| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccessWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
01.09.2012, 10:37
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.09.2012, 17:08
| #2 |
 | TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess Hier der TDSS Log
__________________Code:
ATTFilter 18:00:54.0473 6252 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:00:54.0505 6252 ============================================================
18:00:54.0505 6252 Current date / time: 2012/09/01 18:00:54.0505
18:00:54.0505 6252 SystemInfo:
18:00:54.0505 6252
18:00:54.0505 6252 OS Version: 6.1.7601 ServicePack: 1.0
18:00:54.0505 6252 Product type: Workstation
18:00:54.0505 6252 ComputerName: FAMOUS-PC
18:00:54.0505 6252 UserName: Famous
18:00:54.0505 6252 Windows directory: C:\Windows
18:00:54.0505 6252 System windows directory: C:\Windows
18:00:54.0505 6252 Running under WOW64
18:00:54.0505 6252 Processor architecture: Intel x64
18:00:54.0505 6252 Number of processors: 8
18:00:54.0505 6252 Page size: 0x1000
18:00:54.0505 6252 Boot type: Normal boot
18:00:54.0505 6252 ============================================================
18:00:54.0988 6252 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:00:55.0004 6252 ============================================================
18:00:55.0004 6252 \Device\Harddisk0\DR0:
18:00:55.0004 6252 MBR partitions:
18:00:55.0004 6252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x25BDA000
18:00:55.0035 6252 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x28DDB000, BlocksNum 0x2E76B000
18:00:55.0035 6252 ============================================================
18:00:55.0082 6252 C: <-> \Device\Harddisk0\DR0\Partition1
18:00:55.0129 6252 D: <-> \Device\Harddisk0\DR0\Partition2
18:00:55.0129 6252 ============================================================
18:00:55.0129 6252 Initialize success
18:00:55.0129 6252 ============================================================
18:04:52.0263 5784 ============================================================
18:04:52.0263 5784 Scan started
18:04:52.0263 5784 Mode: Manual; SigCheck; TDLFS;
18:04:52.0263 5784 ============================================================
18:04:52.0497 5784 ================ Scan system memory ========================
18:04:52.0497 5784 System memory - ok
18:04:52.0497 5784 ================ Scan services =============================
18:04:52.0622 5784 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:04:52.0684 5784 1394ohci - ok
18:04:52.0715 5784 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:04:52.0731 5784 ACPI - ok
18:04:52.0747 5784 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:04:52.0809 5784 AcpiPmi - ok
18:04:52.0934 5784 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:04:52.0934 5784 AdobeFlashPlayerUpdateSvc - ok
18:04:52.0981 5784 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:04:52.0996 5784 adp94xx - ok
18:04:52.0996 5784 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:04:53.0012 5784 adpahci - ok
18:04:53.0027 5784 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:04:53.0043 5784 adpu320 - ok
18:04:53.0059 5784 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:04:53.0168 5784 AeLookupSvc - ok
18:04:53.0199 5784 [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent C:\Windows\system32\FBAgent.exe
18:04:53.0230 5784 AFBAgent - ok
18:04:53.0277 5784 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:04:53.0324 5784 AFD - ok
18:04:53.0371 5784 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:04:53.0371 5784 agp440 - ok
18:04:53.0417 5784 [ 14370049D8C9912EAC7603809A77C378 ] AiCharger C:\Windows\system32\DRIVERS\AiCharger.sys
18:04:53.0433 5784 AiCharger - ok
18:04:53.0511 5784 [ B95A1D7FF4F7FDE7E5E4062F4061ED6F ] ALDITALKVerbindungsassistent_Service C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
18:04:53.0542 5784 ALDITALKVerbindungsassistent_Service - ok
18:04:53.0558 5784 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:04:53.0620 5784 ALG - ok
18:04:53.0651 5784 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:04:53.0667 5784 aliide - ok
18:04:53.0667 5784 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:04:53.0683 5784 amdide - ok
18:04:53.0698 5784 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:04:53.0745 5784 AmdK8 - ok
18:04:53.0745 5784 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:04:53.0776 5784 AmdPPM - ok
18:04:53.0807 5784 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:04:53.0807 5784 amdsata - ok
18:04:53.0839 5784 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:04:53.0854 5784 amdsbs - ok
18:04:53.0870 5784 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:04:53.0870 5784 amdxata - ok
18:04:53.0917 5784 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
18:04:53.0948 5784 AMPPAL - ok
18:04:53.0963 5784 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
18:04:53.0963 5784 AMPPALP - ok
18:04:54.0073 5784 [ 83A0E7BA4AE616D3654E700D9C5FF9DB ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
18:04:54.0104 5784 AMPPALR3 - ok
18:04:54.0151 5784 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:04:54.0166 5784 AntiVirSchedulerService - ok
18:04:54.0213 5784 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:04:54.0229 5784 AntiVirService - ok
18:04:54.0275 5784 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:04:54.0400 5784 AppID - ok
18:04:54.0416 5784 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:04:54.0463 5784 AppIDSvc - ok
18:04:54.0478 5784 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:04:54.0525 5784 Appinfo - ok
18:04:54.0541 5784 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:04:54.0556 5784 arc - ok
18:04:54.0556 5784 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:04:54.0572 5784 arcsas - ok
18:04:54.0634 5784 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
18:04:54.0650 5784 ASLDRService - ok
18:04:54.0697 5784 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
18:04:54.0712 5784 ASMMAP64 - ok
18:04:54.0743 5784 [ 718692FFF22D6AF47EBA0A741A924921 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
18:04:54.0790 5784 asmthub3 - ok
18:04:54.0837 5784 [ BAD70A5AC534C108F680A33C654BC626 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
18:04:54.0868 5784 asmtxhci - ok
18:04:54.0884 5784 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:04:54.0915 5784 AsyncMac - ok
18:04:54.0962 5784 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:04:54.0977 5784 atapi - ok
18:04:55.0009 5784 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:04:55.0087 5784 athr - ok
18:04:55.0102 5784 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
18:04:55.0118 5784 ATKGFNEXSrv - ok
18:04:55.0165 5784 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO_ C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
18:04:55.0180 5784 ATKWMIACPIIO_ - ok
18:04:55.0227 5784 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:04:55.0258 5784 AudioEndpointBuilder - ok
18:04:55.0274 5784 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:04:55.0305 5784 AudioSrv - ok
18:04:55.0336 5784 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:04:55.0352 5784 avgntflt - ok
18:04:55.0399 5784 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:04:55.0414 5784 avipbb - ok
18:04:55.0430 5784 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:04:55.0445 5784 avkmgr - ok
18:04:55.0508 5784 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:04:55.0586 5784 AxInstSV - ok
18:04:55.0617 5784 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:04:55.0679 5784 b06bdrv - ok
18:04:55.0726 5784 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:04:55.0757 5784 b57nd60a - ok
18:04:55.0804 5784 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:04:55.0835 5784 BDESVC - ok
18:04:55.0867 5784 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:04:55.0898 5784 Beep - ok
18:04:55.0945 5784 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:04:56.0007 5784 BFE - ok
18:04:56.0038 5784 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:04:56.0101 5784 BITS - ok
18:04:56.0132 5784 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:04:56.0163 5784 blbdrive - ok
18:04:56.0257 5784 [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
18:04:56.0272 5784 Bluetooth Device Monitor - ok
18:04:56.0303 5784 [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
18:04:56.0335 5784 Bluetooth Media Service - ok
18:04:56.0350 5784 [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
18:04:56.0366 5784 Bluetooth OBEX Service - ok
18:04:56.0397 5784 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:04:56.0428 5784 bowser - ok
18:04:56.0459 5784 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:04:56.0506 5784 BrFiltLo - ok
18:04:56.0522 5784 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:04:56.0537 5784 BrFiltUp - ok
18:04:56.0584 5784 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:04:56.0615 5784 Browser - ok
18:04:56.0662 5784 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:04:56.0709 5784 Brserid - ok
18:04:56.0709 5784 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:04:56.0740 5784 BrSerWdm - ok
18:04:56.0740 5784 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:04:56.0771 5784 BrUsbMdm - ok
18:04:56.0771 5784 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:04:56.0803 5784 BrUsbSer - ok
18:04:56.0849 5784 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:04:57.0005 5784 BthEnum - ok
18:04:57.0037 5784 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:04:57.0052 5784 BTHMODEM - ok
18:04:57.0068 5784 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:04:57.0099 5784 BthPan - ok
18:04:57.0161 5784 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:04:57.0208 5784 BTHPORT - ok
18:04:57.0239 5784 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:04:57.0286 5784 bthserv - ok
18:04:57.0317 5784 [ A5B3E8B2B78C7B3DA56A0DE490E6718C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
18:04:57.0317 5784 BTHSSecurityMgr - ok
18:04:57.0349 5784 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:04:57.0364 5784 BTHUSB - ok
18:04:57.0411 5784 [ 270FBA230E78E25726D065A924589A72 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
18:04:57.0442 5784 btmaux - ok
18:04:57.0489 5784 [ 0010A54571F525A97EED8C091E96EAA9 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
18:04:57.0520 5784 btmhsf - ok
18:04:57.0551 5784 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:04:57.0583 5784 cdfs - ok
18:04:57.0614 5784 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:04:57.0645 5784 cdrom - ok
18:04:57.0692 5784 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:04:57.0739 5784 CertPropSvc - ok
18:04:57.0770 5784 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:04:57.0785 5784 circlass - ok
18:04:57.0817 5784 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:04:57.0832 5784 CLFS - ok
18:04:57.0988 5784 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
18:04:58.0004 5784 CLKMSVC10_38F51D56 - ok
18:04:58.0113 5784 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:04:58.0113 5784 clr_optimization_v2.0.50727_32 - ok
18:04:58.0175 5784 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:04:58.0175 5784 clr_optimization_v2.0.50727_64 - ok
18:04:58.0269 5784 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:04:58.0269 5784 clr_optimization_v4.0.30319_32 - ok
18:04:58.0316 5784 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:04:58.0316 5784 clr_optimization_v4.0.30319_64 - ok
18:04:58.0347 5784 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:04:58.0378 5784 CmBatt - ok
18:04:58.0394 5784 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:04:58.0394 5784 cmdide - ok
18:04:58.0456 5784 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:04:58.0487 5784 CNG - ok
18:04:58.0519 5784 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:04:58.0519 5784 Compbatt - ok
18:04:58.0534 5784 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:04:58.0565 5784 CompositeBus - ok
18:04:58.0597 5784 COMSysApp - ok
18:04:58.0597 5784 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:04:58.0612 5784 crcdisk - ok
18:04:58.0628 5784 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:04:58.0659 5784 CryptSvc - ok
18:04:58.0690 5784 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:04:58.0737 5784 DcomLaunch - ok
18:04:58.0768 5784 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:04:58.0799 5784 defragsvc - ok
18:04:58.0831 5784 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:04:58.0862 5784 DfsC - ok
18:04:58.0893 5784 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:04:58.0924 5784 Dhcp - ok
18:04:58.0940 5784 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:04:58.0987 5784 discache - ok
18:04:59.0033 5784 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:04:59.0049 5784 Disk - ok
18:04:59.0065 5784 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:04:59.0111 5784 Dnscache - ok
18:04:59.0143 5784 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:04:59.0189 5784 dot3svc - ok
18:04:59.0205 5784 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:04:59.0252 5784 DPS - ok
18:04:59.0283 5784 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:04:59.0330 5784 drmkaud - ok
18:04:59.0361 5784 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:04:59.0377 5784 DXGKrnl - ok
18:04:59.0392 5784 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:04:59.0423 5784 EapHost - ok
18:04:59.0486 5784 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:04:59.0595 5784 ebdrv - ok
18:04:59.0626 5784 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:04:59.0673 5784 EFS - ok
18:04:59.0720 5784 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:04:59.0735 5784 elxstor - ok
18:04:59.0751 5784 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:04:59.0767 5784 ErrDev - ok
18:04:59.0798 5784 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:04:59.0829 5784 EventSystem - ok
18:04:59.0938 5784 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:04:59.0985 5784 EvtEng - ok
18:05:00.0032 5784 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
18:05:00.0079 5784 ew_hwusbdev - ok
18:05:00.0094 5784 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:05:00.0125 5784 exfat - ok
18:05:00.0141 5784 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:05:00.0188 5784 fastfat - ok
18:05:00.0235 5784 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:05:00.0297 5784 Fax - ok
18:05:00.0313 5784 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:05:00.0328 5784 fdc - ok
18:05:00.0344 5784 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:05:00.0375 5784 fdPHost - ok
18:05:00.0391 5784 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:05:00.0437 5784 FDResPub - ok
18:05:00.0469 5784 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:05:00.0484 5784 FileInfo - ok
18:05:00.0500 5784 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:05:00.0547 5784 Filetrace - ok
18:05:00.0578 5784 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:05:00.0578 5784 flpydisk - ok
18:05:00.0593 5784 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:05:00.0609 5784 FltMgr - ok
18:05:00.0656 5784 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:05:00.0718 5784 FontCache - ok
18:05:00.0765 5784 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:05:00.0781 5784 FontCache3.0.0.0 - ok
18:05:00.0796 5784 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:05:00.0812 5784 FsDepends - ok
18:05:00.0827 5784 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:05:00.0827 5784 Fs_Rec - ok
18:05:00.0859 5784 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:05:00.0874 5784 fvevol - ok
18:05:00.0890 5784 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:05:00.0905 5784 gagp30kx - ok
18:05:00.0937 5784 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:05:00.0983 5784 gpsvc - ok
18:05:00.0999 5784 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:05:01.0015 5784 hcw85cir - ok
18:05:01.0030 5784 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:05:01.0061 5784 HdAudAddService - ok
18:05:01.0093 5784 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:05:01.0124 5784 HDAudBus - ok
18:05:01.0124 5784 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:05:01.0171 5784 HidBatt - ok
18:05:01.0202 5784 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:05:01.0217 5784 HidBth - ok
18:05:01.0233 5784 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:05:01.0233 5784 HidIr - ok
18:05:01.0264 5784 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:05:01.0295 5784 hidserv - ok
18:05:01.0327 5784 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:05:01.0342 5784 HidUsb - ok
18:05:01.0358 5784 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:05:01.0405 5784 hkmsvc - ok
18:05:01.0436 5784 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:05:01.0498 5784 HomeGroupListener - ok
18:05:01.0514 5784 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:05:01.0529 5784 HomeGroupProvider - ok
18:05:01.0561 5784 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:05:01.0576 5784 HpSAMD - ok
18:05:01.0592 5784 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:05:01.0654 5784 HTTP - ok
18:05:01.0685 5784 [ 6E05228393CD614B983568EC40C262C3 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:05:01.0701 5784 hwdatacard - ok
18:05:01.0732 5784 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:05:01.0732 5784 hwpolicy - ok
18:05:01.0763 5784 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:05:01.0779 5784 i8042prt - ok
18:05:01.0826 5784 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:05:01.0841 5784 iaStor - ok
18:05:01.0873 5784 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:05:01.0888 5784 iaStorV - ok
18:05:01.0904 5784 [ DE9E40BAEE2E48FD1E3EB423074C014C ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
18:05:01.0919 5784 iBtFltCoex - ok
18:05:01.0982 5784 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:05:01.0997 5784 idsvc - ok
18:05:02.0200 5784 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:05:02.0528 5784 igfx - ok
18:05:02.0559 5784 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:05:02.0559 5784 iirsp - ok
18:05:02.0606 5784 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:05:02.0637 5784 IKEEXT - ok
18:05:02.0668 5784 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
18:05:02.0684 5784 intaud_WaveExtensible - ok
18:05:02.0777 5784 [ 028E40182A6F0374978C755F85B9F07C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:05:02.0871 5784 IntcAzAudAddService - ok
18:05:02.0902 5784 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:05:02.0902 5784 intelide - ok
18:05:02.0933 5784 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:05:02.0965 5784 intelppm - ok
18:05:02.0980 5784 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:05:03.0027 5784 IPBusEnum - ok
18:05:03.0043 5784 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:05:03.0089 5784 IpFilterDriver - ok
18:05:03.0121 5784 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:05:03.0152 5784 iphlpsvc - ok
18:05:03.0183 5784 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:05:03.0214 5784 IPMIDRV - ok
18:05:03.0214 5784 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:05:03.0261 5784 IPNAT - ok
18:05:03.0292 5784 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:05:03.0339 5784 IRENUM - ok
18:05:03.0355 5784 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:05:03.0355 5784 isapnp - ok
18:05:03.0386 5784 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:05:03.0401 5784 iScsiPrt - ok
18:05:03.0433 5784 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
18:05:03.0448 5784 iwdbus - ok
18:05:03.0479 5784 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:05:03.0479 5784 kbdclass - ok
18:05:03.0511 5784 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:05:03.0542 5784 kbdhid - ok
18:05:03.0573 5784 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
18:05:03.0589 5784 kbfiltr - ok
18:05:03.0589 5784 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:05:03.0604 5784 KeyIso - ok
18:05:03.0620 5784 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:05:03.0635 5784 KSecDD - ok
18:05:03.0651 5784 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:05:03.0667 5784 KSecPkg - ok
18:05:03.0682 5784 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:05:03.0713 5784 ksthunk - ok
18:05:03.0745 5784 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:05:03.0791 5784 KtmRm - ok
18:05:03.0807 5784 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
18:05:03.0823 5784 L1C - ok
18:05:03.0869 5784 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:05:03.0916 5784 LanmanServer - ok
18:05:03.0916 5784 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:05:03.0963 5784 LanmanWorkstation - ok
18:05:04.0088 5784 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:05:04.0103 5784 LBTServ - ok
18:05:04.0135 5784 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:05:04.0150 5784 LHidFilt - ok
18:05:04.0166 5784 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:05:04.0197 5784 lltdio - ok
18:05:04.0228 5784 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:05:04.0275 5784 lltdsvc - ok
18:05:04.0306 5784 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:05:04.0322 5784 lmhosts - ok
18:05:04.0369 5784 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:05:04.0369 5784 LMouFilt - ok
18:05:04.0415 5784 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:05:04.0431 5784 LMS - ok
18:05:04.0478 5784 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:05:04.0493 5784 LSI_FC - ok
18:05:04.0509 5784 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:05:04.0509 5784 LSI_SAS - ok
18:05:04.0525 5784 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:05:04.0540 5784 LSI_SAS2 - ok
18:05:04.0556 5784 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:05:04.0556 5784 LSI_SCSI - ok
18:05:04.0587 5784 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:05:04.0634 5784 luafv - ok
18:05:04.0665 5784 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:05:04.0665 5784 megasas - ok
18:05:04.0696 5784 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:05:04.0712 5784 MegaSR - ok
18:05:04.0727 5784 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:05:04.0743 5784 MEIx64 - ok
18:05:04.0759 5784 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:05:04.0805 5784 MMCSS - ok
18:05:04.0805 5784 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:05:04.0852 5784 Modem - ok
18:05:04.0883 5784 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:05:04.0915 5784 monitor - ok
18:05:04.0930 5784 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:05:04.0946 5784 mouclass - ok
18:05:04.0961 5784 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:05:04.0977 5784 mouhid - ok
18:05:04.0993 5784 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:05:05.0008 5784 mountmgr - ok
18:05:05.0055 5784 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:05:05.0055 5784 MozillaMaintenance - ok
18:05:05.0071 5784 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:05:05.0086 5784 mpio - ok
18:05:05.0117 5784 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:05:05.0149 5784 mpsdrv - ok
18:05:05.0180 5784 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:05:05.0227 5784 MpsSvc - ok
18:05:05.0227 5784 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:05:05.0258 5784 MRxDAV - ok
18:05:05.0273 5784 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:05:05.0320 5784 mrxsmb - ok
18:05:05.0336 5784 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:05:05.0351 5784 mrxsmb10 - ok
18:05:05.0367 5784 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:05:05.0383 5784 mrxsmb20 - ok
18:05:05.0414 5784 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:05:05.0429 5784 msahci - ok
18:05:05.0445 5784 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:05:05.0445 5784 msdsm - ok
18:05:05.0461 5784 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:05:05.0492 5784 MSDTC - ok
18:05:05.0507 5784 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:05:05.0539 5784 Msfs - ok
18:05:05.0554 5784 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:05:05.0601 5784 mshidkmdf - ok
18:05:05.0617 5784 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:05:05.0617 5784 msisadrv - ok
18:05:05.0648 5784 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:05:05.0679 5784 MSiSCSI - ok
18:05:05.0695 5784 msiserver - ok
18:05:05.0710 5784 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:05:05.0741 5784 MSKSSRV - ok
18:05:05.0757 5784 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:05:05.0788 5784 MSPCLOCK - ok
18:05:05.0804 5784 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:05:05.0835 5784 MSPQM - ok
18:05:05.0866 5784 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:05:05.0882 5784 MsRPC - ok
18:05:05.0897 5784 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:05:05.0897 5784 mssmbios - ok
18:05:05.0913 5784 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:05:05.0960 5784 MSTEE - ok
18:05:05.0975 5784 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:05:05.0991 5784 MTConfig - ok
18:05:06.0007 5784 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:05:06.0007 5784 Mup - ok
18:05:06.0053 5784 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:05:06.0069 5784 MyWiFiDHCPDNS - ok
18:05:06.0100 5784 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:05:06.0131 5784 napagent - ok
18:05:06.0147 5784 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:05:06.0178 5784 NativeWifiP - ok
18:05:06.0225 5784 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:05:06.0241 5784 NDIS - ok
18:05:06.0272 5784 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:05:06.0287 5784 NdisCap - ok
18:05:06.0319 5784 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:05:06.0334 5784 NdisTapi - ok
18:05:06.0350 5784 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:05:06.0397 5784 Ndisuio - ok
18:05:06.0412 5784 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:05:06.0443 5784 NdisWan - ok
18:05:06.0443 5784 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:05:06.0490 5784 NDProxy - ok
18:05:06.0506 5784 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:05:06.0537 5784 NetBIOS - ok
18:05:06.0553 5784 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:05:06.0584 5784 NetBT - ok
18:05:06.0615 5784 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:05:06.0615 5784 Netlogon - ok
18:05:06.0677 5784 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:05:06.0724 5784 Netman - ok
18:05:06.0740 5784 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:05:06.0802 5784 netprofm - ok
18:05:06.0833 5784 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:05:06.0833 5784 NetTcpPortSharing - ok
18:05:07.0005 5784 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
18:05:07.0208 5784 NETwNs64 - ok
18:05:07.0239 5784 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:05:07.0239 5784 nfrd960 - ok
18:05:07.0286 5784 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:05:07.0333 5784 NlaSvc - ok
18:05:07.0348 5784 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:05:07.0364 5784 Npfs - ok
18:05:07.0379 5784 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:05:07.0426 5784 nsi - ok
18:05:07.0442 5784 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:05:07.0473 5784 nsiproxy - ok
18:05:07.0520 5784 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:05:07.0598 5784 Ntfs - ok
18:05:07.0613 5784 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:05:07.0660 5784 Null - ok
18:05:07.0707 5784 [ 03E423DCAC06B7E9DC051DEE8ABEB47D ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
18:05:07.0738 5784 nvkflt - ok
18:05:07.0972 5784 [ 79060E6631DC2C91DA8E601E2584A623 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:05:08.0284 5784 nvlddmkm - ok
18:05:08.0347 5784 [ B621AE777F899CC849C896839690BE76 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
18:05:08.0362 5784 nvpciflt - ok
18:05:08.0409 5784 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:05:08.0409 5784 nvraid - ok
18:05:08.0425 5784 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:05:08.0425 5784 nvstor - ok
18:05:08.0487 5784 [ BDBC8E51FF2F3B800FF7B90DCDA31B48 ] NVSvc C:\Windows\system32\nvvsvc.exe
18:05:08.0518 5784 NVSvc - ok
18:05:08.0596 5784 [ 55F03866A969A50CD1574B0F61ACEC1D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:05:08.0627 5784 nvUpdatusService - ok
18:05:08.0659 5784 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:05:08.0674 5784 nv_agp - ok
18:05:08.0690 5784 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:05:08.0705 5784 ohci1394 - ok
18:05:08.0737 5784 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:05:08.0768 5784 p2pimsvc - ok
18:05:08.0783 5784 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:05:08.0815 5784 p2psvc - ok
18:05:08.0846 5784 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:05:08.0861 5784 Parport - ok
18:05:08.0877 5784 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:05:08.0893 5784 partmgr - ok
18:05:08.0908 5784 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:05:08.0924 5784 PcaSvc - ok
18:05:08.0955 5784 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:05:08.0955 5784 pci - ok
18:05:08.0971 5784 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:05:08.0986 5784 pciide - ok
18:05:09.0002 5784 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:05:09.0002 5784 pcmcia - ok
18:05:09.0017 5784 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:05:09.0033 5784 pcw - ok
18:05:09.0049 5784 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:05:09.0095 5784 PEAUTH - ok
18:05:09.0158 5784 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:05:09.0189 5784 PerfHost - ok
18:05:09.0236 5784 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:05:09.0298 5784 pla - ok
18:05:09.0329 5784 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:05:09.0376 5784 PlugPlay - ok
18:05:09.0392 5784 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:05:09.0407 5784 PNRPAutoReg - ok
18:05:09.0439 5784 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:05:09.0439 5784 PNRPsvc - ok
18:05:09.0485 5784 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:05:09.0517 5784 PolicyAgent - ok
18:05:09.0563 5784 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:05:09.0595 5784 Power - ok
18:05:09.0626 5784 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:05:09.0657 5784 PptpMiniport - ok
18:05:09.0673 5784 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:05:09.0704 5784 Processor - ok
18:05:09.0735 5784 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:05:09.0766 5784 ProfSvc - ok
18:05:09.0766 5784 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:05:09.0782 5784 ProtectedStorage - ok
18:05:09.0797 5784 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:05:09.0813 5784 Psched - ok
18:05:09.0875 5784 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:05:09.0938 5784 ql2300 - ok
18:05:09.0953 5784 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:05:09.0953 5784 ql40xx - ok
18:05:09.0985 5784 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:05:10.0000 5784 QWAVE - ok
18:05:10.0016 5784 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:05:10.0047 5784 QWAVEdrv - ok
18:05:10.0047 5784 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:05:10.0078 5784 RasAcd - ok
18:05:10.0109 5784 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:05:10.0141 5784 RasAgileVpn - ok
18:05:10.0156 5784 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:05:10.0203 5784 RasAuto - ok
18:05:10.0219 5784 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:10.0250 5784 Rasl2tp - ok
18:05:10.0281 5784 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:05:10.0312 5784 RasMan - ok
18:05:10.0328 5784 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:10.0359 5784 RasPppoe - ok
18:05:10.0375 5784 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:05:10.0437 5784 RasSstp - ok
18:05:10.0453 5784 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:05:10.0499 5784 rdbss - ok
18:05:10.0531 5784 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:05:10.0546 5784 rdpbus - ok
18:05:10.0577 5784 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:10.0609 5784 RDPCDD - ok
18:05:10.0624 5784 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:05:10.0655 5784 RDPENCDD - ok
18:05:10.0687 5784 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:05:10.0733 5784 RDPREFMP - ok
18:05:10.0765 5784 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:05:10.0811 5784 RDPWD - ok
18:05:10.0843 5784 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:05:10.0843 5784 rdyboost - ok
18:05:10.0921 5784 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:05:10.0936 5784 RegSrvc - ok
18:05:10.0952 5784 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:05:10.0999 5784 RemoteAccess - ok
18:05:11.0014 5784 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:05:11.0061 5784 RemoteRegistry - ok
18:05:11.0108 5784 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:05:11.0123 5784 RFCOMM - ok
18:05:11.0217 5784 [ 616F6E52CAE254727A886BA8EDA1BEEA ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:05:11.0217 5784 RichVideo - ok
18:05:11.0248 5784 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:05:11.0295 5784 RpcEptMapper - ok
18:05:11.0295 5784 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:05:11.0311 5784 RpcLocator - ok
18:05:11.0342 5784 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:05:11.0357 5784 RpcSs - ok
18:05:11.0389 5784 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:05:11.0420 5784 rspndr - ok
18:05:11.0435 5784 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:05:11.0451 5784 SamSs - ok
18:05:11.0467 5784 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:05:11.0467 5784 sbp2port - ok
18:05:11.0498 5784 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:05:11.0529 5784 SCardSvr - ok
18:05:11.0545 5784 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:05:11.0576 5784 scfilter - ok
18:05:11.0607 5784 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:05:11.0654 5784 Schedule - ok
18:05:11.0669 5784 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:05:11.0701 5784 SCPolicySvc - ok
18:05:11.0716 5784 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:05:11.0747 5784 SDRSVC - ok
18:05:11.0779 5784 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:05:11.0810 5784 secdrv - ok
18:05:11.0825 5784 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:05:11.0857 5784 seclogon - ok
18:05:11.0888 5784 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:05:11.0919 5784 SENS - ok
18:05:11.0935 5784 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:05:11.0950 5784 SensrSvc - ok
18:05:11.0966 5784 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:05:11.0997 5784 Serenum - ok
18:05:12.0028 5784 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:05:12.0044 5784 Serial - ok
18:05:12.0075 5784 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:05:12.0091 5784 sermouse - ok
18:05:12.0122 5784 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:05:12.0169 5784 SessionEnv - ok
18:05:12.0169 5784 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:05:12.0184 5784 sffdisk - ok
18:05:12.0200 5784 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:05:12.0231 5784 sffp_mmc - ok
18:05:12.0231 5784 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:05:12.0247 5784 sffp_sd - ok
18:05:12.0247 5784 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:05:12.0262 5784 sfloppy - ok
18:05:12.0278 5784 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:05:12.0325 5784 SharedAccess - ok
18:05:12.0340 5784 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:05:12.0387 5784 ShellHWDetection - ok
18:05:12.0418 5784 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
18:05:12.0449 5784 SiSGbeLH - ok
18:05:12.0465 5784 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:05:12.0465 5784 SiSRaid2 - ok
18:05:12.0481 5784 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:05:12.0481 5784 SiSRaid4 - ok
18:05:12.0481 5784 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:05:12.0527 5784 Smb - ok
18:05:12.0559 5784 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:05:12.0590 5784 SNMPTRAP - ok
18:05:12.0605 5784 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:05:12.0605 5784 spldr - ok
18:05:12.0637 5784 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:05:12.0668 5784 Spooler - ok
18:05:12.0730 5784 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:05:12.0839 5784 sppsvc - ok
18:05:12.0855 5784 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:05:12.0886 5784 sppuinotify - ok
18:05:12.0917 5784 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:05:12.0980 5784 srv - ok
18:05:12.0995 5784 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:05:13.0011 5784 srv2 - ok
18:05:13.0027 5784 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:05:13.0042 5784 srvnet - ok
18:05:13.0073 5784 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:05:13.0120 5784 SSDPSRV - ok
18:05:13.0136 5784 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:05:13.0183 5784 SstpSvc - ok
18:05:13.0245 5784 Steam Client Service - ok
18:05:13.0339 5784 [ 4A566EB1ABCD229B3F8D67F3C4224897 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:05:13.0354 5784 Stereo Service - ok
18:05:13.0385 5784 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:05:13.0385 5784 stexstor - ok
18:05:13.0432 5784 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:05:13.0463 5784 stisvc - ok
18:05:13.0479 5784 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:05:13.0479 5784 swenum - ok
18:05:13.0510 5784 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:05:13.0541 5784 swprv - ok
18:05:13.0619 5784 [ 7E8902F9929A5D9FFD0F545332CE0F10 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:05:13.0666 5784 SynTP - ok
18:05:13.0713 5784 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:05:13.0760 5784 SysMain - ok
18:05:13.0775 5784 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:05:13.0791 5784 TabletInputService - ok
18:05:13.0807 5784 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:05:13.0853 5784 TapiSrv - ok
18:05:13.0869 5784 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:05:13.0900 5784 TBS - ok
18:05:13.0963 5784 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:05:14.0009 5784 Tcpip - ok
18:05:14.0056 5784 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:05:14.0072 5784 TCPIP6 - ok
18:05:14.0103 5784 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:05:14.0134 5784 tcpipreg - ok
18:05:14.0165 5784 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:05:14.0197 5784 TDPIPE - ok
18:05:14.0228 5784 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:05:14.0243 5784 TDTCP - ok
18:05:14.0259 5784 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:05:14.0306 5784 tdx - ok
18:05:14.0321 5784 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:05:14.0337 5784 TermDD - ok
18:05:14.0368 5784 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:05:14.0399 5784 TermService - ok
18:05:14.0415 5784 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:05:14.0431 5784 Themes - ok
18:05:14.0446 5784 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:05:14.0462 5784 THREADORDER - ok
18:05:14.0477 5784 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:05:14.0509 5784 TrkWks - ok
18:05:14.0571 5784 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:05:14.0602 5784 TrustedInstaller - ok
18:05:14.0633 5784 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:14.0665 5784 tssecsrv - ok
18:05:14.0680 5784 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:05:14.0711 5784 TsUsbFlt - ok
18:05:14.0711 5784 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:05:14.0711 5784 TsUsbGD - ok
18:05:14.0743 5784 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:05:14.0774 5784 tunnel - ok
18:05:14.0789 5784 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
18:05:14.0805 5784 TurboB - ok
18:05:14.0836 5784 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:05:14.0836 5784 TurboBoost - ok
18:05:14.0852 5784 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:05:14.0852 5784 uagp35 - ok
18:05:14.0867 5784 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:05:14.0899 5784 udfs - ok
18:05:14.0914 5784 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:05:14.0945 5784 UI0Detect - ok
18:05:14.0961 5784 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:05:14.0977 5784 uliagpkx - ok
18:05:14.0977 5784 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:05:15.0008 5784 umbus - ok
18:05:15.0023 5784 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:05:15.0039 5784 UmPass - ok
18:05:15.0117 5784 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:05:15.0211 5784 UNS - ok
18:05:15.0226 5784 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:05:15.0273 5784 upnphost - ok
18:05:15.0304 5784 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:15.0335 5784 usbccgp - ok
18:05:15.0351 5784 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:05:15.0382 5784 usbcir - ok
18:05:15.0398 5784 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:05:15.0429 5784 usbehci - ok
18:05:15.0445 5784 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:05:15.0476 5784 usbhub - ok
18:05:15.0491 5784 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:05:15.0507 5784 usbohci - ok
18:05:15.0523 5784 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:05:15.0554 5784 usbprint - ok
18:05:15.0569 5784 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:05:15.0616 5784 USBSTOR - ok
18:05:15.0632 5784 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:05:15.0647 5784 usbuhci - ok
18:05:15.0694 5784 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:05:15.0725 5784 usbvideo - ok
18:05:15.0741 5784 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:05:15.0772 5784 UxSms - ok
18:05:15.0772 5784 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:05:15.0788 5784 VaultSvc - ok
18:05:15.0803 5784 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:05:15.0803 5784 vdrvroot - ok
18:05:15.0819 5784 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:05:15.0866 5784 vds - ok
18:05:15.0897 5784 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:05:15.0897 5784 vga - ok
18:05:15.0913 5784 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:05:15.0944 5784 VgaSave - ok
18:05:15.0959 5784 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:05:15.0975 5784 vhdmp - ok
18:05:15.0975 5784 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:05:15.0975 5784 viaide - ok
18:05:16.0006 5784 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:05:16.0022 5784 volmgr - ok
18:05:16.0037 5784 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:05:16.0053 5784 volmgrx - ok
18:05:16.0069 5784 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:05:16.0069 5784 volsnap - ok
18:05:16.0100 5784 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:05:16.0100 5784 vsmraid - ok
18:05:16.0147 5784 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:05:16.0240 5784 VSS - ok
18:05:16.0256 5784 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:05:16.0271 5784 vwifibus - ok
18:05:16.0287 5784 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:05:16.0303 5784 vwififlt - ok
18:05:16.0349 5784 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:05:16.0365 5784 vwifimp - ok
18:05:16.0396 5784 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:05:16.0427 5784 W32Time - ok
18:05:16.0443 5784 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:05:16.0474 5784 WacomPen - ok
18:05:16.0490 5784 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:05:16.0521 5784 WANARP - ok
18:05:16.0521 5784 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:05:16.0552 5784 Wanarpv6 - ok
18:05:16.0583 5784 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:05:16.0677 5784 wbengine - ok
18:05:16.0693 5784 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:05:16.0708 5784 WbioSrvc - ok
18:05:16.0739 5784 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:05:16.0771 5784 wcncsvc - ok
18:05:16.0786 5784 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:05:16.0817 5784 WcsPlugInService - ok
18:05:16.0849 5784 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:05:16.0864 5784 Wd - ok
18:05:16.0880 5784 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:05:16.0895 5784 Wdf01000 - ok
18:05:16.0927 5784 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:05:17.0005 5784 WdiServiceHost - ok
18:05:17.0005 5784 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:05:17.0020 5784 WdiSystemHost - ok
18:05:17.0036 5784 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:05:17.0051 5784 WebClient - ok
18:05:17.0067 5784 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:05:17.0114 5784 Wecsvc - ok
18:05:17.0129 5784 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:05:17.0176 5784 wercplsupport - ok
18:05:17.0192 5784 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:05:17.0223 5784 WerSvc - ok
18:05:17.0239 5784 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:05:17.0270 5784 WfpLwf - ok
18:05:17.0317 5784 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
18:05:17.0317 5784 WimFltr - ok
18:05:17.0348 5784 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:05:17.0348 5784 WIMMount - ok
18:05:17.0363 5784 WinDefend - ok
18:05:17.0379 5784 WinHttpAutoProxySvc - ok
18:05:17.0426 5784 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:05:17.0473 5784 Winmgmt - ok
18:05:17.0535 5784 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:05:17.0629 5784 WinRM - ok
18:05:17.0675 5784 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:05:17.0707 5784 Wlansvc - ok
18:05:17.0738 5784 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:05:17.0753 5784 WmiAcpi - ok
18:05:17.0769 5784 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:05:17.0785 5784 wmiApSrv - ok
18:05:17.0831 5784 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:05:17.0847 5784 WPCSvc - ok
18:05:17.0863 5784 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:05:17.0894 5784 WPDBusEnum - ok
18:05:17.0925 5784 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:05:17.0956 5784 ws2ifsl - ok
18:05:17.0987 5784 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:05:18.0003 5784 wscsvc - ok
18:05:18.0003 5784 WSearch - ok
18:05:18.0065 5784 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:05:18.0128 5784 wuauserv - ok
18:05:18.0143 5784 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:05:18.0175 5784 WudfPf - ok
18:05:18.0237 5784 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:05:18.0268 5784 WUDFRd - ok
18:05:18.0299 5784 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:05:18.0315 5784 wudfsvc - ok
18:05:18.0346 5784 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:05:18.0362 5784 WwanSvc - ok
18:05:18.0440 5784 X6va001 - ok
18:05:18.0455 5784 ================ Scan global ===============================
18:05:18.0471 5784 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:05:18.0518 5784 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:05:18.0518 5784 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:05:18.0533 5784 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:05:18.0549 5784 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:05:18.0565 5784 [Global] - ok
18:05:18.0565 5784 ================ Scan MBR ==================================
18:05:18.0565 5784 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:05:19.0064 5784 \Device\Harddisk0\DR0 - ok
18:05:19.0064 5784 ================ Scan VBR ==================================
18:05:19.0064 5784 [ 33047DF1A8DBAF404F77E82927AEC3D7 ] \Device\Harddisk0\DR0\Partition1
18:05:19.0079 5784 \Device\Harddisk0\DR0\Partition1 - ok
18:05:19.0095 5784 [ A33915385848C12938F2FD13ED959F95 ] \Device\Harddisk0\DR0\Partition2
18:05:19.0095 5784 \Device\Harddisk0\DR0\Partition2 - ok
18:05:19.0095 5784 ============================================================
18:05:19.0095 5784 Scan finished
18:05:19.0095 5784 ============================================================
18:05:19.0111 5332 Detected object count: 0
18:05:19.0111 5332 Actual detected object count: 0
mfg Basti |
|
03.09.2012, 13:59
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
03.09.2012, 20:49
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.09.2012, 12:28
| #5 |
| | TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess Gmer Log (bei den Auswahlhäkchen im Programm waren allerdings nur die unteren 4 aktivierbar, die anderen ausgegraut) Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-04 13:03:27
Windows 6.1.7601 Service Pack 1
Running: c40mqr2d.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac72891cb8ac
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac72891cb8ac (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 13:13:19 on 04.09.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 15.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASMMAP64" (ASMMAP64) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys "ASUS Charger Driver" (AiCharger) - "ASUSTek Computer Inc." - C:\Windows\System32\DRIVERS\AiCharger.sys "ATKWMIACPI Driver_" (ATKWMIACPIIO_) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys "X6va001" (X6va001) - ? - C:\Users\Famous\AppData\Local\Temp\001BB86.tmp (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Famous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "SonicMasterTray" - "Virage Logic Corporation / Sonic Focus" - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "AFBAgent" (AFBAgent) - "ASUSTeK Computer Inc." - C:\Windows\system32\FBAgent.exe "ALDITALKVerbindungsassistent_Service" (ALDITALKVerbindungsassistent_Service) - ? - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe (File found, but it contains no detailed information) "ASLDR Service" (ASLDRService) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe "ATKGFNEX Service" (ATKGFNEXSrv) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Bluetooth Device Monitor" (Bluetooth Device Monitor) - "Intel Corporation" - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe "Bluetooth Media Service" (Bluetooth Media Service) - "Intel Corporation" - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe "Bluetooth OBEX Service" (Bluetooth OBEX Service) - "Intel Corporation" - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe "CyberLink Product - 2011/10/11 12:21:48" (CLKMSVC10_38F51D56) - "CyberLink" - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe "Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service" (BTHSSecurityMgr) - "Intel(R) Corporation" - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "Intel(R) Turbo Boost Technology Monitor 2.0" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe "Intel® Centrino® Bluetooth 3.0 + High Speed Service" (AMPPALR3) - "Intel Corporation" - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "Wireless PAN DHCP Server" (MyWiFiDHCPDNS) - ? - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-04 13:15:50
-----------------------------
13:15:50.595 OS Version: Windows x64 6.1.7601 Service Pack 1
13:15:50.595 Number of processors: 8 586 0x2A07
13:15:50.595 ComputerName: FAMOUS-PC UserName: Famous
13:16:01.671 Initialize success
13:24:30.530 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:24:30.530 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3
13:24:30.561 Disk 0 MBR read successfully
13:24:30.561 Disk 0 MBR scan
13:24:30.561 Disk 0 Windows 7 default MBR code
13:24:30.561 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
13:24:30.577 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 309172 MB offset 52430848
13:24:30.593 Disk 0 Partition - 00 0F Extended LBA 380631 MB offset 685615104
13:24:30.624 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 380630 MB offset 685617152
13:24:30.655 Disk 0 scanning C:\Windows\system32\drivers
13:24:39.079 Service scanning
13:24:54.305 Modules scanning
13:24:54.305 Disk 0 trace - called modules:
13:24:54.414 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
13:24:54.414 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80080e0790]
13:24:54.414 3 CLASSPNP.SYS[fffff88001d6f43f] -> nt!IofCallDriver -> [0xfffffa8007b45b20]
13:24:54.414 5 ACPI.sys[fffff88000ee97a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b5c050]
13:24:54.414 Scan finished successfully
13:25:15.006 Disk 0 MBR has been saved successfully to "D:\Desktop\MBR.dat"
13:25:15.006 The log file has been saved successfully to "D:\Desktop\aswMBR.txt"
|
|
04.09.2012, 16:17
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ --> TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess |
|
06.09.2012, 13:20
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess Kann sein oder auch nicht Habe aber noch nie von solchen Problemen nach CF gehört
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/atrap.gen2 und tr/sirefef in C:\Users\Famous\AppData\Local - RootkitAccess |
| antivir, avg, avira, bho, entfernen, error, fehler, firefox, flash player, focus, format, gfnexsrv.exe, home, homepage, iexplore.exe, install.exe, logfile, monitor, netzwerk, nvidia update, nvpciflt.sys, plug-in, port, programm, realtek, registry, rootkitaccess, rundll, software, svchost.exe, teamspeak, udp, usb 3.0, wscript.exe |
Hybrid-Darstellung
