| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner ZeusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.09.2012, 13:19
| #16 |
 |  Trojaner Zeus Hi, es geht alles genau wie vorher, ich hatte keine Einschränkungen. Bei den Programmen ist mE auch alles wie es sein soll. Ein paar Ordner haben ein Schloß davor, ob das nun vorher schon war und so sein soll, bin ich überfragt (habe zB 2 Programmordner, 1 ist verschlossen, ob das richtig ist, weiss ich nicht, die Änderung war im Jan. 12). |
|
04.09.2012, 16:24
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner Zeus Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
04.09.2012, 20:01
| #18 |
| | Trojaner Zeus Hi, ich bekomme den Button "OK" nicht, nach dem ich Quick Scan angeklickt habe und das Programm friert ein. Was mache ich falsch?
__________________ |
|
04.09.2012, 20:12
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Zeus Probier es im abgesicherten Modus mit Netzwerktreibern aus
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.09.2012, 21:36
| #20 |
| | Trojaner Zeus Ich habe vorhin geschlafen! Das Programm ist nicht eingefroren, der Scan lief bereits. Durch das kleine Fenster vom Netbook hatte ich es erst nicht gesehen. Asche auf mein Haupt :- ))) Code:
ATTFilter OTL logfile created on: 04.09.2012 22:50:42 - Run 4
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Acer eeePC\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,18 Mb Total Physical Memory | 486,05 Mb Available Physical Memory | 47,93% Memory free
1,99 Gb Paging File | 1,27 Gb Available in Paging File | 63,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,08 Gb Total Space | 80,45 Gb Free Space | 78,82% Space Free | Partition Type: NTFS
Drive D: | 46,87 Gb Total Space | 46,25 Gb Free Space | 98,67% Space Free | Partition Type: NTFS
Computer Name: ACEREEEPC-PC | User Name: Acer eeePC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Acer eeePC\Downloads\OTL(3).exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 8C 56 08 05 1F CD 01 [binary data]
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\..\SearchScopes\{9FDFAAA8-F147-443F-837D-A2F25F1612B5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=5f568ed9-e160-45cb-828a-383ecb5a4d23&apn_sauid=4AA2BBBD-17E1-46A7-9E59-FD27A6A2D8E8
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 18:30:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Acer eeePC\AppData\Roaming\13001.016 [2012.07.05 19:00:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 18:30:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.01.22 17:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer eeePC\AppData\Roaming\mozilla\Extensions
[2012.06.28 16:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer eeePC\AppData\Roaming\mozilla\Firefox\Profiles\hwp8zhmz.default\extensions
[2012.06.28 16:20:07 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Acer eeePC\AppData\Roaming\mozilla\Firefox\Profiles\hwp8zhmz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.02.25 12:13:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.05 19:00:58 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\ACER EEEPC\APPDATA\ROAMING\13001.016
[2012.06.23 18:30:44 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.23 18:30:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.23 18:30:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.23 18:30:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 18:30:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 18:30:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 18:30:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash/cabs/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6A3103C-6900-4FDF-8BBB-2599B32FAEE6}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.07.09 21:08:26 | 002,146,304 | ---- | M] () - D:\AutoArchive.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.08.13 22:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.11 18:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012.08.11 18:01:01 | 000,000,000 | ---D | C] -- C:\Users\Acer eeePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.08.11 18:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012.08.06 22:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.06 22:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.06 22:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[1 C:\Users\Acer eeePC\AppData\Roaming\*.tmp files -> C:\Users\Acer eeePC\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.09.04 22:45:15 | 000,011,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 22:45:15 | 000,011,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 22:37:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.04 22:37:16 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.04 20:12:54 | 000,001,115 | ---- | M] () -- C:\Users\Acer eeePC\Desktop\OTL(3).exe - Verknüpfung.lnk
[2012.09.04 19:55:52 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.04 19:55:52 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.04 19:55:52 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.04 19:55:52 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.16 20:13:25 | 000,257,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Acer eeePC\AppData\Roaming\*.tmp files -> C:\Users\Acer eeePC\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.04 20:12:54 | 000,001,115 | ---- | C] () -- C:\Users\Acer eeePC\Desktop\OTL(3).exe - Verknüpfung.lnk
[2012.07.05 19:00:35 | 000,000,051 | ---- | C] () -- C:\Users\Acer eeePC\AppData\Roaming\blckdom.res
[2012.06.19 23:03:21 | 000,000,036 | ---- | C] () -- C:\Users\Acer eeePC\AppData\Local\housecall.guid.cache
[2012.04.21 14:11:08 | 000,257,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.16 19:41:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012.02.16 19:41:46 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012.01.22 17:27:12 | 000,219,136 | ---- | C] () -- C:\Windows\System32\AsusService.exe
[2012.01.22 17:27:12 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini
[2012.01.22 17:24:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
========== LOP Check ==========
[2012.07.05 19:00:58 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\13001.016
[2012.08.29 22:30:37 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\BSW
[2012.06.17 13:04:52 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Foxit Software
[2012.07.05 19:00:22 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\kock
[2012.02.16 20:27:44 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\LG Electronics
[2012.08.11 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Maso
[2012.07.06 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\NDepend
[2012.08.13 23:52:28 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\QuickScan
[2012.07.05 19:00:24 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\xmldm
[2012.08.11 18:02:19 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Ykizo
[2012.07.18 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Ymcu
[2012.09.04 12:38:26 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.07.05 19:00:58 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\13001.016
[2012.03.11 16:22:37 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Adobe
[2012.01.22 17:11:24 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Avira
[2012.08.29 22:30:37 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\BSW
[2012.06.17 13:04:52 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Foxit Software
[2012.01.22 16:56:05 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Identities
[2012.07.05 19:00:22 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\kock
[2012.02.16 20:27:44 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\LG Electronics
[2012.03.11 16:22:37 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Macromedia
[2012.07.06 20:37:07 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Malwarebytes
[2012.08.11 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Maso
[2012.08.11 18:01:01 | 000,000,000 | --SD | M] -- C:\Users\Acer eeePC\AppData\Roaming\Microsoft
[2012.01.22 17:08:22 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Mozilla
[2012.07.06 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\NDepend
[2012.08.13 23:52:28 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\QuickScan
[2012.07.05 19:00:24 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\xmldm
[2012.08.11 18:02:19 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Ykizo
[2012.07.18 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Ymcu
< %APPDATA%\*.exe /s >
[2012.08.11 18:01:01 | 000,073,728 | R--- | M] (Macrovision Corporation) -- C:\Users\Acer eeePC\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
[2012.08.11 18:01:01 | 000,073,728 | R--- | M] (Macrovision Corporation) -- C:\Users\Acer eeePC\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
[2012.08.11 18:01:01 | 000,073,728 | R--- | M] (Macrovision Corporation) -- C:\Users\Acer eeePC\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: USER32.DLL >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< End of report >
diese Ykizo, kock und Maso - Sachen sehen nicht gut aus, oder?  Trotz der tollen Unterstützung - danke nochmals an dieser Stelle - bin ich nur noch am seufzen. "Ham wir es bald?" :-) Liebe Grüsse Geändert von Scarlett_ (04.09.2012 um 22:15 Uhr) |
|
05.09.2012, 13:55
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Zeus Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.07.09 21:08:26 | 002,146,304 | ---- | M] () - D:\AutoArchive.exe -- [ NTFS ]
:Files
C:\Users\Acer eeePC\AppData\Roaming\13001.016
C:\Users\Acer eeePC\AppData\Roaming\kock
C:\Users\Acer eeePC\AppData\Roaming\maso
C:\Users\Acer eeePC\AppData\Roaming\xmldm
C:\Users\Acer eeePC\AppData\Roaming\UAs
C:\Users\Acer eeePC\AppData\Roaming\Ykizo
C:\Users\Acer eeePC\AppData\Roaming\ymcu
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Trojaner Zeus |
|
06.09.2012, 20:20
| #22 |
| | Trojaner Zeus Hi, erledigt: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AutoArchive.exe moved successfully.
========== FILES ==========
C:\Users\Acer eeePC\AppData\Roaming\13001.016\components folder moved successfully.
C:\Users\Acer eeePC\AppData\Roaming\13001.016 folder moved successfully.
C:\Users\Acer eeePC\AppData\Roaming\kock folder moved successfully.
C:\Users\Acer eeePC\AppData\Roaming\Maso folder moved successfully.
C:\Users\Acer eeePC\AppData\Roaming\xmldm folder moved successfully.
File\Folder C:\Users\Acer eeePC\AppData\Roaming\UAs not found.
C:\Users\Acer eeePC\AppData\Roaming\Ykizo folder moved successfully.
C:\Users\Acer eeePC\AppData\Roaming\Ymcu folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Acer eeePC\Downloads\cmd.bat deleted successfully.
C:\Users\Acer eeePC\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Acer eeePC
->Temp folder emptied: 774 bytes
->Temporary Internet Files folder emptied: 65867 bytes
->Java cache emptied: 15991709 bytes
->FireFox cache emptied: 56491627 bytes
->Flash cache emptied: 491 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1691973 bytes
Total Files Cleaned = 71,00 mb
[EMPTYFLASH]
User: Acer eeePC
->Flash cache emptied: 0 bytes
User: All Users
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.60.0 log created on 09062012_211356
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
06.09.2012, 21:42
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Zeus Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.09.2012, 17:42
| #24 |
| | Trojaner Zeus Hallo, hat prima funktioniert. Code:
ATTFilter 18:33:36.0147 2552 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:33:36.0685 2552 ============================================================
18:33:36.0685 2552 Current date / time: 2012/09/08 18:33:36.0685
18:33:36.0685 2552 SystemInfo:
18:33:36.0685 2552
18:33:36.0685 2552 OS Version: 6.1.7601 ServicePack: 1.0
18:33:36.0685 2552 Product type: Workstation
18:33:36.0686 2552 ComputerName: ACEREEEPC-PC
18:33:36.0686 2552 UserName: Acer eeePC
18:33:36.0686 2552 Windows directory: C:\Windows
18:33:36.0686 2552 System windows directory: C:\Windows
18:33:36.0686 2552 Processor architecture: Intel x86
18:33:36.0686 2552 Number of processors: 2
18:33:36.0687 2552 Page size: 0x1000
18:33:36.0687 2552 Boot type: Normal boot
18:33:36.0687 2552 ============================================================
18:33:38.0566 2552 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x2860B, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000050
18:33:38.0573 2552 ============================================================
18:33:38.0573 2552 \Device\Harddisk0\DR0:
18:33:38.0573 2552 MBR partitions:
18:33:38.0573 2552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:33:38.0573 2552 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xCC26800
18:33:38.0574 2552 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xCC59000, BlocksNum 0x5DBF800
18:33:38.0574 2552 ============================================================
18:33:38.0592 2552 C: <-> \Device\Harddisk0\DR0\Partition2
18:33:38.0641 2552 D: <-> \Device\Harddisk0\DR0\Partition3
18:33:38.0641 2552 ============================================================
18:33:38.0641 2552 Initialize success
18:33:38.0641 2552 ============================================================
18:33:46.0475 2880 ============================================================
18:33:46.0475 2880 Scan started
18:33:46.0475 2880 Mode: Manual; SigCheck; TDLFS;
18:33:46.0475 2880 ============================================================
18:33:48.0209 2880 ================ Scan system memory ========================
18:33:48.0209 2880 System memory - ok
18:33:48.0211 2880 ================ Scan services =============================
18:33:48.0395 2880 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:33:48.0604 2880 1394ohci - ok
18:33:48.0652 2880 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:33:48.0708 2880 ACPI - ok
18:33:48.0756 2880 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:33:48.0866 2880 AcpiPmi - ok
18:33:48.0923 2880 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:33:48.0976 2880 adp94xx - ok
18:33:49.0013 2880 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:33:49.0057 2880 adpahci - ok
18:33:49.0088 2880 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:33:49.0126 2880 adpu320 - ok
18:33:49.0169 2880 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:33:49.0243 2880 AeLookupSvc - ok
18:33:49.0304 2880 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:33:49.0430 2880 AFD - ok
18:33:49.0481 2880 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:33:49.0540 2880 agp440 - ok
18:33:49.0586 2880 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:33:49.0620 2880 aic78xx - ok
18:33:49.0671 2880 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:33:49.0770 2880 ALG - ok
18:33:49.0864 2880 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:33:49.0919 2880 aliide - ok
18:33:49.0975 2880 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:33:50.0009 2880 amdagp - ok
18:33:50.0063 2880 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:33:50.0116 2880 amdide - ok
18:33:50.0147 2880 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:33:50.0238 2880 AmdK8 - ok
18:33:50.0265 2880 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:33:50.0331 2880 AmdPPM - ok
18:33:50.0396 2880 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:33:50.0442 2880 amdsata - ok
18:33:50.0465 2880 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:33:50.0504 2880 amdsbs - ok
18:33:50.0530 2880 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:33:50.0566 2880 amdxata - ok
18:33:50.0646 2880 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:33:50.0708 2880 AntiVirSchedulerService - ok
18:33:50.0762 2880 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:33:50.0807 2880 AntiVirService - ok
18:33:50.0855 2880 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:33:51.0042 2880 AppID - ok
18:33:51.0094 2880 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:33:51.0182 2880 AppIDSvc - ok
18:33:51.0248 2880 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:33:51.0359 2880 Appinfo - ok
18:33:51.0401 2880 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:33:51.0448 2880 arc - ok
18:33:51.0495 2880 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:33:51.0542 2880 arcsas - ok
18:33:51.0595 2880 [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService C:\Windows\System32\AsusService.exe
18:33:51.0637 2880 AsusService ( UnsignedFile.Multi.Generic ) - warning
18:33:51.0637 2880 AsusService - detected UnsignedFile.Multi.Generic (1)
18:33:51.0678 2880 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:33:51.0825 2880 AsyncMac - ok
18:33:51.0883 2880 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:33:51.0923 2880 atapi - ok
18:33:51.0997 2880 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\Windows\system32\DRIVERS\athr.sys
18:33:52.0134 2880 athr - ok
18:33:52.0250 2880 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:33:52.0357 2880 AudioEndpointBuilder - ok
18:33:52.0389 2880 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:33:52.0468 2880 Audiosrv - ok
18:33:52.0515 2880 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:33:52.0557 2880 avgntflt - ok
18:33:52.0587 2880 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:33:52.0624 2880 avipbb - ok
18:33:52.0647 2880 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:33:52.0674 2880 avkmgr - ok
18:33:52.0715 2880 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:33:52.0825 2880 AxInstSV - ok
18:33:52.0866 2880 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:33:52.0962 2880 b06bdrv - ok
18:33:53.0001 2880 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:33:53.0049 2880 b57nd60x - ok
18:33:53.0115 2880 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:33:53.0190 2880 BDESVC - ok
18:33:53.0216 2880 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:33:53.0325 2880 Beep - ok
18:33:53.0381 2880 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
18:33:53.0491 2880 BFE - ok
18:33:53.0609 2880 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
18:33:53.0786 2880 BITS - ok
18:33:53.0814 2880 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:33:53.0868 2880 blbdrive - ok
18:33:53.0922 2880 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:33:53.0996 2880 bowser - ok
18:33:54.0061 2880 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:33:54.0158 2880 BrFiltLo - ok
18:33:54.0179 2880 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:33:54.0247 2880 BrFiltUp - ok
18:33:54.0297 2880 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
18:33:54.0380 2880 Browser - ok
18:33:54.0430 2880 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:33:54.0493 2880 Brserid - ok
18:33:54.0511 2880 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:33:54.0575 2880 BrSerWdm - ok
18:33:54.0608 2880 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:33:54.0669 2880 BrUsbMdm - ok
18:33:54.0697 2880 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:33:54.0763 2880 BrUsbSer - ok
18:33:54.0794 2880 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:33:54.0876 2880 BTHMODEM - ok
18:33:54.0936 2880 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:33:55.0026 2880 bthserv - ok
18:33:55.0060 2880 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:33:55.0179 2880 cdfs - ok
18:33:55.0244 2880 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:33:55.0315 2880 cdrom - ok
18:33:55.0377 2880 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:33:55.0486 2880 CertPropSvc - ok
18:33:55.0528 2880 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:33:55.0583 2880 circlass - ok
18:33:55.0621 2880 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:33:55.0676 2880 CLFS - ok
18:33:55.0745 2880 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:33:55.0789 2880 clr_optimization_v2.0.50727_32 - ok
18:33:55.0874 2880 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:33:55.0942 2880 clr_optimization_v4.0.30319_32 - ok
18:33:55.0987 2880 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:33:56.0033 2880 CmBatt - ok
18:33:56.0060 2880 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:33:56.0101 2880 cmdide - ok
18:33:56.0143 2880 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
18:33:56.0242 2880 CNG - ok
18:33:56.0276 2880 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:33:56.0319 2880 Compbatt - ok
18:33:56.0365 2880 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:33:56.0438 2880 CompositeBus - ok
18:33:56.0468 2880 COMSysApp - ok
18:33:56.0503 2880 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:33:56.0545 2880 crcdisk - ok
18:33:56.0601 2880 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:33:56.0697 2880 CryptSvc - ok
18:33:56.0755 2880 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:33:56.0875 2880 DcomLaunch - ok
18:33:56.0957 2880 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:33:57.0089 2880 defragsvc - ok
18:33:57.0136 2880 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:33:57.0222 2880 DfsC - ok
18:33:57.0298 2880 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:33:57.0396 2880 Dhcp - ok
18:33:57.0439 2880 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:33:57.0557 2880 discache - ok
18:33:57.0594 2880 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:33:57.0627 2880 Disk - ok
18:33:57.0682 2880 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:33:57.0775 2880 Dnscache - ok
18:33:57.0854 2880 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:33:57.0980 2880 dot3svc - ok
18:33:58.0026 2880 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:33:58.0143 2880 DPS - ok
18:33:58.0191 2880 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:33:58.0259 2880 drmkaud - ok
18:33:58.0400 2880 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:33:58.0502 2880 DXGKrnl - ok
18:33:58.0535 2880 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:33:58.0628 2880 EapHost - ok
18:33:58.0835 2880 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:33:59.0063 2880 ebdrv - ok
18:33:59.0116 2880 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:33:59.0206 2880 EFS - ok
18:33:59.0273 2880 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:33:59.0353 2880 elxstor - ok
18:33:59.0403 2880 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:33:59.0464 2880 ErrDev - ok
18:33:59.0536 2880 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:33:59.0659 2880 EventSystem - ok
18:33:59.0715 2880 EverestDriver - ok
18:33:59.0764 2880 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:33:59.0891 2880 exfat - ok
18:33:59.0927 2880 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:34:00.0047 2880 fastfat - ok
18:34:00.0114 2880 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:34:00.0234 2880 Fax - ok
18:34:00.0276 2880 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:34:00.0323 2880 fdc - ok
18:34:00.0355 2880 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:34:00.0482 2880 fdPHost - ok
18:34:00.0511 2880 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:34:00.0624 2880 FDResPub - ok
18:34:00.0664 2880 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:34:00.0709 2880 FileInfo - ok
18:34:00.0739 2880 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:34:00.0857 2880 Filetrace - ok
18:34:00.0894 2880 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:34:00.0956 2880 flpydisk - ok
18:34:01.0000 2880 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:34:01.0054 2880 FltMgr - ok
18:34:01.0125 2880 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
18:34:01.0285 2880 FontCache - ok
18:34:01.0342 2880 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:34:01.0379 2880 FontCache3.0.0.0 - ok
18:34:01.0406 2880 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:34:01.0451 2880 FsDepends - ok
18:34:01.0492 2880 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:34:01.0533 2880 Fs_Rec - ok
18:34:01.0611 2880 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:34:01.0676 2880 fvevol - ok
18:34:01.0714 2880 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:34:01.0760 2880 gagp30kx - ok
18:34:01.0814 2880 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:34:01.0970 2880 gpsvc - ok
18:34:02.0001 2880 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:34:02.0097 2880 hcw85cir - ok
18:34:02.0168 2880 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:34:02.0248 2880 HdAudAddService - ok
18:34:02.0304 2880 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:34:02.0375 2880 HDAudBus - ok
18:34:02.0426 2880 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:34:02.0475 2880 HidBatt - ok
18:34:02.0507 2880 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:34:02.0578 2880 HidBth - ok
18:34:02.0626 2880 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:34:02.0697 2880 HidIr - ok
18:34:02.0747 2880 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:34:02.0865 2880 hidserv - ok
18:34:02.0936 2880 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:34:02.0984 2880 HidUsb - ok
18:34:03.0020 2880 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:34:03.0138 2880 hkmsvc - ok
18:34:03.0190 2880 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:34:03.0284 2880 HomeGroupListener - ok
18:34:03.0334 2880 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:34:03.0414 2880 HomeGroupProvider - ok
18:34:03.0474 2880 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:34:03.0521 2880 HpSAMD - ok
18:34:03.0580 2880 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:34:03.0692 2880 HTTP - ok
18:34:03.0739 2880 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:34:03.0780 2880 hwpolicy - ok
18:34:03.0820 2880 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:34:03.0886 2880 i8042prt - ok
18:34:03.0962 2880 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:34:04.0023 2880 iaStorV - ok
18:34:04.0092 2880 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:34:04.0192 2880 idsvc - ok
18:34:04.0392 2880 [ 81F7C715528AB621C6AF58869D4B07B9 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:34:04.0704 2880 igfx - ok
18:34:04.0755 2880 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:34:04.0799 2880 iirsp - ok
18:34:04.0870 2880 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:34:04.0987 2880 IKEEXT - ok
18:34:05.0026 2880 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:34:05.0082 2880 intelide - ok
18:34:05.0132 2880 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:34:05.0199 2880 intelppm - ok
18:34:05.0245 2880 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:34:05.0355 2880 IPBusEnum - ok
18:34:05.0386 2880 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:34:05.0488 2880 IpFilterDriver - ok
18:34:05.0550 2880 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:34:05.0648 2880 iphlpsvc - ok
18:34:05.0703 2880 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:34:05.0779 2880 IPMIDRV - ok
18:34:05.0806 2880 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:34:05.0931 2880 IPNAT - ok
18:34:05.0987 2880 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:34:06.0067 2880 IRENUM - ok
18:34:06.0090 2880 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:34:06.0134 2880 isapnp - ok
18:34:06.0182 2880 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:34:06.0235 2880 iScsiPrt - ok
18:34:06.0261 2880 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:34:06.0293 2880 kbdclass - ok
18:34:06.0337 2880 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:34:06.0394 2880 kbdhid - ok
18:34:06.0423 2880 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:34:06.0464 2880 KeyIso - ok
18:34:06.0515 2880 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:34:06.0553 2880 KSecDD - ok
18:34:06.0577 2880 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:34:06.0614 2880 KSecPkg - ok
18:34:06.0695 2880 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:34:06.0824 2880 KtmRm - ok
18:34:06.0888 2880 [ 6C32BFEAB708915D6BBF4B20D4F3EF7B ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
18:34:06.0938 2880 L1C - ok
18:34:07.0000 2880 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
18:34:07.0107 2880 LanmanServer - ok
18:34:07.0152 2880 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:34:07.0249 2880 LanmanWorkstation - ok
18:34:07.0313 2880 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:34:07.0420 2880 lltdio - ok
18:34:07.0462 2880 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:34:07.0544 2880 lltdsvc - ok
18:34:07.0571 2880 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:34:07.0664 2880 lmhosts - ok
18:34:07.0726 2880 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:34:07.0762 2880 LSI_FC - ok
18:34:07.0780 2880 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:34:07.0815 2880 LSI_SAS - ok
18:34:07.0837 2880 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:34:07.0870 2880 LSI_SAS2 - ok
18:34:07.0892 2880 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:34:07.0928 2880 LSI_SCSI - ok
18:34:07.0952 2880 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:34:08.0030 2880 luafv - ok
18:34:08.0115 2880 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
18:34:08.0161 2880 McComponentHostService - ok
18:34:08.0185 2880 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:34:08.0229 2880 megasas - ok
18:34:08.0263 2880 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:34:08.0303 2880 MegaSR - ok
18:34:08.0333 2880 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:34:08.0446 2880 MMCSS - ok
18:34:08.0482 2880 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:34:08.0571 2880 Modem - ok
18:34:08.0621 2880 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:34:08.0678 2880 monitor - ok
18:34:08.0713 2880 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:34:08.0749 2880 mouclass - ok
18:34:08.0794 2880 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:34:08.0851 2880 mouhid - ok
18:34:08.0893 2880 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:34:08.0927 2880 mountmgr - ok
18:34:09.0006 2880 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:34:09.0048 2880 MozillaMaintenance - ok
18:34:09.0093 2880 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:34:09.0130 2880 mpio - ok
18:34:09.0166 2880 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:34:09.0252 2880 mpsdrv - ok
18:34:09.0314 2880 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:34:09.0455 2880 MpsSvc - ok
18:34:09.0500 2880 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:34:09.0548 2880 MRxDAV - ok
18:34:09.0597 2880 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:34:09.0675 2880 mrxsmb - ok
18:34:09.0707 2880 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:34:09.0765 2880 mrxsmb10 - ok
18:34:09.0802 2880 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:34:09.0867 2880 mrxsmb20 - ok
18:34:09.0898 2880 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
18:34:09.0931 2880 msahci - ok
18:34:09.0972 2880 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:34:10.0011 2880 msdsm - ok
18:34:10.0040 2880 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:34:10.0100 2880 MSDTC - ok
18:34:10.0165 2880 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:34:10.0235 2880 Msfs - ok
18:34:10.0256 2880 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:34:10.0352 2880 mshidkmdf - ok
18:34:10.0403 2880 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:34:10.0446 2880 msisadrv - ok
18:34:10.0489 2880 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:34:10.0599 2880 MSiSCSI - ok
18:34:10.0613 2880 msiserver - ok
18:34:10.0663 2880 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:34:10.0751 2880 MSKSSRV - ok
18:34:10.0785 2880 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:34:10.0855 2880 MSPCLOCK - ok
18:34:10.0876 2880 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:34:10.0984 2880 MSPQM - ok
18:34:11.0018 2880 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:34:11.0060 2880 MsRPC - ok
18:34:11.0097 2880 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:34:11.0131 2880 mssmbios - ok
18:34:11.0150 2880 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:34:11.0225 2880 MSTEE - ok
18:34:11.0247 2880 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:34:11.0303 2880 MTConfig - ok
18:34:11.0332 2880 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:34:11.0366 2880 Mup - ok
18:34:11.0421 2880 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:34:11.0519 2880 napagent - ok
18:34:11.0568 2880 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:34:11.0618 2880 NativeWifiP - ok
18:34:11.0654 2880 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:34:11.0747 2880 NDIS - ok
18:34:11.0775 2880 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:34:11.0867 2880 NdisCap - ok
18:34:11.0903 2880 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:34:12.0016 2880 NdisTapi - ok
18:34:12.0066 2880 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:34:12.0162 2880 Ndisuio - ok
18:34:12.0194 2880 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:34:12.0292 2880 NdisWan - ok
18:34:12.0323 2880 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:34:12.0405 2880 NDProxy - ok
18:34:12.0446 2880 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:34:12.0554 2880 NetBIOS - ok
18:34:12.0595 2880 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:34:12.0711 2880 NetBT - ok
18:34:12.0741 2880 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:34:12.0777 2880 Netlogon - ok
18:34:12.0825 2880 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:34:12.0919 2880 Netman - ok
18:34:12.0963 2880 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:34:13.0048 2880 netprofm - ok
18:34:13.0091 2880 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:34:13.0121 2880 NetTcpPortSharing - ok
18:34:13.0162 2880 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:34:13.0199 2880 nfrd960 - ok
18:34:13.0228 2880 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:34:13.0326 2880 NlaSvc - ok
18:34:13.0362 2880 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:34:13.0433 2880 Npfs - ok
18:34:13.0464 2880 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:34:13.0537 2880 nsi - ok
18:34:13.0559 2880 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:34:13.0647 2880 nsiproxy - ok
18:34:13.0729 2880 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:34:13.0847 2880 Ntfs - ok
18:34:13.0886 2880 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:34:13.0971 2880 Null - ok
18:34:14.0030 2880 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:34:14.0078 2880 nvraid - ok
18:34:14.0131 2880 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:34:14.0169 2880 nvstor - ok
18:34:14.0213 2880 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:34:14.0261 2880 nv_agp - ok
18:34:14.0307 2880 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:34:14.0374 2880 ohci1394 - ok
18:34:14.0429 2880 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:34:14.0536 2880 p2pimsvc - ok
18:34:14.0568 2880 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:34:14.0662 2880 p2psvc - ok
18:34:14.0711 2880 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:34:14.0750 2880 Parport - ok
18:34:14.0787 2880 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:34:14.0820 2880 partmgr - ok
18:34:14.0838 2880 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:34:14.0892 2880 Parvdm - ok
18:34:14.0939 2880 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:34:15.0003 2880 PcaSvc - ok
18:34:15.0050 2880 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:34:15.0101 2880 pci - ok
18:34:15.0122 2880 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:34:15.0154 2880 pciide - ok
18:34:15.0200 2880 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:34:15.0239 2880 pcmcia - ok
18:34:15.0265 2880 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:34:15.0298 2880 pcw - ok
18:34:15.0351 2880 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:34:15.0485 2880 PEAUTH - ok
18:34:15.0601 2880 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:34:15.0759 2880 pla - ok
18:34:15.0813 2880 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:34:15.0944 2880 PlugPlay - ok
18:34:15.0988 2880 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:34:16.0067 2880 PNRPAutoReg - ok
18:34:16.0113 2880 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:34:16.0169 2880 PNRPsvc - ok
18:34:16.0213 2880 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:34:16.0325 2880 PolicyAgent - ok
18:34:16.0375 2880 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
18:34:16.0462 2880 Power - ok
18:34:16.0499 2880 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:34:16.0572 2880 PptpMiniport - ok
18:34:16.0593 2880 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:34:16.0643 2880 Processor - ok
18:34:16.0692 2880 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
18:34:16.0782 2880 ProfSvc - ok
18:34:16.0802 2880 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:34:16.0838 2880 ProtectedStorage - ok
18:34:16.0879 2880 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:34:16.0957 2880 Psched - ok
18:34:17.0013 2880 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:34:17.0143 2880 ql2300 - ok
18:34:17.0175 2880 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:34:17.0212 2880 ql40xx - ok
18:34:17.0264 2880 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:34:17.0316 2880 QWAVE - ok
18:34:17.0343 2880 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:34:17.0386 2880 QWAVEdrv - ok
18:34:17.0411 2880 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:34:17.0486 2880 RasAcd - ok
18:34:17.0538 2880 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:34:17.0636 2880 RasAgileVpn - ok
18:34:17.0669 2880 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:34:17.0751 2880 RasAuto - ok
18:34:17.0777 2880 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:34:17.0867 2880 Rasl2tp - ok
18:34:17.0924 2880 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:34:18.0039 2880 RasMan - ok
18:34:18.0079 2880 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:34:18.0169 2880 RasPppoe - ok
18:34:18.0206 2880 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:34:18.0291 2880 RasSstp - ok
18:34:18.0335 2880 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:34:18.0409 2880 rdbss - ok
18:34:18.0442 2880 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:34:18.0484 2880 rdpbus - ok
18:34:18.0520 2880 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:34:18.0623 2880 RDPCDD - ok
18:34:18.0666 2880 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:34:18.0736 2880 RDPENCDD - ok
18:34:18.0766 2880 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:34:18.0832 2880 RDPREFMP - ok
18:34:18.0871 2880 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:34:18.0966 2880 RDPWD - ok
18:34:19.0021 2880 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:34:19.0074 2880 rdyboost - ok
18:34:19.0106 2880 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:34:19.0194 2880 RemoteAccess - ok
18:34:19.0246 2880 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:34:19.0358 2880 RemoteRegistry - ok
18:34:19.0392 2880 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:34:19.0467 2880 RpcEptMapper - ok
18:34:19.0498 2880 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:34:19.0557 2880 RpcLocator - ok
18:34:19.0591 2880 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:34:19.0670 2880 RpcSs - ok
18:34:19.0707 2880 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:34:19.0783 2880 rspndr - ok
18:34:19.0807 2880 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:34:19.0842 2880 SamSs - ok
18:34:19.0883 2880 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:34:19.0919 2880 sbp2port - ok
18:34:19.0962 2880 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:34:20.0075 2880 SCardSvr - ok
18:34:20.0103 2880 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:34:20.0192 2880 scfilter - ok
18:34:20.0259 2880 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:34:20.0381 2880 Schedule - ok
18:34:20.0415 2880 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:34:20.0485 2880 SCPolicySvc - ok
18:34:20.0524 2880 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:34:20.0601 2880 SDRSVC - ok
18:34:20.0642 2880 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:34:20.0749 2880 secdrv - ok
18:34:20.0797 2880 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:34:20.0890 2880 seclogon - ok
18:34:20.0929 2880 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:34:21.0026 2880 SENS - ok
18:34:21.0068 2880 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:34:21.0126 2880 Serenum - ok
18:34:21.0175 2880 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:34:21.0233 2880 Serial - ok
18:34:21.0290 2880 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:34:21.0325 2880 sermouse - ok
18:34:21.0387 2880 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:34:21.0476 2880 SessionEnv - ok
18:34:21.0517 2880 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:34:21.0576 2880 sffdisk - ok
18:34:21.0606 2880 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:34:21.0668 2880 sffp_mmc - ok
18:34:21.0698 2880 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:34:21.0738 2880 sffp_sd - ok
18:34:21.0771 2880 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:34:21.0807 2880 sfloppy - ok
18:34:21.0848 2880 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:34:21.0962 2880 SharedAccess - ok
18:34:22.0017 2880 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:34:22.0114 2880 ShellHWDetection - ok
18:34:22.0154 2880 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:34:22.0189 2880 sisagp - ok
18:34:22.0228 2880 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:34:22.0264 2880 SiSRaid2 - ok
18:34:22.0293 2880 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:34:22.0327 2880 SiSRaid4 - ok
18:34:22.0356 2880 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:34:22.0428 2880 Smb - ok
18:34:22.0492 2880 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:34:22.0554 2880 SNMPTRAP - ok
18:34:22.0574 2880 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:34:22.0609 2880 spldr - ok
18:34:22.0661 2880 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
18:34:22.0722 2880 Spooler - ok
18:34:22.0865 2880 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:34:23.0097 2880 sppsvc - ok
18:34:23.0142 2880 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:34:23.0249 2880 sppuinotify - ok
18:34:23.0300 2880 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:34:23.0356 2880 srv - ok
18:34:23.0386 2880 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:34:23.0446 2880 srv2 - ok
18:34:23.0476 2880 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:34:23.0513 2880 srvnet - ok
18:34:23.0553 2880 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:34:23.0644 2880 SSDPSRV - ok
18:34:23.0686 2880 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:34:23.0710 2880 ssmdrv - ok
18:34:23.0735 2880 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:34:23.0833 2880 SstpSvc - ok
18:34:23.0879 2880 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:34:23.0931 2880 stexstor - ok
18:34:23.0985 2880 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:34:24.0084 2880 StiSvc - ok
18:34:24.0132 2880 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
18:34:24.0165 2880 swenum - ok
18:34:24.0202 2880 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:34:24.0285 2880 swprv - ok
18:34:24.0344 2880 [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:34:24.0378 2880 SynTP - ok
18:34:24.0440 2880 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:34:24.0557 2880 SysMain - ok
18:34:24.0607 2880 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:34:24.0656 2880 TabletInputService - ok
18:34:24.0700 2880 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:34:24.0778 2880 TapiSrv - ok
18:34:24.0815 2880 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:34:24.0911 2880 TBS - ok
18:34:25.0006 2880 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:34:25.0132 2880 Tcpip - ok
18:34:25.0200 2880 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:34:25.0277 2880 TCPIP6 - ok
18:34:25.0324 2880 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:34:25.0414 2880 tcpipreg - ok
18:34:25.0462 2880 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:34:25.0552 2880 TDPIPE - ok
18:34:25.0578 2880 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:34:25.0652 2880 TDTCP - ok
18:34:25.0696 2880 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:34:25.0763 2880 tdx - ok
18:34:25.0798 2880 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:34:25.0833 2880 TermDD - ok
18:34:25.0895 2880 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:34:26.0030 2880 TermService - ok
18:34:26.0075 2880 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:34:26.0141 2880 Themes - ok
18:34:26.0173 2880 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:34:26.0246 2880 THREADORDER - ok
18:34:26.0270 2880 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:34:26.0379 2880 TrkWks - ok
18:34:26.0443 2880 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:34:26.0552 2880 TrustedInstaller - ok
18:34:26.0596 2880 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:34:26.0704 2880 tssecsrv - ok
18:34:26.0761 2880 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:34:26.0830 2880 TsUsbFlt - ok
18:34:26.0895 2880 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:34:26.0979 2880 tunnel - ok
18:34:27.0011 2880 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:34:27.0045 2880 uagp35 - ok
18:34:27.0100 2880 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:34:27.0210 2880 udfs - ok
18:34:27.0271 2880 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:34:27.0337 2880 UI0Detect - ok
18:34:27.0392 2880 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:34:27.0426 2880 uliagpkx - ok
18:34:27.0469 2880 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
18:34:27.0520 2880 umbus - ok
18:34:27.0580 2880 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:34:27.0632 2880 UmPass - ok
18:34:27.0684 2880 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:34:27.0789 2880 upnphost - ok
18:34:27.0832 2880 [ 1C6FC7DA5FC05E0F10F527C83FCCFF7A ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
18:34:27.0904 2880 usbbus - ok
18:34:27.0949 2880 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:34:28.0042 2880 usbccgp - ok
18:34:28.0086 2880 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:34:28.0174 2880 usbcir - ok
18:34:28.0231 2880 [ AB1D28B55E176A7CF3900A169F5B5535 ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
18:34:28.0294 2880 UsbDiag - ok
18:34:28.0345 2880 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:34:28.0391 2880 usbehci - ok
18:34:28.0457 2880 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:34:28.0531 2880 usbhub - ok
18:34:28.0565 2880 [ 4C1055E459C024FB517D559CF70BA322 ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
18:34:28.0616 2880 USBModem - ok
18:34:28.0649 2880 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:34:28.0716 2880 usbohci - ok
18:34:28.0756 2880 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:34:28.0805 2880 usbprint - ok
18:34:28.0833 2880 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
18:34:28.0921 2880 USBSTOR - ok
18:34:28.0943 2880 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:34:28.0979 2880 usbuhci - ok
18:34:29.0034 2880 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:34:29.0077 2880 usbvideo - ok
18:34:29.0107 2880 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:34:29.0204 2880 UxSms - ok
18:34:29.0228 2880 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:34:29.0264 2880 VaultSvc - ok
18:34:29.0296 2880 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:34:29.0329 2880 vdrvroot - ok
18:34:29.0376 2880 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:34:29.0492 2880 vds - ok
18:34:29.0533 2880 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:34:29.0573 2880 vga - ok
18:34:29.0594 2880 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:34:29.0665 2880 VgaSave - ok
18:34:29.0702 2880 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:34:29.0752 2880 vhdmp - ok
18:34:29.0793 2880 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:34:29.0827 2880 viaagp - ok
18:34:29.0854 2880 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:34:29.0907 2880 ViaC7 - ok
18:34:29.0932 2880 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:34:29.0968 2880 viaide - ok
18:34:29.0988 2880 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:34:30.0023 2880 volmgr - ok
18:34:30.0076 2880 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:34:30.0120 2880 volmgrx - ok
18:34:30.0166 2880 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:34:30.0215 2880 volsnap - ok
18:34:30.0250 2880 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:34:30.0287 2880 vsmraid - ok
18:34:30.0352 2880 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:34:30.0514 2880 VSS - ok
18:34:30.0542 2880 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:34:30.0608 2880 vwifibus - ok
18:34:30.0650 2880 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:34:30.0693 2880 vwififlt - ok
18:34:30.0723 2880 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:34:30.0764 2880 vwifimp - ok
18:34:30.0816 2880 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:34:30.0941 2880 W32Time - ok
18:34:30.0991 2880 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:34:31.0050 2880 WacomPen - ok
18:34:31.0099 2880 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:34:31.0202 2880 WANARP - ok
18:34:31.0213 2880 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:34:31.0281 2880 Wanarpv6 - ok
18:34:31.0334 2880 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:34:31.0443 2880 wbengine - ok
18:34:31.0479 2880 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:34:31.0547 2880 WbioSrvc - ok
18:34:31.0597 2880 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:34:31.0671 2880 wcncsvc - ok
18:34:31.0708 2880 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:34:31.0797 2880 WcsPlugInService - ok
18:34:31.0835 2880 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:34:31.0866 2880 Wd - ok
18:34:31.0901 2880 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:34:31.0953 2880 Wdf01000 - ok
18:34:31.0975 2880 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:34:32.0102 2880 WdiServiceHost - ok
18:34:32.0118 2880 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:34:32.0167 2880 WdiSystemHost - ok
18:34:32.0208 2880 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:34:32.0281 2880 WebClient - ok
18:34:32.0321 2880 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:34:32.0401 2880 Wecsvc - ok
18:34:32.0420 2880 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:34:32.0499 2880 wercplsupport - ok
18:34:32.0530 2880 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:34:32.0641 2880 WerSvc - ok
18:34:32.0679 2880 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:34:32.0755 2880 WfpLwf - ok
18:34:32.0779 2880 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:34:32.0812 2880 WIMMount - ok
18:34:32.0892 2880 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:34:33.0040 2880 WinDefend - ok
18:34:33.0058 2880 WinHttpAutoProxySvc - ok
18:34:33.0133 2880 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:34:33.0226 2880 Winmgmt - ok
18:34:33.0311 2880 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
18:34:33.0475 2880 WinRM - ok
18:34:33.0565 2880 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:34:33.0635 2880 WinUsb - ok
18:34:33.0701 2880 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:34:33.0839 2880 Wlansvc - ok
18:34:33.0878 2880 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:34:33.0914 2880 WmiAcpi - ok
18:34:33.0961 2880 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:34:34.0022 2880 wmiApSrv - ok
18:34:34.0120 2880 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:34:34.0282 2880 WMPNetworkSvc - ok
18:34:34.0313 2880 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:34:34.0408 2880 WPCSvc - ok
18:34:34.0449 2880 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:34:34.0521 2880 WPDBusEnum - ok
18:34:34.0561 2880 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:34:34.0644 2880 ws2ifsl - ok
18:34:34.0684 2880 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
18:34:34.0747 2880 wscsvc - ok
18:34:34.0761 2880 WSearch - ok
18:34:34.0877 2880 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:34:35.0043 2880 wuauserv - ok
18:34:35.0089 2880 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:34:35.0158 2880 WudfPf - ok
18:34:35.0208 2880 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:34:35.0278 2880 WUDFRd - ok
18:34:35.0329 2880 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:34:35.0435 2880 wudfsvc - ok
18:34:35.0477 2880 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:34:35.0530 2880 WwanSvc - ok
18:34:35.0570 2880 ================ Scan global ===============================
18:34:35.0604 2880 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:34:35.0645 2880 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
18:34:35.0678 2880 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
18:34:35.0711 2880 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:34:35.0762 2880 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:34:35.0792 2880 [Global] - ok
18:34:35.0794 2880 ================ Scan MBR ==================================
18:34:35.0810 2880 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:34:36.0219 2880 \Device\Harddisk0\DR0 - ok
18:34:36.0220 2880 ================ Scan VBR ==================================
18:34:36.0232 2880 [ D9D1F4CB69789BB252E4240E054A7DF3 ] \Device\Harddisk0\DR0\Partition1
18:34:36.0239 2880 \Device\Harddisk0\DR0\Partition1 - ok
18:34:36.0285 2880 [ 1ADF815609782468A20FE4AE00F7B7EA ] \Device\Harddisk0\DR0\Partition2
18:34:36.0289 2880 \Device\Harddisk0\DR0\Partition2 - ok
18:34:36.0322 2880 [ AFB94821E738DCBDD0D026DBA2B85478 ] \Device\Harddisk0\DR0\Partition3
18:34:36.0328 2880 \Device\Harddisk0\DR0\Partition3 - ok
18:34:36.0329 2880 ============================================================
18:34:36.0329 2880 Scan finished
18:34:36.0329 2880 ============================================================
18:34:36.0359 2616 Detected object count: 1
18:34:36.0359 2616 Actual detected object count: 1
18:38:41.0499 2616 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:41.0499 2616 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:38:51.0318 2560 ============================================================
18:38:51.0319 2560 Scan started
18:38:51.0319 2560 Mode: Manual; SigCheck; TDLFS;
18:38:51.0319 2560 ============================================================
18:38:51.0630 2560 ================ Scan system memory ========================
18:38:51.0630 2560 System memory - ok
18:38:51.0632 2560 ================ Scan services =============================
18:38:51.0781 2560 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:38:51.0857 2560 1394ohci - ok
18:38:51.0907 2560 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:38:51.0946 2560 ACPI - ok
18:38:51.0989 2560 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:38:52.0027 2560 AcpiPmi - ok
18:38:52.0069 2560 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:38:52.0118 2560 adp94xx - ok
18:38:52.0147 2560 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:38:52.0190 2560 adpahci - ok
18:38:52.0233 2560 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:38:52.0267 2560 adpu320 - ok
18:38:52.0313 2560 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:38:52.0351 2560 AeLookupSvc - ok
18:38:52.0417 2560 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:38:52.0477 2560 AFD - ok
18:38:52.0505 2560 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:38:52.0536 2560 agp440 - ok
18:38:52.0566 2560 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:38:52.0601 2560 aic78xx - ok
18:38:52.0628 2560 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:38:52.0664 2560 ALG - ok
18:38:52.0700 2560 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:38:52.0744 2560 aliide - ok
18:38:52.0789 2560 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:38:52.0827 2560 amdagp - ok
18:38:52.0855 2560 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:38:52.0886 2560 amdide - ok
18:38:52.0916 2560 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:38:52.0950 2560 AmdK8 - ok
18:38:52.0969 2560 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:38:53.0005 2560 AmdPPM - ok
18:38:53.0045 2560 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:38:53.0077 2560 amdsata - ok
18:38:53.0105 2560 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:38:53.0141 2560 amdsbs - ok
18:38:53.0167 2560 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:38:53.0198 2560 amdxata - ok
18:38:53.0272 2560 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:38:53.0318 2560 AntiVirSchedulerService - ok
18:38:53.0343 2560 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:38:53.0375 2560 AntiVirService - ok
18:38:53.0415 2560 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:38:53.0479 2560 AppID - ok
18:38:53.0522 2560 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:38:53.0586 2560 AppIDSvc - ok
18:38:53.0633 2560 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:38:53.0697 2560 Appinfo - ok
18:38:53.0739 2560 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:38:53.0771 2560 arc - ok
18:38:53.0789 2560 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:38:53.0822 2560 arcsas - ok
18:38:53.0858 2560 [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService C:\Windows\System32\AsusService.exe
18:38:53.0877 2560 AsusService ( UnsignedFile.Multi.Generic ) - warning
18:38:53.0878 2560 AsusService - detected UnsignedFile.Multi.Generic (1)
18:38:53.0897 2560 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:38:53.0966 2560 AsyncMac - ok
18:38:54.0003 2560 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:38:54.0033 2560 atapi - ok
18:38:54.0110 2560 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\Windows\system32\DRIVERS\athr.sys
18:38:54.0196 2560 athr - ok
18:38:54.0256 2560 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:38:54.0331 2560 AudioEndpointBuilder - ok
18:38:54.0366 2560 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:38:54.0445 2560 Audiosrv - ok
18:38:54.0481 2560 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:38:54.0513 2560 avgntflt - ok
18:38:54.0542 2560 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:38:54.0572 2560 avipbb - ok
18:38:54.0591 2560 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:38:54.0617 2560 avkmgr - ok
18:38:54.0648 2560 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:38:54.0695 2560 AxInstSV - ok
18:38:54.0731 2560 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:38:54.0773 2560 b06bdrv - ok
18:38:54.0801 2560 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:38:54.0839 2560 b57nd60x - ok
18:38:54.0883 2560 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:38:54.0923 2560 BDESVC - ok
18:38:54.0951 2560 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:38:55.0018 2560 Beep - ok
18:38:55.0061 2560 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
18:38:55.0138 2560 BFE - ok
18:38:55.0199 2560 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
18:38:55.0281 2560 BITS - ok
18:38:55.0307 2560 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:38:55.0345 2560 blbdrive - ok
18:38:55.0382 2560 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:38:55.0415 2560 bowser - ok
18:38:55.0455 2560 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:38:55.0492 2560 BrFiltLo - ok
18:38:55.0507 2560 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:38:55.0547 2560 BrFiltUp - ok
18:38:55.0592 2560 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
18:38:55.0628 2560 Browser - ok
18:38:55.0658 2560 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:38:55.0703 2560 Brserid - ok
18:38:55.0729 2560 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:38:55.0768 2560 BrSerWdm - ok
18:38:55.0792 2560 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:38:55.0829 2560 BrUsbMdm - ok
18:38:55.0843 2560 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:38:55.0880 2560 BrUsbSer - ok
18:38:55.0901 2560 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:38:55.0943 2560 BTHMODEM - ok
18:38:55.0989 2560 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:38:56.0061 2560 bthserv - ok
18:38:56.0078 2560 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:38:56.0148 2560 cdfs - ok
18:38:56.0187 2560 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:38:56.0230 2560 cdrom - ok
18:38:56.0264 2560 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:38:56.0329 2560 CertPropSvc - ok
18:38:56.0361 2560 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:38:56.0398 2560 circlass - ok
18:38:56.0442 2560 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:38:56.0485 2560 CLFS - ok
18:38:56.0545 2560 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:38:56.0585 2560 clr_optimization_v2.0.50727_32 - ok
18:38:56.0652 2560 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:38:56.0700 2560 clr_optimization_v4.0.30319_32 - ok
18:38:56.0742 2560 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:38:56.0775 2560 CmBatt - ok
18:38:56.0793 2560 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:38:56.0824 2560 cmdide - ok
18:38:56.0865 2560 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
18:38:56.0923 2560 CNG - ok
18:38:56.0943 2560 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:38:56.0977 2560 Compbatt - ok
18:38:57.0021 2560 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:38:57.0070 2560 CompositeBus - ok
18:38:57.0084 2560 COMSysApp - ok
18:38:57.0115 2560 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:38:57.0146 2560 crcdisk - ok
18:38:57.0191 2560 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:38:57.0233 2560 CryptSvc - ok
18:38:57.0290 2560 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:38:57.0369 2560 DcomLaunch - ok
18:38:57.0403 2560 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:38:57.0479 2560 defragsvc - ok
18:38:57.0518 2560 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:38:57.0583 2560 DfsC - ok
18:38:57.0614 2560 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:38:57.0684 2560 Dhcp - ok
18:38:57.0722 2560 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:38:57.0795 2560 discache - ok
18:38:57.0821 2560 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:38:57.0852 2560 Disk - ok
18:38:57.0899 2560 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:38:57.0950 2560 Dnscache - ok
18:38:57.0992 2560 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:38:58.0063 2560 dot3svc - ok
18:38:58.0099 2560 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:38:58.0168 2560 DPS - ok
18:38:58.0210 2560 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:38:58.0250 2560 drmkaud - ok
18:38:58.0304 2560 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:38:58.0360 2560 DXGKrnl - ok
18:38:58.0389 2560 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:38:58.0460 2560 EapHost - ok
18:38:58.0589 2560 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:38:58.0705 2560 ebdrv - ok
18:38:58.0749 2560 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:38:58.0785 2560 EFS - ok
18:38:58.0829 2560 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:38:58.0885 2560 elxstor - ok
18:38:58.0915 2560 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:38:58.0948 2560 ErrDev - ok
18:38:59.0003 2560 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:38:59.0080 2560 EventSystem - ok
18:38:59.0089 2560 EverestDriver - ok
18:38:59.0121 2560 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:38:59.0194 2560 exfat - ok
18:38:59.0218 2560 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:38:59.0294 2560 fastfat - ok
18:38:59.0340 2560 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:38:59.0396 2560 Fax - ok
18:38:59.0425 2560 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:38:59.0458 2560 fdc - ok
18:38:59.0493 2560 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:38:59.0567 2560 fdPHost - ok
18:38:59.0594 2560 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:38:59.0664 2560 FDResPub - ok
18:38:59.0680 2560 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:38:59.0714 2560 FileInfo - ok
18:38:59.0734 2560 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:38:59.0808 2560 Filetrace - ok
18:38:59.0823 2560 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:38:59.0858 2560 flpydisk - ok
18:38:59.0885 2560 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:38:59.0921 2560 FltMgr - ok
18:38:59.0979 2560 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
18:39:00.0075 2560 FontCache - ok
18:39:00.0128 2560 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:39:00.0169 2560 FontCache3.0.0.0 - ok
18:39:00.0192 2560 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:39:00.0229 2560 FsDepends - ok
18:39:00.0266 2560 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:39:00.0299 2560 Fs_Rec - ok
18:39:00.0353 2560 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:39:00.0408 2560 fvevol - ok
18:39:00.0433 2560 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:39:00.0466 2560 gagp30kx - ok
18:39:00.0525 2560 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:39:00.0624 2560 gpsvc - ok
18:39:00.0643 2560 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:39:00.0677 2560 hcw85cir - ok
18:39:00.0722 2560 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:39:00.0766 2560 HdAudAddService - ok
18:39:00.0803 2560 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:39:00.0846 2560 HDAudBus - ok
18:39:00.0871 2560 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:39:00.0904 2560 HidBatt - ok
18:39:00.0929 2560 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:39:00.0971 2560 HidBth - ok
18:39:00.0993 2560 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:39:01.0032 2560 HidIr - ok
18:39:01.0070 2560 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:39:01.0143 2560 hidserv - ok
18:39:01.0182 2560 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:39:01.0217 2560 HidUsb - ok
18:39:01.0255 2560 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:39:01.0329 2560 hkmsvc - ok
18:39:01.0369 2560 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:39:01.0408 2560 HomeGroupListener - ok
18:39:01.0459 2560 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:39:01.0499 2560 HomeGroupProvider - ok
18:39:01.0534 2560 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:39:01.0565 2560 HpSAMD - ok
18:39:01.0617 2560 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:39:01.0704 2560 HTTP - ok
18:39:01.0743 2560 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:39:01.0773 2560 hwpolicy - ok
18:39:01.0813 2560 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:39:01.0852 2560 i8042prt - ok
18:39:01.0889 2560 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:39:01.0932 2560 iaStorV - ok
18:39:02.0000 2560 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:39:02.0069 2560 idsvc - ok
18:39:02.0254 2560 [ 81F7C715528AB621C6AF58869D4B07B9 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:39:02.0404 2560 igfx - ok
18:39:02.0440 2560 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:39:02.0471 2560 iirsp - ok
18:39:02.0523 2560 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:39:02.0619 2560 IKEEXT - ok
18:39:02.0667 2560 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:39:02.0709 2560 intelide - ok
18:39:02.0729 2560 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:39:02.0764 2560 intelppm - ok
18:39:02.0798 2560 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:39:02.0874 2560 IPBusEnum - ok
18:39:02.0895 2560 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:39:02.0965 2560 IpFilterDriver - ok
18:39:03.0014 2560 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:39:03.0092 2560 iphlpsvc - ok
18:39:03.0134 2560 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:39:03.0170 2560 IPMIDRV - ok
18:39:03.0194 2560 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:39:03.0264 2560 IPNAT - ok
18:39:03.0298 2560 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:39:03.0337 2560 IRENUM - ok
18:39:03.0357 2560 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:39:03.0393 2560 isapnp - ok
18:39:03.0427 2560 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:39:03.0465 2560 iScsiPrt - ok
18:39:03.0484 2560 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:39:03.0515 2560 kbdclass - ok
18:39:03.0560 2560 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:39:03.0605 2560 kbdhid - ok
18:39:03.0624 2560 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:39:03.0666 2560 KeyIso - ok
18:39:03.0704 2560 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:39:03.0736 2560 KSecDD - ok
18:39:03.0752 2560 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:39:03.0789 2560 KSecPkg - ok
18:39:03.0841 2560 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:39:03.0933 2560 KtmRm - ok
18:39:03.0967 2560 [ 6C32BFEAB708915D6BBF4B20D4F3EF7B ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
18:39:04.0002 2560 L1C - ok
18:39:04.0046 2560 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
18:39:04.0137 2560 LanmanServer - ok
18:39:04.0176 2560 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:39:04.0255 2560 LanmanWorkstation - ok
18:39:04.0294 2560 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:39:04.0362 2560 lltdio - ok
18:39:04.0398 2560 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:39:04.0478 2560 lltdsvc - ok
18:39:04.0497 2560 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:39:04.0570 2560 lmhosts - ok
18:39:04.0595 2560 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:39:04.0629 2560 LSI_FC - ok
18:39:04.0649 2560 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:39:04.0685 2560 LSI_SAS - ok
18:39:04.0706 2560 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:39:04.0739 2560 LSI_SAS2 - ok
18:39:04.0763 2560 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:39:04.0796 2560 LSI_SCSI - ok
18:39:04.0822 2560 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:39:04.0892 2560 luafv - ok
18:39:04.0952 2560 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
18:39:04.0984 2560 McComponentHostService - ok
18:39:05.0012 2560 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:39:05.0042 2560 megasas - ok
18:39:05.0068 2560 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:39:05.0106 2560 MegaSR - ok
18:39:05.0137 2560 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:39:05.0225 2560 MMCSS - ok
18:39:05.0243 2560 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:39:05.0312 2560 Modem - ok
18:39:05.0349 2560 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:39:05.0386 2560 monitor - ok
18:39:05.0418 2560 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:39:05.0452 2560 mouclass - ok
18:39:05.0489 2560 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:39:05.0522 2560 mouhid - ok
18:39:05.0565 2560 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:39:05.0597 2560 mountmgr - ok
18:39:05.0657 2560 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:39:05.0707 2560 MozillaMaintenance - ok
18:39:05.0755 2560 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:39:05.0801 2560 mpio - ok
18:39:05.0827 2560 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:39:05.0893 2560 mpsdrv - ok
18:39:05.0955 2560 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:39:06.0054 2560 MpsSvc - ok
18:39:06.0095 2560 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:39:06.0138 2560 MRxDAV - ok
18:39:06.0171 2560 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:39:06.0207 2560 mrxsmb - ok
18:39:06.0237 2560 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:39:06.0274 2560 mrxsmb10 - ok
18:39:06.0320 2560 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:39:06.0366 2560 mrxsmb20 - ok
18:39:06.0383 2560 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
18:39:06.0415 2560 msahci - ok
18:39:06.0457 2560 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:39:06.0494 2560 msdsm - ok
18:39:06.0515 2560 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:39:06.0556 2560 MSDTC - ok
18:39:06.0606 2560 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:39:06.0674 2560 Msfs - ok
18:39:06.0696 2560 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:39:06.0769 2560 mshidkmdf - ok
18:39:06.0811 2560 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:39:06.0841 2560 msisadrv - ok
18:39:06.0876 2560 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:39:06.0945 2560 MSiSCSI - ok
18:39:06.0958 2560 msiserver - ok
18:39:06.0994 2560 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:39:07.0064 2560 MSKSSRV - ok
18:39:07.0084 2560 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:39:07.0152 2560 MSPCLOCK - ok
18:39:07.0164 2560 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:39:07.0236 2560 MSPQM - ok
18:39:07.0261 2560 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:39:07.0297 2560 MsRPC - ok
18:39:07.0341 2560 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:39:07.0371 2560 mssmbios - ok
18:39:07.0384 2560 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:39:07.0456 2560 MSTEE - ok
18:39:07.0480 2560 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:39:07.0517 2560 MTConfig - ok
18:39:07.0543 2560 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:39:07.0575 2560 Mup - ok
18:39:07.0622 2560 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:39:07.0721 2560 napagent - ok
18:39:07.0757 2560 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:39:07.0807 2560 NativeWifiP - ok
18:39:07.0853 2560 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:39:07.0908 2560 NDIS - ok
18:39:07.0929 2560 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:39:07.0998 2560 NdisCap - ok
18:39:08.0026 2560 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:39:08.0091 2560 NdisTapi - ok
18:39:08.0133 2560 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:39:08.0200 2560 Ndisuio - ok
18:39:08.0239 2560 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:39:08.0310 2560 NdisWan - ok
18:39:08.0335 2560 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:39:08.0399 2560 NDProxy - ok
18:39:08.0420 2560 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:39:08.0501 2560 NetBIOS - ok
18:39:08.0541 2560 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:39:08.0610 2560 NetBT - ok
18:39:08.0633 2560 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:39:08.0668 2560 Netlogon - ok
18:39:08.0705 2560 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:39:08.0786 2560 Netman - ok
18:39:08.0821 2560 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:39:08.0902 2560 netprofm - ok
18:39:08.0927 2560 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:39:08.0956 2560 NetTcpPortSharing - ok
18:39:08.0988 2560 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:39:09.0019 2560 nfrd960 - ok
18:39:09.0064 2560 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:39:09.0138 2560 NlaSvc - ok
18:39:09.0165 2560 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:39:09.0238 2560 Npfs - ok
18:39:09.0278 2560 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:39:09.0360 2560 nsi - ok
18:39:09.0384 2560 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:39:09.0454 2560 nsiproxy - ok
18:39:09.0532 2560 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:39:09.0621 2560 Ntfs - ok
18:39:09.0656 2560 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:39:09.0723 2560 Null - ok
18:39:09.0767 2560 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:39:09.0801 2560 nvraid - ok
18:39:09.0825 2560 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:39:09.0862 2560 nvstor - ok
18:39:09.0906 2560 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:39:09.0942 2560 nv_agp - ok
18:39:09.0990 2560 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:39:10.0043 2560 ohci1394 - ok
18:39:10.0077 2560 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:39:10.0124 2560 p2pimsvc - ok
18:39:10.0162 2560 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:39:10.0211 2560 p2psvc - ok
18:39:10.0250 2560 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:39:10.0286 2560 Parport - ok
18:39:10.0304 2560 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:39:10.0341 2560 partmgr - ok
18:39:10.0366 2560 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:39:10.0400 2560 Parvdm - ok
18:39:10.0445 2560 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:39:10.0498 2560 PcaSvc - ok
18:39:10.0546 2560 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:39:10.0582 2560 pci - ok
18:39:10.0606 2560 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:39:10.0636 2560 pciide - ok
18:39:10.0673 2560 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:39:10.0711 2560 pcmcia - ok
18:39:10.0738 2560 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:39:10.0770 2560 pcw - ok
18:39:10.0813 2560 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:39:10.0903 2560 PEAUTH - ok
18:39:11.0012 2560 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:39:11.0124 2560 pla - ok
18:39:11.0175 2560 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:39:11.0221 2560 PlugPlay - ok
18:39:11.0252 2560 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:39:11.0289 2560 PNRPAutoReg - ok
18:39:11.0321 2560 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:39:11.0369 2560 PNRPsvc - ok
18:39:11.0400 2560 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:39:11.0488 2560 PolicyAgent - ok
18:39:11.0926 2560 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
18:39:12.0015 2560 Power - ok
18:39:12.0049 2560 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:39:12.0119 2560 PptpMiniport - ok
18:39:12.0143 2560 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:39:12.0179 2560 Processor - ok
18:39:12.0220 2560 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
18:39:12.0288 2560 ProfSvc - ok
18:39:12.0308 2560 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:39:12.0348 2560 ProtectedStorage - ok
18:39:12.0375 2560 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:39:12.0448 2560 Psched - ok
18:39:12.0508 2560 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:39:12.0591 2560 ql2300 - ok
18:39:12.0615 2560 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:39:12.0649 2560 ql40xx - ok
18:39:12.0682 2560 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:39:12.0731 2560 QWAVE - ok
18:39:12.0750 2560 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:39:12.0790 2560 QWAVEdrv - ok
18:39:12.0807 2560 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:39:12.0874 2560 RasAcd - ok
18:39:12.0912 2560 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:39:12.0977 2560 RasAgileVpn - ok
18:39:12.0999 2560 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:39:13.0078 2560 RasAuto - ok
18:39:13.0096 2560 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:39:13.0166 2560 Rasl2tp - ok
18:39:13.0210 2560 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:39:13.0288 2560 RasMan - ok
18:39:13.0310 2560 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:39:13.0384 2560 RasPppoe - ok
18:39:13.0404 2560 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:39:13.0470 2560 RasSstp - ok
18:39:13.0512 2560 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:39:13.0590 2560 rdbss - ok
18:39:13.0628 2560 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:39:13.0669 2560 rdpbus - ok
18:39:13.0707 2560 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:39:13.0783 2560 RDPCDD - ok
18:39:13.0809 2560 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:39:13.0875 2560 RDPENCDD - ok
18:39:13.0898 2560 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:39:13.0962 2560 RDPREFMP - ok
18:39:14.0003 2560 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:39:14.0039 2560 RDPWD - ok
18:39:14.0086 2560 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:39:14.0122 2560 rdyboost - ok
18:39:14.0150 2560 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:39:14.0228 2560 RemoteAccess - ok
18:39:14.0268 2560 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:39:14.0348 2560 RemoteRegistry - ok
18:39:14.0369 2560 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:39:14.0443 2560 RpcEptMapper - ok
18:39:14.0476 2560 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:39:14.0513 2560 RpcLocator - ok
18:39:14.0536 2560 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:39:14.0617 2560 RpcSs - ok
18:39:14.0651 2560 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:39:14.0721 2560 rspndr - ok
18:39:14.0741 2560 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:39:14.0775 2560 SamSs - ok
18:39:14.0817 2560 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:39:14.0865 2560 sbp2port - ok
18:39:14.0907 2560 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:39:14.0990 2560 SCardSvr - ok
18:39:15.0015 2560 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:39:15.0079 2560 scfilter - ok
18:39:15.0127 2560 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:39:15.0230 2560 Schedule - ok
18:39:15.0249 2560 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:39:15.0316 2560 SCPolicySvc - ok
18:39:15.0348 2560 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:39:15.0391 2560 SDRSVC - ok
18:39:15.0421 2560 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:39:15.0489 2560 secdrv - ok
18:39:15.0522 2560 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:39:15.0594 2560 seclogon - ok
18:39:15.0621 2560 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:39:15.0695 2560 SENS - ok
18:39:15.0716 2560 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:39:15.0749 2560 Serenum - ok
18:39:15.0767 2560 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:39:15.0802 2560 Serial - ok
18:39:15.0839 2560 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:39:15.0876 2560 sermouse - ok
18:39:15.0936 2560 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:39:16.0008 2560 SessionEnv - ok
18:39:16.0044 2560 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:39:16.0096 2560 sffdisk - ok
18:39:16.0117 2560 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:39:16.0159 2560 sffp_mmc - ok
18:39:16.0181 2560 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:39:16.0221 2560 sffp_sd - ok
18:39:16.0254 2560 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:39:16.0287 2560 sfloppy - ok
18:39:16.0331 2560 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:39:16.0412 2560 SharedAccess - ok
18:39:16.0466 2560 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:39:16.0570 2560 ShellHWDetection - ok
18:39:16.0604 2560 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:39:16.0646 2560 sisagp - ok
18:39:16.0678 2560 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:39:16.0709 2560 SiSRaid2 - ok
18:39:16.0731 2560 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:39:16.0764 2560 SiSRaid4 - ok
18:39:16.0784 2560 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:39:16.0853 2560 Smb - ok
18:39:16.0908 2560 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:39:16.0947 2560 SNMPTRAP - ok
18:39:16.0968 2560 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:39:16.0998 2560 spldr - ok
18:39:17.0034 2560 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
18:39:17.0079 2560 Spooler - ok
18:39:17.0210 2560 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:39:17.0361 2560 sppsvc - ok
18:39:17.0404 2560 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:39:17.0475 2560 sppuinotify - ok
18:39:17.0519 2560 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:39:17.0568 2560 srv - ok
18:39:17.0593 2560 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:39:17.0632 2560 srv2 - ok
18:39:17.0661 2560 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:39:17.0697 2560 srvnet - ok
18:39:17.0738 2560 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:39:17.0816 2560 SSDPSRV - ok
18:39:17.0849 2560 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:39:17.0872 2560 ssmdrv - ok
18:39:17.0898 2560 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:39:17.0970 2560 SstpSvc - ok
18:39:18.0010 2560 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:39:18.0040 2560 stexstor - ok
18:39:18.0096 2560 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:39:18.0165 2560 StiSvc - ok
18:39:18.0207 2560 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
18:39:18.0249 2560 swenum - ok
18:39:18.0289 2560 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:39:18.0370 2560 swprv - ok
18:39:18.0409 2560 [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:39:18.0440 2560 SynTP - ok
18:39:18.0510 2560 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:39:18.0595 2560 SysMain - ok
18:39:18.0638 2560 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:39:18.0689 2560 TabletInputService - ok
18:39:18.0731 2560 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:39:18.0807 2560 TapiSrv - ok
18:39:18.0847 2560 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:39:18.0924 2560 TBS - ok
18:39:19.0003 2560 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:39:19.0085 2560 Tcpip - ok
18:39:19.0140 2560 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:39:19.0220 2560 TCPIP6 - ok
18:39:19.0266 2560 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:39:19.0331 2560 tcpipreg - ok
18:39:19.0383 2560 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:39:19.0440 2560 TDPIPE - ok
18:39:19.0465 2560 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:39:19.0499 2560 TDTCP - ok
18:39:19.0550 2560 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:39:19.0616 2560 tdx - ok
18:39:19.0652 2560 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:39:19.0686 2560 TermDD - ok
18:39:19.0736 2560 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:39:19.0818 2560 TermService - ok
18:39:19.0852 2560 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:39:19.0914 2560 Themes - ok
18:39:19.0929 2560 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:39:20.0004 2560 THREADORDER - ok
18:39:20.0025 2560 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:39:20.0100 2560 TrkWks - ok
18:39:20.0153 2560 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:39:20.0245 2560 TrustedInstaller - ok
18:39:20.0274 2560 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:39:20.0338 2560 tssecsrv - ok
18:39:20.0373 2560 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:39:20.0406 2560 TsUsbFlt - ok
18:39:20.0452 2560 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:39:20.0540 2560 tunnel - ok
18:39:20.0568 2560 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:39:20.0599 2560 uagp35 - ok
18:39:20.0646 2560 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:39:20.0731 2560 udfs - ok
18:39:20.0773 2560 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:39:20.0813 2560 UI0Detect - ok
18:39:20.0850 2560 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:39:20.0882 2560 uliagpkx - ok
18:39:20.0916 2560 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
18:39:20.0950 2560 umbus - ok
18:39:20.0983 2560 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:39:21.0016 2560 UmPass - ok
18:39:21.0043 2560 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:39:21.0126 2560 upnphost - ok
18:39:21.0158 2560 [ 1C6FC7DA5FC05E0F10F527C83FCCFF7A ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
18:39:21.0185 2560 usbbus - ok
18:39:21.0209 2560 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:39:21.0246 2560 usbccgp - ok
18:39:21.0280 2560 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:39:21.0319 2560 usbcir - ok
18:39:21.0337 2560 [ AB1D28B55E176A7CF3900A169F5B5535 ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
18:39:21.0364 2560 UsbDiag - ok
18:39:21.0406 2560 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:39:21.0440 2560 usbehci - ok
18:39:21.0463 2560 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:39:21.0505 2560 usbhub - ok
18:39:21.0528 2560 [ 4C1055E459C024FB517D559CF70BA322 ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
18:39:21.0555 2560 USBModem - ok
18:39:21.0588 2560 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:39:21.0620 2560 usbohci - ok
18:39:21.0653 2560 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:39:21.0691 2560 usbprint - ok
18:39:21.0708 2560 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
18:39:21.0746 2560 USBSTOR - ok
18:39:21.0774 2560 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:39:21.0807 2560 usbuhci - ok
18:39:21.0854 2560 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:39:21.0895 2560 usbvideo - ok
18:39:21.0927 2560 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:39:21.0999 2560 UxSms - ok
18:39:22.0015 2560 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:39:22.0053 2560 VaultSvc - ok
18:39:22.0072 2560 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:39:22.0112 2560 vdrvroot - ok
18:39:22.0152 2560 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:39:22.0236 2560 vds - ok
18:39:22.0266 2560 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:39:22.0304 2560 vga - ok
18:39:22.0327 2560 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:39:22.0396 2560 VgaSave - ok
18:39:22.0435 2560 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:39:22.0482 2560 vhdmp - ok
18:39:22.0515 2560 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:39:22.0547 2560 viaagp - ok
18:39:22.0565 2560 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:39:22.0600 2560 ViaC7 - ok
18:39:22.0620 2560 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:39:22.0650 2560 viaide - ok
18:39:22.0665 2560 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:39:22.0697 2560 volmgr - ok
18:39:22.0720 2560 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:39:22.0765 2560 volmgrx - ok
18:39:22.0811 2560 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:39:22.0850 2560 volsnap - ok
18:39:22.0873 2560 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:39:22.0909 2560 vsmraid - ok
18:39:22.0980 2560 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:39:23.0084 2560 VSS - ok
18:39:23.0109 2560 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:39:23.0169 2560 vwifibus - ok
18:39:23.0207 2560 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:39:23.0274 2560 vwififlt - ok
18:39:23.0313 2560 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:39:23.0376 2560 vwifimp - ok
18:39:23.0438 2560 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:39:23.0547 2560 W32Time - ok
18:39:23.0592 2560 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:39:23.0626 2560 WacomPen - ok
18:39:23.0656 2560 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:39:23.0721 2560 WANARP - ok
18:39:23.0741 2560 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:39:23.0811 2560 Wanarpv6 - ok
18:39:23.0868 2560 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:39:23.0936 2560 wbengine - ok
18:39:23.0958 2560 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:39:24.0008 2560 WbioSrvc - ok
18:39:24.0055 2560 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:39:24.0110 2560 wcncsvc - ok
18:39:24.0122 2560 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:39:24.0163 2560 WcsPlugInService - ok
18:39:24.0193 2560 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:39:24.0226 2560 Wd - ok
18:39:24.0259 2560 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:39:24.0309 2560 Wdf01000 - ok
18:39:24.0334 2560 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:39:24.0380 2560 WdiServiceHost - ok
18:39:24.0400 2560 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:39:24.0447 2560 WdiSystemHost - ok
18:39:24.0490 2560 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:39:24.0572 2560 WebClient - ok
18:39:24.0624 2560 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:39:24.0735 2560 Wecsvc - ok
18:39:24.0778 2560 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:39:24.0889 2560 wercplsupport - ok
18:39:24.0921 2560 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:39:24.0997 2560 WerSvc - ok
18:39:25.0015 2560 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:39:25.0087 2560 WfpLwf - ok
18:39:25.0105 2560 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:39:25.0136 2560 WIMMount - ok
18:39:25.0217 2560 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:39:25.0288 2560 WinDefend - ok
18:39:25.0303 2560 WinHttpAutoProxySvc - ok
18:39:25.0381 2560 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:39:25.0478 2560 Winmgmt - ok
18:39:25.0555 2560 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
18:39:25.0656 2560 WinRM - ok
18:39:25.0714 2560 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:39:25.0752 2560 WinUsb - ok
18:39:25.0805 2560 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:39:25.0896 2560 Wlansvc - ok
18:39:25.0917 2560 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:39:25.0967 2560 WmiAcpi - ok
18:39:26.0034 2560 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:39:26.0085 2560 wmiApSrv - ok
18:39:26.0208 2560 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:39:26.0280 2560 WMPNetworkSvc - ok
18:39:26.0308 2560 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:39:26.0348 2560 WPCSvc - ok
18:39:26.0389 2560 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:39:26.0432 2560 WPDBusEnum - ok
18:39:26.0457 2560 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:39:26.0526 2560 ws2ifsl - ok
18:39:26.0547 2560 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
18:39:26.0595 2560 wscsvc - ok
18:39:26.0606 2560 WSearch - ok
18:39:26.0719 2560 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:39:26.0827 2560 wuauserv - ok
18:39:26.0875 2560 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:39:26.0941 2560 WudfPf - ok
18:39:26.0983 2560 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:39:27.0050 2560 WUDFRd - ok
18:39:27.0082 2560 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:39:27.0157 2560 wudfsvc - ok
18:39:27.0197 2560 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:39:27.0248 2560 WwanSvc - ok
18:39:27.0273 2560 ================ Scan global ===============================
18:39:27.0313 2560 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:39:27.0355 2560 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
18:39:27.0395 2560 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
18:39:27.0431 2560 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:39:27.0482 2560 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:39:27.0497 2560 [Global] - ok
18:39:27.0499 2560 ================ Scan MBR ==================================
18:39:27.0519 2560 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:39:27.0928 2560 \Device\Harddisk0\DR0 - ok
18:39:27.0929 2560 ================ Scan VBR ==================================
18:39:27.0938 2560 [ D9D1F4CB69789BB252E4240E054A7DF3 ] \Device\Harddisk0\DR0\Partition1
18:39:27.0946 2560 \Device\Harddisk0\DR0\Partition1 - ok
18:39:27.0983 2560 [ 1ADF815609782468A20FE4AE00F7B7EA ] \Device\Harddisk0\DR0\Partition2
18:39:27.0987 2560 \Device\Harddisk0\DR0\Partition2 - ok
18:39:28.0021 2560 [ AFB94821E738DCBDD0D026DBA2B85478 ] \Device\Harddisk0\DR0\Partition3
18:39:28.0026 2560 \Device\Harddisk0\DR0\Partition3 - ok
18:39:28.0027 2560 ============================================================
18:39:28.0027 2560 Scan finished
18:39:28.0027 2560 ============================================================
18:39:28.0052 0536 Detected object count: 1
18:39:28.0052 0536 Actual detected object count: 1
18:39:39.0441 0536 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:39.0441 0536 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
10.09.2012, 15:09
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Zeus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2012, 13:50
| #26 |
| | Trojaner Zeus Moin, done. Code:
ATTFilter ComboFix 12-09-12.02 - Acer eeePC 12.09.2012 14:24:01.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1014.306 [GMT 2:00]
ausgeführt von:: c:\users\Acer eeePC\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Acer eeePC\4.0
c:\users\Acer eeePC\AppData\Roaming\AcroIEHelpe.txt
c:\users\Acer eeePC\AppData\Roaming\srvblck5.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-12 bis 2012-09-12 ))))))))))))))))))))))))))))))
.
.
2012-09-12 12:35 . 2012-09-12 12:35 -------- d-----w- c:\users\Acer eeePC\AppData\Local\temp
2012-09-12 12:35 . 2012-09-12 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-12 12:28 . 2012-09-12 12:28 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D41FECB-4767-4DB9-A1EA-AE43DF54FE8F}\offreg.dll
2012-09-11 12:26 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D41FECB-4767-4DB9-A1EA-AE43DF54FE8F}\mpengine.dll
2012-09-07 13:47 . 2012-09-07 13:47 -------- d-----w- c:\program files\Common Files\Java
2012-09-07 13:47 . 2012-09-07 13:46 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-07 13:46 . 2012-09-07 13:46 -------- d-----w- c:\program files\Java
2012-09-06 19:13 . 2012-09-06 19:13 -------- d-----w- C:\_OTL
2012-08-15 14:54 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 14:54 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 14:54 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 14:54 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 14:54 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 14:54 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 14:54 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-13 20:30 . 2012-08-13 20:30 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 13:46 . 2012-08-06 20:12 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-07 13:46 . 2012-02-20 17:31 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-11 16:01 . 2012-08-11 16:01 73728 ----a-r- c:\users\Acer eeePC\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-11 16:01 . 2012-08-11 16:01 73728 ----a-r- c:\users\Acer eeePC\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-11 16:01 . 2012-08-11 16:01 73728 ----a-r- c:\users\Acer eeePC\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-07-06 22:55 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-07-03 11:46 . 2012-07-06 18:36 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 16:30 . 2012-01-22 15:07 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Acer eeePC\AppData\Roaming\Mozilla\Firefox\Profiles\hwp8zhmz.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - www.google.de
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-12 14:40:07
ComboFix-quarantined-files.txt 2012-09-12 12:40
.
Vor Suchlauf: 11 Verzeichnis(se), 85.100.072.960 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 85.009.850.368 Bytes frei
.
- - End Of File - - 0DFE66853E1FB471854264BC99285389
|
|
12.09.2012, 14:50
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Zeus Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2012, 20:11
| #28 |
| | Trojaner Zeus Hi, hier das erste. Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-12 20:35:23
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160314AS rev.0002SDM1
Running: bzz7tx0h.exe; Driver: C:\Users\ACEREE~1\AppData\Local\Temp\uwdiquog.sys
---- System - GMER 1.0.15 ----
SSDT 899D06CE ZwCreateSection
SSDT 899D06D8 ZwRequestWaitReplyPort
SSDT 899D06D3 ZwSetContextThread
SSDT 899D06DD ZwSetSecurityObject
SSDT 899D06E2 ZwSystemDebugControl
SSDT 899D066F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8187C3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 818B5D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 818BCEAC 4 Bytes [CE, 06, 9D, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 818BD208 4 Bytes [D8, 06, 9D, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 818BD24C 4 Bytes [D3, 06, 9D, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 818BD2C8 4 Bytes [DD, 06, 9D, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 818BD31C 4 Bytes [E2, 06, 9D, 89]
.text ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Und hier das 2. Log: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-12 21:24:12
-----------------------------
21:24:12.334 OS Version: Windows 6.1.7601 Service Pack 1
21:24:12.335 Number of processors: 2 586 0x1C0A
21:24:12.339 ComputerName: ACEREEEPC-PC UserName: Acer eeePC
21:24:14.208 Initialize success
21:26:32.344 AVAST engine defs: 12091200
21:26:51.556 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:26:51.567 Disk 0 Vendor: ST9160314AS 0002SDM1 Size: 152627MB BusType: 11
21:26:51.703 Disk 0 MBR read successfully
21:26:51.711 Disk 0 MBR scan
21:26:51.781 Disk 0 Windows 7 default MBR code
21:26:51.893 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:26:51.978 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 104525 MB offset 206848
21:26:52.082 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 47999 MB offset 214274048
21:26:52.113 Disk 0 scanning sectors +312576000
21:26:52.777 Disk 0 scanning C:\Windows\system32\drivers
21:28:40.508 Service scanning
21:29:14.434 Modules scanning
21:31:36.593 Disk 0 trace - called modules:
21:31:36.665
21:31:37.422 AVAST engine scan C:\Windows
21:32:12.424 AVAST engine scan C:\Windows\system32
21:48:44.511 AVAST engine scan C:\Windows\system32\drivers
21:49:09.571 AVAST engine scan C:\Users\Acer eeePC
21:50:33.657 AVAST engine scan C:\ProgramData
21:50:46.301 Scan finished successfully
21:51:26.666 Disk 0 MBR has been saved successfully to "C:\Users\Acer eeePC\Downloads\MBR.dat"
21:51:26.689 The log file has been saved successfully to "C:\Users\Acer eeePC\Downloads\aswMBR.txt"
Geändert von Scarlett_ (12.09.2012 um 20:57 Uhr) Grund: 2. Log ergänzt |
|
13.09.2012, 13:07
| #29 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner ZeusZitat:
7zip einfach installieren, danach Rechtsklick auf die OSAM-Datei => 7zip => Extrahieren nach OSAM....
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.09.2012, 15:23
| #30 |
| | Trojaner Zeus Danke für Deine Hilfe, cosinus, vorher hatte ich beim Entpacken eine Fehlermeldung, hier jetzt das Log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:22:12 on 13.09.2012 OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 13.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\ACEREE~1\AppData\Local\Temp\catchme.sys (File not found) "Lavalys EVEREST Kernel Driver" (EverestDriver) - ? - C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D27CDB6E-AE6D-11CF-96B8-444553540000} "{D27CDB6E-AE6D-11CF-96B8-444553540000}" - ? - (File not found | COM-object registry key not found) / hxxp://active.macromedia.com/flash/cabs/swflash.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Acer eeePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "B2C_AGENT" - "LG Electronics" - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe "HotkeyMon" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe "HotkeyService" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Asus Launcher Service" (AsusService) - ? - C:\Windows\System32\AsusService.exe (File found, but it contains no detailed information) "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
| Themen zu Trojaner Zeus |
| administrator, antivirus, application/pdf:, autorun, avg, bho, defender, desktop, ebay, eeepc, error, explorer, firefox, flash player, getwindowinfo, helper, install.exe, installation, langs, locker, logfile, mozilla, neustart, ntdll.dll, plug-in, prüfen, registry, rundll, security, software, taskhost.exe, trojaner, udp |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
