| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.08.2012, 17:49
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbar Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.08.2012, 18:59
| #17 |
 | Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbarCode:
ATTFilter 19:52:33.0279 3616 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:52:33.0378 3616 ============================================================
19:52:33.0378 3616 Current date / time: 2012/08/11 19:52:33.0378
19:52:33.0378 3616 SystemInfo:
19:52:33.0378 3616
19:52:33.0378 3616 OS Version: 6.1.7601 ServicePack: 1.0
19:52:33.0378 3616 Product type: Workstation
19:52:33.0378 3616 ComputerName: MAX-PC
19:52:33.0379 3616 UserName: Max
19:52:33.0379 3616 Windows directory: C:\Windows
19:52:33.0379 3616 System windows directory: C:\Windows
19:52:33.0379 3616 Running under WOW64
19:52:33.0379 3616 Processor architecture: Intel x64
19:52:33.0379 3616 Number of processors: 2
19:52:33.0379 3616 Page size: 0x1000
19:52:33.0379 3616 Boot type: Normal boot
19:52:33.0379 3616 ============================================================
19:52:40.0561 3616 !crdlk
19:52:40.0739 3616 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
19:52:44.0800 3616 Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
19:52:44.0816 3616 ============================================================
19:52:44.0816 3616 \Device\Harddisk0\DR0:
19:52:44.0816 3616 MBR partitions:
19:52:44.0816 3616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
19:52:44.0816 3616 \Device\Harddisk1\DR1:
19:52:44.0816 3616 MBR partitions:
19:52:44.0816 3616 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x9501800
19:52:44.0816 3616 ============================================================
19:52:44.0840 3616 C: <-> \Device\Harddisk0\DR0\Partition0
19:52:44.0916 3616 D: <-> \Device\Harddisk1\DR1\Partition0
19:52:44.0937 3616 ============================================================
19:52:44.0937 3616 Initialize success
19:52:44.0937 3616 ============================================================
19:54:43.0087 3380 ============================================================
19:54:43.0087 3380 Scan started
19:54:43.0087 3380 Mode: Manual; SigCheck; TDLFS;
19:54:43.0087 3380 ============================================================
19:54:43.0916 3380 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:54:44.0041 3380 1394ohci - ok
19:54:44.0056 3380 Suspicious service (NoAccess): 614301f7bba3d83c
19:54:44.0103 3380 614301f7bba3d83c (71b9ac275b8aa2532ced1da75bfb13a1) C:\Windows\System32\Drivers\614301f7bba3d83c.sys
19:54:44.0103 3380 Suspicious file (NoAccess): C:\Windows\System32\Drivers\614301f7bba3d83c.sys. md5: 71b9ac275b8aa2532ced1da75bfb13a1
19:54:44.0119 3380 614301f7bba3d83c ( LockedService.Multi.Generic ) - warning
19:54:44.0119 3380 614301f7bba3d83c - detected LockedService.Multi.Generic (1)
19:54:44.0212 3380 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:54:44.0244 3380 ACPI - ok
19:54:44.0306 3380 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:54:44.0400 3380 AcpiPmi - ok
19:54:44.0541 3380 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:54:44.0556 3380 AdobeARMservice - ok
19:54:44.0619 3380 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:54:44.0634 3380 adp94xx - ok
19:54:44.0681 3380 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:54:44.0697 3380 adpahci - ok
19:54:44.0728 3380 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:54:44.0744 3380 adpu320 - ok
19:54:44.0791 3380 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:54:44.0931 3380 AeLookupSvc - ok
19:54:45.0025 3380 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:54:45.0087 3380 AFD - ok
19:54:45.0150 3380 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:54:45.0166 3380 agp440 - ok
19:54:45.0197 3380 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:54:45.0259 3380 ALG - ok
19:54:45.0291 3380 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:54:45.0306 3380 aliide - ok
19:54:45.0322 3380 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:54:45.0337 3380 amdide - ok
19:54:45.0384 3380 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:54:45.0447 3380 AmdK8 - ok
19:54:45.0478 3380 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:54:45.0509 3380 AmdPPM - ok
19:54:45.0572 3380 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:54:45.0572 3380 amdsata - ok
19:54:45.0619 3380 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:54:45.0634 3380 amdsbs - ok
19:54:45.0666 3380 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:54:45.0681 3380 amdxata - ok
19:54:45.0806 3380 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:54:45.0837 3380 AntiVirSchedulerService - ok
19:54:45.0900 3380 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:54:45.0916 3380 AntiVirService - ok
19:54:45.0978 3380 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:54:46.0134 3380 AppID - ok
19:54:46.0181 3380 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:54:46.0228 3380 AppIDSvc - ok
19:54:46.0291 3380 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:54:46.0337 3380 Appinfo - ok
19:54:46.0384 3380 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:54:46.0400 3380 arc - ok
19:54:46.0416 3380 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:54:46.0431 3380 arcsas - ok
19:54:46.0494 3380 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:54:46.0556 3380 AsyncMac - ok
19:54:46.0603 3380 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:54:46.0619 3380 atapi - ok
19:54:46.0681 3380 atksgt (64f07381335e37c142f6d176705ffca6) C:\Windows\system32\DRIVERS\atksgt.sys
19:54:46.0712 3380 atksgt - ok
19:54:46.0822 3380 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:54:46.0884 3380 AudioEndpointBuilder - ok
19:54:46.0916 3380 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:54:46.0947 3380 AudioSrv - ok
19:54:47.0025 3380 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
19:54:47.0041 3380 avgntflt - ok
19:54:47.0087 3380 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
19:54:47.0103 3380 avipbb - ok
19:54:47.0134 3380 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:54:47.0150 3380 avkmgr - ok
19:54:47.0212 3380 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:54:47.0306 3380 AxInstSV - ok
19:54:47.0353 3380 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:54:47.0416 3380 b06bdrv - ok
19:54:47.0462 3380 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:54:47.0525 3380 b57nd60a - ok
19:54:47.0744 3380 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:54:47.0775 3380 BDESVC - ok
19:54:47.0853 3380 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:54:47.0916 3380 Beep - ok
19:54:48.0009 3380 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:54:48.0056 3380 BFE - ok
19:54:48.0150 3380 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:54:48.0259 3380 BITS - ok
19:54:48.0337 3380 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:54:48.0384 3380 blbdrive - ok
19:54:48.0462 3380 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:54:48.0509 3380 bowser - ok
19:54:48.0541 3380 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:54:48.0619 3380 BrFiltLo - ok
19:54:48.0634 3380 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:54:48.0681 3380 BrFiltUp - ok
19:54:48.0728 3380 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:54:48.0791 3380 Browser - ok
19:54:48.0837 3380 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:54:48.0916 3380 Brserid - ok
19:54:48.0931 3380 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:54:48.0962 3380 BrSerWdm - ok
19:54:48.0978 3380 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:54:48.0994 3380 BrUsbMdm - ok
19:54:49.0009 3380 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:54:49.0025 3380 BrUsbSer - ok
19:54:49.0119 3380 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
19:54:49.0166 3380 BthEnum - ok
19:54:49.0212 3380 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:54:49.0244 3380 BTHMODEM - ok
19:54:49.0291 3380 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:54:49.0322 3380 BthPan - ok
19:54:49.0384 3380 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
19:54:49.0447 3380 BTHPORT - ok
19:54:49.0478 3380 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:54:49.0541 3380 bthserv - ok
19:54:49.0603 3380 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
19:54:49.0634 3380 BTHUSB - ok
19:54:49.0697 3380 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:54:49.0744 3380 cdfs - ok
19:54:49.0822 3380 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:54:49.0853 3380 cdrom - ok
19:54:49.0900 3380 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:54:49.0962 3380 CertPropSvc - ok
19:54:49.0994 3380 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:54:50.0009 3380 circlass - ok
19:54:50.0087 3380 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:54:50.0103 3380 CLFS - ok
19:54:50.0212 3380 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:54:50.0212 3380 clr_optimization_v2.0.50727_32 - ok
19:54:50.0291 3380 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:54:50.0306 3380 clr_optimization_v2.0.50727_64 - ok
19:54:50.0400 3380 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:54:50.0431 3380 clr_optimization_v4.0.30319_32 - ok
19:54:50.0494 3380 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:54:50.0509 3380 clr_optimization_v4.0.30319_64 - ok
19:54:50.0541 3380 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:54:50.0572 3380 CmBatt - ok
19:54:50.0619 3380 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:54:50.0634 3380 cmdide - ok
19:54:50.0728 3380 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:54:50.0822 3380 CNG - ok
19:54:50.0853 3380 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:54:50.0869 3380 Compbatt - ok
19:54:50.0931 3380 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:54:50.0962 3380 CompositeBus - ok
19:54:50.0978 3380 COMSysApp - ok
19:54:51.0025 3380 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:54:51.0025 3380 crcdisk - ok
19:54:51.0103 3380 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:54:51.0166 3380 CryptSvc - ok
19:54:51.0259 3380 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:54:51.0322 3380 DcomLaunch - ok
19:54:51.0400 3380 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:54:51.0462 3380 defragsvc - ok
19:54:51.0556 3380 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:54:51.0619 3380 DfsC - ok
19:54:51.0697 3380 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:54:51.0744 3380 Dhcp - ok
19:54:51.0806 3380 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:54:51.0853 3380 discache - ok
19:54:51.0900 3380 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:54:51.0916 3380 Disk - ok
19:54:51.0962 3380 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:54:52.0025 3380 Dnscache - ok
19:54:52.0087 3380 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:54:52.0150 3380 dot3svc - ok
19:54:52.0197 3380 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:54:52.0259 3380 DPS - ok
19:54:52.0306 3380 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:54:52.0337 3380 drmkaud - ok
19:54:52.0431 3380 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:54:52.0447 3380 dtsoftbus01 - ok
19:54:52.0572 3380 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:54:52.0603 3380 DXGKrnl - ok
19:54:52.0666 3380 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:54:52.0712 3380 EapHost - ok
19:54:52.0994 3380 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:54:53.0087 3380 ebdrv - ok
19:54:53.0244 3380 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:54:53.0291 3380 EFS - ok
19:54:53.0400 3380 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:54:53.0431 3380 ehRecvr - ok
19:54:53.0478 3380 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:54:53.0509 3380 ehSched - ok
19:54:53.0587 3380 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:54:53.0619 3380 elxstor - ok
19:54:53.0666 3380 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:54:53.0697 3380 ErrDev - ok
19:54:53.0806 3380 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:54:53.0884 3380 EventSystem - ok
19:54:53.0931 3380 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:54:53.0978 3380 exfat - ok
19:54:54.0041 3380 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:54:54.0103 3380 fastfat - ok
19:54:54.0197 3380 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:54:54.0259 3380 Fax - ok
19:54:54.0306 3380 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:54:54.0337 3380 fdc - ok
19:54:54.0384 3380 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:54:54.0447 3380 fdPHost - ok
19:54:54.0494 3380 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:54:54.0541 3380 FDResPub - ok
19:54:54.0603 3380 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:54:54.0619 3380 FileInfo - ok
19:54:54.0650 3380 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:54:54.0697 3380 Filetrace - ok
19:54:54.0759 3380 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:54:54.0791 3380 flpydisk - ok
19:54:54.0884 3380 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:54:54.0900 3380 FltMgr - ok
19:54:55.0025 3380 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:54:55.0103 3380 FontCache - ok
19:54:55.0244 3380 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:54:55.0244 3380 FontCache3.0.0.0 - ok
19:54:55.0306 3380 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:54:55.0322 3380 FsDepends - ok
19:54:55.0400 3380 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:54:55.0400 3380 Fs_Rec - ok
19:54:55.0478 3380 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:54:55.0509 3380 fvevol - ok
19:54:55.0525 3380 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:54:55.0541 3380 gagp30kx - ok
19:54:55.0650 3380 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:54:55.0728 3380 gpsvc - ok
19:54:55.0759 3380 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:54:55.0806 3380 hcw85cir - ok
19:54:55.0900 3380 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:54:55.0931 3380 HdAudAddService - ok
19:54:55.0962 3380 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:54:55.0994 3380 HDAudBus - ok
19:54:56.0041 3380 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:54:56.0072 3380 HidBatt - ok
19:54:56.0103 3380 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:54:56.0134 3380 HidBth - ok
19:54:56.0150 3380 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:54:56.0181 3380 HidIr - ok
19:54:56.0228 3380 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:54:56.0275 3380 hidserv - ok
19:54:56.0337 3380 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:54:56.0353 3380 HidUsb - ok
19:54:56.0416 3380 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:54:56.0478 3380 hkmsvc - ok
19:54:56.0541 3380 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:54:56.0587 3380 HomeGroupListener - ok
19:54:56.0666 3380 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:54:56.0697 3380 HomeGroupProvider - ok
19:54:56.0744 3380 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:54:56.0759 3380 HpSAMD - ok
19:54:56.0884 3380 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:54:56.0947 3380 HTTP - ok
19:54:57.0025 3380 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:54:57.0041 3380 hwpolicy - ok
19:54:57.0103 3380 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:54:57.0119 3380 i8042prt - ok
19:54:57.0197 3380 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:54:57.0212 3380 iaStorV - ok
19:54:57.0400 3380 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:54:57.0431 3380 idsvc - ok
19:54:57.0462 3380 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:54:57.0478 3380 iirsp - ok
19:54:57.0587 3380 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:54:57.0666 3380 IKEEXT - ok
19:54:57.0712 3380 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:54:57.0712 3380 intelide - ok
19:54:57.0759 3380 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:54:57.0791 3380 intelppm - ok
19:54:57.0837 3380 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:54:57.0900 3380 IPBusEnum - ok
19:54:57.0947 3380 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:54:57.0994 3380 IpFilterDriver - ok
19:54:58.0119 3380 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:54:58.0166 3380 iphlpsvc - ok
19:54:58.0228 3380 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:54:58.0259 3380 IPMIDRV - ok
19:54:58.0306 3380 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:54:58.0337 3380 IPNAT - ok
19:54:58.0369 3380 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:54:58.0400 3380 IRENUM - ok
19:54:58.0447 3380 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:54:58.0447 3380 isapnp - ok
19:54:58.0494 3380 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:54:58.0509 3380 iScsiPrt - ok
19:54:58.0697 3380 jswpsapi (78d233d835a8876035ac559afe02b940) C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe
19:54:58.0744 3380 jswpsapi ( UnsignedFile.Multi.Generic ) - warning
19:54:58.0744 3380 jswpsapi - detected UnsignedFile.Multi.Generic (1)
19:54:58.0806 3380 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
19:54:58.0869 3380 JSWPSLWF - ok
19:54:58.0947 3380 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:54:58.0962 3380 kbdclass - ok
19:54:59.0009 3380 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:54:59.0041 3380 kbdhid - ok
19:54:59.0103 3380 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:54:59.0103 3380 KeyIso - ok
19:54:59.0166 3380 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:54:59.0181 3380 KSecDD - ok
19:54:59.0259 3380 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:54:59.0259 3380 KSecPkg - ok
19:54:59.0322 3380 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:54:59.0369 3380 ksthunk - ok
19:54:59.0431 3380 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:54:59.0494 3380 KtmRm - ok
19:54:59.0587 3380 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:54:59.0650 3380 LanmanServer - ok
19:54:59.0697 3380 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:54:59.0759 3380 LanmanWorkstation - ok
19:54:59.0822 3380 lirsgt (83ba097acaad0b00505634a62d90f93a) C:\Windows\system32\DRIVERS\lirsgt.sys
19:54:59.0837 3380 lirsgt - ok
19:54:59.0884 3380 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:54:59.0947 3380 lltdio - ok
19:55:00.0009 3380 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:55:00.0087 3380 lltdsvc - ok
19:55:00.0119 3380 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:55:00.0166 3380 lmhosts - ok
19:55:00.0197 3380 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:55:00.0212 3380 LSI_FC - ok
19:55:00.0228 3380 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:55:00.0244 3380 LSI_SAS - ok
19:55:00.0275 3380 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:55:00.0291 3380 LSI_SAS2 - ok
19:55:00.0306 3380 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:55:00.0322 3380 LSI_SCSI - ok
19:55:00.0400 3380 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:55:00.0447 3380 luafv - ok
19:55:00.0509 3380 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
19:55:00.0556 3380 ManyCam - ok
19:55:00.0634 3380 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:55:00.0666 3380 Mcx2Svc - ok
19:55:00.0712 3380 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:55:00.0712 3380 megasas - ok
19:55:00.0759 3380 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:55:00.0775 3380 MegaSR - ok
19:55:00.0806 3380 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:55:00.0869 3380 MMCSS - ok
19:55:00.0931 3380 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:55:00.0978 3380 Modem - ok
19:55:01.0025 3380 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:55:01.0056 3380 monitor - ok
19:55:01.0134 3380 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:55:01.0150 3380 mouclass - ok
19:55:01.0197 3380 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:55:01.0228 3380 mouhid - ok
19:55:01.0275 3380 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:55:01.0291 3380 mountmgr - ok
19:55:01.0400 3380 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:55:01.0416 3380 MozillaMaintenance - ok
19:55:01.0478 3380 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:55:01.0494 3380 mpio - ok
19:55:01.0556 3380 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:55:01.0587 3380 mpsdrv - ok
19:55:01.0697 3380 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:55:01.0759 3380 MpsSvc - ok
19:55:01.0806 3380 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:55:01.0837 3380 MRxDAV - ok
19:55:01.0916 3380 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:55:01.0962 3380 mrxsmb - ok
19:55:02.0259 3380 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:55:02.0306 3380 mrxsmb10 - ok
19:55:02.0353 3380 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:55:02.0369 3380 mrxsmb20 - ok
19:55:02.0416 3380 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:55:02.0431 3380 msahci - ok
19:55:02.0478 3380 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:55:02.0478 3380 msdsm - ok
19:55:02.0541 3380 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:55:02.0572 3380 MSDTC - ok
19:55:02.0634 3380 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:55:02.0666 3380 Msfs - ok
19:55:02.0681 3380 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:55:02.0744 3380 mshidkmdf - ok
19:55:02.0775 3380 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:55:02.0791 3380 msisadrv - ok
19:55:02.0837 3380 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:55:02.0900 3380 MSiSCSI - ok
19:55:02.0916 3380 msiserver - ok
19:55:02.0978 3380 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:55:03.0041 3380 MSKSSRV - ok
19:55:03.0072 3380 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:55:03.0119 3380 MSPCLOCK - ok
19:55:03.0150 3380 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:55:03.0197 3380 MSPQM - ok
19:55:03.0259 3380 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:55:03.0291 3380 MsRPC - ok
19:55:03.0353 3380 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:55:03.0369 3380 mssmbios - ok
19:55:03.0384 3380 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:55:03.0447 3380 MSTEE - ok
19:55:03.0478 3380 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:55:03.0509 3380 MTConfig - ok
19:55:03.0541 3380 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:55:03.0556 3380 Mup - ok
19:55:03.0634 3380 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:55:03.0697 3380 napagent - ok
19:55:03.0775 3380 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:55:03.0822 3380 NativeWifiP - ok
19:55:03.0916 3380 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:55:03.0947 3380 NDIS - ok
19:55:03.0962 3380 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:55:04.0025 3380 NdisCap - ok
19:55:04.0056 3380 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:55:04.0119 3380 NdisTapi - ok
19:55:04.0197 3380 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:55:04.0244 3380 Ndisuio - ok
19:55:04.0306 3380 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:55:04.0353 3380 NdisWan - ok
19:55:04.0400 3380 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:55:04.0462 3380 NDProxy - ok
19:55:04.0509 3380 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:55:04.0572 3380 NetBIOS - ok
19:55:04.0666 3380 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:55:04.0728 3380 NetBT - ok
19:55:04.0759 3380 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:55:04.0759 3380 Netlogon - ok
19:55:04.0837 3380 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:55:04.0916 3380 Netman - ok
19:55:04.0978 3380 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:55:05.0041 3380 netprofm - ok
19:55:05.0150 3380 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:55:05.0166 3380 NetTcpPortSharing - ok
19:55:05.0197 3380 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:55:05.0212 3380 nfrd960 - ok
19:55:05.0291 3380 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:55:05.0353 3380 NlaSvc - ok
19:55:05.0400 3380 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:55:05.0431 3380 Npfs - ok
19:55:05.0478 3380 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:55:05.0525 3380 nsi - ok
19:55:05.0587 3380 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:55:05.0634 3380 nsiproxy - ok
19:55:05.0759 3380 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:55:05.0806 3380 Ntfs - ok
19:55:05.0962 3380 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:55:06.0009 3380 Null - ok
19:55:06.0791 3380 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:55:07.0212 3380 nvlddmkm - ok
19:55:07.0447 3380 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:55:07.0462 3380 nvraid - ok
19:55:07.0541 3380 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:55:07.0556 3380 nvstor - ok
19:55:07.0603 3380 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
19:55:07.0619 3380 nvsvc - ok
19:55:07.0681 3380 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:55:07.0697 3380 nv_agp - ok
19:55:07.0744 3380 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:55:07.0775 3380 ohci1394 - ok
19:55:07.0853 3380 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:55:07.0900 3380 p2pimsvc - ok
19:55:07.0962 3380 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:55:07.0978 3380 p2psvc - ok
19:55:08.0041 3380 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:55:08.0041 3380 Parport - ok
19:55:08.0103 3380 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:55:08.0119 3380 partmgr - ok
19:55:08.0181 3380 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
19:55:08.0197 3380 PCAMp50a64 - ok
19:55:08.0259 3380 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
19:55:08.0275 3380 PCASp50a64 - ok
19:55:08.0322 3380 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:55:08.0369 3380 PcaSvc - ok
19:55:08.0462 3380 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:55:08.0478 3380 pci - ok
19:55:08.0509 3380 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:55:08.0525 3380 pciide - ok
19:55:08.0587 3380 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:55:08.0603 3380 pcmcia - ok
19:55:08.0634 3380 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:55:08.0650 3380 pcw - ok
19:55:08.0712 3380 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:55:08.0759 3380 PEAUTH - ok
19:55:08.0869 3380 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:55:08.0900 3380 PerfHost - ok
19:55:09.0056 3380 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:55:09.0134 3380 pla - ok
19:55:09.0197 3380 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:55:09.0228 3380 PlugPlay - ok
19:55:09.0259 3380 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:55:09.0275 3380 PNRPAutoReg - ok
19:55:09.0322 3380 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:55:09.0337 3380 PNRPsvc - ok
19:55:09.0431 3380 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:55:09.0494 3380 PolicyAgent - ok
19:55:09.0556 3380 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:55:09.0619 3380 Power - ok
19:55:09.0712 3380 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:55:09.0744 3380 PptpMiniport - ok
19:55:09.0791 3380 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:55:09.0822 3380 Processor - ok
19:55:09.0884 3380 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:55:09.0900 3380 ProfSvc - ok
19:55:09.0962 3380 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:55:09.0978 3380 ProtectedStorage - ok
19:55:10.0056 3380 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:55:10.0103 3380 Psched - ok
19:55:10.0181 3380 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
19:55:10.0197 3380 PSI - ok
19:55:10.0306 3380 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:55:10.0353 3380 ql2300 - ok
19:55:10.0525 3380 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:55:10.0525 3380 ql40xx - ok
19:55:10.0587 3380 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:55:10.0619 3380 QWAVE - ok
19:55:10.0666 3380 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:55:10.0697 3380 QWAVEdrv - ok
19:55:10.0728 3380 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:55:10.0791 3380 RasAcd - ok
19:55:10.0853 3380 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:55:10.0884 3380 RasAgileVpn - ok
19:55:10.0916 3380 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:55:10.0978 3380 RasAuto - ok
19:55:11.0056 3380 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:55:11.0103 3380 Rasl2tp - ok
19:55:11.0181 3380 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:55:11.0244 3380 RasMan - ok
19:55:11.0306 3380 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:55:11.0369 3380 RasPppoe - ok
19:55:11.0400 3380 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:55:11.0462 3380 RasSstp - ok
19:55:11.0572 3380 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:55:11.0634 3380 rdbss - ok
19:55:11.0666 3380 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:55:11.0697 3380 rdpbus - ok
19:55:11.0744 3380 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:55:11.0806 3380 RDPCDD - ok
19:55:11.0837 3380 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:55:11.0900 3380 RDPENCDD - ok
19:55:11.0947 3380 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:55:11.0978 3380 RDPREFMP - ok
19:55:12.0056 3380 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:55:12.0087 3380 RDPWD - ok
19:55:12.0150 3380 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:55:12.0166 3380 rdyboost - ok
19:55:12.0228 3380 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:55:12.0275 3380 RemoteAccess - ok
19:55:12.0337 3380 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:55:12.0400 3380 RemoteRegistry - ok
19:55:12.0478 3380 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:55:12.0509 3380 RFCOMM - ok
19:55:12.0556 3380 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:55:12.0619 3380 RpcEptMapper - ok
19:55:12.0650 3380 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:55:12.0681 3380 RpcLocator - ok
19:55:12.0775 3380 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:55:12.0806 3380 RpcSs - ok
19:55:12.0869 3380 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:55:12.0931 3380 rspndr - ok
19:55:13.0025 3380 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:55:13.0041 3380 RTL8167 - ok
19:55:13.0119 3380 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:55:13.0119 3380 SamSs - ok
19:55:13.0181 3380 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:55:13.0197 3380 sbp2port - ok
19:55:13.0259 3380 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:55:13.0291 3380 SCardSvr - ok
19:55:13.0353 3380 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:55:13.0400 3380 scfilter - ok
19:55:13.0525 3380 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:55:13.0603 3380 Schedule - ok
19:55:13.0650 3380 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:55:13.0681 3380 SCPolicySvc - ok
19:55:13.0744 3380 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:55:13.0806 3380 SDRSVC - ok
19:55:13.0884 3380 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:55:13.0947 3380 secdrv - ok
19:55:13.0978 3380 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:55:14.0041 3380 seclogon - ok
19:55:14.0197 3380 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
19:55:14.0228 3380 Secunia PSI Agent - ok
19:55:14.0275 3380 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
19:55:14.0291 3380 Secunia Update Agent - ok
19:55:14.0431 3380 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:55:14.0494 3380 SENS - ok
19:55:14.0541 3380 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:55:14.0556 3380 SensrSvc - ok
19:55:14.0650 3380 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:55:14.0650 3380 Serenum - ok
19:55:14.0681 3380 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:55:14.0728 3380 Serial - ok
19:55:14.0759 3380 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:55:14.0791 3380 sermouse - ok
19:55:14.0869 3380 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:55:14.0931 3380 SessionEnv - ok
19:55:14.0962 3380 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:55:15.0009 3380 sffdisk - ok
19:55:15.0041 3380 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:55:15.0072 3380 sffp_mmc - ok
19:55:15.0103 3380 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:55:15.0119 3380 sffp_sd - ok
19:55:15.0150 3380 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:55:15.0150 3380 sfloppy - ok
19:55:15.0212 3380 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:55:15.0275 3380 SharedAccess - ok
19:55:15.0369 3380 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:55:15.0431 3380 ShellHWDetection - ok
19:55:15.0462 3380 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:55:15.0478 3380 SiSRaid2 - ok
19:55:15.0509 3380 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:55:15.0509 3380 SiSRaid4 - ok
19:55:15.0541 3380 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:55:15.0603 3380 Smb - ok
19:55:15.0650 3380 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:55:15.0697 3380 SNMPTRAP - ok
19:55:16.0369 3380 SNPSTD3 (37d91c6385bb1104d67925fc43800ed0) C:\Windows\system32\DRIVERS\snpstd3.sys
19:55:16.0744 3380 SNPSTD3 - ok
19:55:16.0916 3380 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:55:16.0931 3380 spldr - ok
19:55:17.0025 3380 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:55:17.0072 3380 Spooler - ok
19:55:17.0322 3380 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:55:17.0462 3380 sppsvc - ok
19:55:17.0619 3380 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:55:17.0666 3380 sppuinotify - ok
19:55:17.0791 3380 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:55:17.0853 3380 srv - ok
19:55:17.0900 3380 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:55:17.0947 3380 srv2 - ok
19:55:17.0994 3380 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:55:18.0025 3380 srvnet - ok
19:55:18.0087 3380 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:55:18.0150 3380 SSDPSRV - ok
19:55:18.0212 3380 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:55:18.0244 3380 SstpSvc - ok
19:55:18.0306 3380 Steam Client Service - ok
19:55:18.0337 3380 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:55:18.0353 3380 stexstor - ok
19:55:18.0447 3380 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:55:18.0478 3380 stisvc - ok
19:55:18.0541 3380 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:55:18.0556 3380 swenum - ok
19:55:18.0603 3380 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:55:18.0681 3380 swprv - ok
19:55:18.0822 3380 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:55:18.0884 3380 SysMain - ok
19:55:19.0056 3380 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:55:19.0087 3380 TabletInputService - ok
19:55:19.0181 3380 tap0901 (4ef44915e522f3ecd1a3ff540aa64126) C:\Windows\system32\DRIVERS\tap0901.sys
19:55:19.0228 3380 tap0901 - ok
19:55:19.0275 3380 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:55:19.0337 3380 TapiSrv - ok
19:55:19.0384 3380 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:55:19.0416 3380 TBS - ok
19:55:19.0619 3380 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:55:19.0681 3380 Tcpip - ok
19:55:19.0900 3380 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:55:19.0931 3380 TCPIP6 - ok
19:55:20.0087 3380 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:55:20.0134 3380 tcpipreg - ok
19:55:20.0197 3380 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:55:20.0244 3380 TDPIPE - ok
19:55:20.0306 3380 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:55:20.0337 3380 TDTCP - ok
19:55:20.0431 3380 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:55:20.0478 3380 tdx - ok
19:55:20.0556 3380 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:55:20.0572 3380 TermDD - ok
19:55:20.0666 3380 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:55:20.0744 3380 TermService - ok
19:55:20.0806 3380 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:55:20.0837 3380 Themes - ok
19:55:20.0884 3380 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:55:20.0931 3380 THREADORDER - ok
19:55:20.0994 3380 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:55:21.0056 3380 TrkWks - ok
19:55:21.0166 3380 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:55:21.0212 3380 TrustedInstaller - ok
19:55:21.0275 3380 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:55:21.0306 3380 tssecsrv - ok
19:55:21.0384 3380 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:55:21.0431 3380 TsUsbFlt - ok
19:55:21.0525 3380 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:55:21.0572 3380 tunnel - ok
19:55:21.0619 3380 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:55:21.0634 3380 uagp35 - ok
19:55:21.0712 3380 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:55:21.0744 3380 udfs - ok
19:55:21.0806 3380 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:55:21.0837 3380 UI0Detect - ok
19:55:21.0884 3380 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:55:21.0900 3380 uliagpkx - ok
19:55:21.0962 3380 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:55:21.0978 3380 umbus - ok
19:55:22.0025 3380 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:55:22.0025 3380 UmPass - ok
19:55:22.0087 3380 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:55:22.0150 3380 upnphost - ok
19:55:22.0212 3380 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:55:22.0228 3380 usbaudio - ok
19:55:22.0306 3380 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:55:22.0353 3380 usbccgp - ok
19:55:22.0416 3380 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:55:22.0431 3380 usbcir - ok
19:55:22.0494 3380 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:55:22.0525 3380 usbehci - ok
19:55:22.0587 3380 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:55:22.0634 3380 usbhub - ok
19:55:22.0666 3380 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:55:22.0697 3380 usbohci - ok
19:55:22.0744 3380 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:55:22.0775 3380 usbprint - ok
19:55:22.0822 3380 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:55:22.0869 3380 USBSTOR - ok
19:55:22.0900 3380 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:55:22.0931 3380 usbuhci - ok
19:55:22.0994 3380 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:55:23.0056 3380 UxSms - ok
19:55:23.0103 3380 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:55:23.0119 3380 VaultSvc - ok
19:55:23.0181 3380 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:55:23.0197 3380 vdrvroot - ok
19:55:23.0291 3380 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:55:23.0322 3380 vds - ok
19:55:23.0369 3380 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:55:23.0400 3380 vga - ok
19:55:23.0431 3380 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:55:23.0494 3380 VgaSave - ok
19:55:23.0541 3380 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:55:23.0556 3380 vhdmp - ok
19:55:23.0572 3380 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:55:23.0587 3380 viaide - ok
19:55:23.0634 3380 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:55:23.0634 3380 volmgr - ok
19:55:23.0744 3380 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:55:23.0759 3380 volmgrx - ok
19:55:23.0822 3380 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:55:23.0837 3380 volsnap - ok
19:55:23.0884 3380 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:55:23.0884 3380 vsmraid - ok
19:55:24.0041 3380 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:55:24.0119 3380 VSS - ok
19:55:24.0275 3380 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:55:24.0306 3380 vwifibus - ok
19:55:24.0353 3380 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:55:24.0369 3380 vwififlt - ok
19:55:24.0447 3380 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:55:24.0478 3380 W32Time - ok
19:55:24.0509 3380 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:55:24.0541 3380 WacomPen - ok
19:55:24.0603 3380 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:55:24.0650 3380 WANARP - ok
19:55:24.0697 3380 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:55:24.0728 3380 Wanarpv6 - ok
19:55:24.0744 3380 wanatw - ok
19:55:24.0884 3380 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:55:24.0947 3380 wbengine - ok
19:55:25.0072 3380 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:55:25.0103 3380 WbioSrvc - ok
19:55:25.0181 3380 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:55:25.0197 3380 wcncsvc - ok
19:55:25.0228 3380 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:55:25.0259 3380 WcsPlugInService - ok
19:55:25.0322 3380 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:55:25.0337 3380 Wd - ok
19:55:25.0431 3380 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:55:25.0447 3380 Wdf01000 - ok
19:55:25.0478 3380 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:55:25.0572 3380 WdiServiceHost - ok
19:55:25.0587 3380 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:55:25.0619 3380 WdiSystemHost - ok
19:55:25.0681 3380 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:55:25.0728 3380 WebClient - ok
19:55:25.0791 3380 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:55:25.0853 3380 Wecsvc - ok
19:55:25.0900 3380 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:55:25.0962 3380 wercplsupport - ok
19:55:26.0009 3380 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:55:26.0056 3380 WerSvc - ok
19:55:26.0134 3380 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:55:26.0181 3380 WfpLwf - ok
19:55:26.0212 3380 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:55:26.0212 3380 WIMMount - ok
19:55:26.0275 3380 WinDefend - ok
19:55:26.0306 3380 WinHttpAutoProxySvc - ok
19:55:26.0384 3380 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:55:26.0447 3380 Winmgmt - ok
19:55:26.0619 3380 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:55:26.0697 3380 WinRM - ok
19:55:26.0900 3380 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:55:26.0931 3380 WinUsb - ok
19:55:27.0041 3380 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:55:27.0103 3380 Wlansvc - ok
19:55:27.0322 3380 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:55:27.0384 3380 wlidsvc - ok
19:55:27.0556 3380 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:55:27.0587 3380 WmiAcpi - ok
19:55:27.0666 3380 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:55:27.0697 3380 wmiApSrv - ok
19:55:27.0775 3380 WMPNetworkSvc - ok
19:55:27.0884 3380 WN111v2 (b5a32905b0c2e676ab5432ae1028e847) C:\Windows\system32\DRIVERS\WN111v2x.sys
19:55:27.0916 3380 WN111v2 ( UnsignedFile.Multi.Generic ) - warning
19:55:27.0916 3380 WN111v2 - detected UnsignedFile.Multi.Generic (1)
19:55:28.0025 3380 WNDA3100 (b972c12de88299e78f6656a31046dd99) C:\Windows\system32\DRIVERS\WNDA31w7x.sys
19:55:28.0087 3380 WNDA3100 - ok
19:55:28.0134 3380 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:55:28.0166 3380 WPCSvc - ok
19:55:28.0228 3380 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:55:28.0244 3380 WPDBusEnum - ok
19:55:28.0275 3380 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:55:28.0322 3380 ws2ifsl - ok
19:55:28.0369 3380 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:55:28.0400 3380 wscsvc - ok
19:55:28.0447 3380 WSearch - ok
19:55:28.0666 3380 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:55:28.0728 3380 wuauserv - ok
19:55:28.0931 3380 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:55:28.0978 3380 WudfPf - ok
19:55:29.0056 3380 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:55:29.0103 3380 WUDFRd - ok
19:55:29.0166 3380 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:55:29.0228 3380 wudfsvc - ok
19:55:29.0291 3380 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:55:29.0337 3380 WwanSvc - ok
19:55:29.0416 3380 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:55:29.0775 3380 \Device\Harddisk0\DR0 - ok
19:55:29.0775 3380 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:55:29.0931 3380 \Device\Harddisk1\DR1 - ok
19:55:29.0947 3380 Boot (0x1200) (057f9df218ccc1f695e514c78962a820) \Device\Harddisk0\DR0\Partition0
19:55:29.0947 3380 \Device\Harddisk0\DR0\Partition0 - ok
19:55:29.0994 3380 Boot (0x1200) (dd1bf1320ed4b47b365fb2bf0edb415f) \Device\Harddisk1\DR1\Partition0
19:55:29.0994 3380 \Device\Harddisk1\DR1\Partition0 - ok
19:55:29.0994 3380 ============================================================
19:55:29.0994 3380 Scan finished
19:55:29.0994 3380 ============================================================
19:55:30.0009 2876 Detected object count: 3
19:55:30.0009 2876 Actual detected object count: 3
19:56:18.0650 2876 614301f7bba3d83c ( LockedService.Multi.Generic ) - skipped by user
19:56:18.0650 2876 614301f7bba3d83c ( LockedService.Multi.Generic ) - User select action: Skip
19:56:18.0650 2876 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:18.0650 2876 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:56:18.0666 2876 WN111v2 ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:18.0666 2876 WN111v2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Kann man schon schon sagen (oder mutmaßen), dass ich ausspioniert werde/ ein Rootkit habe?  P.S.: Vielen Dank übrigens für die Hilfe soweit. |
|
11.08.2012, 20:17
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbar Diesen Eintrag => 614301f7bba3d83c <= bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!
__________________Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ |
|
11.08.2012, 20:34
| #19 |
| | Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbarCode:
ATTFilter 21:28:39.0884 3592 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:28:39.0947 3592 ============================================================
21:28:39.0947 3592 Current date / time: 2012/08/11 21:28:39.0947
21:28:39.0947 3592 SystemInfo:
21:28:39.0947 3592
21:28:39.0947 3592 OS Version: 6.1.7601 ServicePack: 1.0
21:28:39.0947 3592 Product type: Workstation
21:28:39.0947 3592 ComputerName: MAX-PC
21:28:39.0947 3592 UserName: Max
21:28:39.0947 3592 Windows directory: C:\Windows
21:28:39.0947 3592 System windows directory: C:\Windows
21:28:39.0947 3592 Running under WOW64
21:28:39.0947 3592 Processor architecture: Intel x64
21:28:39.0947 3592 Number of processors: 2
21:28:39.0947 3592 Page size: 0x1000
21:28:39.0947 3592 Boot type: Normal boot
21:28:39.0947 3592 ============================================================
21:28:41.0666 3592 Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:28:41.0666 3592 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:28:41.0681 3592 ============================================================
21:28:41.0681 3592 \Device\Harddisk1\DR1:
21:28:41.0681 3592 MBR partitions:
21:28:41.0681 3592 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x9501800
21:28:41.0681 3592 \Device\Harddisk0\DR0:
21:28:41.0681 3592 MBR partitions:
21:28:41.0681 3592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
21:28:41.0681 3592 ============================================================
21:28:41.0712 3592 C: <-> \Device\Harddisk0\DR0\Partition0
21:28:41.0728 3592 D: <-> \Device\Harddisk1\DR1\Partition0
21:28:41.0728 3592 ============================================================
21:28:41.0728 3592 Initialize success
21:28:41.0728 3592 ============================================================
21:28:51.0572 0196 ============================================================
21:28:51.0572 0196 Scan started
21:28:51.0572 0196 Mode: Manual; SigCheck; TDLFS;
21:28:51.0572 0196 ============================================================
21:28:53.0650 0196 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:28:53.0728 0196 1394ohci - ok
21:28:53.0806 0196 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:28:53.0837 0196 ACPI - ok
21:28:53.0869 0196 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:28:53.0962 0196 AcpiPmi - ok
21:28:54.0087 0196 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:28:54.0103 0196 AdobeARMservice - ok
21:28:54.0150 0196 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:28:54.0181 0196 adp94xx - ok
21:28:54.0212 0196 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:28:54.0244 0196 adpahci - ok
21:28:54.0259 0196 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:28:54.0275 0196 adpu320 - ok
21:28:54.0306 0196 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:28:54.0462 0196 AeLookupSvc - ok
21:28:54.0541 0196 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:28:54.0681 0196 AFD - ok
21:28:54.0728 0196 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:28:54.0744 0196 agp440 - ok
21:28:54.0791 0196 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:28:54.0853 0196 ALG - ok
21:28:54.0869 0196 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:28:54.0884 0196 aliide - ok
21:28:54.0900 0196 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:28:54.0916 0196 amdide - ok
21:28:54.0962 0196 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:28:55.0025 0196 AmdK8 - ok
21:28:55.0041 0196 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:28:55.0087 0196 AmdPPM - ok
21:28:55.0134 0196 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:28:55.0150 0196 amdsata - ok
21:28:55.0181 0196 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:28:55.0212 0196 amdsbs - ok
21:28:55.0212 0196 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:28:55.0228 0196 amdxata - ok
21:28:55.0353 0196 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:28:55.0384 0196 AntiVirSchedulerService - ok
21:28:55.0447 0196 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:28:55.0462 0196 AntiVirService - ok
21:28:55.0494 0196 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:28:55.0681 0196 AppID - ok
21:28:55.0712 0196 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:28:55.0775 0196 AppIDSvc - ok
21:28:55.0806 0196 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:28:55.0869 0196 Appinfo - ok
21:28:55.0900 0196 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:28:55.0931 0196 arc - ok
21:28:55.0931 0196 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:28:55.0947 0196 arcsas - ok
21:28:55.0994 0196 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:56.0056 0196 AsyncMac - ok
21:28:56.0087 0196 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:28:56.0087 0196 atapi - ok
21:28:56.0150 0196 atksgt (64f07381335e37c142f6d176705ffca6) C:\Windows\system32\DRIVERS\atksgt.sys
21:28:56.0181 0196 atksgt - ok
21:28:56.0259 0196 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:28:56.0353 0196 AudioEndpointBuilder - ok
21:28:56.0369 0196 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:28:56.0400 0196 AudioSrv - ok
21:28:56.0462 0196 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
21:28:56.0478 0196 avgntflt - ok
21:28:56.0525 0196 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
21:28:56.0541 0196 avipbb - ok
21:28:56.0587 0196 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:28:56.0603 0196 avkmgr - ok
21:28:56.0666 0196 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:28:56.0775 0196 AxInstSV - ok
21:28:56.0822 0196 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:28:56.0884 0196 b06bdrv - ok
21:28:56.0931 0196 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:28:57.0056 0196 b57nd60a - ok
21:28:57.0087 0196 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:28:57.0119 0196 BDESVC - ok
21:28:57.0181 0196 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:28:57.0244 0196 Beep - ok
21:28:57.0322 0196 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:28:57.0369 0196 BFE - ok
21:28:57.0462 0196 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:28:57.0541 0196 BITS - ok
21:28:57.0681 0196 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:28:57.0712 0196 blbdrive - ok
21:28:57.0775 0196 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:28:57.0822 0196 bowser - ok
21:28:57.0853 0196 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:28:57.0931 0196 BrFiltLo - ok
21:28:57.0947 0196 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:28:57.0962 0196 BrFiltUp - ok
21:28:58.0025 0196 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:28:58.0103 0196 Browser - ok
21:28:58.0134 0196 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:28:58.0212 0196 Brserid - ok
21:28:58.0228 0196 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:28:58.0259 0196 BrSerWdm - ok
21:28:58.0259 0196 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:28:58.0291 0196 BrUsbMdm - ok
21:28:58.0291 0196 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:28:58.0322 0196 BrUsbSer - ok
21:28:58.0384 0196 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
21:28:58.0462 0196 BthEnum - ok
21:28:58.0494 0196 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:28:58.0525 0196 BTHMODEM - ok
21:28:58.0572 0196 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:28:58.0619 0196 BthPan - ok
21:28:58.0744 0196 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
21:28:58.0806 0196 BTHPORT - ok
21:28:58.0837 0196 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:28:58.0900 0196 bthserv - ok
21:28:58.0962 0196 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
21:28:59.0009 0196 BTHUSB - ok
21:28:59.0072 0196 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:28:59.0119 0196 cdfs - ok
21:28:59.0197 0196 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:28:59.0244 0196 cdrom - ok
21:28:59.0275 0196 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:28:59.0337 0196 CertPropSvc - ok
21:28:59.0369 0196 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:28:59.0384 0196 circlass - ok
21:28:59.0447 0196 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:28:59.0478 0196 CLFS - ok
21:28:59.0556 0196 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:28:59.0572 0196 clr_optimization_v2.0.50727_32 - ok
21:28:59.0634 0196 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:28:59.0650 0196 clr_optimization_v2.0.50727_64 - ok
21:28:59.0728 0196 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:28:59.0759 0196 clr_optimization_v4.0.30319_32 - ok
21:28:59.0806 0196 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:28:59.0822 0196 clr_optimization_v4.0.30319_64 - ok
21:28:59.0853 0196 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:28:59.0884 0196 CmBatt - ok
21:28:59.0916 0196 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:28:59.0931 0196 cmdide - ok
21:29:00.0025 0196 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
21:29:00.0072 0196 CNG - ok
21:29:00.0087 0196 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:29:00.0103 0196 Compbatt - ok
21:29:00.0119 0196 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:29:00.0166 0196 CompositeBus - ok
21:29:00.0166 0196 COMSysApp - ok
21:29:00.0197 0196 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:29:00.0212 0196 crcdisk - ok
21:29:00.0259 0196 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:29:00.0337 0196 CryptSvc - ok
21:29:00.0416 0196 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:29:00.0478 0196 DcomLaunch - ok
21:29:00.0525 0196 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:29:00.0603 0196 defragsvc - ok
21:29:00.0728 0196 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:29:00.0775 0196 DfsC - ok
21:29:00.0822 0196 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:29:00.0900 0196 Dhcp - ok
21:29:00.0947 0196 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:29:01.0009 0196 discache - ok
21:29:01.0041 0196 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:29:01.0056 0196 Disk - ok
21:29:01.0087 0196 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:29:01.0150 0196 Dnscache - ok
21:29:01.0212 0196 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:29:01.0275 0196 dot3svc - ok
21:29:01.0322 0196 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:29:01.0369 0196 DPS - ok
21:29:01.0400 0196 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:29:01.0447 0196 drmkaud - ok
21:29:01.0541 0196 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:29:01.0556 0196 dtsoftbus01 - ok
21:29:01.0744 0196 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:29:01.0775 0196 DXGKrnl - ok
21:29:01.0806 0196 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:29:01.0869 0196 EapHost - ok
21:29:02.0103 0196 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:29:02.0197 0196 ebdrv - ok
21:29:02.0337 0196 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:29:02.0384 0196 EFS - ok
21:29:02.0494 0196 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:29:02.0525 0196 ehRecvr - ok
21:29:02.0572 0196 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:29:02.0603 0196 ehSched - ok
21:29:02.0697 0196 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:29:02.0728 0196 elxstor - ok
21:29:02.0759 0196 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:29:02.0791 0196 ErrDev - ok
21:29:02.0884 0196 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:29:02.0962 0196 EventSystem - ok
21:29:03.0009 0196 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:29:03.0072 0196 exfat - ok
21:29:03.0134 0196 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:29:03.0181 0196 fastfat - ok
21:29:03.0275 0196 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:29:03.0353 0196 Fax - ok
21:29:03.0369 0196 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:29:03.0400 0196 fdc - ok
21:29:03.0416 0196 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:29:03.0478 0196 fdPHost - ok
21:29:03.0509 0196 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:29:03.0572 0196 FDResPub - ok
21:29:03.0619 0196 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:29:03.0650 0196 FileInfo - ok
21:29:03.0744 0196 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:29:03.0806 0196 Filetrace - ok
21:29:03.0853 0196 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:29:03.0884 0196 flpydisk - ok
21:29:03.0962 0196 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:29:03.0994 0196 FltMgr - ok
21:29:04.0087 0196 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:29:04.0166 0196 FontCache - ok
21:29:04.0306 0196 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:29:04.0322 0196 FontCache3.0.0.0 - ok
21:29:04.0369 0196 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:29:04.0384 0196 FsDepends - ok
21:29:04.0431 0196 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:29:04.0447 0196 Fs_Rec - ok
21:29:04.0525 0196 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:29:04.0556 0196 fvevol - ok
21:29:04.0572 0196 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:29:04.0603 0196 gagp30kx - ok
21:29:04.0775 0196 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:29:04.0853 0196 gpsvc - ok
21:29:04.0884 0196 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:29:04.0916 0196 hcw85cir - ok
21:29:04.0994 0196 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:29:05.0025 0196 HdAudAddService - ok
21:29:05.0072 0196 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:29:05.0119 0196 HDAudBus - ok
21:29:05.0134 0196 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:29:05.0181 0196 HidBatt - ok
21:29:05.0181 0196 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:29:05.0212 0196 HidBth - ok
21:29:05.0244 0196 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:29:05.0275 0196 HidIr - ok
21:29:05.0322 0196 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:29:05.0384 0196 hidserv - ok
21:29:05.0416 0196 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:29:05.0431 0196 HidUsb - ok
21:29:05.0478 0196 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:29:05.0556 0196 hkmsvc - ok
21:29:05.0619 0196 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:29:05.0697 0196 HomeGroupListener - ok
21:29:05.0759 0196 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:29:05.0806 0196 HomeGroupProvider - ok
21:29:05.0837 0196 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:29:05.0853 0196 HpSAMD - ok
21:29:05.0947 0196 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:29:06.0025 0196 HTTP - ok
21:29:06.0056 0196 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:29:06.0072 0196 hwpolicy - ok
21:29:06.0134 0196 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:29:06.0150 0196 i8042prt - ok
21:29:06.0212 0196 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:29:06.0244 0196 iaStorV - ok
21:29:06.0400 0196 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:29:06.0447 0196 idsvc - ok
21:29:06.0478 0196 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:29:06.0494 0196 iirsp - ok
21:29:06.0587 0196 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:29:06.0697 0196 IKEEXT - ok
21:29:06.0728 0196 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:29:06.0744 0196 intelide - ok
21:29:06.0791 0196 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:29:06.0837 0196 intelppm - ok
21:29:06.0869 0196 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:29:06.0916 0196 IPBusEnum - ok
21:29:06.0978 0196 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:07.0025 0196 IpFilterDriver - ok
21:29:07.0103 0196 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:29:07.0134 0196 iphlpsvc - ok
21:29:07.0181 0196 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:29:07.0197 0196 IPMIDRV - ok
21:29:07.0228 0196 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:29:07.0275 0196 IPNAT - ok
21:29:07.0291 0196 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:29:07.0322 0196 IRENUM - ok
21:29:07.0337 0196 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:29:07.0353 0196 isapnp - ok
21:29:07.0416 0196 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:29:07.0447 0196 iScsiPrt - ok
21:29:07.0634 0196 jswpsapi (78d233d835a8876035ac559afe02b940) C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe
21:29:07.0697 0196 jswpsapi ( UnsignedFile.Multi.Generic ) - warning
21:29:07.0697 0196 jswpsapi - detected UnsignedFile.Multi.Generic (1)
21:29:07.0759 0196 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
21:29:07.0806 0196 JSWPSLWF - ok
21:29:07.0869 0196 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:29:07.0884 0196 kbdclass - ok
21:29:07.0916 0196 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:29:07.0947 0196 kbdhid - ok
21:29:07.0978 0196 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:07.0994 0196 KeyIso - ok
21:29:08.0056 0196 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
21:29:08.0072 0196 KSecDD - ok
21:29:08.0119 0196 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
21:29:08.0150 0196 KSecPkg - ok
21:29:08.0181 0196 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:29:08.0244 0196 ksthunk - ok
21:29:08.0306 0196 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:29:08.0369 0196 KtmRm - ok
21:29:08.0447 0196 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:29:08.0509 0196 LanmanServer - ok
21:29:08.0556 0196 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:29:08.0619 0196 LanmanWorkstation - ok
21:29:08.0666 0196 lirsgt (83ba097acaad0b00505634a62d90f93a) C:\Windows\system32\DRIVERS\lirsgt.sys
21:29:08.0681 0196 lirsgt - ok
21:29:08.0728 0196 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:29:08.0791 0196 lltdio - ok
21:29:08.0884 0196 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:29:08.0962 0196 lltdsvc - ok
21:29:08.0978 0196 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:29:09.0041 0196 lmhosts - ok
21:29:09.0072 0196 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:29:09.0087 0196 LSI_FC - ok
21:29:09.0103 0196 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:29:09.0119 0196 LSI_SAS - ok
21:29:09.0134 0196 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:29:09.0150 0196 LSI_SAS2 - ok
21:29:09.0166 0196 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:29:09.0181 0196 LSI_SCSI - ok
21:29:09.0212 0196 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:29:09.0275 0196 luafv - ok
21:29:09.0322 0196 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
21:29:09.0384 0196 ManyCam - ok
21:29:09.0431 0196 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:29:09.0462 0196 Mcx2Svc - ok
21:29:09.0494 0196 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:29:09.0509 0196 megasas - ok
21:29:09.0525 0196 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:29:09.0556 0196 MegaSR - ok
21:29:09.0587 0196 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:29:09.0634 0196 MMCSS - ok
21:29:09.0697 0196 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:29:09.0759 0196 Modem - ok
21:29:09.0806 0196 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:29:09.0837 0196 monitor - ok
21:29:09.0900 0196 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:29:09.0916 0196 mouclass - ok
21:29:09.0947 0196 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:29:09.0978 0196 mouhid - ok
21:29:10.0009 0196 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:29:10.0041 0196 mountmgr - ok
21:29:10.0134 0196 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:29:10.0150 0196 MozillaMaintenance - ok
21:29:10.0181 0196 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:29:10.0212 0196 mpio - ok
21:29:10.0228 0196 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:29:10.0275 0196 mpsdrv - ok
21:29:10.0353 0196 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:29:10.0431 0196 MpsSvc - ok
21:29:10.0478 0196 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:29:10.0509 0196 MRxDAV - ok
21:29:10.0525 0196 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:29:10.0603 0196 mrxsmb - ok
21:29:10.0744 0196 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:29:10.0791 0196 mrxsmb10 - ok
21:29:10.0837 0196 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:29:10.0869 0196 mrxsmb20 - ok
21:29:10.0916 0196 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:29:10.0916 0196 msahci - ok
21:29:10.0978 0196 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:29:10.0994 0196 msdsm - ok
21:29:11.0025 0196 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:29:11.0072 0196 MSDTC - ok
21:29:11.0119 0196 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:29:11.0150 0196 Msfs - ok
21:29:11.0166 0196 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:29:11.0212 0196 mshidkmdf - ok
21:29:11.0275 0196 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:29:11.0291 0196 msisadrv - ok
21:29:11.0322 0196 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:29:11.0384 0196 MSiSCSI - ok
21:29:11.0384 0196 msiserver - ok
21:29:11.0416 0196 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:29:11.0478 0196 MSKSSRV - ok
21:29:11.0509 0196 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:29:11.0572 0196 MSPCLOCK - ok
21:29:11.0619 0196 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:29:11.0712 0196 MSPQM - ok
21:29:11.0775 0196 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:29:11.0791 0196 MsRPC - ok
21:29:11.0853 0196 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:29:11.0869 0196 mssmbios - ok
21:29:11.0869 0196 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:29:11.0931 0196 MSTEE - ok
21:29:11.0962 0196 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:29:11.0994 0196 MTConfig - ok
21:29:12.0025 0196 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:29:12.0041 0196 Mup - ok
21:29:12.0119 0196 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:29:12.0181 0196 napagent - ok
21:29:12.0244 0196 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:29:12.0291 0196 NativeWifiP - ok
21:29:12.0369 0196 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:29:12.0400 0196 NDIS - ok
21:29:12.0431 0196 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:29:12.0494 0196 NdisCap - ok
21:29:12.0525 0196 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:29:12.0587 0196 NdisTapi - ok
21:29:12.0744 0196 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:29:12.0791 0196 Ndisuio - ok
21:29:12.0837 0196 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:29:12.0900 0196 NdisWan - ok
21:29:12.0962 0196 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:29:13.0025 0196 NDProxy - ok
21:29:13.0056 0196 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:29:13.0119 0196 NetBIOS - ok
21:29:13.0212 0196 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:29:13.0275 0196 NetBT - ok
21:29:13.0291 0196 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:13.0306 0196 Netlogon - ok
21:29:13.0353 0196 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:29:13.0431 0196 Netman - ok
21:29:13.0478 0196 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:29:13.0541 0196 netprofm - ok
21:29:13.0697 0196 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:29:13.0712 0196 NetTcpPortSharing - ok
21:29:13.0744 0196 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:29:13.0759 0196 nfrd960 - ok
21:29:13.0822 0196 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:29:13.0884 0196 NlaSvc - ok
21:29:13.0916 0196 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:29:13.0962 0196 Npfs - ok
21:29:13.0994 0196 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:29:14.0041 0196 nsi - ok
21:29:14.0087 0196 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:29:14.0150 0196 nsiproxy - ok
21:29:14.0291 0196 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:29:14.0353 0196 Ntfs - ok
21:29:14.0462 0196 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:29:14.0525 0196 Null - ok
21:29:15.0322 0196 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:29:15.0525 0196 nvlddmkm - ok
21:29:15.0697 0196 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:29:15.0712 0196 nvraid - ok
21:29:15.0775 0196 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:29:15.0791 0196 nvstor - ok
21:29:15.0837 0196 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
21:29:15.0869 0196 nvsvc - ok
21:29:15.0916 0196 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:29:15.0931 0196 nv_agp - ok
21:29:15.0947 0196 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:29:15.0994 0196 ohci1394 - ok
21:29:16.0041 0196 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:29:16.0087 0196 p2pimsvc - ok
21:29:16.0150 0196 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:29:16.0166 0196 p2psvc - ok
21:29:16.0212 0196 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:29:16.0228 0196 Parport - ok
21:29:16.0275 0196 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:29:16.0291 0196 partmgr - ok
21:29:16.0337 0196 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
21:29:16.0353 0196 PCAMp50a64 - ok
21:29:16.0416 0196 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
21:29:16.0416 0196 PCASp50a64 - ok
21:29:16.0447 0196 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:29:16.0509 0196 PcaSvc - ok
21:29:16.0556 0196 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:29:16.0572 0196 pci - ok
21:29:16.0587 0196 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:29:16.0603 0196 pciide - ok
21:29:16.0697 0196 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:29:16.0728 0196 pcmcia - ok
21:29:16.0744 0196 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:29:16.0759 0196 pcw - ok
21:29:16.0806 0196 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:29:16.0869 0196 PEAUTH - ok
21:29:16.0962 0196 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:29:16.0994 0196 PerfHost - ok
21:29:17.0134 0196 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:29:17.0212 0196 pla - ok
21:29:17.0275 0196 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:29:17.0306 0196 PlugPlay - ok
21:29:17.0337 0196 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:29:17.0353 0196 PNRPAutoReg - ok
21:29:17.0384 0196 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:29:17.0400 0196 PNRPsvc - ok
21:29:17.0478 0196 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:29:17.0556 0196 PolicyAgent - ok
21:29:17.0587 0196 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:29:17.0650 0196 Power - ok
21:29:17.0759 0196 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:29:17.0791 0196 PptpMiniport - ok
21:29:17.0822 0196 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:29:17.0869 0196 Processor - ok
21:29:17.0916 0196 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:29:17.0947 0196 ProfSvc - ok
21:29:17.0994 0196 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:18.0009 0196 ProtectedStorage - ok
21:29:18.0056 0196 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:29:18.0103 0196 Psched - ok
21:29:18.0166 0196 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
21:29:18.0181 0196 PSI - ok
21:29:18.0275 0196 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:29:18.0337 0196 ql2300 - ok
21:29:18.0462 0196 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:29:18.0494 0196 ql40xx - ok
21:29:18.0525 0196 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:29:18.0572 0196 QWAVE - ok
21:29:18.0619 0196 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:29:18.0681 0196 QWAVEdrv - ok
21:29:18.0697 0196 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:29:18.0759 0196 RasAcd - ok
21:29:18.0791 0196 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:29:18.0837 0196 RasAgileVpn - ok
21:29:18.0853 0196 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:29:18.0916 0196 RasAuto - ok
21:29:18.0994 0196 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:19.0041 0196 Rasl2tp - ok
21:29:19.0103 0196 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:29:19.0181 0196 RasMan - ok
21:29:19.0228 0196 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:19.0291 0196 RasPppoe - ok
21:29:19.0306 0196 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:29:19.0369 0196 RasSstp - ok
21:29:19.0447 0196 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:29:19.0525 0196 rdbss - ok
21:29:19.0541 0196 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:29:19.0572 0196 rdpbus - ok
21:29:19.0619 0196 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:19.0650 0196 RDPCDD - ok
21:29:19.0681 0196 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:29:19.0728 0196 RDPENCDD - ok
21:29:19.0759 0196 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:29:19.0791 0196 RDPREFMP - ok
21:29:19.0853 0196 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:29:19.0884 0196 RDPWD - ok
21:29:19.0947 0196 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:29:19.0978 0196 rdyboost - ok
21:29:19.0994 0196 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:29:20.0056 0196 RemoteAccess - ok
21:29:20.0103 0196 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:29:20.0181 0196 RemoteRegistry - ok
21:29:20.0244 0196 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:29:20.0291 0196 RFCOMM - ok
21:29:20.0322 0196 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:29:20.0369 0196 RpcEptMapper - ok
21:29:20.0416 0196 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:29:20.0416 0196 RpcLocator - ok
21:29:20.0494 0196 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:29:20.0541 0196 RpcSs - ok
21:29:20.0587 0196 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:29:20.0650 0196 rspndr - ok
21:29:20.0775 0196 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:29:20.0806 0196 RTL8167 - ok
21:29:20.0853 0196 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:20.0853 0196 SamSs - ok
21:29:20.0900 0196 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:29:20.0916 0196 sbp2port - ok
21:29:20.0947 0196 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:29:20.0994 0196 SCardSvr - ok
21:29:21.0041 0196 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:29:21.0103 0196 scfilter - ok
21:29:21.0197 0196 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:29:21.0291 0196 Schedule - ok
21:29:21.0337 0196 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:29:21.0369 0196 SCPolicySvc - ok
21:29:21.0416 0196 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:29:21.0478 0196 SDRSVC - ok
21:29:21.0525 0196 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:29:21.0587 0196 secdrv - ok
21:29:21.0634 0196 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:29:21.0712 0196 seclogon - ok
21:29:21.0869 0196 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
21:29:21.0900 0196 Secunia PSI Agent - ok
21:29:21.0931 0196 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
21:29:21.0962 0196 Secunia Update Agent - ok
21:29:22.0072 0196 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:29:22.0134 0196 SENS - ok
21:29:22.0166 0196 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:29:22.0212 0196 SensrSvc - ok
21:29:22.0259 0196 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:29:22.0275 0196 Serenum - ok
21:29:22.0306 0196 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:29:22.0353 0196 Serial - ok
21:29:22.0384 0196 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:29:22.0416 0196 sermouse - ok
21:29:22.0478 0196 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:29:22.0525 0196 SessionEnv - ok
21:29:22.0556 0196 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:29:22.0603 0196 sffdisk - ok
21:29:22.0666 0196 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:29:22.0697 0196 sffp_mmc - ok
21:29:22.0728 0196 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:29:22.0759 0196 sffp_sd - ok
21:29:22.0806 0196 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:29:22.0822 0196 sfloppy - ok
21:29:22.0869 0196 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:29:22.0931 0196 SharedAccess - ok
21:29:23.0025 0196 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:29:23.0103 0196 ShellHWDetection - ok
21:29:23.0134 0196 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:29:23.0150 0196 SiSRaid2 - ok
21:29:23.0166 0196 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:29:23.0181 0196 SiSRaid4 - ok
21:29:23.0212 0196 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:29:23.0275 0196 Smb - ok
21:29:23.0306 0196 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:29:23.0337 0196 SNMPTRAP - ok
21:29:24.0056 0196 SNPSTD3 (37d91c6385bb1104d67925fc43800ed0) C:\Windows\system32\DRIVERS\snpstd3.sys
21:29:24.0462 0196 SNPSTD3 - ok
21:29:24.0619 0196 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:29:24.0634 0196 spldr - ok
21:29:24.0728 0196 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:29:24.0775 0196 Spooler - ok
21:29:25.0025 0196 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:29:25.0134 0196 sppsvc - ok
21:29:25.0259 0196 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:29:25.0322 0196 sppuinotify - ok
21:29:25.0400 0196 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:29:25.0462 0196 srv - ok
21:29:25.0509 0196 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:29:25.0572 0196 srv2 - ok
21:29:25.0619 0196 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:29:25.0650 0196 srvnet - ok
21:29:25.0712 0196 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:29:25.0775 0196 SSDPSRV - ok
21:29:25.0791 0196 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:29:25.0837 0196 SstpSvc - ok
21:29:25.0884 0196 Steam Client Service - ok
21:29:25.0916 0196 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:29:25.0931 0196 stexstor - ok
21:29:26.0009 0196 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:29:26.0041 0196 stisvc - ok
21:29:26.0103 0196 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:29:26.0103 0196 swenum - ok
21:29:26.0166 0196 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:29:26.0228 0196 swprv - ok
21:29:26.0369 0196 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:29:26.0431 0196 SysMain - ok
21:29:26.0572 0196 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:29:26.0619 0196 TabletInputService - ok
21:29:26.0759 0196 tap0901 (4ef44915e522f3ecd1a3ff540aa64126) C:\Windows\system32\DRIVERS\tap0901.sys
21:29:26.0806 0196 tap0901 - ok
21:29:27.0212 0196 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:29:27.0353 0196 TapiSrv - ok
21:29:27.0462 0196 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:29:27.0494 0196 TBS - ok
21:29:29.0431 0196 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:29:29.0759 0196 Tcpip - ok
21:29:30.0150 0196 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:29:30.0197 0196 TCPIP6 - ok
21:29:31.0087 0196 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:29:31.0150 0196 tcpipreg - ok
21:29:31.0181 0196 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:29:31.0259 0196 TDPIPE - ok
21:29:31.0353 0196 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:29:31.0384 0196 TDTCP - ok
21:29:31.0541 0196 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:29:31.0603 0196 tdx - ok
21:29:31.0791 0196 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:29:31.0806 0196 TermDD - ok
21:29:32.0056 0196 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:29:32.0259 0196 TermService - ok
21:29:32.0384 0196 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:29:32.0416 0196 Themes - ok
21:29:32.0509 0196 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:29:32.0541 0196 THREADORDER - ok
21:29:32.0806 0196 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:29:32.0869 0196 TrkWks - ok
21:29:33.0087 0196 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:29:33.0150 0196 TrustedInstaller - ok
21:29:33.0259 0196 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:33.0306 0196 tssecsrv - ok
21:29:33.0478 0196 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:29:33.0541 0196 TsUsbFlt - ok
21:29:33.0712 0196 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:29:33.0775 0196 tunnel - ok
21:29:33.0900 0196 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:29:33.0931 0196 uagp35 - ok
21:29:34.0134 0196 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:29:34.0181 0196 udfs - ok
21:29:34.0228 0196 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:29:34.0275 0196 UI0Detect - ok
21:29:34.0416 0196 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:29:34.0447 0196 uliagpkx - ok
21:29:34.0572 0196 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:29:34.0587 0196 umbus - ok
21:29:34.0634 0196 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:29:34.0650 0196 UmPass - ok
21:29:34.0962 0196 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:29:35.0119 0196 upnphost - ok
21:29:35.0291 0196 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:29:35.0322 0196 usbaudio - ok
21:29:35.0431 0196 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:35.0494 0196 usbccgp - ok
21:29:35.0681 0196 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:29:35.0712 0196 usbcir - ok
21:29:35.0884 0196 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:29:35.0916 0196 usbehci - ok
21:29:36.0228 0196 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:29:36.0275 0196 usbhub - ok
21:29:36.0353 0196 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:29:36.0416 0196 usbohci - ok
21:29:36.0541 0196 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:29:36.0603 0196 usbprint - ok
21:29:36.0759 0196 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:36.0837 0196 USBSTOR - ok
21:29:36.0947 0196 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:29:36.0978 0196 usbuhci - ok
21:29:37.0087 0196 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:29:37.0150 0196 UxSms - ok
21:29:37.0212 0196 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:29:37.0228 0196 VaultSvc - ok
21:29:37.0291 0196 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:29:37.0322 0196 vdrvroot - ok
21:29:37.0697 0196 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:29:37.0775 0196 vds - ok
21:29:37.0806 0196 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:37.0853 0196 vga - ok
21:29:37.0947 0196 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:29:37.0994 0196 VgaSave - ok
21:29:38.0087 0196 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:29:38.0119 0196 vhdmp - ok
21:29:38.0166 0196 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:29:38.0181 0196 viaide - ok
21:29:38.0337 0196 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:29:38.0353 0196 volmgr - ok
21:29:38.0666 0196 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:29:38.0712 0196 volmgrx - ok
21:29:38.0947 0196 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:29:38.0978 0196 volsnap - ok
21:29:39.0103 0196 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:29:39.0134 0196 vsmraid - ok
21:29:39.0556 0196 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:29:39.0712 0196 VSS - ok
21:29:39.0900 0196 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:29:39.0962 0196 vwifibus - ok
21:29:40.0025 0196 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:29:40.0056 0196 vwififlt - ok
21:29:40.0291 0196 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:29:40.0400 0196 W32Time - ok
21:29:40.0462 0196 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:29:40.0494 0196 WacomPen - ok
21:29:40.0587 0196 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:40.0697 0196 WANARP - ok
21:29:40.0791 0196 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:40.0822 0196 Wanarpv6 - ok
21:29:40.0900 0196 wanatw - ok
21:29:41.0962 0196 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:29:42.0087 0196 wbengine - ok
21:29:42.0447 0196 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:29:42.0478 0196 WbioSrvc - ok
21:29:42.0634 0196 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:29:42.0681 0196 wcncsvc - ok
21:29:42.0775 0196 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:29:42.0822 0196 WcsPlugInService - ok
21:29:42.0869 0196 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:29:42.0884 0196 Wd - ok
21:29:42.0994 0196 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:29:43.0041 0196 Wdf01000 - ok
21:29:43.0150 0196 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:29:43.0322 0196 WdiServiceHost - ok
21:29:43.0337 0196 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:29:43.0353 0196 WdiSystemHost - ok
21:29:43.0603 0196 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:29:43.0712 0196 WebClient - ok
21:29:43.0759 0196 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:29:43.0822 0196 Wecsvc - ok
21:29:43.0837 0196 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:29:43.0916 0196 wercplsupport - ok
21:29:43.0978 0196 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:29:44.0041 0196 WerSvc - ok
21:29:44.0166 0196 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:29:44.0212 0196 WfpLwf - ok
21:29:44.0291 0196 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:29:44.0322 0196 WIMMount - ok
21:29:44.0431 0196 WinDefend - ok
21:29:44.0447 0196 WinHttpAutoProxySvc - ok
21:29:44.0806 0196 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:29:44.0884 0196 Winmgmt - ok
21:29:45.0369 0196 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:29:45.0556 0196 WinRM - ok
21:29:45.0947 0196 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:29:46.0025 0196 WinUsb - ok
21:29:46.0150 0196 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:29:46.0212 0196 Wlansvc - ok
21:29:46.0587 0196 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:29:46.0728 0196 wlidsvc - ok
21:29:46.0978 0196 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:29:47.0009 0196 WmiAcpi - ok
21:29:47.0119 0196 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:29:47.0166 0196 wmiApSrv - ok
21:29:47.0228 0196 WMPNetworkSvc - ok
21:29:47.0369 0196 WN111v2 (b5a32905b0c2e676ab5432ae1028e847) C:\Windows\system32\DRIVERS\WN111v2x.sys
21:29:47.0462 0196 WN111v2 ( UnsignedFile.Multi.Generic ) - warning
21:29:47.0462 0196 WN111v2 - detected UnsignedFile.Multi.Generic (1)
21:29:47.0587 0196 WNDA3100 (b972c12de88299e78f6656a31046dd99) C:\Windows\system32\DRIVERS\WNDA31w7x.sys
21:29:47.0681 0196 WNDA3100 - ok
21:29:47.0759 0196 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:29:47.0806 0196 WPCSvc - ok
21:29:47.0962 0196 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:29:47.0994 0196 WPDBusEnum - ok
21:29:48.0056 0196 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:29:48.0134 0196 ws2ifsl - ok
21:29:48.0197 0196 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:29:48.0244 0196 wscsvc - ok
21:29:48.0244 0196 WSearch - ok
21:29:48.0759 0196 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:29:48.0837 0196 wuauserv - ok
21:29:49.0462 0196 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:29:49.0525 0196 WudfPf - ok
21:29:49.0587 0196 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:49.0712 0196 WUDFRd - ok
21:29:49.0744 0196 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:29:49.0791 0196 wudfsvc - ok
21:29:49.0837 0196 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:29:49.0869 0196 WwanSvc - ok
21:29:49.0931 0196 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:29:50.0134 0196 \Device\Harddisk1\DR1 - ok
21:29:50.0150 0196 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:29:50.0634 0196 \Device\Harddisk0\DR0 - ok
21:29:50.0650 0196 Boot (0x1200) (dd1bf1320ed4b47b365fb2bf0edb415f) \Device\Harddisk1\DR1\Partition0
21:29:50.0650 0196 \Device\Harddisk1\DR1\Partition0 - ok
21:29:50.0712 0196 Boot (0x1200) (057f9df218ccc1f695e514c78962a820) \Device\Harddisk0\DR0\Partition0
21:29:50.0712 0196 \Device\Harddisk0\DR0\Partition0 - ok
21:29:50.0712 0196 ============================================================
21:29:50.0712 0196 Scan finished
21:29:50.0712 0196 ============================================================
21:29:50.0728 3388 Detected object count: 2
21:29:50.0728 3388 Actual detected object count: 2
21:30:09.0666 3388 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
21:30:09.0666 3388 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:30:09.0681 3388 WN111v2 ( UnsignedFile.Multi.Generic ) - skipped by user
21:30:09.0681 3388 WN111v2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
PC ist maßgeblich schneller wieder in benutzbarem Zustand. Und unten rechts am Desktop steht: Testmodus Windows 7 Build 7601 Avira ist auch mal wieder aktiv und (war zwar schon vorher nach ein paar Aktionen der Fall), ich werde gefragt ob ich das Programm ausführen will(Windows Defender)? Beim Schreiben gabs grad ein paar kleine "Hänger", die jetzt aber nicht mehr auftreten..? Vielen Dank soweit schonmal  |
|
11.08.2012, 21:44
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbar Sehr schön!  Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.08.2012, 00:04
| #21 |
| | Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbarCode:
ATTFilter ComboFix 12-08-10.02 - Max 12.08.2012 0:26.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2047.1076 [GMT 2:00]
ausgeführt von:: c:\users\Max\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Max\AppData\Roaming\Love
c:\users\Max\AppData\Roaming\Love\mari0\options.txt
c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-11 bis 2012-08-11 ))))))))))))))))))))))))))))))
.
.
2012-08-11 22:34 . 2012-08-11 22:34 -------- d-----w- c:\users\Mcx1-MAX-PC\AppData\Local\temp
2012-08-11 22:34 . 2012-08-11 22:34 -------- d-----w- c:\users\Mcx1-MAX-PC.Max-PC\AppData\Local\temp
2012-08-11 22:34 . 2012-08-11 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 22:31 . 2012-08-11 22:31 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB9C1764-7D17-4A7A-B26A-D62DD429ECAF}\offreg.dll
2012-08-11 19:31 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB9C1764-7D17-4A7A-B26A-D62DD429ECAF}\mpengine.dll
2012-08-11 19:24 . 2012-08-11 19:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-10 23:21 . 2012-08-10 23:21 -------- d-----w- c:\users\Max\AppData\Local\VirtualStore
2012-08-10 23:14 . 2012-08-10 23:14 -------- d-----w- C:\_OTL
2012-08-05 16:41 . 2012-08-05 16:41 -------- d-----w- c:\program files (x86)\ESET
2012-08-02 21:38 . 2012-08-02 21:38 -------- d-----w- c:\users\Max\AppData\Roaming\Avira
2012-08-02 21:30 . 2012-08-02 21:30 -------- d-----w- c:\programdata\Avira
2012-08-02 21:30 . 2012-08-02 21:30 -------- d-----w- c:\program files (x86)\Avira
2012-08-02 21:30 . 2012-07-18 16:04 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-02 21:30 . 2012-07-18 16:04 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-02 21:30 . 2012-07-18 16:04 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 00:21 . 2011-05-17 19:53 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 11:46 . 2012-01-26 14:54 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 00:02 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-12 03:08 . 2012-07-12 00:23 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 23:27 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 23:27 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 23:27 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 23:27 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 23:27 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 23:27 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 23:27 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-04 20:51 . 2012-06-04 10:28 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-04 20:51 . 2011-05-15 10:18 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-19 11:55 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 11:56 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 11:56 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 11:56 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 11:55 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 11:56 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 11:55 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 11:55 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 11:55 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 23:27 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 23:27 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 23:27 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 23:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 23:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 23:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 23:27 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 23:27 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 23:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2011-05-15 08:38 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 04:01 . 2012-06-13 09:59 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 09:59 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 09:59 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-01-21 220744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNDA3100\WNDA3100.exe [2009-9-21 1736704]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-29 942080]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-28 43328]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2x.sys [2009-01-13 560128]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-10 270912]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-28 41280]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31w7x.sys [2009-10-21 767488]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 76124906
*NewlyCreated* - 77604757
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - AVKMGR
*Deregistered* - 76124906
*Deregistered* - 77604757
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 204.93.211.219:80
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\e8jea1mp.default\
FF - prefs.js: browser.search.selectedEngine - Amazon Search Suggestions
FF - prefs.js: network.proxy.http - 173.212.195.88
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WNDA3100\jswtrayutil.exe
SafeBoot-77604757.sys
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-12 00:46:51
ComboFix-quarantined-files.txt 2012-08-11 22:46
.
Vor Suchlauf: 13 Verzeichnis(se), 35.836.567.552 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 35.706.826.752 Bytes frei
.
- - End Of File - - 320AD280886BFF09FEF60DF4F5CDCE75
Sorry, falls ich mit der Fragerei nerve, aber muss ich mir Sorgen machen? |
|
12.08.2012, 13:21
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbar Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.08.2012, 18:35
| #23 |
| | Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbar GMER (Häkchen bei Services, Registry, Files, C:/, ADS): Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-12 19:34:09
Windows 6.1.7601 Service Pack 1
Running: uz9dbhcr.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158332cf1d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158332cf1d@78471d591585 0xCA 0x1F 0xFD 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158332cf1d@f008f1210d22 0x5F 0xD7 0x41 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00158332cf1d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00158332cf1d@78471d591585 0xCA 0x1F 0xFD 0x95 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00158332cf1d@f008f1210d22 0x5F 0xD7 0x41 0x28 ...
---- EOF - GMER 1.0.15 ----
OSAM (Online-Scanner gecancelt): Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:39:30 on 12.08.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 14.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "NETGEAR WN111v2 USB2.0 Wireless Card Service" (WN111v2) - "Atheros Communications, Inc." - C:\Windows\System32\DRIVERS\WN111v2x.sys "PCAMp50a64 NDIS Protocol Driver" (PCAMp50a64) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\System32\Drivers\PCAMp50a64.sys "PCASp50a64 NDIS Protocol Driver" (PCASp50a64) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\System32\Drivers\PCASp50a64.sys "PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys "WAN Miniport (ATW)" (wanatw) - ? - C:\Windows\System32\DRIVERS\wanatw64.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {79eac9e4-baf9-11ce-8c82-00aa004ba90b} "gopher" - ? - (File not found | COM-object registry key not found) {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) ITBar7Height64 "ITBar7Height64" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.4.1" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.4.1" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "NETGEAR WNDA3100 Setup-Assistent.lnk" - "NETGEAR" - C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe (Shortcut exists | File exists) "Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "amd_dc_opt" - "AMD" - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "PDFPrint" - "Geek Software GmbH" - C:\Program Files (x86)\PDF24\pdf24.exe "PlusService" - "Yuna Software" - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Jumpstart Wifi Protected Setup" (jswpsapi) - "Atheros Communications, Inc." - C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\PSIA.exe "Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\sua.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-12 19:42:46
-----------------------------
19:42:46.285 OS Version: Windows x64 6.1.7601 Service Pack 1
19:42:46.285 Number of processors: 2 586 0x4302
19:42:46.285 ComputerName: MAX-PC UserName: Max
19:42:47.113 Initialize success
19:45:14.997 AVAST engine defs: 12081200
19:50:24.239 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
19:50:24.241 Disk 0 Vendor: SAMSUNG_HD160JJ ZM100-37 Size: 152627MB BusType: 3
19:50:24.244 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-6
19:50:24.246 Disk 1 Vendor: ExcelStor_Technology_G280 ESACAL17 Size: 76293MB BusType: 3
19:50:24.258 Disk 0 MBR read successfully
19:50:24.261 Disk 0 MBR scan
19:50:24.265 Disk 0 Windows 7 default MBR code
19:50:24.269 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
19:50:24.310 Disk 0 scanning C:\Windows\system32\drivers
19:50:34.994 Service scanning
19:50:57.338 Modules scanning
19:50:57.345 Disk 0 trace - called modules:
19:50:57.364 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:50:57.369 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800246d410]
19:50:57.374 3 CLASSPNP.SYS[fffff8800196343f] -> nt!IofCallDriver -> [0xfffffa8002289520]
19:50:57.378 5 ACPI.sys[fffff88000e707a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa800228e060]
19:50:57.798 AVAST engine scan C:\Windows
19:51:00.164 AVAST engine scan C:\Windows\system32
19:53:58.917 AVAST engine scan C:\Windows\system32\drivers
19:54:10.446 AVAST engine scan C:\Users\Max
19:56:15.245 AVAST engine scan C:\ProgramData
19:56:44.859 Scan finished successfully
19:58:33.521 Disk 0 MBR has been saved successfully to "C:\Users\Max\Desktop\MBR.dat"
19:58:33.527 The log file has been saved successfully to "C:\Users\Max\Desktop\aswMBR.txt"
Geändert von netnocheiner (12.08.2012 um 18:59 Uhr) |
|
13.08.2012, 15:45
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbar Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.08.2012, 22:39
| #25 |
| | Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbarCode:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.13.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Max :: MAX-PC [Administrator] 13.08.2012 21:00:21 mbam-log-2012-08-13 (21-00-21).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|J:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 342882 Laufzeit: 46 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/13/2012 at 11:34 PM
Application Version : 5.5.1012
Core Rules Database Version : 9048
Trace Rules Database Version: 6860
Scan type : Complete Scan
Total Scan Time : 01:19:56
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 578
Memory threats detected : 0
Registry items scanned : 65046
Registry threats detected : 0
File items scanned : 128191
File threats detected : 70
Adware.Tracking Cookie
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@adtech[1].txt [ /adtech ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@advertising[1].txt [ /advertising ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@at.atwola[2].txt [ /at.atwola ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@atwola[1].txt [ /atwola ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@content.yieldmanager[2].txt [ /content.yieldmanager ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@content.yieldmanager[3].txt [ /content.yieldmanager ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@de.at.atwola[1].txt [ /de.at.atwola ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@explore.trackmania[1].txt [ /explore.trackmania ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@microsoftwllivemkt.112.2o7[1].txt [ /microsoftwllivemkt.112.2o7 ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@tacoda.at.atwola[2].txt [ /tacoda.at.atwola ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\ZMHE1U4E.txt [ /ru4.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\6V75FP4H.txt [ /mediaplex.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\M8243ZCO.txt [ /tradedoubler.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\78Q2E0WR.txt [ /zanox.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\RFE05R67.txt [ /media6degrees.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\94VHKRA1.txt [ /track.adform.net ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\WO9BB93N.txt [ /fastclick.net ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\710P59PI.txt [ /revsci.net ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\737P4PV0.txt [ /www.rambler.ru ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\Y5MT432J.txt [ /bs.serving-sys.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\BDXHR3EX.txt [ /www.active-tracking.de ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\GX0INLJP.txt [ /adfarm1.adition.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\P1CDFZM2.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\4D6NKOJM.txt [ /atdmt.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\Y39NWZYH.txt [ /adform.net ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\WMBVM31N.txt [ /doubleclick.net ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\2NEN8Z3O.txt [ /serving-sys.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\FNH61SHG.txt [ /lucidmedia.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\PE24S8LW.txt [ /accounts.google.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\C2GTI0MB.txt [ /ad.zanox.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\ZP3BKWHK.txt [ /apmebf.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\T0MECB6Q.txt [ /invitemedia.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\WMTH38DI.txt [ /atdmt.combing.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\KVUNDQ8V.txt [ /rambler.ru ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\E8N9EE0C.txt [ /c.atdmt.com ]
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\60BZ5IYC.txt [ /ad3.adfarm1.adition.com ]
C:\USERS\MAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\max@atdmt[1].txt [ Cookie:max@atdmt.com/ ]
C:\USERS\MAX\AppData\Roaming\Microsoft\Windows\Cookies\Low\max@serving-sys[2].txt [ Cookie:max@serving-sys.com/ ]
C:\USERS\MAX\Cookies\ZMHE1U4E.txt [ Cookie:max@ru4.com/ ]
C:\USERS\MAX\Cookies\6V75FP4H.txt [ Cookie:max@mediaplex.com/ ]
C:\USERS\MAX\Cookies\M8243ZCO.txt [ Cookie:max@tradedoubler.com/ ]
C:\USERS\MAX\Cookies\RFE05R67.txt [ Cookie:max@media6degrees.com/ ]
C:\USERS\MAX\Cookies\max@advertising[1].txt [ Cookie:max@advertising.com/ ]
C:\USERS\MAX\Cookies\max@explore.trackmania[1].txt [ Cookie:max@explore.trackmania.com/ ]
C:\USERS\MAX\Cookies\94VHKRA1.txt [ Cookie:max@track.adform.net/ ]
C:\USERS\MAX\Cookies\WO9BB93N.txt [ Cookie:max@fastclick.net/ ]
C:\USERS\MAX\Cookies\710P59PI.txt [ Cookie:max@revsci.net/ ]
C:\USERS\MAX\Cookies\737P4PV0.txt [ Cookie:max@www.rambler.ru/ ]
C:\USERS\MAX\Cookies\BDXHR3EX.txt [ Cookie:max@www.active-tracking.de/ ]
C:\USERS\MAX\Cookies\GX0INLJP.txt [ Cookie:max@adfarm1.adition.com/ ]
C:\USERS\MAX\Cookies\max@de.at.atwola[1].txt [ Cookie:max@de.at.atwola.com/ ]
C:\USERS\MAX\Cookies\max@ad.yieldmanager[2].txt [ Cookie:max@ad.yieldmanager.com/ ]
C:\USERS\MAX\Cookies\4D6NKOJM.txt [ Cookie:max@atdmt.com/ ]
C:\USERS\MAX\Cookies\Y39NWZYH.txt [ Cookie:max@adform.net/ ]
C:\USERS\MAX\Cookies\WMBVM31N.txt [ Cookie:max@doubleclick.net/ ]
C:\USERS\MAX\Cookies\2NEN8Z3O.txt [ Cookie:max@serving-sys.com/ ]
C:\USERS\MAX\Cookies\max@at.atwola[2].txt [ Cookie:max@at.atwola.com/ ]
C:\USERS\MAX\Cookies\FNH61SHG.txt [ Cookie:max@lucidmedia.com/ ]
C:\USERS\MAX\Cookies\max@atwola[1].txt [ Cookie:max@atwola.com/ ]
C:\USERS\MAX\Cookies\max@tacoda.at.atwola[2].txt [ Cookie:max@tacoda.at.atwola.com/ ]
C:\USERS\MAX\Cookies\C2GTI0MB.txt [ Cookie:max@ad.zanox.com/ ]
C:\USERS\MAX\Cookies\ZP3BKWHK.txt [ Cookie:max@apmebf.com/ ]
C:\USERS\MAX\Cookies\max@microsoftwllivemkt.112.2o7[1].txt [ Cookie:max@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\MAX\Cookies\T0MECB6Q.txt [ Cookie:max@invitemedia.com/ ]
C:\USERS\MAX\Cookies\WMTH38DI.txt [ Cookie:max@atdmt.combing.com/ ]
C:\USERS\MAX\Cookies\max@content.yieldmanager[2].txt [ Cookie:max@content.yieldmanager.com/ ]
C:\USERS\MAX\Cookies\KVUNDQ8V.txt [ Cookie:max@rambler.ru/ ]
C:\USERS\MAX\Cookies\E8N9EE0C.txt [ Cookie:max@c.atdmt.com/ ]
C:\USERS\MAX\Cookies\60BZ5IYC.txt [ Cookie:max@ad3.adfarm1.adition.com/ ]
|
|
14.08.2012, 14:58
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbar Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.08.2012, 19:38
| #27 |
| | Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbar Ist alles soweit in Ordnung. Zu den Cookies: Falls ich Cookies beim Beenden vom FF löschen lasse, werden dann auch die Pws überall gelöscht? Momentan wird es so gehandhabt, dass ich nur die Felder anklicken muss und die Userdaten dann automatisch eingetragen werden. Nochmal(*g*) die Frage: Muss ich mir Sorgen um meine Daten machen? So wie ich das verstanden habe, hat dieser Trojaner (und auch sonst nichts?) nichts ausspioniert..? Vielen, vielen Dank übrigens für die tolle Hilfe! |
|
15.08.2012, 19:15
| #28 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbarZitat:
 Wenn du alle Cookies beim Beenden löscht, musst du dich selbstverständlich bei jedem neuen Start des Browser bei Seiten wie zB Facebook usw. neu einloggen Zitat:
Zitat:
Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.08.2012, 17:43
| #29 |
| | Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbar Wie schauts denn mit den ganzen Backups aus? Gibts da ein Tool für? |
|
21.08.2012, 12:17
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbar Da gibt es mehrere Möglichkeiten. Das einfachste wäre es wohl alle Dateien und wichtigen persönlichen Ordner auf eine ext. Platte zu kopieren. Dann hast du deine Daten gesichert, zB nach einem Systemcrash kannst du Windows dann manuell sauber neu installieren und die Daten aus der einfachen manuellen Backupmethode einfach wieder zurückkopieren Man kann aber auch Abbilder eines gesamten System (besser gesagt der gesamten Platte oder von einzelnen oder auch mehreren Partitionen erstellen), Denkanstoß hier => http://www.trojaner-board.de/115678-...r-backups.html Wenn du eine Festplatte von WesternDigital oder Seagate hast, bekommst du ein AcronisTrueImage für lau (das aber ohne SecureZone soweit ich weiß, ich empfehle aber eh Images auf externe Platten, diese sollten nur angesteckt sein wenn man das Backup braucht bzw. ein Backup erstellen muss!)WesternDigtal => http://filepony.de/download-acronis_...ge_wd_edition/ Seagate => http://filepony.de/download-seagate_discwizard/ Mit Windows7 hat man auch ein Bordmitteln für die Imageerstellung zB hier => [Anleitung] Komplettes Image-Backup (Systemabbild) von Windows 7 erstellen - Anleitungen / Tutorials / FAQ (Windows 7) Gibt auch andere Programme, wie zB Drive Snapshot - Disk Image Backup leicht gemacht
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbar |
| abgebrochen, aktiviere, aktiviert, antivirenprogramm, besuch, computerschutz, datei, entfernt, erfolgreich, erstellen, essen, gelöscht, link, löschen, malwarebytes, ms security essentials, neue, neuen, nicht mehr, nicht möglich, problem, programm, schutz, security, starten, systemwiederherstellung, version, website |
Linear-Darstellung
