ok
22:09:52.0816 2708 vpnagent (cb7859f7029ac19e9b9c76aa0e5e79d2) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
22:09:52.0818 2708 vpnagent - ok
22:09:52.0870 2708 vpnva (a6ca1c89eb232697ca6369eb55729e48) C:\Windows\system32\DRIVERS\vpnva64.sys
22:09:52.0873 2708 vpnva - ok
22:09:52.0967 2708 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:09:52.0973 2708 vsmraid - ok
22:09:53.0086 2708 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:09:53.0096 2708 VSS - ok
22:09:53.0205 2708 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:09:53.0228 2708 vwifibus - ok
22:09:53.0405 2708 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:09:53.0408 2708 W32Time - ok
22:09:53.0455 2708 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:09:53.0458 2708 WacomPen - ok
22:09:53.0613 2708 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:09:53.0618 2708 WANARP - ok
22:09:53.0629 2708 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:09:53.0629 2708 Wanarpv6 - ok
22:09:53.0701 2708 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:09:53.0727 2708 wbengine - ok
22:09:53.0807 2708 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:09:53.0813 2708 WbioSrvc - ok
22:09:53.0892 2708 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
22:09:53.0907 2708 WcesComm - ok
22:09:53.0945 2708 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:09:53.0954 2708 wcncsvc - ok
22:09:53.0996 2708 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:09:54.0001 2708 WcsPlugInService - ok
22:09:54.0022 2708 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:09:54.0026 2708 Wd - ok
22:09:54.0064 2708 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:09:54.0084 2708 Wdf01000 - ok
22:09:54.0122 2708 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:09:54.0123 2708 WdiServiceHost - ok
22:09:54.0126 2708 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:09:54.0127 2708 WdiSystemHost - ok
22:09:54.0160 2708 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:09:54.0168 2708 WebClient - ok
22:09:54.0185 2708 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:09:54.0192 2708 Wecsvc - ok
22:09:54.0200 2708 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:09:54.0201 2708 wercplsupport - ok
22:09:54.0241 2708 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:09:54.0246 2708 WerSvc - ok
22:09:54.0262 2708 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:09:54.0264 2708 WfpLwf - ok
22:09:54.0281 2708 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:09:54.0285 2708 WIMMount - ok
22:09:54.0301 2708 WinDefend - ok
22:09:54.0305 2708 WinHttpAutoProxySvc - ok
22:09:54.0338 2708 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:09:54.0339 2708 Winmgmt - ok
22:09:54.0431 2708 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:09:54.0481 2708 WinRM - ok
22:09:54.0587 2708 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:09:54.0591 2708 WinUsb - ok
22:09:54.0653 2708 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:09:54.0736 2708 Wlansvc - ok
22:09:54.0761 2708 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:09:54.0761 2708 WmiAcpi - ok
22:09:54.0905 2708 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:09:54.0911 2708 wmiApSrv - ok
22:09:54.0963 2708 WMPNetworkSvc - ok
22:09:55.0025 2708 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:09:55.0028 2708 WPCSvc - ok
22:09:55.0109 2708 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:09:55.0111 2708 WPDBusEnum - ok
22:09:55.0137 2708 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:09:55.0140 2708 ws2ifsl - ok
22:09:55.0379 2708 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
22:09:55.0381 2708 wscsvc - ok
22:09:55.0383 2708 WSearch - ok
22:09:55.0559 2708 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:09:55.0574 2708 wuauserv - ok
22:09:55.0744 2708 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:09:55.0748 2708 WudfPf - ok
22:09:55.0806 2708 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:09:55.0867 2708 WUDFRd - ok
22:09:55.0951 2708 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:09:55.0953 2708 wudfsvc - ok
22:09:56.0034 2708 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:09:56.0056 2708 WwanSvc - ok
22:09:56.0523 2708 xhc200w - ok
22:09:56.0572 2708 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:09:56.0905 2708 \Device\Harddisk0\DR0 - ok
22:09:56.0912 2708 Boot (0x1200) (5de220d3c78181dbe3e9aa30f316c2f5) \Device\Harddisk0\DR0\Partition0
22:09:56.0913 2708 \Device\Harddisk0\DR0\Partition0 - ok
22:09:56.0978 2708 Boot (0x1200) (ba6eb7b4cd22a68e7d4bd02143c13b18) \Device\Harddisk0\DR0\Partition1
22:09:56.0986 2708 \Device\Harddisk0\DR0\Partition1 - ok
22:09:56.0997 2708 Boot (0x1200) (e36989913cf2676d004028a5b03c15c3) \Device\Harddisk0\DR0\Partition2
22:09:57.0012 2708 \Device\Harddisk0\DR0\Partition2 - ok
22:09:57.0036 2708 Boot (0x1200) (6f7658ea5bac05bd27f8383f2c12cc42) \Device\Harddisk0\DR0\Partition3
22:09:57.0037 2708 \Device\Harddisk0\DR0\Partition3 - ok
22:09:57.0038 2708 ============================================================
22:09:57.0038 2708 Scan finished
22:09:57.0038 2708 ============================================================
22:09:57.0046 3576 Detected object count: 0
22:09:57.0046 3576 Actual detected object count: 0
22:12:40.0866 4240 Deinitialize success
Code:
ATTFilter 07:42:19.0305 2180 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
07:42:19.0873 2180 ============================================================
07:42:19.0873 2180 Current date / time: 2012/07/02 07:42:19.0873
07:42:19.0873 2180 SystemInfo:
07:42:19.0873 2180
07:42:19.0873 2180 OS Version: 6.1.7601 ServicePack: 1.0
07:42:19.0873 2180 Product type: Workstation
07:42:19.0873 2180 ComputerName: FENRISWOLF-PC
07:42:19.0873 2180 UserName: Fenriswolf
07:42:19.0873 2180 Windows directory: C:\Windows
07:42:19.0873 2180 System windows directory: C:\Windows
07:42:19.0873 2180 Running under WOW64
07:42:19.0873 2180 Processor architecture: Intel x64
07:42:19.0873 2180 Number of processors: 4
07:42:19.0873 2180 Page size: 0x1000
07:42:19.0873 2180 Boot type: Normal boot
07:42:19.0873 2180 ============================================================
07:42:20.0177 2180 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:42:20.0184 2180 Drive \Device\Harddisk2\DR2 - Size: 0x2BAA1472000 (2794.52 Gb), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:42:30.0516 2180 ============================================================
07:42:30.0516 2180 \Device\Harddisk0\DR0:
07:42:30.0527 2180 MBR partitions:
07:42:30.0527 2180 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:42:30.0527 2180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C5800
07:42:30.0527 2180 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F8000, BlocksNum 0x51C98000
07:42:30.0527 2180 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x64190000, BlocksNum 0x10576000
07:42:30.0527 2180 \Device\Harddisk2\DR2:
07:42:30.0528 2180 GPT partitions:
07:42:30.0529 2180 \Device\Harddisk2\DR2\Partition0: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {14F1463F-2784-41E7-9A57-156618D26964}, Name: Microsoft reserved partition, StartLBA 0x6, BlocksNum 0x8000
07:42:30.0529 2180 \Device\Harddisk2\DR2\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {90A48255-B0A7-43BA-B6F1-93E4DAA821A7}, Name: Basic data partition, StartLBA 0x8100, BlocksNum 0x1E8A3200
07:42:30.0529 2180 \Device\Harddisk2\DR2\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7C7BD603-4F16-4545-84ED-56E71F093C26}, Name: Basic data partition, StartLBA 0x1E8AB300, BlocksNum 0xD1F6000
07:42:30.0529 2180 MBR partitions:
07:42:30.0529 2180 ============================================================
07:42:30.0542 2180 C: <-> \Device\Harddisk0\DR0\Partition1
07:42:30.0574 2180 D: <-> \Device\Harddisk0\DR0\Partition2
07:42:30.0606 2180 F: <-> \Device\Harddisk0\DR0\Partition3
07:42:30.0667 2180 J: <-> \Device\Harddisk2\DR2\Partition1
07:42:30.0713 2180 K: <-> \Device\Harddisk2\DR2\Partition2
07:42:30.0713 2180 ============================================================
07:42:30.0713 2180 Initialize success
07:42:30.0713 2180 ============================================================
07:42:47.0396 4744 ============================================================
07:42:47.0396 4744 Scan started
07:42:47.0396 4744 Mode: Manual; SigCheck; TDLFS;
07:42:47.0396 4744 ============================================================
07:42:47.0818 4744 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:42:47.0986 4744 1394ohci - ok
07:42:48.0037 4744 81535695 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\81535695.sys
07:42:48.0060 4744 81535695 - ok
07:42:48.0082 4744 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:42:48.0097 4744 ACPI - ok
07:42:48.0125 4744 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:42:48.0150 4744 AcpiPmi - ok
07:42:48.0249 4744 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:42:48.0260 4744 AdobeFlashPlayerUpdateSvc - ok
07:42:48.0316 4744 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:42:48.0331 4744 adp94xx - ok
07:42:48.0372 4744 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:42:48.0385 4744 adpahci - ok
07:42:48.0412 4744 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:42:48.0423 4744 adpu320 - ok
07:42:48.0454 4744 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:42:48.0495 4744 AeLookupSvc - ok
07:42:48.0567 4744 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
07:42:48.0811 4744 AFD - ok
07:42:48.0847 4744 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:42:48.0857 4744 agp440 - ok
07:42:48.0884 4744 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:42:48.0911 4744 ALG - ok
07:42:48.0925 4744 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:42:48.0935 4744 aliide - ok
07:42:48.0990 4744 ALSysIO - ok
07:42:49.0012 4744 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:42:49.0022 4744 amdide - ok
07:42:49.0048 4744 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:42:49.0085 4744 AmdK8 - ok
07:42:49.0101 4744 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:42:49.0124 4744 AmdPPM - ok
07:42:49.0149 4744 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
07:42:49.0160 4744 amdsata - ok
07:42:49.0180 4744 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:42:49.0192 4744 amdsbs - ok
07:42:49.0205 4744 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
07:42:49.0216 4744 amdxata - ok
07:42:49.0260 4744 amd_sata (bb4fe7889db9cbbe61a308e99697f53c) C:\Windows\system32\DRIVERS\amd_sata.sys
07:42:49.0269 4744 amd_sata - ok
07:42:49.0279 4744 amd_xata (5631cba53f1cbea3f9e88348e6723391) C:\Windows\system32\DRIVERS\amd_xata.sys
07:42:49.0287 4744 amd_xata - ok
07:42:49.0382 4744 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
07:42:49.0392 4744 AntiVirSchedulerService - ok
07:42:49.0436 4744 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
07:42:49.0446 4744 AntiVirService - ok
07:42:49.0475 4744 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:42:49.0544 4744 AppID - ok
07:42:49.0581 4744 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:42:49.0620 4744 AppIDSvc - ok
07:42:49.0669 4744 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:42:49.0708 4744 Appinfo - ok
07:42:49.0763 4744 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
07:42:49.0781 4744 AppMgmt - ok
07:42:49.0801 4744 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:42:49.0812 4744 arc - ok
07:42:49.0822 4744 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:42:49.0832 4744 arcsas - ok
07:42:49.0851 4744 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:42:49.0898 4744 AsyncMac - ok
07:42:49.0923 4744 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:42:49.0934 4744 atapi - ok
07:42:49.0968 4744 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
07:42:49.0977 4744 AtiPcie - ok
07:42:50.0048 4744 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:42:50.0285 4744 AudioEndpointBuilder - ok
07:42:50.0289 4744 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:42:50.0320 4744 AudioSrv - ok
07:42:50.0384 4744 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
07:42:50.0394 4744 avgntflt - ok
07:42:50.0449 4744 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
07:42:50.0460 4744 avipbb - ok
07:42:50.0471 4744 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
07:42:50.0480 4744 avkmgr - ok
07:42:50.0519 4744 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:42:50.0545 4744 AxInstSV - ok
07:42:50.0600 4744 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:42:50.0627 4744 b06bdrv - ok
07:42:50.0661 4744 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:42:50.0686 4744 b57nd60a - ok
07:42:50.0779 4744 Basics Service (55fed228fe147ecb9c47a1c55388896e) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
07:42:50.0788 4744 Basics Service - ok
07:42:50.0831 4744 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:42:50.0842 4744 BDESVC - ok
07:42:50.0852 4744 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:42:51.0089 4744 Beep - ok
07:42:51.0276 4744 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
07:42:51.0306 4744 BFE - ok
07:42:51.0345 4744 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
07:42:51.0391 4744 BITS - ok
07:42:51.0446 4744 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:42:51.0468 4744 blbdrive - ok
07:42:51.0552 4744 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
07:42:51.0565 4744 Bonjour Service - ok
07:42:51.0606 4744 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:42:51.0624 4744 bowser - ok
07:42:51.0647 4744 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:42:51.0666 4744 BrFiltLo - ok
07:42:51.0669 4744 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:42:51.0681 4744 BrFiltUp - ok
07:42:51.0728 4744 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:42:51.0769 4744 Browser - ok
07:42:51.0811 4744 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:42:51.0837 4744 Brserid - ok
07:42:51.0851 4744 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:42:51.0873 4744 BrSerWdm - ok
07:42:51.0875 4744 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:42:51.0893 4744 BrUsbMdm - ok
07:42:51.0898 4744 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:42:51.0935 4744 BrUsbSer - ok
07:42:51.0958 4744 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:42:51.0971 4744 BTHMODEM - ok
07:42:52.0000 4744 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:42:52.0043 4744 bthserv - ok
07:42:52.0079 4744 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:42:52.0106 4744 cdfs - ok
07:42:52.0156 4744 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
07:42:52.0177 4744 cdrom - ok
07:42:52.0218 4744 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:42:52.0244 4744 CertPropSvc - ok
07:42:52.0254 4744 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:42:52.0276 4744 circlass - ok
07:42:52.0304 4744 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:42:52.0318 4744 CLFS - ok
07:42:52.0379 4744 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:42:52.0390 4744 clr_optimization_v2.0.50727_32 - ok
07:42:52.0411 4744 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:42:52.0420 4744 clr_optimization_v2.0.50727_64 - ok
07:42:52.0474 4744 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:42:52.0485 4744 clr_optimization_v4.0.30319_32 - ok
07:42:52.0510 4744 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:42:52.0520 4744 clr_optimization_v4.0.30319_64 - ok
07:42:52.0534 4744 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:42:52.0552 4744 CmBatt - ok
07:42:52.0730 4744 cmdagent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
07:42:52.0977 4744 cmdagent - ok
07:42:53.0091 4744 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
07:42:53.0106 4744 cmdGuard - ok
07:42:53.0120 4744 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
07:42:53.0130 4744 cmdHlp - ok
07:42:53.0148 4744 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:42:53.0158 4744 cmdide - ok
07:42:53.0203 4744 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
07:42:53.0450 4744 CNG - ok
07:42:53.0522 4744 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:42:53.0533 4744 Compbatt - ok
07:42:53.0567 4744 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:42:53.0593 4744 CompositeBus - ok
07:42:53.0606 4744 COMSysApp - ok
07:42:53.0618 4744 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:42:53.0629 4744 crcdisk - ok
07:42:53.0666 4744 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
07:42:53.0892 4744 CryptSvc - ok
07:42:53.0982 4744 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
07:42:54.0260 4744 CSC - ok
07:42:54.0315 4744 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
07:42:54.0549 4744 CscService - ok
07:42:54.0643 4744 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:42:54.0883 4744 DcomLaunch - ok
07:42:54.0922 4744 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
07:42:54.0978 4744 defragsvc - ok
07:42:55.0029 4744 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:42:55.0074 4744 DfsC - ok
07:42:55.0131 4744 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
07:42:55.0159 4744 Dhcp - ok
07:42:55.0173 4744 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:42:55.0200 4744 discache - ok
07:42:55.0230 4744 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:42:55.0241 4744 Disk - ok
07:42:55.0267 4744 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
07:42:55.0288 4744 Dnscache - ok
07:42:55.0305 4744 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
07:42:55.0534 4744 dot3svc - ok
07:42:55.0617 4744 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
07:42:55.0859 4744 DPS - ok
07:42:55.0919 4744 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:42:56.0138 4744 drmkaud - ok
07:42:56.0301 4744 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:42:56.0320 4744 DXGKrnl - ok
07:42:56.0371 4744 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
07:42:56.0399 4744 EapHost - ok
07:42:56.0515 4744 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:42:56.0563 4744 ebdrv - ok
07:42:56.0657 4744 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
07:42:56.0679 4744 EFS - ok
07:42:56.0729 4744 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
07:42:56.0767 4744 ehRecvr - ok
07:42:56.0796 4744 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
07:42:56.0819 4744 ehSched - ok
07:42:56.0868 4744 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:42:56.0883 4744 elxstor - ok
07:42:56.0909 4744 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:42:56.0933 4744 ErrDev - ok
07:42:56.0974 4744 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
07:42:57.0004 4744 EventSystem - ok
07:42:57.0039 4744 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:42:57.0071 4744 exfat - ok
07:42:57.0089 4744 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:42:57.0118 4744 fastfat - ok
07:42:57.0152 4744 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
07:42:57.0175 4744 Fax - ok
07:42:57.0186 4744 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:42:57.0197 4744 fdc - ok
07:42:57.0203 4744 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
07:42:57.0238 4744 fdPHost - ok
07:42:57.0251 4744 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
07:42:57.0278 4744 FDResPub - ok
07:42:57.0291 4744 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:42:57.0302 4744 FileInfo - ok
07:42:57.0314 4744 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:42:57.0341 4744 Filetrace - ok
07:42:57.0354 4744 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:42:57.0365 4744 flpydisk - ok
07:42:57.0389 4744 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:42:57.0403 4744 FltMgr - ok
07:42:57.0474 4744 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
07:42:57.0512 4744 FontCache - ok
07:42:57.0566 4744 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:42:57.0575 4744 FontCache3.0.0.0 - ok
07:42:57.0588 4744 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:42:57.0802 4744 FsDepends - ok
07:42:57.0853 4744 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
07:42:57.0864 4744 Fs_Rec - ok
07:42:58.0016 4744 Futuremark SystemInfo Service (e231333acee7c9713ace10a7e0be89d2) C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
07:42:58.0286 4744 Futuremark SystemInfo Service - ok
07:42:58.0356 4744 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:42:58.0371 4744 fvevol - ok
07:42:58.0391 4744 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:42:58.0402 4744 gagp30kx - ok
07:42:58.0455 4744 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:42:58.0677 4744 gpsvc - ok
07:42:58.0810 4744 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:42:58.0820 4744 gupdate - ok
07:42:58.0839 4744 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:42:58.0848 4744 gupdatem - ok
07:42:58.0887 4744 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
07:42:58.0898 4744 gusvc - ok
07:42:58.0912 4744 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:42:58.0929 4744 hcw85cir - ok
07:42:58.0973 4744 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
07:42:58.0988 4744 HdAudAddService - ok
07:42:59.0028 4744 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:42:59.0057 4744 HDAudBus - ok
07:42:59.0065 4744 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:42:59.0082 4744 HidBatt - ok
07:42:59.0100 4744 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:42:59.0131 4744 HidBth - ok
07:42:59.0143 4744 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:42:59.0172 4744 HidIr - ok
07:42:59.0196 4744 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
07:42:59.0236 4744 hidserv - ok
07:42:59.0269 4744 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
07:42:59.0280 4744 HidUsb - ok
07:42:59.0330 4744 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:42:59.0576 4744 hkmsvc - ok
07:42:59.0647 4744 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:42:59.0680 4744 HomeGroupListener - ok
07:42:59.0719 4744 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:42:59.0938 4744 HomeGroupProvider - ok
07:43:00.0002 4744 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:43:00.0013 4744 HpSAMD - ok
07:43:00.0076 4744 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:43:00.0119 4744 HTTP - ok
07:43:00.0157 4744 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:43:00.0168 4744 hwpolicy - ok
07:43:00.0196 4744 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:43:00.0207 4744 i8042prt - ok
07:43:00.0256 4744 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
07:43:00.0270 4744 iaStorV - ok
07:43:00.0366 4744 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:43:00.0383 4744 idsvc - ok
07:43:00.0412 4744 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:43:00.0422 4744 iirsp - ok
07:43:00.0465 4744 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:43:00.0498 4744 IKEEXT - ok
07:43:00.0538 4744 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
07:43:00.0548 4744 inspect - ok
07:43:00.0652 4744 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
07:43:00.0686 4744 IntcAzAudAddService - ok
07:43:00.0748 4744 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:43:00.0759 4744 intelide - ok
07:43:00.0772 4744 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:43:00.0784 4744 intelppm - ok
07:43:00.0813 4744 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:43:00.0858 4744 IPBusEnum - ok
07:43:00.0884 4744 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:43:00.0923 4744 IpFilterDriver - ok
07:43:00.0968 4744 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
07:43:01.0199 4744 iphlpsvc - ok
07:43:01.0286 4744 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:43:01.0298 4744 IPMIDRV - ok
07:43:01.0344 4744 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:43:01.0592 4744 IPNAT - ok
07:43:01.0695 4744 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:43:01.0726 4744 IRENUM - ok
07:43:01.0786 4744 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:43:01.0796 4744 isapnp - ok
07:43:01.0831 4744 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:43:01.0844 4744 iScsiPrt - ok
07:43:01.0920 4744 JMB36X (0d2da1c6d8ed85f51e3758eae22455f2) C:\Windows\SysWOW64\XSrvSetup.exe
07:43:02.0071 4744 JMB36X - ok
07:43:02.0117 4744 JRAID (50de7dd7edb1b512b13666588aefbf6f) C:\Windows\system32\DRIVERS\jraid.sys
07:43:02.0127 4744 JRAID - ok
07:43:02.0149 4744 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:43:02.0370 4744 kbdclass - ok
07:43:02.0397 4744 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
07:43:02.0417 4744 kbdhid - ok
07:43:02.0457 4744 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:43:02.0468 4744 KeyIso - ok
07:43:02.0497 4744 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
07:43:02.0713 4744 KSecDD - ok
07:43:02.0731 4744 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
07:43:02.0799 4744 KSecPkg - ok
07:43:02.0968 4744 KSS (e47ffca0909871ac1bff0d446ff63ca9) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
07:43:02.0979 4744 KSS - ok
07:43:03.0002 4744 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:43:03.0046 4744 ksthunk - ok
07:43:03.0107 4744 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:43:03.0329 4744 KtmRm - ok
07:43:03.0390 4744 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
07:43:03.0431 4744 LanmanServer - ok
07:43:03.0477 4744 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:43:03.0735 4744 LanmanWorkstation - ok
07:43:03.0799 4744 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
07:43:03.0807 4744 LGBusEnum - ok
07:43:03.0845 4744 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
07:43:04.0042 4744 LGVirHid - ok
07:43:04.0073 4744 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:43:04.0313 4744 lltdio - ok
07:43:04.0343 4744 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:43:04.0584 4744 lltdsvc - ok
07:43:04.0624 4744 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:43:04.0651 4744 lmhosts - ok
07:43:04.0692 4744 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:43:04.0704 4744 LSI_FC - ok
07:43:04.0713 4744 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:43:04.0724 4744 LSI_SAS - ok
07:43:04.0731 4744 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:43:04.0742 4744 LSI_SAS2 - ok
07:43:04.0755 4744 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:43:04.0766 4744 LSI_SCSI - ok
07:43:04.0783 4744 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:43:04.0823 4744 luafv - ok
07:43:04.0957 4744 M4-Service (24029b00cd4fed07ca70a0c76219c619) C:\Users\Fenriswolf\Downloads\Portable\M4-Service.exe
07:43:04.0976 4744 M4-Service - ok
07:43:04.0983 4744 magicpvt - ok
07:43:05.0055 4744 MagicTuneEngine (86504fe0759d4dce38e997921062df6b) C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
07:43:05.0075 4744 MagicTuneEngine ( UnsignedFile.Multi.Generic ) - warning
07:43:05.0076 4744 MagicTuneEngine - detected UnsignedFile.Multi.Generic (1)
07:43:05.0106 4744 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
07:43:05.0132 4744 Mcx2Svc - ok
07:43:05.0148 4744 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:43:05.0158 4744 megasas - ok
07:43:05.0186 4744 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:43:05.0199 4744 MegaSR - ok
07:43:05.0264 4744 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
07:43:05.0488 4744 Microsoft Office Groove Audit Service - ok
07:43:05.0558 4744 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:43:05.0606 4744 MMCSS - ok
07:43:05.0638 4744 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:43:05.0892 4744 Modem - ok
07:43:06.0030 4744 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:43:06.0061 4744 monitor - ok
07:43:06.0113 4744 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:43:06.0123 4744 mouclass - ok
07:43:06.0145 4744 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:43:06.0164 4744 mouhid - ok
07:43:06.0195 4744 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:43:06.0206 4744 mountmgr - ok
07:43:06.0260 4744 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:43:06.0271 4744 MozillaMaintenance - ok
07:43:06.0293 4744 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:43:06.0304 4744 mpio - ok
07:43:06.0320 4744 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:43:06.0347 4744 mpsdrv - ok
07:43:06.0407 4744 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
07:43:06.0464 4744 MpsSvc - ok
07:43:06.0519 4744 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:43:06.0542 4744 MRxDAV - ok
07:43:06.0575 4744 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:43:06.0606 4744 mrxsmb - ok
07:43:06.0641 4744 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:43:06.0662 4744 mrxsmb10 - ok
07:43:06.0685 4744 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:43:06.0696 4744 mrxsmb20 - ok
07:43:06.0737 4744 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:43:06.0747 4744 msahci - ok
07:43:06.0774 4744 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:43:06.0785 4744 msdsm - ok
07:43:06.0815 4744 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:43:06.0828 4744 MSDTC - ok
07:43:06.0876 4744 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:43:06.0903 4744 Msfs - ok
07:43:06.0912 4744 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:43:06.0945 4744 mshidkmdf - ok
07:43:06.0967 4744 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:43:06.0978 4744 msisadrv - ok
07:43:06.0999 4744 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:43:07.0039 4744 MSiSCSI - ok
07:43:07.0042 4744 msiserver - ok
07:43:07.0058 4744 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:43:07.0085 4744 MSKSSRV - ok
07:43:07.0090 4744 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:43:07.0121 4744 MSPCLOCK - ok
07:43:07.0124 4744 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:43:07.0155 4744 MSPQM - ok
07:43:07.0196 4744 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:43:07.0211 4744 MsRPC - ok
07:43:07.0227 4744 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:43:07.0238 4744 mssmbios - ok
07:43:07.0251 4744 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:43:07.0285 4744 MSTEE - ok
07:43:07.0297 4744 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:43:07.0313 4744 MTConfig - ok
07:43:07.0331 4744 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:43:07.0342 4744 Mup - ok
07:43:07.0392 4744 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:43:07.0641 4744 napagent - ok
07:43:07.0808 4744 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:43:07.0840 4744 NativeWifiP - ok
07:43:07.0972 4744 NBService (5e8edd6a52e897c19ec6e149fe6c7a8e) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
07:43:08.0017 4744 NBService - ok
07:43:08.0080 4744 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:43:08.0125 4744 NDIS - ok
07:43:08.0147 4744 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:43:08.0383 4744 NdisCap - ok
07:43:08.0439 4744 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:43:08.0479 4744 NdisTapi - ok
07:43:08.0508 4744 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:43:08.0534 4744 Ndisuio - ok
07:43:08.0575 4744 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:43:08.0640 4744 NdisWan - ok
07:43:08.0676 4744 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:43:08.0721 4744 NDProxy - ok
07:43:08.0744 4744 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:43:08.0788 4744 NetBIOS - ok
07:43:08.0823 4744 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:43:08.0863 4744 NetBT - ok
07:43:08.0891 4744 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:43:08.0902 4744 Netlogon - ok
07:43:08.0950 4744 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:43:09.0194 4744 Netman - ok
07:43:09.0239 4744 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:43:09.0281 4744 netprofm - ok
07:43:09.0343 4744 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:43:09.0352 4744 NetTcpPortSharing - ok
07:43:09.0371 4744 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:43:09.0381 4744 nfrd960 - ok
07:43:09.0413 4744 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:43:09.0453 4744 NlaSvc - ok
07:43:09.0549 4744 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
07:43:09.0560 4744 NMIndexingService - ok
07:43:09.0570 4744 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:43:09.0597 4744 Npfs - ok
07:43:09.0613 4744 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:43:09.0651 4744 nsi - ok
07:43:09.0668 4744 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:43:09.0711 4744 nsiproxy - ok
07:43:09.0802 4744 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
07:43:09.0842 4744 Ntfs - ok
07:43:09.0916 4744 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:43:09.0952 4744 Null - ok
07:43:09.0985 4744 nusb3hub (b227e75ad10a142dd326b4cc8d73a6d9) C:\Windows\system32\DRIVERS\nusb3hub.sys
07:43:09.0999 4744 nusb3hub - ok
07:43:10.0036 4744 nusb3xhc (55959db860e4e484681586824d09e52c) C:\Windows\system32\DRIVERS\nusb3xhc.sys
07:43:10.0253 4744 nusb3xhc - ok
07:43:10.0355 4744 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
07:43:10.0365 4744 NVHDA - ok
07:43:10.0921 4744 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:43:11.0064 4744 nvlddmkm - ok
07:43:11.0168 4744 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
07:43:11.0179 4744 nvraid - ok
07:43:11.0198 4744 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
07:43:11.0210 4744 nvstor - ok
07:43:11.0299 4744 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
07:43:11.0325 4744 nvsvc - ok
07:43:11.0469 4744 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
07:43:11.0501 4744 nvUpdatusService - ok
07:43:11.0549 4744 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:43:11.0560 4744 nv_agp - ok
07:43:11.0636 4744 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:43:11.0661 4744 odserv - ok
07:43:11.0693 4744 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:43:11.0713 4744 ohci1394 - ok
07:43:11.0755 4744 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:43:11.0766 4744 ose - ok
07:43:11.0804 4744 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:43:11.0825 4744 p2pimsvc - ok
07:43:11.0852 4744 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:43:11.0866 4744 p2psvc - ok
07:43:11.0900 4744 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:43:11.0911 4744 Parport - ok
07:43:11.0942 4744 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
07:43:11.0975 4744 partmgr - ok
07:43:12.0008 4744 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:43:12.0039 4744 PcaSvc - ok
07:43:12.0073 4744 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:43:12.0085 4744 pci - ok
07:43:12.0090 4744 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:43:12.0100 4744 pciide - ok
07:43:12.0118 4744 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:43:12.0130 4744 pcmcia - ok
07:43:12.0144 4744 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:43:12.0154 4744 pcw - ok
07:43:12.0187 4744 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:43:12.0228 4744 PEAUTH - ok
07:43:12.0301 4744 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
07:43:12.0334 4744 PeerDistSvc - ok
07:43:12.0403 4744 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:43:12.0592 4744 PerfHost - ok
07:43:12.0855 4744 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:43:12.0897 4744 pla - ok
07:43:12.0954 4744 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:43:13.0128 4744 PlugPlay - ok
07:43:13.0161 4744 PnkBstrA - ok
07:43:13.0175 4744 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:43:13.0197 4744 PNRPAutoReg - ok
07:43:13.0220 4744 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:43:13.0233 4744 PNRPsvc - ok
07:43:13.0270 4744 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
07:43:13.0280 4744 Point64 - ok
07:43:13.0333 4744 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:43:13.0376 4744 PolicyAgent - ok
07:43:13.0400 4744 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:43:13.0441 4744 Power - ok
07:43:13.0512 4744 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:43:13.0552 4744 PptpMiniport - ok
07:43:13.0595 4744 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:43:13.0620 4744 Processor - ok
07:43:13.0646 4744 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
07:43:13.0689 4744 ProfSvc - ok
07:43:13.0724 4744 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:43:13.0735 4744 ProtectedStorage - ok
07:43:13.0773 4744 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:43:13.0800 4744 Psched - ok
07:43:13.0872 4744 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:43:13.0898 4744 ql2300 - ok
07:43:13.0983 4744 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:43:13.0994 4744 ql40xx - ok
07:43:14.0021 4744 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:43:14.0046 4744 QWAVE - ok
07:43:14.0057 4744 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:43:14.0082 4744 QWAVEdrv - ok
07:43:14.0144 4744 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
07:43:14.0156 4744 RapiMgr - ok
07:43:14.0168 4744 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:43:14.0202 4744 RasAcd - ok
07:43:14.0224 4744 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:43:14.0260 4744 RasAgileVpn - ok
07:43:14.0272 4744 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:43:14.0300 4744 RasAuto - ok
07:43:14.0333 4744 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:43:14.0578 4744 Rasl2tp - ok
07:43:14.0685 4744 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:43:14.0724 4744 RasMan - ok
07:43:14.0768 4744 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:43:14.0992 4744 RasPppoe - ok
07:43:15.0019 4744 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:43:15.0254 4744 RasSstp - ok
07:43:15.0300 4744 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:43:15.0554 4744 rdbss - ok
07:43:15.0604 4744 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:43:15.0617 4744 rdpbus - ok
07:43:15.0642 4744 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:43:15.0691 4744 RDPCDD - ok
07:43:15.0760 4744 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
07:43:15.0772 4744 RDPDR - ok
07:43:15.0794 4744 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:43:16.0044 4744 RDPENCDD - ok
07:43:16.0063 4744 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:43:16.0089 4744 RDPREFMP - ok
07:43:16.0135 4744 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
07:43:16.0157 4744 RDPWD - ok
07:43:16.0189 4744 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:43:16.0201 4744 rdyboost - ok
07:43:16.0222 4744 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:43:16.0264 4744 RemoteAccess - ok
07:43:16.0311 4744 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:43:16.0348 4744 RemoteRegistry - ok
07:43:16.0388 4744 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:43:16.0628 4744 RpcEptMapper - ok
07:43:16.0707 4744 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:43:16.0729 4744 RpcLocator - ok
07:43:16.0780 4744 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:43:16.0811 4744 RpcSs - ok
07:43:16.0860 4744 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:43:17.0102 4744 rspndr - ok
07:43:17.0220 4744 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
07:43:17.0246 4744 RTL8167 - ok
07:43:17.0273 4744 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
07:43:17.0479 4744 s3cap - ok
07:43:17.0499 4744 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:43:17.0510 4744 SamSs - ok
07:43:17.0632 4744 SbieDrv (495588414f5c62c333f1a69e17e5fb9f) C:\Program Files\Sandboxie\SbieDrv.sys
07:43:17.0644 4744 SbieDrv - ok
07:43:17.0686 4744 SbieSvc (099007b7a80e1917ffa110ce7785a3c9) C:\Program Files\Sandboxie\SbieSvc.exe
07:43:17.0696 4744 SbieSvc - ok
07:43:17.0715 4744 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:43:17.0726 4744 sbp2port - ok
07:43:17.0756 4744 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:43:17.0793 4744 SCardSvr - ok
07:43:17.0829 4744 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:43:17.0863 4744 scfilter - ok
07:43:17.0931 4744 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:43:17.0985 4744 Schedule - ok
07:43:18.0036 4744 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:43:18.0062 4744 SCPolicySvc - ok
07:43:18.0101 4744 ScreamBAudioSvc (490b0b68bb938d5c628ec4a67277be75) C:\Windows\system32\drivers\ScreamingBAudio64.sys
07:43:18.0110 4744 ScreamBAudioSvc - ok
07:43:18.0138 4744 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:43:18.0166 4744 SDRSVC - ok
07:43:18.0201 4744 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:43:18.0242 4744 secdrv - ok
07:43:18.0284 4744 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:43:18.0318 4744 seclogon - ok
07:43:18.0336 4744 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
07:43:18.0373 4744 SENS - ok
07:43:18.0389 4744 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:43:18.0413 4744 SensrSvc - ok
07:43:18.0429 4744 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:43:18.0440 4744 Serenum - ok
07:43:18.0448 4744 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:43:18.0460 4744 Serial - ok
07:43:18.0508 4744 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:43:18.0519 4744 sermouse - ok
07:43:18.0551 4744 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:43:18.0578 4744 SessionEnv - ok
07:43:18.0612 4744 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:43:18.0630 4744 sffdisk - ok
07:43:18.0647 4744 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:43:18.0670 4744 sffp_mmc - ok
07:43:18.0673 4744 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:43:18.0692 4744 sffp_sd - ok
07:43:18.0700 4744 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:43:18.0719 4744 sfloppy - ok
07:43:18.0744 4744 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
07:43:18.0781 4744 SharedAccess - ok
07:43:18.0818 4744 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:43:18.0847 4744 ShellHWDetection - ok
07:43:18.0855 4744 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:43:18.0865 4744 SiSRaid2 - ok
07:43:18.0875 4744 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:43:18.0885 4744 SiSRaid4 - ok
07:43:18.0964 4744 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
07:43:18.0973 4744 SkypeUpdate - ok
07:43:18.0990 4744 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:43:19.0023 4744 Smb - ok
07:43:19.0055 4744 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:43:19.0080 4744 SNMPTRAP - ok
07:43:19.0098 4744 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:43:19.0108 4744 spldr - ok
07:43:19.0149 4744 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:43:19.0179 4744 Spooler - ok
07:43:19.0307 4744 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:43:19.0370 4744 sppsvc - ok
07:43:19.0447 4744 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:43:19.0690 4744 sppuinotify - ok
07:43:19.0819 4744 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:43:19.0878 4744 srv - ok
07:43:19.0917 4744 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:43:19.0944 4744 srv2 - ok
07:43:19.0966 4744 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:43:19.0990 4744 srvnet - ok
07:43:20.0015 4744 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:43:20.0053 4744 SSDPSRV - ok
07:43:20.0070 4744 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:43:20.0098 4744 SstpSvc - ok
07:43:20.0200 4744 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
07:43:20.0212 4744 Stereo Service - ok
07:43:20.0252 4744 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:43:20.0262 4744 stexstor - ok
07:43:20.0328 4744 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:43:20.0371 4744 stisvc - ok
07:43:20.0402 4744 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
07:43:20.0413 4744 storflt - ok
07:43:20.0432 4744 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
07:43:20.0660 4744 StorSvc - ok
07:43:20.0705 4744 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
07:43:20.0715 4744 storvsc - ok
07:43:20.0724 4744 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:43:20.0734 4744 swenum - ok
07:43:20.0774 4744 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:43:20.0828 4744 swprv - ok
07:43:20.0912 4744 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:43:20.0972 4744 SysMain - ok
07:43:21.0058 4744 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:43:21.0074 4744 TabletInputService - ok
07:43:21.0106 4744 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
07:43:21.0115 4744 taphss - ok
07:43:21.0160 4744 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:43:21.0194 4744 TapiSrv - ok
07:43:21.0232 4744 TBPanel - ok
07:43:21.0243 4744 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:43:21.0282 4744 TBS - ok
07:43:21.0371 4744 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
07:43:21.0441 4744 Tcpip - ok
07:43:21.0546 4744 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
07:43:21.0576 4744 TCPIP6 - ok
07:43:21.0615 4744 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:43:21.0641 4744 tcpipreg - ok
07:43:21.0655 4744 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:43:21.0669 4744 TDPIPE - ok
07:43:21.0695 4744 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
07:43:21.0716 4744 TDTCP - ok
07:43:21.0755 4744 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:43:21.0781 4744 tdx - ok
07:43:21.0974 4744 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
07:43:22.0010 4744 TeamViewer7 - ok
07:43:22.0050 4744 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:43:22.0061 4744 TermDD - ok
07:43:22.0108 4744 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:43:22.0147 4744 TermService - ok
07:43:22.0154 4744 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:43:22.0179 4744 Themes - ok
07:43:22.0203 4744 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:43:22.0231 4744 THREADORDER - ok
07:43:22.0254 4744 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:43:22.0298 4744 TrkWks - ok
07:43:22.0331 4744 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:43:22.0371 4744 TrustedInstaller - ok
07:43:22.0401 4744 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:43:22.0427 4744 tssecsrv - ok
07:43:22.0460 4744 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:43:22.0471 4744 TsUsbFlt - ok
07:43:22.0511 4744 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:43:22.0780 4744 tunnel - ok
07:43:22.0819 4744 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:43:22.0830 4744 uagp35 - ok
07:43:22.0972 4744 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:43:23.0016 4744 udfs - ok
07:43:23.0069 4744 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:43:23.0094 4744 UI0Detect - ok
07:43:23.0127 4744 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:43:23.0337 4744 uliagpkx - ok
07:43:23.0411 4744 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
07:43:23.0435 4744 umbus - ok
07:43:23.0445 4744 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:43:23.0455 4744 UmPass - ok
07:43:23.0497 4744 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
07:43:23.0520 4744 UmRdpService - ok
07:43:23.0545 4744 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:43:23.0575 4744 upnphost - ok
07:43:23.0630 4744 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
07:43:23.0643 4744 usbaudio - ok
07:43:23.0668 4744 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
07:43:23.0689 4744 usbccgp - ok
07:43:23.0716 4744 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:43:23.0728 4744 usbcir - ok
07:43:23.0745 4744 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
07:43:23.0768 4744 usbehci - ok
07:43:23.0807 4744 usbfilter (b7037444dc5138fc7d3d3968b4de5c4b) C:\Windows\system32\DRIVERS\usbfilter.sys
07:43:23.0999 4744 usbfilter - ok
07:43:24.0155 4744 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
07:43:24.0384 4744 usbhub - ok
07:43:24.0405 4744 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
07:43:24.0619 4744 usbohci - ok
07:43:24.0653 4744 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:43:24.0677 4744 usbprint - ok
07:43:24.0722 4744 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:43:24.0735 4744 usbscan - ok
07:43:24.0763 4744 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:43:24.0782 4744 USBSTOR - ok
07:43:24.0810 4744 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
07:43:24.0831 4744 usbuhci - ok
07:43:24.0853 4744 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:43:24.0899 4744 UxSms - ok
07:43:24.0932 4744 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:43:24.0943 4744 VaultSvc - ok
07:43:24.0973 4744 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:43:24.0984 4744 vdrvroot - ok
07:43:25.0040 4744 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:43:25.0077 4744 vds - ok
07:43:25.0093 4744 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:43:25.0106 4744 vga - ok
07:43:25.0115 4744 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:43:25.0157 4744 VgaSave - ok
07:43:25.0182 4744 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:43:25.0194 4744 vhdmp - ok
07:43:25.0222 4744 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:43:25.0232 4744 viaide - ok
07:43:25.0266 4744 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
07:43:25.0475 4744 vmbus - ok
07:43:25.0500 4744 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
07:43:25.0533 4744 VMBusHID - ok
07:43:25.0552 4744 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:43:25.0768 4744 volmgr - ok
07:43:26.0113 4744 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:43:26.0188 4744 volmgrx - ok
07:43:26.0213 4744 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:43:26.0226 4744 volsnap - ok
07:43:26.0317 4744 vpnagent (cb7859f7029ac19e9b9c76aa0e5e79d2) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
07:43:26.0329 4744 vpnagent - ok
07:43:26.0374 4744 vpnva (a6ca1c89eb232697ca6369eb55729e48) C:\Windows\system32\DRIVERS\vpnva64.sys
07:43:26.0578 4744 vpnva - ok
07:43:26.0700 4744 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:43:26.0711 4744 vsmraid - ok
07:43:26.0790 4744 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:43:27.0057 4744 VSS - ok
07:43:27.0127 4744 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:43:27.0349 4744 vwifibus - ok
07:43:27.0403 4744 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:43:27.0433 4744 W32Time - ok
07:43:27.0451 4744 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:43:27.0462 4744 WacomPen - ok
07:43:27.0506 4744 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:43:27.0740 4744 WANARP - ok
07:43:27.0768 4744 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:43:27.0795 4744 Wanarpv6 - ok
07:43:27.0865 4744 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:43:27.0889 4744 wbengine - ok
07:43:27.0929 4744 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:43:28.0126 4744 WbioSrvc - ok
07:43:28.0266 4744 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
07:43:28.0280 4744 WcesComm - ok
07:43:28.0335 4744 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:43:28.0552 4744 wcncsvc - ok
07:43:28.0617 4744 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:43:28.0629 4744 WcsPlugInService - ok
07:43:28.0653 4744 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:43:28.0663 4744 Wd - ok
07:43:28.0703 4744 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:43:28.0721 4744 Wdf01000 - ok
07:43:28.0737 4744 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:43:28.0763 4744 WdiServiceHost - ok
07:43:28.0765 4744 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:43:28.0781 4744 WdiSystemHost - ok
07:43:28.0841 4744 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:43:28.0864 4744 WebClient - ok
07:43:28.0883 4744 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:43:28.0924 4744 Wecsvc - ok
07:43:28.0948 4744 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:43:28.0990 4744 wercplsupport - ok
07:43:29.0032 4744 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:43:29.0059 4744 WerSvc - ok
07:43:29.0110 4744 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:43:29.0136 4744 WfpLwf - ok
07:43:29.0154 4744 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:43:29.0164 4744 WIMMount - ok
07:43:29.0182 4744 WinDefend - ok
07:43:29.0186 4744 WinHttpAutoProxySvc - ok
07:43:29.0252 4744 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:43:29.0279 4744 Winmgmt - ok
07:43:29.0362 4744 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:43:29.0605 4744 WinRM - ok
07:43:29.0910 4744 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:43:29.0934 4744 WinUsb - ok
07:43:29.0986 4744 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:43:30.0007 4744 Wlansvc - ok
07:43:30.0025 4744 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:43:30.0036 4744 WmiAcpi - ok
07:43:30.0082 4744 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:43:30.0105 4744 wmiApSrv - ok
07:43:30.0119 4744 WMPNetworkSvc - ok
07:43:30.0136 4744 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:43:30.0148 4744 WPCSvc - ok
07:43:30.0190 4744 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:43:30.0203 4744 WPDBusEnum - ok
07:43:30.0235 4744 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:43:30.0261 4744 ws2ifsl - ok
07:43:30.0300 4744 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
07:43:30.0325 4744 wscsvc - ok
07:43:30.0328 4744 WSearch - ok
07:43:30.0426 4744 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
07:43:30.0594 4744 wuauserv - ok
07:43:30.0724 4744 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:43:30.0755 4744 WudfPf - ok
07:43:30.0782 4744 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:43:30.0820 4744 WUDFRd - ok
07:43:30.0858 4744 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:43:30.0884 4744 wudfsvc - ok
07:43:30.0908 4744 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:43:30.0930 4744 WwanSvc - ok
07:43:31.0001 4744 xhc200w - ok
07:43:31.0037 4744 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:43:31.0230 4744 \Device\Harddisk0\DR0 - ok
07:43:31.0241 4744 MBR (0x1B8) (4c54042f5b2569c9ddcf173120d730f9) \Device\Harddisk2\DR2
07:43:31.0840 4744 \Device\Harddisk2\DR2 - ok
07:43:31.0856 4744 Boot (0x1200) (5de220d3c78181dbe3e9aa30f316c2f5) \Device\Harddisk0\DR0\Partition0
07:43:31.0858 4744 \Device\Harddisk0\DR0\Partition0 - ok
07:43:31.0868 4744 Boot (0x1200) (ba6eb7b4cd22a68e7d4bd02143c13b18) \Device\Harddisk0\DR0\Partition1
07:43:31.0868 4744 \Device\Harddisk0\DR0\Partition1 - ok
07:43:31.0878 4744 Boot (0x1200) (e36989913cf2676d004028a5b03c15c3) \Device\Harddisk0\DR0\Partition2
07:43:31.0879 4744 \Device\Harddisk0\DR0\Partition2 - ok
07:43:31.0900 4744 Boot (0x1200) (6f7658ea5bac05bd27f8383f2c12cc42) \Device\Harddisk0\DR0\Partition3
07:43:31.0901 4744 \Device\Harddisk0\DR0\Partition3 - ok
07:43:31.0903 4744 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk2\DR2\Partition0
07:43:31.0904 4744 \Device\Harddisk2\DR2\Partition0 - ok
07:43:31.0908 4744 Boot (0x1200) (9b140f95e8d25147726c13a0c32126ad) \Device\Harddisk2\DR2\Partition1
07:43:31.0910 4744 \Device\Harddisk2\DR2\Partition1 - ok
07:43:31.0913 4744 Boot (0x1200) (bd7dff8f9ff40980f74f23121a35b9c1) \Device\Harddisk2\DR2\Partition2
07:43:31.0916 4744 \Device\Harddisk2\DR2\Partition2 - ok
07:43:31.0916 4744 ============================================================
07:43:31.0916 4744 Scan finished
07:43:31.0916 4744 ============================================================
07:43:31.0924 6176 Detected object count: 1
07:43:31.0925 6176 Actual detected object count: 1
07:44:31.0830 6176 MagicTuneEngine ( UnsignedFile.Multi.Generic ) - skipped by user
07:44:31.0830 6176 MagicTuneEngine ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:59:12.0320 5208 Deinitialize success
Defogger ausgeführt liefert: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:05 on 02/07/2012 (Fenriswolf)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Verschlüsselte Dateien konnte ich bislang auf meinem Rechner keine finden. Der RannohDecryptor hat diesbzgl. auch keine positive Meldung von sich gegeben. Ich hoffe auf eure Hilfe. Mit freundlichen Grüßen, Fenrirwolf Geändert von Fenrirwolf (02.07.2012 um 07:32 Uhr) Grund: OTL -Extras vergessen ;) |
|
02.07.2012, 08:23
| #2 |
| | TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky) Scan von MalwareBytes:
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.02.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Fenriswolf :: FENRISWOLF-PC [Administrator] 02.07.2012 08:43:30 mbam-log-2012-07-02 (08-43-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 263491 Laufzeit: 38 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
02.07.2012, 11:28
| #3 |
| /// Malware-holic   | TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky) hi
__________________welche seite wars? link bitte als private nachicht
__________________ |
|
02.07.2012, 12:21
| #4 | |
| | TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)Zitat:
die Quelle, die mir diesen Trojaner eingebrockt kann ich leider nicht identifizieren. Habe auch schon auf einem virtuellen System die Schritte bis zur Infizierung nachvollzogen, ohne jedoch eine erneute Infizierung auslösen zu können. Offenbar hat sich da ein Webmaster selbst auf die Suche begegeben oder er kam doch auf anderem Wege, auf jeden Fall konnte ich die Quelle dieses Übels nicht herausfinden. Erschwerend kommt an dieser Stelle hinzu, dass die History vom Tag des erstmaligen Auftreten von Symptomen im Iron nicht mehr vorhanden ist, jedoch kam es wie gesagt bei der Folge der Steps aus dem Gedächtnis zu keinerlei Problemen. VG Fenris |
|
02.07.2012, 14:22
| #5 |
| /// Malware-holic | TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky) hi für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.07.2012, 14:56
| #6 | |
| | TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)Zitat:
Mein Kaspersky Virus Removal Tool hat im Systembackup von Win7 noch einmal die Auslösende Datei gefunden, ich habe sie noch nicht gelöscht und könnte sie problemlos hochladen. (PS: Scan dauert noch 1 Tag an  ) |
|
02.07.2012, 15:52
| #7 | |
| /// Malware-holic | TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky) kannst du die fundmeldung von kaspersky posten? hmm ein tag, wäre mir zu lang. außerdem würde ich mir gern noch etwas ansehen, dazu müsste der scan erst mal unterbrochen werden, am besten später durchführen. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.07.2012, 16:16
| #8 |
| | TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky) Die Fundmeldung von kaspersky: Code:
ATTFilter Status: Schwachstelle (Ereignisse: 8)
01.07.2012 22:37:37 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/41917 C:\$Recycle.Bin\S-1-5-21-1253748911-1903929344-2575876875-1000\$RHO0ACG.exe Niedrig
02.07.2012 01:17:11 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/43293 C:\Documents and Settings\Fenriswolf\Downloads\TeamViewerPortable\TeamViewer.exe Niedrig
02.07.2012 03:48:02 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/49472 C:\Program Files\Java\jre6\bin\java.exe Niedrig
02.07.2012 04:22:02 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/42798 C:\Program Files (x86)\DVD Flick\imgburn\imgburn.exe Niedrig
02.07.2012 04:33:16 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/47333 C:\Program Files (x86)\IrfanView\i_view32.exe Niedrig
02.07.2012 04:33:24 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/49472 C:\Program Files (x86)\Java\jre6\bin\java.exe Niedrig
02.07.2012 04:36:39 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/42798 C:\Program Files (x86)\MajorSilence\DeVeDe\bin\ImgBurn.exe Niedrig
02.07.2012 04:54:44 Schwachstelle Schwachstelle hxxp://www.securelist.com/de/advisories/49472 C:\Programme\Java\jre6\bin\java.exe Niedrig
Status: Gelöscht (Ereignisse: 1)
01.07.2012 23:17:57 Gelöscht Trojanisches Programm Trojan-Ransom.Win32.Gimemo.vyp C:\Documents and Settings\Fenriswolf\AppData\Local\Temp\124kkk290347.exe Hoch
Status: Gefunden (Ereignisse: 1)
02.07.2012 15:07:01 Gefunden Trojanisches Programm Trojan-Ransom.Win32.Gimemo.vyp D:\FENRISWOLF-PC\Backup Set 2011-12-02 083425\Backup Files 2012-07-01 214844\Backup files 2.zip/C\Users\Fenriswolf\AppData\Roaming\w6j6rt45jtuhdre5.exe Hoch
Code:
ATTFilter ComboFix 12-07-02.01 - Fenriswolf 02.07.2012 17:35:01.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8189.3951 [GMT 2:00]
ausgeführt von:: C:\Users\Fenriswolf\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
((((((((((((((((((((((( Dateien erstellt von 2012-06-02 bis 2012-07-02 ))))))))))))))))))))))))))))))
2012-07-02 13:58:54 . 2012-07-02 13:58:54 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-02 06:40:52 . 2012-07-02 06:40:52 -------- d-----w- C:\Users\Fenriswolf\AppData\Roaming\Malwarebytes
2012-07-02 06:40:41 . 2012-07-02 06:40:41 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-02 06:40:39 . 2012-07-02 06:40:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-02 06:40:39 . 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-07-01 20:13:39 . 2012-07-01 20:16:58 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-07-01 20:13:39 . 2012-07-01 20:13:39 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-07-01 19:44:35 . 2012-05-31 04:04:02 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D00E4BF3-8397-47EE-9D0E-00132BE46263}\mpengine.dll
2012-06-25 07:44:03 . 2012-06-25 07:48:44 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-25 05:24:41 . 2012-06-25 05:24:41 16200 ----a-w- C:\Windows\stinger.sys
2012-06-25 05:23:40 . 2012-06-25 07:07:29 -------- d-----w- C:\Program Files (x86)\stinger
2012-06-24 18:55:30 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-24 18:55:30 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-24 18:55:30 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll
2012-06-24 18:55:30 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-24 18:55:08 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll
2012-06-24 18:55:08 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-24 18:55:08 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.dll
2012-06-24 18:54:56 . 2012-06-02 13:19:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-24 18:54:56 . 2012-06-02 13:15:12 36864 ----a-w- C:\Windows\system32\wuapp.exe
2012-06-14 07:24:11 . 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-06-14 07:24:11 . 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-06-14 07:24:11 . 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2012-06-14 07:24:06 . 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-06-14 07:24:04 . 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-14 07:24:04 . 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-14 07:24:03 . 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\system32\win32k.sys
2012-06-14 07:24:02 . 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-06-12 08:15:50 . 2012-06-12 08:15:50 -------- d-----w- C:\Users\Fenriswolf\AppData\Local\Macromedia
2012-06-12 08:15:46 . 2012-06-24 19:29:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 11:12:24 . 2012-06-06 11:12:24 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 11:12:24 . 2012-06-06 11:12:24 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
Code:
ATTFilter ComboFix 12-07-02.01 - Fenriswolf 02.07.2012 18:02:49.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8189.6044 [GMT 2:00]
ausgeführt von:: c:\users\Fenriswolf\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-02 bis 2012-07-02 ))))))))))))))))))))))))))))))
.
.
2012-07-02 16:11 . 2012-07-02 16:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-02 16:11 . 2012-07-02 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 13:58 . 2012-07-02 13:58 -------- d-----w- c:\program files (x86)\ESET
2012-07-02 06:40 . 2012-07-02 06:40 -------- d-----w- c:\users\Fenriswolf\AppData\Roaming\Malwarebytes
2012-07-02 06:40 . 2012-07-02 06:40 -------- d-----w- c:\programdata\Malwarebytes
2012-07-02 06:40 . 2012-07-02 06:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 06:40 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 20:13 . 2012-07-01 20:16 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-01 20:13 . 2012-07-01 20:13 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-07-01 19:44 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D00E4BF3-8397-47EE-9D0E-00132BE46263}\mpengine.dll
2012-06-25 07:44 . 2012-06-25 07:48 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-25 05:24 . 2012-06-25 05:24 16200 ----a-w- c:\windows\stinger.sys
2012-06-25 05:23 . 2012-06-25 07:07 -------- d-----w- c:\program files (x86)\stinger
2012-06-24 18:55 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 18:55 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 18:55 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 18:55 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 18:55 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 18:55 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 18:55 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 18:54 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 18:54 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 07:24 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 07:24 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 07:24 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 07:24 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 07:24 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 07:24 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 07:24 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 07:24 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 08:15 . 2012-06-12 08:15 -------- d-----w- c:\users\Fenriswolf\AppData\Local\Macromedia
2012-06-12 08:15 . 2012-06-24 19:29 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-06 11:12 . 2012-06-06 11:12 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 11:12 . 2012-06-06 11:12 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 19:29 . 2011-08-10 13:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 10:48 . 2012-05-25 07:13 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-05-25 07:13 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-25 07:13 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-25 07:13 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-25 07:13 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-05-25 07:13 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-09 05:57 . 2011-10-18 12:08 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 05:57 . 2011-10-18 12:08 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-18 11:49 . 2012-05-14 17:45 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 694032]
"GAINWARD"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2011-04-08 2265416]
"ManicTime"="d:\software\Nützliche Tools\ManicTimeUsb (Workflow-Manager)\ManicTime.exe" [2011-10-26 248656]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
"Infium"="c:\program files (x86)\jeak.de\QIP 2012 Jeak-Edition\qip.exe" [2012-03-23 7351760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"MagicRotation"="c:\program files (x86)\MagicRotation\MagicRotation\MagicPvt.exe" [2009-09-15 1819648]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"basicsmssmenu"="c:\program files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\Fenriswolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NCProTray.lnk - c:\program files (x86)\SEC\Natural Color Pro\NCProTray.exe [2011-2-19 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 136176]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-02-21 16008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 xhc200w;xhc200w;c:\users\FENRIS~1\AppData\Local\Temp\uPD720200\xhc200w.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-09-07 72280]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
S2 M4-Service;M4-Service;c:\users\Fenriswolf\Downloads\Portable\M4-Service.exe [2011-08-13 1003888]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S3 ALSysIO;ALSysIO;c:\users\FENRIS~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-02-21 22408]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-10-25 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-10-25 213504]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 19:30]
.
2012-07-02 c:\windows\Tasks\FaxArchive_CN19HDQ283.job
- c:\program files\HP\HP Officejet Pro 8500 A910\bin\FaxArchive.exe [2010-11-16 19:30]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 07:45]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 07:45]
.
2012-07-02 c:\windows\Tasks\QIPdater 2012.job
- c:\program files (x86)\jeak.de\QIP 2012 Jeak-Edition\qipdater.exe [2012-03-27 19:29]
.
2012-07-02 c:\windows\Tasks\qipdater.exe.job
- c:\program files (x86)\jeak.de\QIP 2010\qipdater.exe [2011-07-01 13:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Fenriswolf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube Download - c:\users\Fenriswolf\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Fenriswolf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 83.169.184.225 83.169.184.161
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
AddRemove-ESN Sonar-0.70.0 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:00,18,c9,15,f3,a5,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,d7,87,a6,6b,7d,76,4a,b7,15,8a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,d7,87,a6,6b,7d,76,4a,b7,15,8a,\
.
[HKEY_USERS\S-1-5-21-1253748911-1903929344-2575876875-1000\Software\SecuROM\License information*]
"datasecu"=hex:6a,fe,19,74,bc,25,48,29,e1,05,b4,bf,ef,b5,17,a4,75,56,04,72,1d,
8d,ac,1b,e5,9d,07,ad,6f,86,98,61,3c,c0,c3,df,d1,38,25,6a,84,af,47,3f,5f,08,\
"rkeysecu"=hex:09,91,2f,64,89,fb,76,45,05,6f,a5,52,4c,8d,b1,3e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-PNRS-MQX7-YBJ2-KYC5-84DP-JVBGBY1"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
c:\users\Fenriswolf\Downloads\Portable\M4-Capture.exe
c:\program files (x86)\MagicTune Premium\MagicTuneEngine.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-02 18:17:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-02 16:17
.
Vor Suchlauf: 19 Verzeichnis(se), 15.711.637.504 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 14.681.018.368 Bytes frei
.
- - End Of File - - 77E84970045CB6F50AFCFB4DF4EEBCBD
|
|
03.07.2012, 13:51
| #9 |
| /// Malware-holic | TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky) öffne malwarebytes, update, vollständiger scan, funde entfernen log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.07.2012, 17:59
| #10 |
| | TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky) Hallo Markus, also MBAM hat nichts gefunden, LOG: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.03.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Fenriswolf :: FENRISWOLF-PC [Administrator] 03.07.2012 15:13:20 mbam-log-2012-07-03 (15-13-20).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1109279 Laufzeit: 3 Stunde(n), 44 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) So, Eset ist fertig: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f6ab0595dfdb634da6d47a59afccd6df
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-03 08:21:06
# local_time=2012-07-03 10:21:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 73136 73136 0 0
# compatibility_mode=1792 16777215 100 0 22307026 22307026 0 0
# compatibility_mode=3073 16777213 80 71 9531380 16929171 0 0
# compatibility_mode=5893 16776573 100 94 74880 92876605 0 0
# compatibility_mode=8192 67108863 100 0 9221 9221 0 0
# scanned=881258
# found=12
# cleaned=0
# scan_time=13710
C:\Users\Fenriswolf\Downloads\CrystalDiskInfo4_2_0a-en.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Fenriswolf\Downloads\FreeStudio.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Fenriswolf\Downloads\SARDU_2.0.4.3\ISO\isolinux\ubcd\images\konboot.img.gz Win32/PSWTool.KonBoot.A application (unable to clean) 00000000000000000000000000000000 I
D:\FENRISWOLF-PC\Backup Set 2011-06-25 221147\Backup Files 2011-07-01 190001\Backup files 10.zip HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
D:\FENRISWOLF-PC\Backup Set 2011-12-02 083425\Backup Files 2012-04-01 205148\Backup files 17.zip Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
D:\FENRISWOLF-PC\Backup Set 2011-12-02 083425\Backup Files 2012-06-02 062038\Backup files 11.zip Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
D:\FENRISWOLF-PC\Backup Set 2011-12-02 083425\Backup Files 2012-07-01 214844\Backup files 2.zip a variant of Win32/Injector.TDK trojan (unable to clean) 00000000000000000000000000000000 I
D:\FENRISWOLF-PC\Backup Set 2011-12-02 083425\Backup Files 2012-07-01 214844\Backup files 26.zip Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
D:\Software\Nützliche Tools\SoftwareUpdateMOnitor 2.14 (sucht Updates für installierte Programme).exe Win32/Adware.Linkular application (unable to clean) 00000000000000000000000000000000 I
K:\sardu.iso Win32/PSWTool.KonBoot.A application (unable to clean) 00000000000000000000000000000000 I
K:\sardu_25-06-2012__10-06.iso Win32/PSWTool.KonBoot.A application (unable to clean) 00000000000000000000000000000000 I
K:\ISO\ubcd511.iso Win32/PSWTool.KonBoot.A application (unable to clean) 00000000000000000000000000000000 I
Geändert von Fenrirwolf (03.07.2012 um 18:18 Uhr) |
|
04.07.2012, 12:56
| #11 |
| /// Malware-holic | TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky) hab ich irgendwas von eset geschrieben? mache ausschließlich das, was hier steht, sonst kann ich mir anleitungen auch sparen. lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.07.2012, 13:22
| #12 | |
| | TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)Zitat:
Geändert von Fenrirwolf (04.07.2012 um 13:38 Uhr) |
|
04.07.2012, 21:55
| #13 |
| /// Malware-holic | TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky) deinstaliere: 3DMark AIDA64 Apple : alle Battlefield alle Battlelog Bonjour Call Of Cthulhu CrystalDiskInfo Drive Manager DVD Flick EasyBits Eraser ESET ESN FLV FreeFileSync Futuremark Geeks3D Google Earth HDD Health I.R.I ImgBurn JDownloader Kaspersky LibreOffice Lunascape6 MioMore MorphVOX Need For Speed™ Opera Origin Safari Scan Tailor SCREEN2EXE Skype Click Some PDF SQLite3 SyncToy TeraCopy teXXas Unigine Unity Windows 7 USB öffne bitte ccleaner, analysieren, starten öffne otl, cleanup, pc startet neu, testen wie der pc läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.07.2012, 09:23
| #14 |
| | TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky) @Markusg: Alles erledigt, System läuft genauso stabil wie vor der Massiv-Deinstall-Aktion (also problemlos)Brauchst du noch Logs oder ist nun alles im Reinen? Geändert von Fenrirwolf (05.07.2012 um 09:33 Uhr) |
|
06.07.2012, 17:59
| #15 |
| /// Malware-holic | TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky) jetzt sichern wir den pc noch ab: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie Download - Sandboxie 3.72 anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky) |
| .dll, antivir, diverse, firewall, geliefert, google, harddisk, internet, juli 2012, kaspersky, locker, modul, namen, nmbgmonitor.exe, nt.dll, nvidia, object, programm, prozesse, security, security scan, server, sigcheck, suche, tdss, temp, trojaner, trojaner board, unsignedfile.multi.generic, usb, windows, windows unlocker |
