| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Hab ich mir was eingefangen? - verdächtige AktivitätenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.09.2012, 21:02
| #1 |
 |  Hab ich mir was eingefangen? - verdächtige Aktivitäten Hallo, ich bin etwas besorgt, ich habe meinen PC vor einem Monat neu aufgesetzt und bin in dieser Zeit mit aktiviertem Javascript und als Admin im Internet gewesen. (auch auf eher zweifelhaften Seiten - nicht klug, ich weis) Mein Kaspersky hat in der Zeit auch den ein, oder anderen Link unterbunden. Nun ist es vorgekommen, dass ich bei facebook angeblich jemanden abonniert habe (einen sehr zweifelhaften Account/Name/Person). Bei dem ich mir sicher bin dass ich ihn sicher nicht absichtlich abonniert habe. Ich habe sofort alle Passwörter geändert. Mein Kaspersky findet nichts, Malewarebytes findet nichts und mein HiJackThis-Log sieht (für einen Laien) jedenfalls nach den Userbewertungen zu urteilen, nicht dramatisch aus. Ich habe nur leider bei meinem Windows7 öfters (aber durchaus konstant) leichte Festplattenaktivitäten. Meine checks im Taskmanager bringen auch keine wirklich auffälligen Entwicklungen zu Tage. Könnt ihr mir helfen? |
|
20.09.2012, 08:23
| #2 |
| /// Malwareteam    | Hab ich mir was eingefangen? - verdächtige Aktivitäten Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:
__________________An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?
__________________ |
|
20.09.2012, 22:46
| #3 |
| | Hab ich mir was eingefangen? - verdächtige Aktivitäten Hi,
__________________na dann... Mein OTL.log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.09.2012 23:12:42 - Run 1 OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Admin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 6,58 Gb Available Physical Memory | 82,35% Memory free 15,98 Gb Paging File | 14,40 Gb Available in Paging File | 90,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1862,91 Gb Total Space | 1720,19 Gb Free Space | 92,34% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.20 22:41:22 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2012.09.20 22:39:15 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe PRC - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.10.17 15:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe ========== Modules (No Company Name) ========== MOD - [2012.09.20 22:39:15 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe MOD - [2012.08.13 14:19:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.08.13 14:19:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.08.13 14:19:08 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.08.13 14:19:05 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.08.13 14:19:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.08.13 14:18:42 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.08.13 14:18:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.08.13 14:18:34 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.30 10:29:38 | 008,712,096 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom) SRV - [2012.05.30 10:29:38 | 000,567,712 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom) SRV - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.11 14:48:30 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.05.30 10:30:06 | 000,066,424 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter) DRV:64bit: - [2012.05.30 10:30:06 | 000,013,688 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf) DRV:64bit: - [2012.05.07 14:42:30 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.09.03 14:17:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.09.03 14:17:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.09.03 14:17:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.08.12 19:28:31 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6579F410-D500-4A34-94FE-AC188AD65C13}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.19 03:55:03 | 000,000,000 | ---D | C] -- C:\adobeTemp [2012.09.18 21:50:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.09.18 21:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.18 21:50:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.18 21:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.18 21:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.14 02:32:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2012.09.14 02:01:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe [2012.09.13 21:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.09.12 19:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP [2012.09.12 19:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard [2012.09.12 19:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2012.09.12 19:50:21 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2012.09.12 19:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.09.12 19:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.09.10 05:13:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera [2012.09.10 05:13:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera [2012.09.10 05:12:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Intel Corporation [2012.09.10 05:12:28 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.09.10 05:12:28 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2012.09.10 05:12:28 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.09.10 05:12:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2012.09.10 05:12:19 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2012.09.10 05:12:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2012.09.10 05:12:06 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2012.09.10 05:12:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WTablet [2012.09.10 05:12:05 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2012.09.10 05:12:05 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2012.09.10 05:12:05 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2012.09.10 05:12:05 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2012.09.10 05:12:05 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2012.09.10 05:12:05 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.09.10 05:12:05 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2012.09.10 05:12:05 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2012.09.10 05:12:05 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2012.09.10 05:12:05 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2012.09.10 05:12:05 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2012.09.10 05:12:05 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.09.10 05:12:05 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2012.09.10 05:12:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2012.09.10 05:12:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2012.09.10 05:12:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2012.09.10 05:12:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2012.08.31 05:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.08.31 05:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.08.25 17:23:47 | 000,000,000 | ---D | C] -- C:\RANDOM ========== Files - Modified Within 30 Days ========== [2012.09.20 23:14:23 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.20 23:14:23 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.20 23:11:27 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.20 23:11:27 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.20 23:11:27 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.20 23:11:27 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.20 23:11:27 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.20 23:09:40 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.09.20 23:07:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.20 23:07:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.20 23:07:13 | 2140,467,199 | -HS- | M] () -- C:\hiberfil.sys [2012.09.20 22:18:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.18 21:50:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.12 19:52:46 | 000,173,374 | ---- | M] () -- C:\Windows\hpoins46.dat [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.09.20 23:09:40 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.09.19 03:55:14 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk [2012.09.18 21:50:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.12 19:49:20 | 000,173,374 | ---- | C] () -- C:\Windows\hpoins46.dat [2012.09.12 19:49:20 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat [2012.09.10 05:12:33 | 000,001,405 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.09.10 05:12:28 | 000,001,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.08.31 05:03:17 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.31 05:03:17 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2012.09.10 05:13:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera ========== Purity Check ========== < End of report > |
|
21.09.2012, 06:41
| #4 |
| /// Malwareteam | Hab ich mir was eingefangen? - verdächtige Aktivitäten Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
22.09.2012, 21:54
| #5 |
| | Hab ich mir was eingefangen? - verdächtige Aktivitäten Hallo Marius, danke dass du dir Zeit nimmst. Anbei meine zwei Scans: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-22 22:35:10
-----------------------------
22:35:10.107 OS Version: Windows x64 6.1.7601 Service Pack 1
22:35:10.107 Number of processors: 8 586 0x1A05
22:35:10.107 ComputerName: ADMIN-PC UserName: ***
22:35:11.819 Initialize success
22:37:05.498 AVAST engine defs: 12092201
22:37:47.679 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:37:47.679 Disk 0 Vendor: Intel___ 1.0. Size: 1907726MB BusType: 8
22:37:47.695 Disk 0 MBR read successfully
22:37:47.695 Disk 0 MBR scan
22:37:47.695 Disk 0 Windows 7 default MBR code
22:37:47.710 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:37:47.710 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907624 MB offset 206848
22:37:47.726 Disk 0 scanning C:\Windows\system32\drivers
22:37:56.165 Service scanning
22:38:09.675 Modules scanning
22:38:09.675 Disk 0 trace - called modules:
22:38:09.691 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:38:09.691 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a062790]
22:38:09.691 3 CLASSPNP.SYS[fffff8800245443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b6d050]
22:38:10.751 AVAST engine scan C:\Windows
22:38:12.155 AVAST engine scan C:\Windows\system32
22:40:12.022 AVAST engine scan C:\Windows\system32\drivers
22:40:21.070 AVAST engine scan C:\Users\***
22:40:33.300 AVAST engine scan C:\ProgramData
22:42:07.836 Scan finished successfully
22:42:18.429 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
22:42:18.429 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"
Code:
ATTFilter 22:45:00.0748 4416 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:45:00.0950 4416 ============================================================
22:45:00.0950 4416 Current date / time: 2012/09/22 22:45:00.0950
22:45:00.0950 4416 SystemInfo:
22:45:00.0950 4416
22:45:00.0950 4416 OS Version: 6.1.7601 ServicePack: 1.0
22:45:00.0950 4416 Product type: Workstation
22:45:00.0950 4416 ComputerName: ADMIN-PC
22:45:00.0950 4416 UserName: ***
22:45:00.0950 4416 Windows directory: C:\Windows
22:45:00.0950 4416 System windows directory: C:\Windows
22:45:00.0950 4416 Running under WOW64
22:45:00.0950 4416 Processor architecture: Intel x64
22:45:00.0950 4416 Number of processors: 8
22:45:00.0950 4416 Page size: 0x1000
22:45:00.0950 4416 Boot type: Normal boot
22:45:00.0950 4416 ============================================================
22:45:01.0278 4416 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C0E00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B600, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:45:01.0278 4416 ============================================================
22:45:01.0278 4416 \Device\Harddisk0\DR0:
22:45:01.0278 4416 MBR partitions:
22:45:01.0278 4416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:45:01.0278 4416 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD4000
22:45:01.0278 4416 ============================================================
22:45:01.0309 4416 C: <-> \Device\Harddisk0\DR0\Partition2
22:45:01.0309 4416 ============================================================
22:45:01.0309 4416 Initialize success
22:45:01.0309 4416 ============================================================
22:45:43.0741 4752 ============================================================
22:45:43.0741 4752 Scan started
22:45:43.0741 4752 Mode: Manual; TDLFS;
22:45:43.0741 4752 ============================================================
22:45:43.0928 4752 ================ Scan system memory ========================
22:45:43.0928 4752 System memory - ok
22:45:43.0928 4752 ================ Scan services =============================
22:45:44.0038 4752 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:45:44.0038 4752 1394ohci - ok
22:45:44.0069 4752 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:45:44.0084 4752 ACPI - ok
22:45:44.0100 4752 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:45:44.0100 4752 AcpiPmi - ok
22:45:44.0131 4752 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:45:44.0147 4752 adp94xx - ok
22:45:44.0147 4752 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:45:44.0147 4752 adpahci - ok
22:45:44.0162 4752 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:45:44.0162 4752 adpu320 - ok
22:45:44.0194 4752 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:45:44.0194 4752 AeLookupSvc - ok
22:45:44.0225 4752 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:45:44.0256 4752 AFD - ok
22:45:44.0256 4752 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:45:44.0272 4752 agp440 - ok
22:45:44.0272 4752 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:45:44.0272 4752 ALG - ok
22:45:44.0287 4752 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:45:44.0287 4752 aliide - ok
22:45:44.0303 4752 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:45:44.0303 4752 amdide - ok
22:45:44.0318 4752 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:45:44.0318 4752 AmdK8 - ok
22:45:44.0334 4752 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:45:44.0334 4752 AmdPPM - ok
22:45:44.0350 4752 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:45:44.0350 4752 amdsata - ok
22:45:44.0350 4752 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:45:44.0365 4752 amdsbs - ok
22:45:44.0365 4752 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:45:44.0365 4752 amdxata - ok
22:45:44.0396 4752 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:45:44.0396 4752 AppID - ok
22:45:44.0396 4752 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:45:44.0396 4752 AppIDSvc - ok
22:45:44.0443 4752 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:45:44.0459 4752 Appinfo - ok
22:45:44.0459 4752 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:45:44.0474 4752 arc - ok
22:45:44.0474 4752 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:45:44.0474 4752 arcsas - ok
22:45:44.0490 4752 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:45:44.0506 4752 AsyncMac - ok
22:45:44.0537 4752 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:45:44.0537 4752 atapi - ok
22:45:44.0568 4752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:45:44.0584 4752 AudioEndpointBuilder - ok
22:45:44.0584 4752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:45:44.0599 4752 AudioSrv - ok
22:45:44.0662 4752 [ 2718DC27571BD1E37813F5759D2DC118 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
22:45:44.0662 4752 AVP - ok
22:45:44.0677 4752 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:45:44.0677 4752 AxInstSV - ok
22:45:44.0708 4752 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:45:44.0708 4752 b06bdrv - ok
22:45:44.0724 4752 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:45:44.0724 4752 b57nd60a - ok
22:45:44.0740 4752 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:45:44.0755 4752 BDESVC - ok
22:45:44.0755 4752 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:45:44.0755 4752 Beep - ok
22:45:44.0802 4752 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:45:44.0818 4752 BFE - ok
22:45:44.0833 4752 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:45:44.0849 4752 BITS - ok
22:45:44.0864 4752 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:45:44.0864 4752 blbdrive - ok
22:45:44.0880 4752 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:45:44.0880 4752 bowser - ok
22:45:44.0880 4752 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:45:44.0880 4752 BrFiltLo - ok
22:45:44.0880 4752 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:45:44.0880 4752 BrFiltUp - ok
22:45:44.0896 4752 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:45:44.0911 4752 Browser - ok
22:45:44.0927 4752 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:45:44.0927 4752 Brserid - ok
22:45:44.0927 4752 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:45:44.0927 4752 BrSerWdm - ok
22:45:44.0942 4752 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:45:44.0942 4752 BrUsbMdm - ok
22:45:44.0942 4752 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:45:44.0942 4752 BrUsbSer - ok
22:45:44.0942 4752 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:45:44.0942 4752 BTHMODEM - ok
22:45:44.0942 4752 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:45:44.0958 4752 bthserv - ok
22:45:44.0958 4752 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:45:44.0958 4752 cdfs - ok
22:45:44.0958 4752 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:45:44.0958 4752 cdrom - ok
22:45:44.0989 4752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:45:44.0989 4752 CertPropSvc - ok
22:45:44.0989 4752 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:45:44.0989 4752 circlass - ok
22:45:45.0005 4752 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:45:45.0020 4752 CLFS - ok
22:45:45.0067 4752 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:45:45.0083 4752 clr_optimization_v2.0.50727_32 - ok
22:45:45.0114 4752 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:45:45.0130 4752 clr_optimization_v2.0.50727_64 - ok
22:45:45.0161 4752 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:45:45.0176 4752 clr_optimization_v4.0.30319_32 - ok
22:45:45.0192 4752 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:45:45.0192 4752 clr_optimization_v4.0.30319_64 - ok
22:45:45.0192 4752 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:45:45.0192 4752 CmBatt - ok
22:45:45.0208 4752 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:45:45.0208 4752 cmdide - ok
22:45:45.0239 4752 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:45:45.0239 4752 CNG - ok
22:45:45.0254 4752 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:45:45.0254 4752 Compbatt - ok
22:45:45.0270 4752 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:45:45.0270 4752 CompositeBus - ok
22:45:45.0270 4752 COMSysApp - ok
22:45:45.0270 4752 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:45:45.0270 4752 crcdisk - ok
22:45:45.0301 4752 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:45:45.0317 4752 CryptSvc - ok
22:45:45.0332 4752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:45:45.0348 4752 DcomLaunch - ok
22:45:45.0364 4752 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:45:45.0364 4752 defragsvc - ok
22:45:45.0379 4752 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:45:45.0379 4752 DfsC - ok
22:45:45.0410 4752 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:45:45.0426 4752 Dhcp - ok
22:45:45.0426 4752 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:45:45.0426 4752 discache - ok
22:45:45.0426 4752 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:45:45.0442 4752 Disk - ok
22:45:45.0457 4752 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:45:45.0473 4752 Dnscache - ok
22:45:45.0504 4752 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:45:45.0504 4752 dot3svc - ok
22:45:45.0535 4752 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
22:45:45.0535 4752 Dot4 - ok
22:45:45.0566 4752 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:45:45.0566 4752 Dot4Print - ok
22:45:45.0566 4752 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
22:45:45.0566 4752 dot4usb - ok
22:45:45.0598 4752 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:45:45.0598 4752 DPS - ok
22:45:45.0629 4752 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:45:45.0629 4752 drmkaud - ok
22:45:45.0660 4752 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:45:45.0660 4752 DXGKrnl - ok
22:45:45.0676 4752 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:45:45.0676 4752 EapHost - ok
22:45:45.0754 4752 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:45:45.0785 4752 ebdrv - ok
22:45:45.0800 4752 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:45:45.0800 4752 EFS - ok
22:45:45.0847 4752 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:45:45.0878 4752 ehRecvr - ok
22:45:45.0894 4752 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:45:45.0894 4752 ehSched - ok
22:45:45.0910 4752 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:45:45.0925 4752 elxstor - ok
22:45:45.0925 4752 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:45:45.0925 4752 ErrDev - ok
22:45:45.0956 4752 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:45:45.0956 4752 EventSystem - ok
22:45:45.0972 4752 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:45:45.0972 4752 exfat - ok
22:45:45.0972 4752 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:45:45.0988 4752 fastfat - ok
22:45:46.0034 4752 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:45:46.0034 4752 Fax - ok
22:45:46.0034 4752 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:45:46.0034 4752 fdc - ok
22:45:46.0050 4752 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:45:46.0050 4752 fdPHost - ok
22:45:46.0050 4752 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:45:46.0050 4752 FDResPub - ok
22:45:46.0066 4752 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:45:46.0066 4752 FileInfo - ok
22:45:46.0066 4752 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:45:46.0066 4752 Filetrace - ok
22:45:46.0066 4752 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:45:46.0066 4752 flpydisk - ok
22:45:46.0112 4752 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:45:46.0112 4752 FltMgr - ok
22:45:46.0159 4752 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:45:46.0175 4752 FontCache - ok
22:45:46.0206 4752 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:45:46.0206 4752 FontCache3.0.0.0 - ok
22:45:46.0222 4752 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:45:46.0222 4752 FsDepends - ok
22:45:46.0237 4752 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:45:46.0237 4752 Fs_Rec - ok
22:45:46.0253 4752 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:45:46.0268 4752 fvevol - ok
22:45:46.0284 4752 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:45:46.0300 4752 gagp30kx - ok
22:45:46.0315 4752 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:45:46.0315 4752 gpsvc - ok
22:45:46.0362 4752 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:45:46.0362 4752 gupdate - ok
22:45:46.0378 4752 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:45:46.0378 4752 gupdatem - ok
22:45:46.0378 4752 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:45:46.0378 4752 hcw85cir - ok
22:45:46.0409 4752 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:45:46.0424 4752 HdAudAddService - ok
22:45:46.0424 4752 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:45:46.0440 4752 HDAudBus - ok
22:45:46.0440 4752 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:45:46.0456 4752 HidBatt - ok
22:45:46.0456 4752 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:45:46.0456 4752 HidBth - ok
22:45:46.0456 4752 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:45:46.0456 4752 HidIr - ok
22:45:46.0471 4752 [ F50215611562EECC1BC83F22DB1EA358 ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys
22:45:46.0471 4752 hidkmdf - ok
22:45:46.0487 4752 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:45:46.0487 4752 hidserv - ok
22:45:46.0502 4752 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:45:46.0502 4752 HidUsb - ok
22:45:46.0518 4752 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:45:46.0518 4752 hkmsvc - ok
22:45:46.0534 4752 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:45:46.0549 4752 HomeGroupListener - ok
22:45:46.0549 4752 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:45:46.0549 4752 HomeGroupProvider - ok
22:45:46.0565 4752 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:45:46.0580 4752 HpSAMD - ok
22:45:46.0643 4752 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:45:46.0643 4752 HPSLPSVC - ok
22:45:46.0690 4752 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:45:46.0705 4752 HTTP - ok
22:45:46.0705 4752 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:45:46.0705 4752 hwpolicy - ok
22:45:46.0721 4752 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:45:46.0721 4752 i8042prt - ok
22:45:46.0752 4752 [ 8180A2392E732E8871589B54FAB6991F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:45:46.0752 4752 iaStor - ok
22:45:46.0799 4752 [ 17125B7D2F56B4B35441561C780C2CCB ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:45:46.0799 4752 IAStorDataMgrSvc - ok
22:45:46.0814 4752 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:45:46.0830 4752 iaStorV - ok
22:45:46.0877 4752 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:45:46.0892 4752 idsvc - ok
22:45:46.0892 4752 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:45:46.0892 4752 iirsp - ok
22:45:46.0924 4752 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:45:46.0924 4752 IKEEXT - ok
22:45:46.0939 4752 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:45:46.0939 4752 intelide - ok
22:45:46.0955 4752 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:45:46.0955 4752 intelppm - ok
22:45:46.0970 4752 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:45:46.0970 4752 IPBusEnum - ok
22:45:47.0002 4752 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:45:47.0002 4752 IpFilterDriver - ok
22:45:47.0017 4752 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:45:47.0033 4752 iphlpsvc - ok
22:45:47.0048 4752 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:45:47.0048 4752 IPMIDRV - ok
22:45:47.0064 4752 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:45:47.0064 4752 IPNAT - ok
22:45:47.0080 4752 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:45:47.0080 4752 IRENUM - ok
22:45:47.0095 4752 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:45:47.0095 4752 isapnp - ok
22:45:47.0111 4752 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:45:47.0111 4752 iScsiPrt - ok
22:45:47.0111 4752 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:45:47.0126 4752 kbdclass - ok
22:45:47.0142 4752 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:45:47.0142 4752 kbdhid - ok
22:45:47.0142 4752 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:45:47.0142 4752 KeyIso - ok
22:45:47.0189 4752 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
22:45:47.0189 4752 KL1 - ok
22:45:47.0189 4752 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
22:45:47.0189 4752 kl2 - ok
22:45:47.0236 4752 [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF C:\Windows\system32\DRIVERS\klif.sys
22:45:47.0236 4752 KLIF - ok
22:45:47.0251 4752 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
22:45:47.0251 4752 KLIM6 - ok
22:45:47.0267 4752 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
22:45:47.0267 4752 klmouflt - ok
22:45:47.0282 4752 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:45:47.0298 4752 KSecDD - ok
22:45:47.0314 4752 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:45:47.0314 4752 KSecPkg - ok
22:45:47.0329 4752 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:45:47.0329 4752 ksthunk - ok
22:45:47.0360 4752 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:45:47.0360 4752 KtmRm - ok
22:45:47.0376 4752 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:45:47.0392 4752 LanmanServer - ok
22:45:47.0407 4752 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:45:47.0423 4752 LanmanWorkstation - ok
22:45:47.0438 4752 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:45:47.0438 4752 lltdio - ok
22:45:47.0454 4752 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:45:47.0470 4752 lltdsvc - ok
22:45:47.0485 4752 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:45:47.0485 4752 lmhosts - ok
22:45:47.0501 4752 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:45:47.0501 4752 LSI_FC - ok
22:45:47.0516 4752 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:45:47.0516 4752 LSI_SAS - ok
22:45:47.0516 4752 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:45:47.0516 4752 LSI_SAS2 - ok
22:45:47.0532 4752 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:45:47.0532 4752 LSI_SCSI - ok
22:45:47.0548 4752 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:45:47.0548 4752 luafv - ok
22:45:47.0563 4752 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:45:47.0563 4752 Mcx2Svc - ok
22:45:47.0563 4752 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:45:47.0563 4752 megasas - ok
22:45:47.0579 4752 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:45:47.0579 4752 MegaSR - ok
22:45:47.0594 4752 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:45:47.0594 4752 MMCSS - ok
22:45:47.0610 4752 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:45:47.0610 4752 Modem - ok
22:45:47.0626 4752 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:45:47.0626 4752 monitor - ok
22:45:47.0641 4752 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:45:47.0641 4752 mouclass - ok
22:45:47.0641 4752 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:45:47.0641 4752 mouhid - ok
22:45:47.0672 4752 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:45:47.0672 4752 mountmgr - ok
22:45:47.0704 4752 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:45:47.0704 4752 mpio - ok
22:45:47.0704 4752 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:45:47.0719 4752 mpsdrv - ok
22:45:47.0750 4752 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:45:47.0750 4752 MpsSvc - ok
22:45:47.0782 4752 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:45:47.0782 4752 MRxDAV - ok
22:45:47.0797 4752 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:45:47.0797 4752 mrxsmb - ok
22:45:47.0828 4752 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:45:47.0828 4752 mrxsmb10 - ok
22:45:47.0860 4752 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:45:47.0860 4752 mrxsmb20 - ok
22:45:47.0860 4752 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:45:47.0860 4752 msahci - ok
22:45:47.0891 4752 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:45:47.0891 4752 msdsm - ok
22:45:47.0891 4752 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:45:47.0906 4752 MSDTC - ok
22:45:47.0922 4752 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:45:47.0922 4752 Msfs - ok
22:45:47.0922 4752 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:45:47.0922 4752 mshidkmdf - ok
22:45:47.0953 4752 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:45:47.0953 4752 msisadrv - ok
22:45:47.0984 4752 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:45:47.0984 4752 MSiSCSI - ok
22:45:47.0984 4752 msiserver - ok
22:45:48.0000 4752 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:45:48.0000 4752 MSKSSRV - ok
22:45:48.0016 4752 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:45:48.0016 4752 MSPCLOCK - ok
22:45:48.0016 4752 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:45:48.0016 4752 MSPQM - ok
22:45:48.0047 4752 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:45:48.0062 4752 MsRPC - ok
22:45:48.0078 4752 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:45:48.0078 4752 mssmbios - ok
22:45:48.0094 4752 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:45:48.0094 4752 MSTEE - ok
22:45:48.0109 4752 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:45:48.0109 4752 MTConfig - ok
22:45:48.0140 4752 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:45:48.0140 4752 MTsensor - ok
22:45:48.0156 4752 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:45:48.0156 4752 Mup - ok
22:45:48.0203 4752 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:45:48.0203 4752 napagent - ok
22:45:48.0218 4752 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:45:48.0218 4752 NativeWifiP - ok
22:45:48.0265 4752 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:45:48.0281 4752 NDIS - ok
22:45:48.0281 4752 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:45:48.0281 4752 NdisCap - ok
22:45:48.0281 4752 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:45:48.0281 4752 NdisTapi - ok
22:45:48.0296 4752 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:45:48.0296 4752 Ndisuio - ok
22:45:48.0312 4752 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:45:48.0328 4752 NdisWan - ok
22:45:48.0328 4752 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:45:48.0328 4752 NDProxy - ok
22:45:48.0374 4752 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:45:48.0374 4752 Net Driver HPZ12 - ok
22:45:48.0390 4752 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:45:48.0390 4752 NetBIOS - ok
22:45:48.0421 4752 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:45:48.0421 4752 NetBT - ok
22:45:48.0437 4752 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:45:48.0437 4752 Netlogon - ok
22:45:48.0468 4752 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:45:48.0468 4752 Netman - ok
22:45:48.0484 4752 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:45:48.0484 4752 netprofm - ok
22:45:48.0515 4752 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:45:48.0515 4752 NetTcpPortSharing - ok
22:45:48.0530 4752 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:45:48.0530 4752 nfrd960 - ok
22:45:48.0546 4752 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:45:48.0562 4752 NlaSvc - ok
22:45:48.0562 4752 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:45:48.0562 4752 Npfs - ok
22:45:48.0593 4752 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:45:48.0608 4752 nsi - ok
22:45:48.0608 4752 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:45:48.0608 4752 nsiproxy - ok
22:45:48.0655 4752 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:45:48.0671 4752 Ntfs - ok
22:45:48.0686 4752 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:45:48.0686 4752 Null - ok
22:45:48.0874 4752 [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:45:48.0936 4752 nvlddmkm - ok
22:45:48.0952 4752 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:45:48.0952 4752 nvraid - ok
22:45:48.0967 4752 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:45:48.0967 4752 nvstor - ok
22:45:48.0983 4752 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:45:48.0983 4752 nv_agp - ok
22:45:48.0998 4752 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:45:48.0998 4752 ohci1394 - ok
22:45:49.0014 4752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:45:49.0030 4752 p2pimsvc - ok
22:45:49.0045 4752 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:45:49.0061 4752 p2psvc - ok
22:45:49.0061 4752 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:45:49.0061 4752 Parport - ok
22:45:49.0076 4752 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:45:49.0092 4752 partmgr - ok
22:45:49.0108 4752 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:45:49.0108 4752 PcaSvc - ok
22:45:49.0123 4752 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:45:49.0123 4752 pci - ok
22:45:49.0139 4752 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:45:49.0139 4752 pciide - ok
22:45:49.0154 4752 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:45:49.0154 4752 pcmcia - ok
22:45:49.0170 4752 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:45:49.0170 4752 pcw - ok
22:45:49.0186 4752 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:45:49.0186 4752 PEAUTH - ok
22:45:49.0232 4752 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:45:49.0248 4752 PerfHost - ok
22:45:49.0295 4752 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:45:49.0295 4752 pla - ok
22:45:49.0342 4752 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:45:49.0342 4752 PlugPlay - ok
22:45:49.0373 4752 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:45:49.0388 4752 Pml Driver HPZ12 - ok
22:45:49.0388 4752 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:45:49.0388 4752 PNRPAutoReg - ok
22:45:49.0420 4752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:45:49.0420 4752 PNRPsvc - ok
22:45:49.0451 4752 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
22:45:49.0451 4752 Point64 - ok
22:45:49.0466 4752 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:45:49.0498 4752 PolicyAgent - ok
22:45:49.0513 4752 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:45:49.0513 4752 Power - ok
22:45:49.0529 4752 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:45:49.0529 4752 PptpMiniport - ok
22:45:49.0529 4752 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:45:49.0529 4752 Processor - ok
22:45:49.0576 4752 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:45:49.0591 4752 ProfSvc - ok
22:45:49.0591 4752 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:45:49.0591 4752 ProtectedStorage - ok
22:45:49.0622 4752 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:45:49.0622 4752 Psched - ok
22:45:49.0638 4752 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:45:49.0638 4752 PxHlpa64 - ok
22:45:49.0654 4752 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:45:49.0669 4752 ql2300 - ok
22:45:49.0669 4752 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:45:49.0685 4752 ql40xx - ok
22:45:49.0700 4752 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:45:49.0716 4752 QWAVE - ok
22:45:49.0716 4752 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:45:49.0716 4752 QWAVEdrv - ok
22:45:49.0732 4752 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:45:49.0732 4752 RasAcd - ok
22:45:49.0747 4752 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:45:49.0747 4752 RasAgileVpn - ok
22:45:49.0747 4752 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:45:49.0747 4752 RasAuto - ok
22:45:49.0763 4752 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:45:49.0778 4752 Rasl2tp - ok
22:45:49.0794 4752 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:45:49.0794 4752 RasMan - ok
22:45:49.0810 4752 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:45:49.0810 4752 RasPppoe - ok
22:45:49.0825 4752 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:45:49.0825 4752 RasSstp - ok
22:45:49.0856 4752 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:45:49.0856 4752 rdbss - ok
22:45:49.0856 4752 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:45:49.0856 4752 rdpbus - ok
22:45:49.0872 4752 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:45:49.0872 4752 RDPCDD - ok
22:45:49.0888 4752 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:45:49.0888 4752 RDPENCDD - ok
22:45:49.0903 4752 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:45:49.0903 4752 RDPREFMP - ok
22:45:49.0934 4752 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:45:49.0934 4752 RDPWD - ok
22:45:49.0950 4752 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:45:49.0966 4752 rdyboost - ok
22:45:49.0981 4752 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:45:49.0981 4752 RemoteAccess - ok
22:45:49.0997 4752 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:45:50.0012 4752 RemoteRegistry - ok
22:45:50.0012 4752 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:45:50.0028 4752 RpcEptMapper - ok
22:45:50.0044 4752 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:45:50.0044 4752 RpcLocator - ok
22:45:50.0075 4752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:45:50.0075 4752 RpcSs - ok
22:45:50.0075 4752 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:45:50.0075 4752 rspndr - ok
22:45:50.0122 4752 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:45:50.0122 4752 RTL8167 - ok
22:45:50.0122 4752 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:45:50.0122 4752 SamSs - ok
22:45:50.0137 4752 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:45:50.0137 4752 sbp2port - ok
22:45:50.0153 4752 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:45:50.0168 4752 SCardSvr - ok
22:45:50.0168 4752 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:45:50.0168 4752 scfilter - ok
22:45:50.0200 4752 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:45:50.0215 4752 Schedule - ok
22:45:50.0231 4752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:45:50.0246 4752 SCPolicySvc - ok
22:45:50.0278 4752 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:45:50.0278 4752 SDRSVC - ok
22:45:50.0278 4752 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:45:50.0278 4752 secdrv - ok
22:45:50.0309 4752 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:45:50.0309 4752 seclogon - ok
22:45:50.0309 4752 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:45:50.0309 4752 SENS - ok
22:45:50.0324 4752 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:45:50.0324 4752 SensrSvc - ok
22:45:50.0340 4752 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:45:50.0340 4752 Serenum - ok
22:45:50.0356 4752 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:45:50.0356 4752 Serial - ok
22:45:50.0371 4752 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:45:50.0371 4752 sermouse - ok
22:45:50.0387 4752 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:45:50.0387 4752 SessionEnv - ok
22:45:50.0402 4752 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:45:50.0402 4752 sffdisk - ok
22:45:50.0418 4752 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:45:50.0418 4752 sffp_mmc - ok
22:45:50.0418 4752 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:45:50.0418 4752 sffp_sd - ok
22:45:50.0434 4752 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:45:50.0434 4752 sfloppy - ok
22:45:50.0465 4752 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:45:50.0465 4752 SharedAccess - ok
22:45:50.0480 4752 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:45:50.0496 4752 ShellHWDetection - ok
22:45:50.0512 4752 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:45:50.0512 4752 SiSRaid2 - ok
22:45:50.0527 4752 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:45:50.0527 4752 SiSRaid4 - ok
22:45:50.0574 4752 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:45:50.0574 4752 SkypeUpdate - ok
22:45:50.0590 4752 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:45:50.0590 4752 Smb - ok
22:45:50.0605 4752 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:45:50.0605 4752 SNMPTRAP - ok
22:45:50.0621 4752 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:45:50.0621 4752 spldr - ok
22:45:50.0652 4752 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:45:50.0668 4752 Spooler - ok
22:45:50.0746 4752 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:45:50.0761 4752 sppsvc - ok
22:45:50.0777 4752 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:45:50.0777 4752 sppuinotify - ok
22:45:50.0792 4752 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:45:50.0808 4752 srv - ok
22:45:50.0824 4752 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:45:50.0824 4752 srv2 - ok
22:45:50.0855 4752 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:45:50.0855 4752 srvnet - ok
22:45:50.0870 4752 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:45:50.0886 4752 SSDPSRV - ok
22:45:50.0886 4752 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:45:50.0902 4752 SstpSvc - ok
22:45:50.0902 4752 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:45:50.0902 4752 stexstor - ok
22:45:50.0933 4752 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:45:50.0948 4752 stisvc - ok
22:45:50.0964 4752 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:45:50.0964 4752 swenum - ok
22:45:51.0042 4752 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:45:51.0089 4752 SwitchBoard - ok
22:45:51.0089 4752 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:45:51.0104 4752 swprv - ok
22:45:51.0151 4752 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:45:51.0167 4752 SysMain - ok
22:45:51.0198 4752 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:45:51.0198 4752 TabletInputService - ok
22:45:51.0401 4752 [ AD3EE30660A27DDBC701E90041D8E62B ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
22:45:51.0432 4752 TabletServiceWacom - ok
22:45:51.0448 4752 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:45:51.0463 4752 TapiSrv - ok
22:45:51.0479 4752 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:45:51.0479 4752 TBS - ok
22:45:51.0541 4752 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:45:51.0572 4752 Tcpip - ok
22:45:51.0604 4752 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:45:51.0619 4752 TCPIP6 - ok
22:45:51.0635 4752 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:45:51.0635 4752 tcpipreg - ok
22:45:51.0650 4752 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:45:51.0650 4752 TDPIPE - ok
22:45:51.0666 4752 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:45:51.0666 4752 TDTCP - ok
22:45:51.0682 4752 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:45:51.0697 4752 tdx - ok
22:45:51.0713 4752 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:45:51.0713 4752 TermDD - ok
22:45:51.0728 4752 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:45:51.0744 4752 TermService - ok
22:45:51.0760 4752 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:45:51.0760 4752 Themes - ok
22:45:51.0775 4752 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:45:51.0775 4752 THREADORDER - ok
22:45:51.0806 4752 [ B39AB8DDEEC289240937BF566505A3D1 ] TouchServiceWacom C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
22:45:51.0806 4752 TouchServiceWacom - ok
22:45:51.0822 4752 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:45:51.0838 4752 TrkWks - ok
22:45:51.0884 4752 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:45:51.0884 4752 TrustedInstaller - ok
22:45:51.0900 4752 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:45:51.0900 4752 tssecsrv - ok
22:45:51.0900 4752 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:45:51.0916 4752 TsUsbFlt - ok
22:45:51.0947 4752 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:45:51.0947 4752 tunnel - ok
22:45:51.0962 4752 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:45:51.0962 4752 uagp35 - ok
22:45:51.0994 4752 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:45:51.0994 4752 udfs - ok
22:45:52.0009 4752 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:45:52.0009 4752 UI0Detect - ok
22:45:52.0025 4752 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:45:52.0025 4752 uliagpkx - ok
22:45:52.0040 4752 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:45:52.0040 4752 umbus - ok
22:45:52.0056 4752 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:45:52.0056 4752 UmPass - ok
22:45:52.0056 4752 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:45:52.0087 4752 upnphost - ok
22:45:52.0103 4752 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:45:52.0103 4752 usbccgp - ok
22:45:52.0118 4752 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:45:52.0118 4752 usbcir - ok
22:45:52.0150 4752 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:45:52.0150 4752 usbehci - ok
22:45:52.0165 4752 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:45:52.0181 4752 usbhub - ok
22:45:52.0196 4752 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:45:52.0196 4752 usbohci - ok
22:45:52.0212 4752 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:45:52.0212 4752 usbprint - ok
22:45:52.0228 4752 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:45:52.0228 4752 usbscan - ok
22:45:52.0243 4752 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:45:52.0243 4752 USBSTOR - ok
22:45:52.0259 4752 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:45:52.0259 4752 usbuhci - ok
22:45:52.0259 4752 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:45:52.0274 4752 UxSms - ok
22:45:52.0274 4752 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:45:52.0274 4752 VaultSvc - ok
22:45:52.0290 4752 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:45:52.0290 4752 vdrvroot - ok
22:45:52.0321 4752 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:45:52.0321 4752 vds - ok
22:45:52.0321 4752 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:45:52.0337 4752 vga - ok
22:45:52.0337 4752 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:45:52.0337 4752 VgaSave - ok
22:45:52.0352 4752 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:45:52.0352 4752 vhdmp - ok
22:45:52.0368 4752 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:45:52.0368 4752 viaide - ok
22:45:52.0384 4752 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:45:52.0384 4752 volmgr - ok
22:45:52.0399 4752 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:45:52.0415 4752 volmgrx - ok
22:45:52.0430 4752 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:45:52.0446 4752 volsnap - ok
22:45:52.0462 4752 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:45:52.0462 4752 vsmraid - ok
22:45:52.0493 4752 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:45:52.0524 4752 VSS - ok
22:45:52.0540 4752 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:45:52.0540 4752 vwifibus - ok
22:45:52.0571 4752 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:45:52.0571 4752 W32Time - ok
22:45:52.0586 4752 [ 68C7FBAADE25F6DE28EC31B0424CC78B ] WacHidRouter C:\Windows\system32\DRIVERS\wachidrouter.sys
22:45:52.0602 4752 WacHidRouter - ok
22:45:52.0602 4752 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:45:52.0602 4752 WacomPen - ok
22:45:52.0618 4752 [ B59EC4DD1026F059CD95C1627562F3F3 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
22:45:52.0618 4752 wacomrouterfilter - ok
22:45:52.0633 4752 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:45:52.0633 4752 WANARP - ok
22:45:52.0633 4752 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:45:52.0633 4752 Wanarpv6 - ok
22:45:52.0680 4752 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:45:52.0696 4752 wbengine - ok
22:45:52.0696 4752 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:45:52.0696 4752 WbioSrvc - ok
22:45:52.0727 4752 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:45:52.0742 4752 wcncsvc - ok
22:45:52.0758 4752 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:45:52.0758 4752 WcsPlugInService - ok
22:45:52.0758 4752 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:45:52.0758 4752 Wd - ok
22:45:52.0789 4752 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:45:52.0805 4752 Wdf01000 - ok
22:45:52.0805 4752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:45:52.0820 4752 WdiServiceHost - ok
22:45:52.0820 4752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:45:52.0820 4752 WdiSystemHost - ok
22:45:52.0852 4752 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:45:52.0867 4752 WebClient - ok
22:45:52.0883 4752 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:45:52.0883 4752 Wecsvc - ok
22:45:52.0898 4752 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:45:52.0898 4752 wercplsupport - ok
22:45:52.0914 4752 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:45:52.0914 4752 WerSvc - ok
22:45:52.0930 4752 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:45:52.0930 4752 WfpLwf - ok
22:45:52.0945 4752 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:45:52.0945 4752 WIMMount - ok
22:45:52.0945 4752 WinDefend - ok
22:45:52.0945 4752 WinHttpAutoProxySvc - ok
22:45:52.0992 4752 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:45:52.0992 4752 Winmgmt - ok
22:45:53.0039 4752 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:45:53.0086 4752 WinRM - ok
22:45:53.0101 4752 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:45:53.0117 4752 Wlansvc - ok
22:45:53.0148 4752 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:45:53.0148 4752 WmiAcpi - ok
22:45:53.0179 4752 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:45:53.0179 4752 wmiApSrv - ok
22:45:53.0195 4752 WMPNetworkSvc - ok
22:45:53.0210 4752 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:45:53.0210 4752 WPCSvc - ok
22:45:53.0226 4752 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:45:53.0242 4752 WPDBusEnum - ok
22:45:53.0242 4752 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:45:53.0242 4752 ws2ifsl - ok
22:45:53.0257 4752 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:45:53.0273 4752 wscsvc - ok
22:45:53.0273 4752 WSearch - ok
22:45:53.0351 4752 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:45:53.0398 4752 wuauserv - ok
22:45:53.0413 4752 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:45:53.0429 4752 WudfPf - ok
22:45:53.0460 4752 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:45:53.0460 4752 WUDFRd - ok
22:45:53.0476 4752 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:45:53.0491 4752 wudfsvc - ok
22:45:53.0507 4752 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:45:53.0507 4752 WwanSvc - ok
22:45:53.0507 4752 ================ Scan global ===============================
22:45:53.0522 4752 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:45:53.0538 4752 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:45:53.0554 4752 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:45:53.0569 4752 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:45:53.0600 4752 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:45:53.0616 4752 [Global] - ok
22:45:53.0616 4752 ================ Scan MBR ==================================
22:45:53.0616 4752 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:45:53.0741 4752 \Device\Harddisk0\DR0 - ok
22:45:53.0741 4752 ================ Scan VBR ==================================
22:45:53.0741 4752 [ D58C75A6A8EDE62ED9464213E2F49201 ] \Device\Harddisk0\DR0\Partition1
22:45:53.0741 4752 \Device\Harddisk0\DR0\Partition1 - ok
22:45:53.0741 4752 [ 1CE10F8235F17415D2BB49285A5360C4 ] \Device\Harddisk0\DR0\Partition2
22:45:53.0741 4752 \Device\Harddisk0\DR0\Partition2 - ok
22:45:53.0741 4752 ============================================================
22:45:53.0741 4752 Scan finished
22:45:53.0741 4752 ============================================================
22:45:53.0756 4452 Detected object count: 0
22:45:53.0756 4452 Actual detected object count: 0
22:46:58.0655 2256 Deinitialize success
Geändert von securedata (22.09.2012 um 22:38 Uhr) |
|
24.09.2012, 08:14
| #6 |
| /// Malwareteam | Hab ich mir was eingefangen? - verdächtige AktivitätenESET Online Scanner
__________________ --> Hab ich mir was eingefangen? - verdächtige Aktivitäten |
|
28.09.2012, 13:27
| #7 |
| | Hab ich mir was eingefangen? - verdächtige Aktivitäten Hallo Marius, sorry, ich hatte die letzten paar Tage gut zu tun. Also, die Rootkit-Scans scheinen ja ganz gut auszusehen. Malwarebytes und mein Kaspersky finden auch nichts. Nun ist natürlich die Frage in wiefern die HDD Aktivität auf eine Bedrohung hinweist. Könnte es nicht auch ein Deframentierungsprozess sein? Oder mit meinem Raid-System zusammenhängen? Ich habe mit Process Monitor versucht mein System zu überwachen, allerdings ist da bis jetzt auch nichts wirklich ungewöhnliches bei rausgekommen. svchost andere system32 dateien zeigen Aktivität. svchost nimmt Netzwerkverbindungen auf, aber ist denke das könnte auch normal sein. Wieviel finden denn Malewarebytes und Kaspersky? Zum ESET-Scan: Wie sicher ist es wenn ich im internet ohne Firewall und Virenscanner bin? (welche man ja für den scan abschalten sollte) - also nur kurz abschalten, scannen und wieder anschalten und nichts sonst machen oder? und bekomme ich die dateien von ESET wieder vernünftig vom PC? es sollen angeblich laut netz Sicherheitslücken durch ESET entstehen (glaube irgendwo bei heise gelesen)? Ab wann kann man das Gröbste an Befall ausschließen? (100% sicher kann man sich anscheinend nie sein) Geändert von securedata (28.09.2012 um 13:35 Uhr) |
|
28.09.2012, 16:54
| #8 |
| /// Malwareteam | Hab ich mir was eingefangen? - verdächtige Aktivitäten Das stellt keine Gefahr dar und du kannst das Tool nach Abschluß unserer Maßnahmen über die Systemsteuerung deinstallieren! 
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
01.10.2012, 01:46
| #9 |
| | Hab ich mir was eingefangen? - verdächtige Aktivitäten Hi, ich hab den Scan gemacht, aber ich kann kein logfile posten, denn es gab die option nicht mit "list of found threads". Es wurde nicht gefunden. Nach dem Scan hab ich die Programmreste von Eset deinstallieren lassen. Nebenbei hats mir allerdings mein Raid zerschossen... aber bin gerade dabei, des zu reparieren, sollt passen  Ach ja, weils mir Windows angeboten hat, hab ich mal den Windows Defender drüber laufen lassen, auch negativ... Geändert von securedata (01.10.2012 um 02:04 Uhr) |
|
05.10.2012, 16:18
| #10 |
| /// Malwareteam | Hab ich mir was eingefangen? - verdächtige Aktivitäten Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
05.10.2012, 16:27
| #11 |
| | Hab ich mir was eingefangen? - verdächtige Aktivitäten Hi, ich weis nicht, wie siehst du dass denn? Ich denke, dass bis jetzt alle Scans negativ waren ist ein ganz gutes Zeichen... was abgesehen von einer Neuinstallation kann man denn noch machen? Ansonsten, wie sieht es mit den ganzen Tools aus? Wie würde man die wieder runterbekommen? einfach die dateien selber runterwerfen? defogger müsste ich wieder aktivieren oder? |
|
05.10.2012, 16:32
| #12 |
| /// Malwareteam | Hab ich mir was eingefangen? - verdächtige Aktivitäten So, wie ich das sehe, ist auf dem System keine Schadsoftware vorhanden. Die Tools entfernen wir noch: Defogger re-enable Starte bitte den Defogger und klicke den re-enable Button Systemwiederherstellungspunkte löschen
Code:
ATTFilter :Commands
[clearallrestorepoints]
OTL Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Hier noch ein paar Tipps zur Absicherung deines Systems. Aktualität Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
08.10.2012, 05:15
| #13 |
| | Hab ich mir was eingefangen? - verdächtige Aktivitäten ok, ja ich sehe das ähnlich. ich habe leider etwas software während des überprüfungsprozesses installiert, da ich die umbedingt gebraucht habe und nicht warten konnte. (ich weis sollte man nicht) ist die dann exkludiert, wenn man so wie es klingt alle punkte zurück setzt? kann ich die software auch manuell löschen? - oder bleibt dann irgendwas übrig? Geändert von securedata (08.10.2012 um 05:23 Uhr) |
|
08.10.2012, 06:35
| #14 |
| /// Malwareteam | Hab ich mir was eingefangen? - verdächtige Aktivitäten Sollte in einem der Wiederherstellungspunkte Malware vorhanden sein, so hast du diese wieder am Hals, wenn du das System auf diesen Punkt zurücksetzt. Ich empfehle also, meinen Anweisungen zu folgen.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
08.10.2012, 11:37
| #15 |
| | Hab ich mir was eingefangen? - verdächtige Aktivitäten aber wir haben doch gar nix gefixed und wir haben nur gescannt? |
|
| Themen zu Hab ich mir was eingefangen? - verdächtige Aktivitäten |
| admin, aktivitäten, angeblich, eingefangen, festplatte, gefangen, gen, hijack, hijackthis-log, interne, internet, javascript, kaspersky, laien, neu, neu aufgesetzt, nichts, passwörter, platte, seite, seiten, sofort, taskmanager, verdächtige, windows, wirklich |
Textbox.
Linear-Darstellung
